W3C

- DRAFT -

Verifiable Claims Working Group

30 Jan 2018

Agenda

Attendees

Present
Benjamin_Young, Chris_Webber, Gregg_Kellogg, Manu_Sporny, Tzviya_Siegman, Richard_Varn, Nathan_George, Liam_Quin, David_Chadwick, Matt_Larson, Dan_Burnett
Regrets
Chair
Richard_Varn, Dan_Burnett, Matt_Stone
Scribe
cwebber2

Contents

<scribe> scribe: cwebber2

varn: let's just review the agenda
... we put this agenda together, we'll do introductions... we announced the next F2F place... now looking at peoples' review on subject != holder
... will do review on revocation spec, how's that going
... in terms of volunteers etc
... liam, we're going to go over that and how the update to the web page is progressing
... we'll hear from you all as in terms of what issues you may have to do with
... for remaining issues we'll see about tackling tthem
... Joe, if he shows up...
... who's call in user 6?

burn: probably me

varn: we may or may not do a domain discussion, discussion of test suite
... any questions or people who are new who need to introduce themselves?
... I've made my traveling plans to get there, I'll be there for a good chunk of Friday

Face-to-face Meeting at IIW

varn: I'll be there for the week for IIW
... we just have to work on getting our logistics together
... I think Joe was talking about time and place stuff

manu: an update on that, Joe is taking the lead on that but the IIW organizers reached out to me, asked if we'll be there, I said the chairs will get in touch with them soon but yes we're planning the F2F meeting there
... so that's it, we're planning a F2F meeting there, the organizers said we're coming, I said the last part of the week, but the chairs need to get in touch

varn: I think Joe was going to get in contact with them but if not we'll deal with it over email. Anything else for the F2F?

Subject != Holder

varn: status update subject != holder
... we were talking about use case documents, I think Joe was going to take the lead on that
... does anybody have a status update at this time?

DavidC: I couldn't attend that meeting I'm a bit behind

varn: were you able to read the minutes of last week?

DavidC: not yet

varn: we identified some places where subject != holder needed more explaination / use cases, the example being a marriage certificate. we were talking about what are some of the obvious ways a marriage certificate has subject != holder
... another I thought was related to medical, another gender reassignment

DavidC: that's interesing, my understanding from the week before, VCs are definitely written for single subject, so if there are two subjects... if you read current doc it only supports a single subject

<Zakim> manu, you wanted to say no it doesn't

manu: there's a slight problem. It's not black and white... it is true that the id field only allows a single subject. However you can build arbitrarily complex structures in the credential itself. a marriage certificate can say this identifier is married to this identifier. YOu can do that, even make a reverse relationship. That's supported today, someone processing marriage credentials will need to understand that bidirectional relationship
... there are two things that came out of it... one thing is we looked at allowing an id field that has multiple identifiers in it. Drastically complicates the data model, reason being... ???... it complicates the data model, it's clear you can accomplish the data model through other means. so the question is should you do it through other means and should the data model say something about it. last time we talked about it we said data model

shouldn't have anything to do with it because the this has to do with a... don't want to say non-standad... it's just non-core, and out of scope

manu: we need specific use cases so we can model them
... we need specific use cases by Joe and DavidC
... so we can look at how to model it by the data model today. that way people can look to see if that's good with the data model today
... that's why last week I mentioned we should focus on very specific use cases. only when we can demonstrate the data model doesn't support these use cases to we deal with moving it into the core specification

DavidC: somewhat conceptual, I know last week we said if a credential deals with a number of ???, a marriage certificate may deal witth a group of two people who are married

manu: corect

DavidC: another way would be to have two certificates, and then the property says "my spouse is" and link to the other
... so you could do one per each partner, or have a group message

<manu> yes, correct

DavidC: I don't mind that.. I think either are plausible
... I think that should keep a single id
... do we want to have an appendix to the data model document saying here are complex use cases and how they can be modeled on the existing document

manu: as for building appendix or best examples repository... we need to identify the use cases, make sure they're very specific, and see whether the use cases may represent the data model. We need to very specifically identify the use case, come up with markup, put it in a repository somewhere, and point to repo from the data model spec

<nage> +1 to only describing how id relates to the claims data and leaving the complexity to the user (keep the spec simple and small in scope)

varn: If you're a vital records aministrator, it's going to issue two, they can do that I agree. they can do that as one marriage certificate, dealing with canceling two credentials could be tricky. if issuer of marriage certificate decided to have a group id, am I right that this would be relevant to subject != holder or not?

