17:05:06 RRSAgent has joined #did-topic 17:05:06 logging to https://www.w3.org/2020/12/03-did-topic-irc 17:05:08 Zakim has joined #did-topic 17:05:13 Meeting: DID WG Special Topic Call 17:05:18 rrsagent, make logs public 17:05:24 rrsagent, make minutes 17:05:24 I have made the request to generate https://www.w3.org/2020/12/03-did-topic-minutes.html manu 17:05:25 present+ 17:05:36 present+ agropper 17:05:38 present+ 17:05:38 Orie has joined #did-topic 17:05:39 present+ markus_sabadello 17:05:44 burn has joined #did-topic 17:05:53 present+ 17:06:21 present+ 17:06:29 scribe+ 17:07:03 https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit?usp=sharing 17:07:04 burn: We are going to be working on the security/privacy questionnaire... this is a working session today. 17:07:06 https://github.com/w3c/did-core/issues/291 17:08:01 q+ to summarize 17:08:35 agropper: In last email to people involved, put in a proposed resolution for all issues -- but this will time out - if we have a quorum, happy for anyone other than me to resolve issues as we go through them right now. 17:08:53 ack Orie 17:08:53 Orie, you wanted to summarize 17:08:54 ack Orie 17:09:22 Orie: I took a pass at it, hard for people to look at document - has a lot of stuff in it... let's go through accepting changes -- then make another pass on places we couldn't make changes. 17:09:30 Orie: We should highlight sticky issues remaining. 17:09:58 agropper: I'll do the clicking... should I share screen? 17:10:14 Orie: yep 17:10:39 brent has joined #did-topic 17:10:40 Orie: Manu's comment is fine for the first item. 17:10:46 present+ 17:11:09 Orie: What does type mean? There is confusion around types of service endpoints and privacy implications about service endpoint type -- we should have a section in spec about service types 17:11:16 Orie: This is a sticky issue, let's skip it. 17:11:41 Orie: I'm objecting to bring biometrics into the spec at all, risky to discuss, not directly relevant to PKI, remove any mention of biometrics. 17:11:57 +1 to remove 17:12:26 manu: Removing biometrics from spec would be aligned with direction of group. 17:12:41 agropper: Remove discussion of wallets? 17:12:44 Orie: Yes, I think so. 17:13:17 agropper: add "and accessible to an origin"? 17:13:26 Orie: DID Documents don't talk about "accessible to origin" -- 17:13:30 agropper: Private VDRs? 17:14:07 q+ 17:14:23 q+ this is about the browser leaking information... yes to joe 17:14:24 Orie: No, just taking issue with "accessible to origin" -- you're talking about Web API -- DID Documents are available to Javascript running in a web page -- don't think of information regarding VDR as being available to origin... this is a data model spec, not a browser API. 17:14:48 jandrieu: Hmm, no, this isn't about VDR... its about something else. 17:14:52 q- 17:14:55 Orie: How would origin know anything based on spec today? It wouldn't, right? 17:14:59 jandrieu: yes 17:15:12 Orie: *proposes rewording that scribe missed* 17:15:21 Discussion around rewording 17:15:59 markus: It could be about HTTP API, but it's not, right? 17:16:09 dlongley: We don't define any new fields for browsers like that. 17:16:21 agropper: I'm going to reject my comment, then... going to accept what Joe is proposing. 17:17:19 Orie: VDR configuration may be revelaed through operation, but this could be volunteering unnecessary method specific information. 17:18:08 manu: Let's not put in stuff that doesn't concern the spec... 17:18:22 present+ 17:18:38 jandrieu: I would like to be clear about security/privacy risks of methods that are specific... would like to separate DID Core from DID Method specs. 17:18:48 dlongley: Someone implementing DID Method spec should have privacy/security considerations. 17:19:02 Orie: A lot of comments i have would be easy to delete/dismiss if we could say something to the effect of what dlongley said. 17:19:16 Orie: If you're building a DID Method, you should do a security/privacy questoinnaire for DID Method. 17:19:39 q? 17:20:03 jandrieu: Some version of second bullet point I'm editing -- might want to move it up, make a general statement about DID Methods. 17:20:11 Orie: That would address a number of my concerns. 17:20:52 Orie: You can delete my 2.6 proposed changes, jandrieu will cover that. 17:21:04 jandrieu: Ok, I think text is ready to go for 2.6 17:21:33 Orie: The ifnormation revealed is vague... covered by paragraphs above. 