14:20:32 RRSAgent has joined #vcwg 14:20:32 logging to https://www.w3.org/2022/06/29-vcwg-irc 14:20:34 RRSAgent, make logs Public 14:20:35 please title this meeting ("meeting: ..."), ivan 14:21:08 Meeting: Verifiable Credentials Working Group Telco 14:21:08 Chair: brent 14:21:08 Date: 2022-06-29 14:21:08 Agenda: https://www.w3.org/events/meetings/488e0b10-2126-4ebd-b898-9cc709b2b01e/20220330T150000 14:21:08 ivan has changed the topic to: Meeting Agenda 2022-06-29: https://www.w3.org/mid/3e013654419130b74165cd0a823979d4@w3.org 14:58:23 present+ 14:59:04 present+ Songpu_Ai 14:59:19 present+ mprorock 14:59:36 present+ selfissued 15:00:30 present+ manu 15:00:36 present+ kristina 15:01:04 present+ brent 15:01:04 present+ justin 15:01:09 present+ davidc 15:01:24 present+ kevin 15:01:38 justin_r has joined #vcwg 15:01:58 brent_ has joined #vcwg 15:02:03 present+ shigeya 15:02:12 present+ markus 15:02:31 present+ 15:02:57 mprorock_ has joined #vcwg 15:03:00 shigeya_ has joined #vcwg 15:03:00 present+ 15:03:03 present+ 15:03:04 present+ elfors 15:03:09 gnatran has joined #vcwg 15:03:09 present+ 15:03:13 kristina has joined #vcwg 15:03:33 DavidC has joined #vcwg 15:03:38 present+ 15:03:38 present+ 15:03:46 oliver has joined #vcwg 15:03:47 TallTed has joined #vcwg 15:03:49 present+ oliver_terbu 15:03:56 Will_Abramson has joined #vcwg 15:04:13 present+ Will_Abramson 15:04:26 scribe+ 15:04:32 markus_sabadello has joined #vcwg 15:04:43 phila_ has joined #vcwg 15:04:53 JoeAndrieu has joined #vcwg 15:04:55 brent: Agenda review... introductions, schedule of meetings, participation renewal, scope of work, RCH WG, and editorship. 15:04:59 awhitehead has joined #vcwg 15:05:02 KDeanGS1_ has joined #vcwg 15:05:04 dmitriz_ has joined #vcwg 15:05:05 present+ joeAndrieu 15:05:16 present+ nadalin 15:05:22 Marty_Reed_ has joined #vcwg 15:05:34 brent: Any changes to the agenda? 15:05:42 No changes recommended. 15:05:44 present+ tallted 15:05:49 Topic: Introductions 15:05:56 present+ phila 15:06:13 present+ 15:06:19 present+ dlehn 15:06:41 brent: Hi, Brent Zundel, one of the CHairs of the group, work for Avast... acquired Evernym, who I worked for -- only difference now is not worrying about existential threats to livelihood :) 15:07:03 present+ 15:07:26 kristina: Hi, Kristina Yasuda, one of the Chairs of the group, work at Microsoft's Identity Standards team, honored to join this wonderfully intelligent group. 15:07:34 selfissued has joined #vcwg 15:07:39 present+ 15:07:49 dmitriz__ has joined #vcwg 15:07:53 present+ 15:08:13 ivan: Hi, Ivan Herman, W3C Team and staff contact for this WG... I am staff contact for DID WG as well, I also work on EPUB at W3C (digital publishing), been at W3C for a very long time. I also worked on Semantic Web back then. 15:08:57 selfissued: I'm Mike Jones, work on Identity Standards at Microsoft, have privilege to work on a number of things that have succeeded like JWTs and OpenID Connect and password stuff and decentralized things. I have worked on things like Infocard and have learned from that as well, pleased to be with this great group of people. 15:09:05 present+ awhitehead 15:09:29 dmitriz__ has joined #vcwg 15:09:53 phila: Hi, Phil Archer, work at GS1 people that do the barcode, also worked at W3C, interested in cross-border, supply chain, also co-chair RCH WG - hope to have something prepared to say before Brent asks me to talk about that :P 15:10:18 s/password/passwordless/ 15:10:35 awhitehead: Hi Andrew Whitehead, working with VCs for a few years in British Columbia, Pratage Cybertech, wanted to get involved with WG. Looking forward to more privacy preserving features in WG. 15:10:57 dlongley: I'm Dave Longley, CTO of Digital Bazaar, been working on standards with many of you for a while, co inventor of VCs and DIDs. 15:11:05 present+ dlongley 15:11:07 present+ 15:11:35 DavidC: Hi David Chadwick, originally a professor at University of Kent, working on standards, x509, created spinout to do VCs a few years ago, then got acquired by Crossword Cybersecurity, now R&D director for identity. 