15:02:26 RRSAgent has joined #trust-origin 15:02:30 logging to https://www.w3.org/2024/09/25-trust-origin-irc 15:02:30 RRSAgent, do not leave 15:02:31 RRSAgent, make logs public 15:02:32 Meeting: Trust the Origin, Trust the Content - Originator Profile 15:02:32 Chair: Michiko Kuriyama, Shigeya Suzuki 15:02:32 Agenda: https://github.com/w3c/tpac2024-breakouts/issues/90 15:02:32 Zakim has joined #trust-origin 15:02:33 Zakim, clear agenda 15:02:33 agenda cleared 15:02:33 Zakim, agenda+ Pick a scribe 15:02:34 agendum 1 added 15:02:34 Zakim, agenda+ Reminders: code of conduct, health policies, recorded session policy 15:02:34 agendum 2 added 15:02:34 Zakim, agenda+ Goal of this session 15:02:35 agendum 3 added 15:02:36 Zakim, agenda+ Discussion 15:02:36 agendum 4 added 15:02:36 Zakim, agenda+ Next steps / where discussion continues 15:02:37 agendum 5 added 15:02:37 tpac-breakout-bot has left #trust-origin 15:12:23 tantek has joined #trust-origin 15:18:07 dom has joined #trust-origin 15:26:53 naomi has joined #trust-origin 15:27:56 shiestyle has joined #trust-origin 15:29:00 mgarrish has joined #trust-origin 15:29:07 kazho has joined #trust-origin 15:29:25 dynamis6 has joined #trust-origin 15:29:32 present+ Kazuhiro_Hoya 15:30:04 shigeya has joined #trust-origin 15:30:21 hiroki_endo has joined #trust-origin 15:30:27 Present+ Dominique Hazael-Massieux, Chris_Needham, Martin_Thomson, Rick_Byers, Anthony_Nadalin 15:30:39 present+ 15:30:43 cpn has joined #trust-origin 15:30:44 present+ dom, sheistyle, tantek, shigeya, kurosaka, Jay, osamu, mgarrish, Jun, hiroki_endo, oomata, dynamis6, 15:30:53 present+ Chris_Needham 15:30:54 Michiko: welcome to OP breakout session 15:31:03 Present+ Max_Gendler 15:31:09 ... to our discussion we welcome your input 15:31:18 ... to explore our solution 15:31:37 rbyers has joined #trust-origin 15:31:41 [Michiko explains slides] 15:31:44 mt has joined #trust-origin 15:31:57 gendler has joined #trust-origin 15:31:58 ohmata has joined #trust-origin 15:32:01 present+ 15:32:29 ... if this fake informatioon distributed, people will get trouble 15:32:37 ... how we can avold this kind of situation 15:32:48 Present+ Leonie_Watson, Wendy_Reid, Tzviya_Siegman 15:33:02 ... technology can and should help that 15:33:15 ... OP collabolated with partnership, established 2023 15:33:30 ... including local newspapers, publishers, etc 15:33:44 ... global orgs are participating as well 15:33:51 Jay has joined #trust-origin 15:34:50 wendyreid has joined #trust-origin 15:35:03 [Michiko shows an example of Yomiuri shimbun online] 15:35:08 present+ 15:35:47 ... in a further small window, you can see info which can be seen easy way with safe way 15:36:00 [we are watching a video how OP works] 15:36:22 tzviya8 has joined #trust-origin 15:36:31 present+ 15:36:52 ryuichi has joined #trust-origin 15:37:45 Bert has joined #trust-origin 15:38:15 present+ ryuichi, Wendy_Reid, Leonie_Watson, Daisuke_Kodajima, Bert, Takahiro_Aritaki 15:38:30 was that 2 trillion USD or JPY? big difference between the pictures and words 15:42:18 kaz has joined #trust-origin 15:42:24 q? 15:42:40 rrsagent, make log public 15:42:41 Michiko: mt, 2 trillion is JPY. We will share the video and materials later 15:42:44 rrsagent, draft minutes 15:42:45 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 15:42:52 estark has joined #trust-origin 15:42:52 duga has joined #trust-origin 15:42:59 Shigeya: about design of OP 15:43:15 ... we are adding content attestation, not only the entire web page 15:43:26 present+ Kaz_Ashimura 15:43:34 present+ 15:43:34 ... 