17:22:11 shigeya: I think this is more clear, reworded it... section 2.7 rephrasing. 17:22:46 dlongley: This spec does not allow origins to access sensor data. This spec is a data model, no APIs for device access. 17:23:39 manu: A lot of these questions are based on assuming that application is running browser... which doesn't apply to us. 17:23:48 dlongley: Yes, a lot of this stuff falls under this category. 17:24:34 Orie: Section 2.8 -- security and privacy considerations section... 17:24:48 dlongley: I think we should delete the entirety of 2.8 - it does not reveal information to origin. 17:25:15 agropper: Ok 17:25:34 dlongley: We should say this is a data model spec... there is no mechanism to deliver anything to an origin. 17:25:49 burn: Yes, we need to put more than "None" -- we need to explain. 17:27:35 Group updates text in 2.8 17:27:55 Group moves on to 2.9 17:28:00 Orie: We should probably do the same thing here. 17:28:52 Group working on 2.10 17:29:08 Updates 2.10 to note that this is a data model specification. 17:29:32 Orie: looking at 2.12 -- create/expose -- don't know if create is method-specific, I think it is? 17:29:38 Orie: No, spec doesn't create any identifiers? 17:29:51 jandrieu: We should be explicit, identifier creation is domain of DID Methods. 17:30:06 present+ 17:30:11 present+ dlognley 17:30:14 present+ brent 17:30:18 present+ burn 17:30:22 present+ ned 17:30:24 present+ Orie 17:30:27 present+ rhiaro 17:30:32 present+ shigeya 17:30:42 Orie: We should delete the examples, they invite confusion. 17:30:45 rrsagent, draft minutes 17:30:45 I have made the request to generate https://www.w3.org/2020/12/03-did-topic-minutes.html manu 17:31:05 chair: burn 17:31:17 burn: This one, unlike the other ones... may seem like a cop out 17:31:22 dlongley: we may want to put examples back 17:31:39 dlongley: we expect DID Methods to create ids that could be expressed in data model. 17:31:54 jandrieu: We should add -- this spec doesn't expose information to the web. 17:32:23 Group struggles with tooling 17:33:00 Group continues to word smith section 2.12 -- jandrieu adding wording about not exposing identifiers. 17:33:07 present+ jricher 17:33:14 agropper: Does that look good? 17:33:15 burn: yes 17:33:29 orie: I'm not sure I interpreted context correctly... 3rd party contexts... 17:34:04 dlongley: We don't have any interaction models... first and 3rd party context -- first party is when you visit website by typing location into browser bar. 3rd party is embedded iframe... we don't do anything w/ first or 3rd party contexts. 17:34:20 orie: Last paragraph invites confusion... 17:34:29 orie: would suggest deleting it in 2.13 17:36:01 More struggles with tooling 17:36:17 agropper: moving on 2.14 17:36:29 Orie: dlongley fixed it, accept his suggestion. 17:36:34 Orie: 2.15 we might want to point out Method-specific sections as relevant. 17:37:22 dlongley: Does this capture both Orie and jandrieu's concerns? 17:37:50 Group moves on to 2.16 17:40:11 Group makes changes to 2.16... moves on to 2.17 - 17:40:17 Orie: This is DI DMethod specific... 17:40:26 jandrieu: No, looking at 2.16. 17:40:54 jandrieu: Our most authoritative feedback is about our technology not other people's technology 17:41:25 dlongley: Should this spec have extension points, questions should be asked about those extension points. 17:41:34 jandrieu: It should have asked about dependencies. 17:41:59 Orie: Should we talk about registry and it's potential danger to the spec? Drift? Highlighting a spec security issue? 17:42:13 agropper: We definitely don't want to hide that... central issue should be stated here. 17:43:06 manu: the last time these questionnaires were discussed, 2.17 is a temperature check on whether the security and privacy folks are asking the right general questions, we may or may not want to say not all specs are about the browser and many questions asked are about the browser 17:43:29 ... if you can go down the entire thing and say does not apply and we have a giant security and privacy seciton it's an indication the'yre not asking the right questions 17:43:32 scribe+ 17:43:54 jandrieu: What they could have asked is "does this specification expose private information w/o reference to origin or browser." 17:44:10 manu: yep 17:44:17 Orie: It's still DID Method specific... 17:44:37 orie: Other sections in here wrt. correlation wrt. reuse. 