15:11:58 dlehn: Hi David Lehn, work at Digital Bazaar, working on standards and implementations for years along with rest of DB folks here. 15:12:09 present+ dmitriz 15:12:41 dmitriz: Hi Dmitri Zagidulin, been working on DIDs and VCs for several years, tech lead at MIT Digital Credential Consortium, also CTO of Hyperconstruct, building VCs and DIDs for VR and metaverse. 15:13:07 present+ gnatran 15:13:39 gnatran: Hi Gregory Natran, work with Andrew, work with public sector and interest in VCs and replacements for licenses and permits and cards that they put in our physical wallets. THat's the primary interest, part of decentralized identity and security aspects -- collecting great gobs of info in less than secure infrastructure. 15:14:00 present+ JoeAndrieu 15:14:16 jandrieu: Hi, Joe Andrieu, Principal for Legendary Requirements, also Editor of VC/DID Use Cases, and VC API, looking at moving that information into this group. 15:14:48 jricher: Hi, independent consultant working on behalf of Avast/SecureKey, been working on OAuth, OpenID COnnect, JOSE, also involved in first edition of VC WG and DID WG and plan to continue to contribute. 15:15:00 scribe+ 15:15:05 present+ KDeanGS1_ 15:15:09 KDeanGS1: Hi Kevin Dean at GS1, technical oversign on GS1 standards, playing w/ VCs for last couple of years. 15:15:32 scribe+ brent_ 15:16:06 manu: HYi, Manu Sporny, CEO of Digital Bazaar. One of the first working with DIDs and VCs, I'm editor of first VC spec, along with a number of tother specs related to VCs. Really looking forqward to working with so many talented folks over the next two years. 15:16:22 s/HYi/Hi/ 15:16:55 markus_sabadello: Hi, Markus Sabadello, Founder and CEO of DanubeTech, working on DIDs and VCs, working on digital identity projects around the world, one of the Editor's of DID Core, also Co-Chair of RCH WG, looking forward to participate in this group and align with RCH WG. 15:18:08 Marty_Reed_: Hi, Marty Reed, CEO of RANDA Solutions, fairly new to work 3-4 years, RANDA has an open credential publisher and statewide platforms for teacher records, also Chair of 1EDTech CLR learner record standard. Looking to align those specifications with VC specification. Interesting thing about CLR, its a nested VC approach, looking forward to participating/contributing, and further aligning specs across ecosystems. 15:18:26 nadalin: Tony Nadalin, co-chair of WebAuthn WG, work on standards, don't participate in IRC. 15:18:38 present+ nadalin 15:19:11 oliver: Hi Oliver Terbu, I'm standards architect, engineer, representing Spruce Systems, working on SSI data storage and identity solutions, also involved in DIF, worked on ISO-18013-5, and other identity related technologies for about 10 years. 15:19:39 present+ sebastianelfors 15:20:17 sebastian: Hi Sebastian Elfors, senior architect at IDNow, active in FIDO Alliance, EUDI wallet subgroup, also editor of whitepapers, also involved in WebAuthn, also member of EBSI contributor for EU Wallet, also member in Hyperledger, creating wallet using WACI/DIDComm, also working on DID Method for ??? signatures, which we'll submit to DID WG soon. 15:20:19 present+ shigeya_ 15:20:44 shigeya: Hi Shigeya Suzuki, professor at Keio in Japan, I've been contributing for 30 years, applying identity tech to make everyone's life easier, thank you. 15:21:34 aisp: Hi Songpu Ai, working of Academy for Information Technology, interested in working doing research with ICT technologies, made a DID Method and making VC tech and relative applications, happy new charter is passed and looking forward to working with everyone. 15:22:46 It is appreciated TallTed :-) 15:22:50 TallTed: Hi Ted Thibodeau, at OpenLink Software and working w/ W3C, if it involves identities or data manipulation or decentralization, I'll be there... I help w/ lots of editorial cleanup. :) 15:23:16 present+ Will_Abramson 15:23:17 abramson: Hi I'm Will Abramson, representing Digital Contract Design, haven't particpated much in standards but looking forward to participating. 15:23:54 mprorock: Hi Mike Prorock, Founder and CTO and Mesur.io, working on open source intelligence, cross broder trade, use VCs for customers for large enterprise and government, pesticides and herbicides to food traceability. 