1, identity, data model and presentation 15:43:42 ... government info as well 15:43:59 i|welcome to OP|topic: Organization| 15:44:04 ... OP is bit generalize to the web pages 15:44:11 present+ 15:44:12 rrsagent, draft minutes 15:44:13 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 15:44:22 ... inside of content attesttation set, it provides proof and link to sites 15:44:37 ... which consists of key materials and @1 15:44:45 present+ 15:45:12 scribenick: kaz 15:45:20 rrsagent, draft minutes 15:45:21 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 15:45:27 is this technical material available anywhere? The o-p website still says that English material is not available yet 15:45:46 s/key materials and @1/Core Profile, Web Media Profile and one more Profile Annotations/ 15:46:00 i/welcome to/scribenick: naomi/ 15:46:26 i/about design of/topic: Technical explanations/ 15:46:36 rrsagent, draft minutes 15:46:38 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 15:46:48 shigeya: (talks about the key points) 15:46:57 ... Identity 15:47:16 ... OP includes both human redableand machine processabile information 15:47:54 ... consisting of Core Profile, Web Media Profile and Profile @@@ 15:48:03 s/redableand/redable and 15:48:12 ... Presentation 15:48:29 ... implemented as browser extension 15:48:37 ... Baseline Governance Framework 15:48:48 ... profile issuers for initial deployment 15:48:55 s/processabile/processable 15:49:21 ... core profile, app-specific profile and organization profile 15:49:47 ... JP newspapers, 3rd-party embership certification 15:49:56 ... Chain of Trust and Machine Processing 15:50:20 ... designed to allow lightweight decision making 15:50:50 ... OP consumers can decide whether accept of reject 15:51:29 ... Gaps OP fils 15:51:38 ... identity vs X.509 PKI 15:52:01 ... scalability challenges there 15:52:05 ... Development Status 15:52:17 ... initial development done 15:52:26 ... 3 phases 15:52:43 ... 1. limited number f media outlets 15:53:01 ... 2. outlet via aggregators, digital ads 15:53:07 ... 3. local gov outlets 15:53:16 ... Standardization and Discussions 15:53:26 ... data, identity and presentation 15:54:11 rrsagent, draft minutes 15:54:13 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 15:54:25 ... when to start verification? 15:54:48 s/ f / of / 15:55:09 ... SRI for external resources and SRI extension (1) 15:55:35 ... content attestation includes integrity property 15:55:56 ... select HTML elements with CSS selectors 15:56:06 ... SRI for external resources and SRI extension (2) 15:56:17 ... support SRI for additional external resource types 15:56:28 q? 15:56:43 ... define integrity property for multiple resource with single tag 15:57:08 michiko: (notes we'll share the slides later) 15:57:12 q+ 15:57:26 ack w 15:57:26 q+ 15:57:28 q+ 15:57:48 wendy: any example? 15:58:10 ... curious about how it works 15:58:22 shigeya: can't provide resources in English, sorry... 15:58:28 ... to be provided soon 15:58:30 ack mt 15:58:31 q? 15:58:38 martin: tx for the explanation 15:58:44 ... helpful to see documentation 15:59:04 ... would ask what the goal is 15:59:20 .. trying to create a governance system? 15:59:34 ... sounds kind of ambitious 15:59:52 tatsuya: would like to introduce the technology today 16:00:15 let the minutes reflect that I used the word "dystopian" 16:00:16 ... Web contents to be verified by all the users 16:00:40 s/governance system/governance system to determine what truth is 16:00:49 ... using 3rd-party certification, etc. 16:00:59 s/ambitious/ambitious and possibly dystopian 16:01:06 ... it's just launched 16:01:13 ... try to start certification providers 16:01:33 q+ 16:01:52 q+ to clarify trust model 16:01:52 shigeya: we don't think we're creating dystopian world 16:02:06 ... not going to become so 16:02:14 ... we need to verify authenticity of the originator 16:02:19 ... we dont have that yet 16:02:21 q+ to ask about whether threat modelling has been conducted 16:02:23 q+ 16:02:39 ... we're not aiming entirely controlled world 16:02:44 q? 16:02:47 ack cpn 16:03:09 chris: we should be winding back to the use cases 16:03:32 ... would like to hear about use cases we have 16:04:16 ... one of the things we do as the owner of our web site 16:04:26 ... would