manu: that's diving into meta-conversation on semantics
... I don't think we need to have that conversation in the group yet
... it depends... if we're using a group id does that mean subject != holder? I think that's a metaphysical conversation. the semantics around this and the philosophy around that are complex... is a group a subject or not? it's super philosophical conversation and we could make better progress by asking people to come up with concrete use cases and examples, and then and only then have that meta conversation off on a github issue instead of on the

phone

nage: so I don't believe I put myself on the queue as much as trying to support manu, that making claims statement helps keep us in bounds. turns out meaning of the data is sometimes affected by who it's bound to. If we try to solve it in a generalized way, it puts us in place where there may be problems

bigbluehat: I would like to +1 manu's statement around concrete use cases. The more concrete use cases and the more actionable, the more likely it is to work. the one thing I keep being asked that I don't ahve clear answers to is old use cases like IP verification, and I don't quite know if that's where VC fits in, but we'd like to see it far enough along where I can personally make the case not just for "you can look into it, but here's how you'd do it"
... I love complex theory, but the sooner we get to the practical action the better for the WG

varn: bigbluehat, could you look at current use case document and see if IP verification is in there?

bigbluehat: it's in there but in an overly broad way

varn: would it be helpful for you to add it?

bigbluehat: possibly, I'm less saying that new ones are needed, more about use case to implementation so we don't get stuck

varn: action step is still to build useful specific use cases to see how they use the data model
... Matt is willing to take on a chunk of this work to do the writing and editor of this spec

Status Method Registry and Credential Status List 2017

varn: we still need an editor
... any volunteers for that?

DavidC: which document?

varn: if you don't have the agenda, we've had a discussion the last few weeks about need for a revocation spec
... we started to work on that on the status registry bit... there's a link here on item four, link three
... he thought more work on that might deal with license revocation work
... where your license has been revoked etc, and we need to pull back your test store. Does that clear it up, David?

DavidC: yes we discussed revocation twice.. one is that crypto is wrong, and the other was the claim is invalid, and I think we said claim is invalid is out of scope and we were only dealing with crypto stuff

<manu> https://w3c-ccg.github.io/vc-csl2017/

manu: it's not the registry we need help on, it's the specific status 2017 spec, I dumped link on irc and that's spec we need help on. I did a pass earlier today to get it into implementable mechanism

got it to implementable mechanism

manu: matt needs to update credentials status list 2017 spec and add some prose even in an email and I can copy-paste in, implementation shouldn't be hard, it's in an implementable form right now but nobody has implemented it. I think that's what this item is about richard, it's about a specific status item I linked above

varn: I'm sending that note to Matt right now with a link of "here's what you need to work on"
... this is a... this is what Matt needs to work on, thanks for clarifying, he probably knew that and I represented it wrong

Web Page Updates

varn: we need a web page with proper links, etc, did you have a chance to get work on it?

liam: I need to get a link to the document, which I'll do...

varn: we need feedback on how people want the web page changed sent to Liam. Can we put a TODO on there, for everyone to make suggested web page changes to Liam please?
... anything else anyone should suggest right now?

liam: just that the url in the minutes gives you the github not the web page
... it was number 4 in the agenda, reference 4

<liam> https://www.w3.org/2017/vc/WG/

liam: when you click on it you don't actually get a web page

<manu> correct link is: https://w3c.github.io/verifiable-claims/

varn: true story

bigbluehat: it's a link to the repo for the web page

liam: I pasted a link to the web page on IRC
... you can see a "about the verifiable claims working group" heade

r

burn: I definitely put in a link to the github repo rather than a link to the page itself
... most people know how to get to the homepage, not everyone knows how to get to the github, hence for the link to the github repo

liam: I'm happy to get updates for changes, I'll note the chairs have write access as well

varn: noted

david: are we keeping the name Verifiable Claims even though the data model is now Verifiable Credentials?

varn: yes I think we're stuck with that

open issues

varn: issues that were posted to the data model itself, some are dealt with use cases
... has anyone had chances to claim any issues?
... we have 29 issues now, 39 closed, other one was on use cases...

<manu> https://github.com/w3c/vc-data-model/pull/104

<Zakim> manu, you wanted to provide updates.

manu: there's a new PR in, we're missing a section of the spec on verifiable profiles... I closed issue 35 since we have something on revocation... if people could look on PR 104 that would state what we had in the spec before but we added a section detailing how to do a verifiable profile (a collection of verifiable credentials)
... other updates, we're talking about moving from signatures to proofs, that's more general and is also more supportive of blockchain'y approaches
... a bunch of crypto stuff changing, spec should hopefully be fairly complete in its data model
... next step is hopefully implementing things in the test suite
... we desperately need things on test suite

varn: did you mean 103? I don't ahve a 104 in the list

<manu> https://github.com/w3c/vc-data-model/pull/104

manu: pull request 104

varn: ah I see it
... anyone else had any chance to do something like that? thanks dave/manu
... anything else?
... I don't see joe on, so I don't think we have a chance to do a domain discussion of the week here
... I know we need to keep harping on additional implementations