15:24:00 brent: Did we miss any introductions? 15:24:04 Doesn't look like it. 15:24:12 Topic: schedule of meetings 15:24:53 brent: We will have a meeting at this same time every 2 weeks. Then 1pm ET every other week, we'll alternate between slightly friendlier for EU and slightly friendlier for APAC. That is the anticipated schedule moving forward. 15:25:50 brent: In addition to regular calls, we'll have special topic calls, no time and day yet, open to suggestions, once we select a time, that will be the time for the special topic call, when there is a special topic, we'll discuss it during that time. That allows us to have a much more narrow focus/broader discussion on specific topic, overcome blockers, etc. Or just to get everyones takes/opinions, get better compromise progress. 15:26:13 brent: First F2F meetings will be during W3C TPAC this year, please go to TPAC, VCWG will be Thu/Fri. 15:26:36 brent: TPAC is in Vancouver, but will be Hybrid for those that can't travel, so you can tune in and remote participation is effective as possible. 15:26:38 what are the dates of TPAC? 15:26:41 brent: Any concerns/suggestions? 15:27:03 selfissued: Are we going to alternate w/ WebAuthn in the past? 15:27:19 brent: We picked the same dates/times so it works well for WebAuthn. 15:27:46 brent: TPAC is September 12th-16th 15:27:55 Topic: participation 15:28:23 brent: If you have not yet rejoined the WG under the new charter, that needs to happen... 28 days after first day of charter approval, you will be kicked if you have not rejoined. 15:28:41 q+ 15:28:52 brent: Any concerns/questions, reach out to Chairs/Ivan. We need you to formally join and make IPR commitments. Any questions around that before we move on to primary topic? 15:28:56 ack phila_ 15:29:25 phila: Kevin and I are in the WG and signed up, at least a few colleagues will join us in Vancouver, if I bring other people, can they come to TPAC w/o signing IP agreement? 15:29:55 brent: Individuals representing organization, AC Rep makes commitment on participant AND company... each participant needs to join as well. Yes, they really should be actual members of the WG. 15:30:08 brent: All they need is a W3C account and association. 15:30:31 phila: There is one person that I want to bring along, talk w/ other developers, but not going to join these calls regularly... join then unjoin. 15:30:42 ivan: Number of peopel in WG is significantly higher than people on the calls regularly. 15:31:12 ivan: Lurkers on the group to listen remotely via email/github to see what's happening, no problem if they join but don't show up and actively participate. 15:31:22 Topic: Scope of Work 15:31:27 https://www.w3.org/2022/06/verifiable-credentials-wg-charter.html 15:31:31 brent: We are going to start off by looking at charter 15:31:51 TallTed has joined #vcwg 15:32:11 brent: We have a potentially broad scope of work for this WG, but we are going to focus our primary efforts on two normative specifications, first is VC 2.0 data model. A definition of 2.0 data model, serializations of that data model, replacement of v1.1 recommendation. 15:33:00 brent: The other specification is "Securing Verifiable Credentials 1.0" - a number of accurate criticisms of first version of VC data model that proof section is underspecified and then we don't say much more than that. Securing VCs is our answer to "What should go int he proof section and how do you get there?" 15:33:04 q+ 15:33:11 ack oliver 15:33:27 +1 brent - proof structure and details are a critical item, especially for interop 15:34:11 oliver: It would be great to have a more defined proof property in VCDM, also raised something on holder binding, no normative definition to verify that someone was same person that issuer made claims about... common use case, holder gets credentials, present to relying party and holder is in control, rightful person that owns them, we might tie that into that conversation. 15:35:11 brent: Those two are the normative specifications, we have a number of conditional normative specifications... ones that normatively rely on other specifications outside of this group... and we don't have any control being able to point to JWPs or BBS+, for example. 