W3C

- DRAFT -

Verifiable Claims Working Group

18 Sep 2018

Agenda

Attendees

Present
Dan_Burnett, Bohdan_Andriyiv, Chris_Webber, Clare_Nelson, Tzviya_Siegman, Matt_Stone, Alex_Ortiz, Michael_Lodder, Bob_Burke, Yancy_Ribbens, Benjamin_Young, BrentZ, Daniel_Hardman, David_Chadwick, Kaliya_Young, Lovesh_Harchandani, Ted_Thibodeau, Tim_Tibbals, Kaz_Ashimura
Regrets
Chair
Dan_Burnett, Matt_Stone
Scribe
TallTed

Contents

Agenda review, Introductions, Re-introductions

<scribe> scribenick: TallTed

burn: the usual administrivia; review TPAC draft agenda; review stagnant issues; review pull requests...

drabiv: Bohdan Andriyiv new to this call, has been in CCG for a while

burn: no open actions... on to unassigned issues

Assign owners to unassigned issues

<burn> https://github.com/w3c/vc-data-model/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+no%3Aassignee

https://github.com/w3c/vc-data-model/issues/234 - comments on terms of use

DavidC: will take 234

https://github.com/w3c/vc-data-model/issues/233 - gap analysis

tzviya: created #233 with Joe to raise group awareness

burn: any volunteers to shepherd Gap Analysis?

stonematt: best if folks familiar with the tech named in #233 could do this

DavidC: has some familiarity, would work with someone

stonematt_: will also help

https://github.com/w3c/vc-data-model/issues/231 - context out of date

cwebber2: was doing implementation based on data model, realized some things were out of date, can give this a shot over next couple weeks

Review TPAC agenda working copy

<burn> https://docs.google.com/spreadsheets/d/1aYodpYXQg_C9zn3HcNQoMN2A_ESsArJaA4jl3x0cahE/edit#gid=975531401

stonematt_: we're looking at "2018 Schedule Suggestions" tab
... everything here came from the group; daniel and I laid things out as rough first thought
... we do have some fully open slots, and some time set asides for PRs later in the week
... no confirmation from PING yet

DavidC: there's been no progress with PING yet, just their general "yes, we'll give you feedback" which feedback hasn't arrived yet
... will ping PING again, possibly with a draft of their response for them to just sign off on -- or argue with

burn: any volunteers to help DavidC with that draft?

ClareNelson: will help

TallTed: hopefully the draft response will get a quick pass by this group before it goes to PING

<cwebber2> I'm actually nervous about signing off on a same-origin policy... I'm not sure there's any reason VCs need to be restricted to any origin

<DavidC> https://www.w3.org/TR/security-privacy-questionnaire/

cwebber2: nervous about signing off on a same-origin policy... this seems very protocol-ly
... every LD system has to pass data along, not sure how same-origin will increase security of this system

DavidC: this is more privacy than security. using pair-wise identifiers helps reduce the concern. "global ID" use would be problematic.

<Zakim> ClareNelson, you wanted to say Threat Model discussion

ClareNelson: unable to attend TPAC, still interested in contributing on "Threat Model/Trust Model/Security"
... see draft outline of interactive session at https://docs.google.com/presentation/d/153XarXO1RLQrwoseuFdqiI--EeDc8bo7O73r2aLOeF8/edit#slide=id.p1

stonematt: webex or other telecon possible?

ClareNelson: yes, that's possible

<ClareNelson> https://docs.google.com/presentation/d/153XarXO1RLQrwoseuFdqiI--EeDc8bo7O73r2aLOeF8/edit?usp=sharing

DavidC: given recent discussion levels of delegation, attenuation of rights, and related -- this might need some f2f

stonematt: "other topics" list is also on the gsheet, as time allows

burn: last call for current TPAC agenda thoughts ...

Most stagnant issues

<burn> https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc++-label%3Adefer+

burn: we did talk a bit about #93 (JOSE/JWT VCs) last week, without significant progress

stonematt: this needs some group work, as it's a Charter-related question

<kaz> issue 93

burn: it's on the "other topics" list for TPAC

https://github.com/w3c/vc-data-model/issues/162 - WebAuthn with VCs

burn: waiting on dlongley ... will ping him

stonematt: also on the list for WebCommerce joint session

https://github.com/w3c/vc-data-model/issues/47 - "3 types of claims"

burn: pinged joe and ChristopherA in July ... no update since

https://github.com/w3c/vc-data-model/issues/187 - travel use case

stonematt: on todo list, will bump it up

https://github.com/w3c/vc-data-model/issues/204 - delegated authz & vc distro

burn: can cwebber2 summarize status?

cwebber2: crux is again whether VCs are an authorization protocol. if yes, then we should have delegation, trust model, etc., with 100% trust path. if no, then <100% trust raises other issues.

<bigbluehat> current trust model text in the spec https://w3c.github.io/vc-data-model/#trust-model

stonematt: line between protocol and data model is the hard part, again, still

<Zakim> cwebber, you wanted to mention that's why this and capabilities *aren't* equivalent

cwebber2: authzn should probably be removed to another layer

burn: last minutes of call... TPAC time will be set for protocol/authzn discussion

adjourned

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/09/21 10:29:40 $