23:05:20 RRSAgent has joined #did-topic 23:05:20 logging to https://www.w3.org/2020/12/08-did-topic-irc 23:05:22 Zakim has joined #did-topic 23:05:27 rrsagent, make logs public 23:05:52 present: kdenhartog, shigeya, markus_sabadello, agropper 23:06:49 JoeAndrieu_ has joined #did-topic 23:06:56 scribe: JoeAndrieu_ 23:07:01 drummond has joined #did-topic 23:07:03 present+ 23:07:11 JoeAndrieu_ has left #did-topic 23:07:16 by_caballero has joined #did-topic 23:07:24 https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit# 23:07:28 JoeAndrieu__ has joined #did-topic 23:07:35 Present+ 23:07:41 present+ 23:07:42 Meeting: DID Special Topic Meeting 23:07:44 scribe+ 23:08:57 Orie has joined #did-topic 23:09:01 present+ 23:09:23 drummond: re: note at the beginning. 23:09:32 ... I'll work on it now and we can come back 23:09:42 agropper: Tom Jone's comment 23:10:45 joeandrieu: agreed. non-correlatable identifiers are not a thing 23:11:14 manu: can we just strike? 23:11:20 consensus: yep 23:11:30 agropper: next 23:12:26 joeandrieu: I don't understand how the comment relates to the highlighted section of text 23:13:02 identitywoman_ has joined #did-topic 23:13:06 present+ 23:13:16 hi sorry I was a bit late. 23:13:20 ... I see, if we can keep the PII out, we can minimize the lawyers 23:14:06 agropper: next 23:15:26 shigeya: based on Orie's comment, we can remove my question. 23:15:45 Orie: perhaps though, we should add more text about how services might be related to sensitive information 23:16:13 shigeya: common understanding is that the type is clearly defined; as an outsider, that wasn't clear. 23:16:39 Orie: one suggestion would be to say that we have many types of verification methods. maybe we need some concrete service types to help illustrate what we are talking about. 23:17:20 ... the fact that there is a way to distinguish them is enough for me. 23:17:28 agropper: ok. moving on. 23:18:27 ... Manu could you take a stab at replying to Tom's items? 23:18:30 manu: sure. 23:18:59 TallTed has joined #did-topic 23:19:27 agropper: LD security. Can we downgrade security settings? 23:21:10 jandrieu: seems like we don't provide any mechanisms for downgrading default browser security mechanisms 23:21:20 present+ 23:21:39 agropper: next 23:22:38 orie: public key representations and signature suites are different things 23:23:55 orie: this used to have some different text that I was responding to. I think we can just dismiss the comment completely. 23:24:20 consensus: yes, let's resolve 23:24:45 agropper: next 23:24:57 ... accepting suggestions on passive network attacks 23:25:09 ... next are some easy ones (resolving) 23:25:23 ... more editorial changes (resolving) 23:28:20 joeandrieu: we should probably say that DID Methods and DID Resolution, which define the protocols over the network, are subject to active attacks, however this specification does not define anything subject to such attacks. 23:29:21 agropper: can we move on? 23:29:26 orie: looks great 23:29:31 agropper: next 23:30:30 manu: we should talk about that 51% attack # 23:30:41 ... should really be something like 2f+1 23:33:21 joeandrieu: something that the problem applies to methods that rely on consensus 23:34:27 agropper: we're good? 23:34:39 consensus: yep 23:34:45 agropper: next 23:35:03 kdenhartog: I'm good with Orie's adjustments 23:35:08 agropper: I'm accepting it 23:35:38 agropper 3.4 also? 23:35:48 orie: yep that's a continuation of Kyle's items 23:35:58 agropper: next, legitimate misuse 23:36:17 kdenhartog: this is calling out that you can publish things about the user, that's still a misuse 23:36:47 orie: disclosing any information you aren't the rightful controller of, is a legitimate misuse. 23:37:06 kdenhartog: yes, let's call out that distinction 23:37:42 orie: note there is a link explaining the meaning of legitimate misuse 23:39:02 kdenhartog: we might want to call out contexts that use unique identifiers to identifier resolution of the did document 23:40:15 ... that is if you copy the context into your DID Document, you can trigger a resolution to that context 23:40:31 Orie: mugshots use case 23:40:47 ... about the intention to provide types for DIDs that are incorrect 23:41:07 ... that is the assignment of attributes that are not under the control of the controller 23:41:58 ... e.g., MS allows the assignment of a type property like "software package", which can be abused by a controller assigning the wrong type 23:42:35 ... There is a general category for software services that are safe harbors for criminal activity. Any public DID method is at risk for such consideration. 23:43:29 talltree: this is not something specific to DIDs 23:43:50 ... because DIDs are associated with a quality of immutability, it accentuates the potential for that kind of abuse 23:44:25 kdenhartog: we inherit these issues when methods are ledger based 23:45:32 agropper: next 23:45:51 orie: yes, we address data minimization. tell them to read the friendly spec 23:46:23 talltree: data minimization is an important consideration in this specification and we cover it extensively 23:47:11 next: 4.2 23:47:39 orie: this is pretty good. the piece about the spec registries maybe should be bolded. 23:47:59 ... anytime you take an extension your are extending the privacy set of considerations 23:48:10 agropper: ok. next 23:49:18 orie: we can maybe remove the link, if someone can vet that the URL supports the assertion. 23:49:24 consensus: yep. 23:49:46 agropper: next 23:52:13 joeandrieu: drop the feature should include any protocols. we dropped that to focus on a data model spec 23:55:13 ... perhaps listing all of the features that are optional, which are mechanisms to "drop the feature" as appropriate. 23:55:29 agropper: this is the last thing, modulo comments that came in above since our last meeting 23:57:59 kdenhartog: time check 00:01:15 manu: time's up we should wrap 00:01:24 ... a few of us can stay and wrap 00:02:03 ... 10 minutes max 00:07:02 manu: I think that's in. Adrian, are you happy taking this to the next step? 00:07:39 ... just the top section 00:07:46 joeandrieu: yep, that looks great 00:08:06 manu: adrian, can you notify the group that we are done here, so the chairs know we can engage the TAG and PING 00:08:09 agropper: yep. 00:08:14 that's a wrap 00:08:58 rrsagent, draft minutes 00:08:58 I have made the request to generate https://www.w3.org/2020/12/08-did-topic-minutes.html manu 00:09:24 rrsagent, make minutes public 00:09:24 I'm logging. I don't understand 'make minutes public', manu. Try /msg RRSAgent help 00:09:28 rrsagent, make logs public 00:09:31 rrsagent, draft minutes 00:09:31 I have made the request to generate https://www.w3.org/2020/12/08-did-topic-minutes.html manu 00:10:49 s/scribe: JoeAndrieu_/scribe: JoeAndrieu__/g 00:10:56 rrsagent, draft minutes 00:10:56 I have made the request to generate https://www.w3.org/2020/12/08-did-topic-minutes.html manu 00:25:10 kristina has joined #did-topic 01:37:47 Zakim has left #did-topic 07:32:17 ivan has joined #did-topic 09:57:11 ivan has joined #did-topic