15:35:39 brent: There are some other normative specs that we might choose in same general category, externally standardized cryptographic primitives that we might want to refer to. 15:35:57 selfissued: A BOF to work on JWP was approved at IETF next month, please participate next month if you're there. 15:36:01 +1 mike - will be there 15:36:29 brent: Next thing we might do, create a set of registries, charter text around registries is vague... we may do this, if we do, we might have definitions and tables. 15:37:05 brent: Caveat with registries, anywhere we have a registry, an extension point that's mandatory, property in spec that we say "MUST be here" there must be ONE standardized entry for that. For interoperability purposes. 15:37:08 q+ 15:37:20 brent: if we do registries, there might be some rules there. 15:37:23 scribe+ 15:37:31 ack manu 15:38:23 present+ shawn 15:38:26 manu: I hesitate to bring this up, there's some amount of interpretation around mandatory there. We don't have any mandatory fields. We don't have to define anything, however, I think we should shoot for a higher bar than that. I think we should be looking at things like the credential status field, the schema field, and trying to do our best to point to specs that are implemented and have test suites. 15:39:01 manu: I don't know if we have, for example, if we look at status list ... I don't know how much of that we can define without getting into protocol. So, there's a question around whether things in the registry need to have to implementations or do we need to rigorously define everything. 15:39:10 manu: That's what Google wanted, but I don't know what others want or where that leaves us. 15:39:21 manu: I don't know what the strict requirements around registries are there. 15:39:31 brent: This is a good place to remind everyone of email that manu sent, relationship of different deliverables and specs w/ one another. 15:39:36 brent: Please check that out. 15:39:53 brent: Any other comments on deliverables? Run through of non-normative deliverables that we anticipate. 15:41:26 brent: Non-normative deliverables, WG notes, other documents we might produce, we will probably have test suites, we'll probably publish a note about presentation request, various protocols that can be used w/ presentation request, how do we store/share VCs? We could have note about greater privacy guidance around VCs? We got some accolades on privacy considerations section so detailed, so breaking that out into NOTE is a possibility, how do we bind 15:41:26 multilingual resources, how to present credentials, or developer guide -- guidance for implementation and best practices, some VC API or OIDC protocols, how do we do exchange over GNAP. 15:42:03 brent: These are all possibilities, we also have within our scope to update NOTEs previously issued, implementation guides, and the like. That's the charter defined scope for the WG, according to deliverables section, read through scope so we're all on the same page. 15:42:19 brent reads scope statement and out of scope statement from latest VCWG Charter. 15:42:36 Building on the experience gained through implementation, deployment and usage of Verifiable Credentials (VCs), this Working Group will extend Verifiable Credential foundations with new standardized technologies to improve the use of this technology on the Web. 15:42:37 The scope of the Verifiable Credentials Working Group is: 15:42:37 Addressing errata, ambiguities, and interoperability problems found in previous versions of the Verifiable Credentials Data Model 15:42:38 A data model for Verifiable Credentials, inclusive of: 15:42:40 Credentials and Verifiable Credentials 15:42:42 Presentations and Verifiable Presentations 15:42:44 requests for or submissions of Verifiable Credentials or Verifiable Presentations 15:42:46 Registries for the data model to support extension points in the normative deliverables. 15:42:48 Algorithms for the expression and verification of proofs that use existing cryptographic primitives 15:42:50 Refining multilingual support in the data model 15:42:52 It is explicitly not a requirement that the new specifications be fully compatible with related past specifications. 