like to do some indication 16:04:43 ... the content genuinely comes from us 16:04:55 ... trust relationship of BBC 16:05:09 ... would like to see possible solution for that purpose 16:05:31 ... the other view on news distributor 16:05:55 ... difficulty of service verification 16:06:17 ... any sort of technical indication 16:06:38 ... what the content comes from is important 16:06:49 ... having indication where the information comes from 16:07:22 ... identify those kinds of problems 16:07:31 mt has joined #trust-origin 16:07:40 jun: OP doesn't care about whether the information itself is true or false 16:07:48 q? 16:07:49 ... handles the originator of the information 16:08:10 ... some kind of mechanism provided to the end user to verify that 16:08:48 shigeya: how the fragments of the news to be handled 16:09:08 ... some news from Yomiuri or Yahoo news to be distributed 16:09:20 q+ 16:09:22 ... aggregator mechanism can identify which comes from which 16:09:34 tatsuya: we're focusing on simple problems 16:09:41 ... regarding your concerns 16:09:50 ... may related to ads 16:10:08 ... e.g., many natural disasters there in Japan 16:10:08 q? 16:10:14 ... we can see many fake news sites 16:10:34 ... we need to clarify which information is really provided by Yomiuri 16:10:55 ... we can split the definitions 16:11:09 ... just started to verify the originator 16:11:23 @@@: important problem 16:11:30 ack rbyers 16:11:37 s/@@@/rbyers/ 16:12:07 ... not sure f possible to handle each component within the Web content 16:12:18 ... different level of trust mechanism included there 16:12:57 ... authentication for the headline and the content 16:13:08 michiko: (shoes an example) 16:13:19 ... each part handled separately 16:13:37 rbyers: actual story inside of the extension window? 16:13:52 shigeya: the content is not shown in the extension window 16:13:57 cpn has joined #trust-origin 16:14:06 ... don't have the live demo at the moment 16:14:24 ... extension just shows which part comes from where 16:14:35 rbyers: have done penetration tests? 16:14:42 rrsagent, pointer 16:14:42 See https://www.w3.org/2024/09/25-trust-origin-irc#T16-14-42 16:15:08 shigeya: the extension is implemented as a browser extension using JS 16:15:14 ... so could be attacked 16:15:39 ... the verification of where the content comes from is done here 16:15:56 ... it's not good enough from security viewpoint at the moment 16:16:05 ... but the functionality is useful 16:16:28 rbyers: very bad attacker can handle that 16:16:32 q? 16:16:32 q? 16:16:41 ack tzviya8 16:16:41 tzviya: very interesting presentation 16:16:46 ack tzviya 16:16:48 tzviya, you wanted to clarify trust model 16:16:51 ... similar to Chris 16:17:03 https://www.w3.org/2018/10/credibility-tech/ 16:17:07 ... credible web did something also 16:17:26 ... related to reputational risks 16:17:48 ... trying to create some mechanism attackers can't make spoof 16:18:05 ... millions of fake books there 16:18:33 ... cheaper content might be fake 16:18:43 ... also would like to see examples 16:18:47 louay has joined #trust-origin 16:18:54 present+ Louay_Bassbouss 16:18:55 ack wendyreid 16:18:55 wendyreid, you wanted to ask about whether threat modelling has been conducted 16:18:57 q? 16:19:14 wendy: wanted to talk about threat modelling 16:19:32 ... many of encryption/authentication for publishing also 16:19:40 ... any resources on that? 16:19:59 tatsuya: let me clarify the question 16:20:24 wendy: challenges on different components introduced within one page, etc. 16:20:29 ... resources are broaden 16:20:41 ... wondering about threat model 16:20:45 tatsuya: tx 16:20:49 ... my opinion is... 16:20:58 ... same answer to the previous questions 16:21:08 ... spoofing is a big problem to us too 16:21:13 q? 16:21:17 ... heard some news from Forbs 16:21:32 ... huge web site providing huge contents 16:21:42 ... some of them as fake 16:22:01 ... difficult to recognize