17:44:55 https://www.w3.org/TR/security-privacy-questionnaire/#missing-questions 17:46:07 orie: origins don't apply and DID Method specs are important. 17:46:30 agropper: I'm not in favor of deleting things w/o other people on call... either we should make them sub bullets or involve the other people. 17:46:41 Orie: I agree with you agropper, after reading through them again. 17:46:49 jandrieu: I'd like to turn them into questions. 17:46:59 jandrieu: How would we frame the question -- 17:47:50 jandrieu: We could turn public/protected networks into more general question. 17:48:30 present+ 17:49:14 dlongley: trying to ground this in a way that elicits people to put information in in a certain way. 17:49:31 dlongley: are you doing data model spec that let's you express information in this way? How should you be careful about doing that/ 17:49:59 jandrieu: Any information could be expressed on public/protected network -- is spec encouraging/enabling information -- you should consider what your DID Method is publicly disclosing. 17:50:28 Orie: There are DID Methods that don't publicly disclose things, and there are DID Methods that do publicly disclose 17:50:41 Orie: We don't want to make the mistake of saying ALL DID Methods disclose stuff publicly. 17:50:56 jandrieu: We should state public disclosure is a topic that DID Methods should discuss. 17:51:07 dlongley: The first thing is about calling it out. 17:51:48 Riveting discussion about quote styles. 17:52:51 Orie: The PII question is captured in bullet point above in 2.17 -- folks might want something more specific. Specification attributes might be considered PII? 17:53:34 burn: We have 7 minutes left, we're only about 50% of the way through -- this is a productive session, but we'll need more time. 17:54:33 agropper: Rubrics document might be useful here.. 17:54:59 orie: There is a section on illegitimate use later on, which might be good. Revocation is a method-specific thing. 17:55:15 agropper: We might want to say things about GDPR revocation... 17:55:22 Orie: We may want to say something about immutability. 17:55:34 Orie: Are there immutability data retention issues about data model spec... 17:55:47 Orie: This addresses deletion and revocation more generally. 17:56:50 jandrieu: I think they missed an opportunity to answer these questions... 17:56:57 manu: They'll ask us, usually... 17:57:43 jandrieu: You could ask, have you had an external security review / formal security review? 17:59:24 Orie: 3. Threat Models -- each representation creates its own attack surface... 17:59:39 Orie: Suggested changes, DID Method implementations are responsible for addressing own threat models. 18:00:16 jandrieu: You shouldn't resolve contexts in a production system... 18:00:29 Orie: Wayne is making a method-specific threat model 18:00:42 jandrieu: Not sure it's method specific -- really client that says it's not resolvable... 18:00:48 Orie: We should delete Wayne's comment... 18:00:58 jandrieu: Oh, I thought you were saying integrate it. 18:01:11 Orie: No, we should speak to it though... about DID Methods. 18:01:18 jandrieu: I like second bullet point. 18:01:49 jandrieu: Explaining that it's the DID Methods job to say something is good. 18:02:03 rrsagent, draft minutes 18:02:03 I have made the request to generate https://www.w3.org/2020/12/03-did-topic-minutes.html manu 18:03:07 brent: Hallmark of a good meeting is when we go over and no one has said anything. Thank you all, this was great progress. 18:03:11 rrsagent, draft minutes 18:03:11 I have made the request to generate https://www.w3.org/2020/12/03-did-topic-minutes.html manu 18:04:01 present- jricher 18:04:04 rrsagent, draft minutes 18:04:04 I have made the request to generate https://www.w3.org/2020/12/03-did-topic-minutes.html manu 19:13:11 @manu why did you present- me? 19:13:14 I was on the call 20:07:26 Zakim has left #did-topic 20:18:21 justin_r: because I present+ jricher when you appeared... and then you present+'d yourself.... and then showed up twice in the attendees list, so I present-'d jricher so that you'd only show up once :) 20:18:39 justin_r: I was doing my post-cleanup of the minutes and noticed the error and fixed it. 20:19:18 justin_r: The newest minutes shows you in attendance under the IRC nick that you present+'d -- https://www.w3.org/2020/12/03-did-topic-minutes.html 20:21:28 gotcha, thank you 20:24:08 np :)