15:43:04 brent: Out of Scope includes 15:43:09 The following features are out of scope, and will not be addressed by the Verifiable Credentials Working group: 15:43:10 The mandate of any specific style of supporting infrastructure, such as a Distributed Ledger (DLT), for a Verifiable Credentials ecosystem 15:43:10 The specification of new cryptographic primitives 15:43:11 The normative specification of APIs or protocols 15:43:31 q+ 15:43:37 brent: We do plan to non-normatively work on APIs and protocols 15:43:44 brent: This is ambitious, but do-able. 15:43:46 ack phila_ 15:44:42 phila: No question around scope, but wonder ... GS1 community represented here... there are multiple ways of doing VCs, individual people will champion one way over the other, but as an organization with a global reach, the fact that there are multiple ways is a barrier to adoption... one toolchain, two, three, four, does this group whittle down those number of choices? Do we hope to do that? 15:44:56 phila: Is that something that others in the group hope to achieve? 15:44:57 q+ 15:45:01 ack mprorock_ 15:45:02 kristina has joined #vcwg 15:45:13 great question Phil 15:46:05 q+ 15:46:20 mprorock: I think that's a great concern taht you brought up, we run into that in international scenarios, same overlap with traceability -- profile aspect seems to work, a subset of required security/privacy/other aspects, limit down broadness to work with specific type of scenario. I do think the more we can be mindful of adoption, the better off we're going to be. System to system vs. where you have a human in the loop, different scenarios in 15:46:20 practice, what works in one scenario might not work in a different one. 15:46:21 ack brent_ 15:47:44 brent: With Chair hat off, I share that concern, we want interop to be real, we want to increase the usefulness of the specification. With my chair hat on, going to paraphrase, the criticism of our charter and previous work levied by some companies is that the specification as written does not allow for true interoperability. We haven't firmly enough proven interoperability. If you have a registry, it needs to point to actual standards and 15:47:44 implementations. There has been an unspoke promise that if we can't demonstrate real interop to a level that's acceptable, they've already promised formal objections to our work. 15:47:52 brent: From a Chairs perspective, this is very much in mind. 15:47:53 q+ 15:48:13 brent: Whether they're in the group working on the spec, those imlementations would be compatible with one another. 15:48:20 ack manu 15:49:11 manu: In order to try and address that, Phil, Digital Bazaar has already started creating very specific test suites, modular test suites for Verifiable Credentials feature sets. We already do have a test suite that tests against the specification during the 1.0 work. During the 2.0 work we're working on test suites to test things like StatusList2021. That's a specific feature and if you implement it you should be able to pass the test suite. 15:49:57 manu: Already these test suites exist, we've been working on them for the past year, we plan to transition them with the working group and we already have interop from implementations on those test suites. Those test suites won't be finalized until we're in CR. So if someone comes in and says you haven't demonstrated "real interop" ... 15:50:38 manu: We've noticed people don't mean the same thing / have the same definition of "real interop" ... we're looking for actual implementations that are going to or are in production that implement VCs. We'll be actively contributing to test suites that meet that level that these orgs are asking for. 15:50:43 phila_: Thank you, Manu. 15:50:50 Topic: A few words about RCH WG 15:51:05 brent: Let's hear about the RDF Dataset Canonicalization WG 15:52:13 selfissued_ has joined #vcwg 15:52:50 phila: The RCH WG is what came out of the draft chartering process for Linked Data Integrity, 2nd normative deliverable was going to be in that WG, but its now in this