<Zakim> manu, you wanted to suggest a new domain discussion publishing WG

manu: nothign to report on test suite, since joe's not here, but we have Web Publishing WG needing to see it, perhaps we should move forward on Verifiable Credentials and Web Publishing

Verifiable Credentials and Publishing WG

<bigbluehat> https://github.com/WICG/webpackage

<bigbluehat> the spec most related to this group https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-01

tzviya: linked to what Google is doing... at one point Jeni Tennison and the TAG?? making a bundle of credentials making a package of stuff, didn't go anywhere, recently more progress it was moved into two pieces, it's moved to ietf, right now the stuff concerned in this group is that the packages can be signed... he?? is looking at digital signatures, benjamin can go into it, but when we talked to verifiable claims stuff I think Jeffrey said "I don't think it's apocalyptic

enough, what happens if something goes wrong"

<tzviya> https://github.com/WICG/webpackage

bigbluehat: he was mostly concerned with lack of revocation process, and our concern is mostly focused on caching scenarios where the domain based signatures are pretty short lived in terms of hours or days, sometimes it needs to claim authority of something published 210 years ago. origin signing... jeffrey's quick concern was there's nothing around revocation signing

<tzviya> s/Jeffrey Yasskin?Jeffrey Yasskin

<Zakim> manu, you wanted to note other work in this area, and that we need to coordinate w/ Jeffrey Yaskin

varn: we'll make Matt aware this is related to his interest in revocation

<manu> https://w3c.github.io/vc-data-model/#status

manu: we do now have a high level suggestion of what happens when you
... need to revoke
... we've always known it's been an issue... we call it status not revocation so that may be one reason people miss it, maybe we should modify the spec to deal with it.
... reason to pay attention to it: jeffrey's from Google, Google brings a lot of weight when they get behind a lot of specs

<manu> https://github.com/w3c-dvcg/http-signatures/issues/1

manu: publishing group is getting behind this problem... there's a lot of stuff in the works, stuff spearheaded by Google which as bigbluehat said therea re some issues with it but Google responded to that quickly and moves through the standards process quickly. There's an opportunity for us to go with that, but if Google gets a solution before we do on this, we can all guess who's going to get picked. Not saying Publishing WG should take that up, but

just saying that's a concern. Another thing is Jeffrey is already... another thing to note is there's this HTTP Signatures spec which we've been working on, 9-10 implementations on it, waiting to get feedback, server origins spec from google threw it to the side and said it had issues, but they didn't talk about it just went and made their own spec at IETF without talking to us about it. sometimes big corporations just go ahead with their own thing

without working with community, and since they're google saying everyone use this everyone does

manu: just to be clear not saying publishing group should do one or the other, just because this group... other groups have been surprised when suddenly something similar which is backed by a large company makes very rapid progress, sometimes they make rapid progress and even overtake other issues
... we should really pay attention to this, engage Jeffrey and bring him into the group, and talk about what how to work together

varn: what's the best way to engage Jeffrey? Dan or anyone else...

tzviya: start with logging issues on his repo

varn: who can/wants to do that

manu: I can do that

varn: when you do that, can you point at "this is the first run"... can you just somehow bring Matt into that, if you really want him to continue to work on that?

manu: yes and I suggest we bring Jeffrey into the WG after he's had the chance to read the specs
... sometimes good to get outsider input, and Jeffrey is a smart guy so nothing but good can come out of that

varn: when should chairs do the invite? at next meeting or?

manu: encourage him to come to *a* meeting, and we'll see which he can do

varn: ok we'll take that on
... if anyone has contact info please send to me

tzviya: I'll find it

varn: anything else on this topic?
... with that we've run out of agenda
... I will grant you the last 9 minutes to do what you will... anything else...? Otherwise, adjourned till next week

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/01/30 16:51:41 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/someone???/Matt/
Succeeded: i/varn: we need a/Topic: Web Page Updates
Succeeded: s/liam/david/
Succeeded: s/who???/Web Publishing WG/
Succeeded: s/what???/Verifiable Credentials and Web Publishing/
Succeeded: s/who2/Jeni Tennison and the TAG/
WARNING: Bad s/// command: s/he???Jeffrey Yasskin
Succeeded: s/he??/Jeffrey Yasskin/
Present: Benjamin_Young Chris_Webber Gregg_Kellogg Manu_Sporny Tzviya_Siegman Richard_Varn Nathan_George Liam_Quin David_Chadwick Matt_Larson Dan_Burnett
Found Scribe: cwebber2
Inferring ScribeNick: cwebber2
Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2018Jan/0021.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]