which content comes from Forbs actually 16:22:08 ... very important to show that 16:23:04 ... we have 2000 local govs in Japan 16:23:15 ... fighting with fake information 16:23:21 q? 16:23:53 ... we're now trying to work for that 16:24:17 jun: local gov responsibility is largely about disaster handling 16:24:35 ... distribute information for every disaster situation 16:24:40 q? 16:24:49 emily: 2 questions 16:25:05 ack estark 16:25:12 ... key differences from extending validations, C2PA, etc. 16:25:27 shigeya: C2PA based on X.509 16:25:37 ... has their own trust framework 16:25:44 s/extending validation/extended validation certificates 16:26:09 ... EB certificate is not enough 16:26:24 q+ 16:26:34 ... some of the certification for news outlet association can be used additionally 16:26:35 Zakim, close the queue 16:26:36 ok, dom, the speaker queue is closed 16:26:41 ... seems to be useful 16:26:47 q? 16:27:08 emily: how they interpret information? 16:27:21 shigeya: source information is verified by OCCIP 16:27:27 s/OC/OP/ 16:27:42 ... we can view the certification information 16:27:56 ... but how to present the results is a question 16:28:05 ... no good way on browser yet 16:28:16 ... need some good mechanism 16:28:16 s/how they interpret information?/have you tested with users how they interpret information?/ 16:28:27 q? 16:28:32 ack mt 16:28:34 q- 16:28:44 martin: still unclear about the property and the system 16:29:10 ... is this about some sort of secondly entity itself? 16:29:25 ... content produced, e.g., by BBC? 16:29:29 shigeya: both 16:29:59 maritn: goal to be applied to social media, messaging service also? 16:30:11 shigeya: not to be applied to them yet 16:30:19 ... they have different characteristics 16:30:35 q? 16:30:44 q? 16:31:06 ... this is the first session about OP (at W3C) 16:31:19 ... next step to show more details 16:31:34 ... let us know about your opinions 16:31:47 tatsuya: looking for opportunity to join the CG 16:31:55 q? 16:31:57 q+ 16:32:14 ... practical CG 16:32:44 kaz: which CG? 16:32:51 ... Credential CG? 16:33:00 ... or some other possible CG(s)? 16:33:14 shigeya: would like to start to work within the Credential Web CG 16:34:02 s/maritn:/martin: 16:34:52 s/Credential Web/Credible Web/g 16:35:05 -> https://www.w3.org/groups/cg/credibility/ Credible Web CG 16:35:06 [adjourned] 16:35:10 rrsagent, draft minutes 16:35:11 I have made the request to generate https://www.w3.org/2024/09/25-trust-origin-minutes.html kaz 16:39:32 mgarrish has left #trust-origin 16:41:42 naosc has joined #trust-origin 16:55:26 naomi has joined #trust-origin 16:57:51 Jay has joined #trust-origin 16:59:09 wendyreid has left #trust-origin 16:59:26 dom has left #trust-origin 17:05:22 kaz has joined #trust-origin 17:51:54 naomi has joined #trust-origin 17:55:19 naomi_ has joined #trust-origin 18:05:53 naomi has joined #trust-origin 18:08:34 Jay has joined #trust-origin 18:13:19 kaz has joined #trust-origin 19:07:38 naomi has joined #trust-origin 19:51:13 Jay has joined #trust-origin 20:07:39 shiestyle has joined #trust-origin 20:14:01 naomi has joined #trust-origin 20:18:31 kaz has joined #trust-origin 20:20:44 Jay has joined #trust-origin 20:31:38 Jay has joined #trust-origin 21:09:06 Jay has joined #trust-origin 21:18:42 Jay has joined #trust-origin 21:25:21 naomi has joined #trust-origin 21:40:31 Jay has joined #trust-origin 21:46:37 kaz has joined #trust-origin 21:48:54 shiestyle has joined #trust-origin 21:53:37 naomi has joined #trust-origin 21:53:51 naomi has joined #trust-origin 21:58:48 naomi has joined #trust-origin 22:26:20 shiestyle has joined #trust-origin 22:42:20 shiestyle has joined #trust-origin 22:57:26 Jay has joined #trust-origin 22:59:50 shiestyle has joined #trust-origin 23:00:40 shiestyle has joined #trust-origin 23:00:56 kaz has joined #trust-origin 23:19:10 shiestyle has joined #trust-origin 23:19:42 shiestyle has joined #trust-origin