WG. Markus is the security person and I have a history in Linked Data, that's the idea of the two of us doing it. I know more about Linked Data than Cryptography, the group isn't yet formed, no schedules yet, but it is really about the thing that matters in this group -- you have a VC 15:52:50 expressed as JSON-LD, in order to digitally sign, you have to canonicalize that, there exist methods to do that, develop that into W3C standard so we have a way to canonicalize in RDF and sign the data. 15:53:26 phila: We believe the people likely to be interested in that are on the call here, will be interesting to know how many of you will participate in that group, whether anyone outside VC world will participate, we don't know... 2 hours will be used to focus on RCH WG. 15:54:30 markus_sabadello: I agree with what you said. Relationship between two groups -- one of the deliverables of VCWG as brent explained is securing VCs, the RCH WG will define building blocks for Data Integrity cryptosuites in VCWG. 15:55:53 markus_sabadello: Not all proof mechanisms will use RDF Dataset Canonicalization and Hashing, but some will. Canonicalization and Hash work is important for securing VCs, but can be used for other things (like dataset diffing)... the way I think about RCH WG, it's a well defined, narrow scoped building block for use with VC WG and broader Linked Data ecosystem. 15:56:02 phila: Any quick questions? 15:56:08 q+ 15:56:18 ack manu 15:56:48 Topic: Editorship 15:57:18 brent: This is about contributing, our primary goal is to create specifications. We cannot do that without people in the group willing to step up and serve as Editors. Manu can you talk about primary roles of editor? 15:58:29 manu: So the role of an editor is pretty simple in theory. You listen to what the WG says, you see where there might be or is consensus, and you try to write spec text that reflects the consensus view. You listen to people and you write stuff down. The other part is reviewing PRs that other people submit to change text. You make sure the PR works with the rest of the spec and merge those things down when they match the will of the group. 15:58:35 this is the right place to track RCH WG, right? https://github.com/w3c/rch-wg-charter 15:58:50 manu: If you're going to edit, you must minimally show up to the calls and spend 1-2 hours a week of work to do and show up to editor calls, if any. 15:59:00 manu: 2-3 hours a week, minimally of time commitment. 15:59:18 I'd say maybe closer to 5 hours per week . . . 15:59:59 manu: It's very rewarding to get all this stuff together, get the entire group behind the thing we've collectively created, and push out a global standard that will impact the lives of many people around the world. If you've never edited before, please step forward and be an editor, or at least step forward and contribute text. For example, I love Ted's suggestions. He nitpicks and make every spec better. He improves readability and 15:59:59 understandability on every spec he contributes to. 16:00:14 manu: If you're editing, you keep an open mind, you listen to everyone and write down what you think the group agrees to. 16:00:40 brent: No call next week, we'll meet again in two weeks, thank you all for being here -- excited to get work started. 16:00:50 brent: Ya'll are fantastic, this is going to be great! 16:01:05 rrsagent, draft minutes 16:01:05 I have made the request to generate https://www.w3.org/2022/06/29-vcwg-minutes.html ivan 16:01:45 zakim, end meeting 16:01:45 As of this point the attendees have been ivan, Songpu_Ai, mprorock, selfissued, manu, kristina, brent, justin, davidc, kevin, shigeya, markus, mprorock_, brent_, elfors, shigeya_, 16:01:49 ... oliver_terbu, Will_Abramson, joeAndrieu, nadalin, tallted, phila, dlehn, gnatran, markus_sabadello, awhitehead, dlongley, dmitriz, KDeanGS1_, sebastianelfors, shawn 16:01:49 RRSAgent, please draft minutes 16:01:49 I have made the request to generate https://www.w3.org/2022/06/29-vcwg-minutes.html Zakim 16:01:52 I am happy to have been of service, ivan; please remember to excuse RRSAgent. Goodbye 16:01:53 rrsagent, bye 16:01:53 I see no action items