- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Mon, 04 Apr 2022 14:01:44 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-03-15/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-03-15/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2022-03-15 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Topics: 1. Introductions and Reintroductions 2. Announcements and Reminders 3. CCG Work Items for promotion to VC WG Organizer: Heather Vescent, Mike Prorock, Kimberly Linson Scribe: Our Robot Overlords Present: Kimberly Linson, Manu Sporny, Brian, Ryan Grant, Dmitri Zagidulin, Shawn Butterfield, Chris Abernethy (mesur.io), Markus Sabadello, Leo, Kerri Lemoie, Mike Prorock, Andy Miller, Orie Steele, Charles E. Lehner, Kaliya Young, Adrian Gropper, Brent Zundel, David I. Lehn, Kayode Ezike, Jeff Orgel, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Mahmoud Alkhraishi, Juan Caballero, Heather Vescent Our Robot Overlords are scribing. Kimberly Linson: Recording is on. Kimberly Linson: I just. <kerri_lemoie> high five back! Kimberly Linson: High five to the air so we're all good okay so let's kind of walk through just our agenda review we're going to talk about the will go through sort of our housekeeping items and then we're going to do our main topic today which is that man is going to frame the context for us around the new VC working group Charter and some of the work items that we have that are going to move or potentially move to. Kimberly Linson: To to that group. Kimberly Linson: Go ahead and run through our housekeeping stuff. Kimberly Linson: So first off anyone is welcome to participate in these calls however if you are wanting to make substantive contributions we really would invite you to join the ccg you have to do two things in order to to be a full contributor one is join the ccg the link to do that to have an account its free to anyone is in that link is in that. Kimberly Linson: Into that I sent. Kimberly Linson: That's step one step two is to sign the community contributor license agreement and the link to that is also in in the agenda so I would definitely if you have not already done that please do then just a couple of things about how to participate in the call first of all you're in jitsi which means that you've done step one and if you have audio issues or something doesn't seem to be quiet. Kimberly Linson: Right we do know that. Kimberly Linson: They're sort of. Kimberly Linson: Be sometimes be some issues in the system couple workarounds or one too just refresh to is to try a different browser and know that that's worked for me on a couple of different occasions to just switch over to Safari the minutes and audio are of everything that's said on this call are recorded and archived and they are also that link to that archive is also in the agenda and so you can go there to look at those. Kimberly Linson: We use iirc to. Kimberly Linson: Jurors during the call as well as to take minutes we have this awesome CG bought that you can see that is transcribing and recording everything so hopefully we won't need a scribe but just to give your give you a few little tips on how to to use the are see if you aren't familiar with it one is it if you have something you want to say just add yourself to the queue by typing q+ if you change your mind you can pick you -. Kimberly Linson: If you see something in the transcription that the CG Bot got wrong. Kimberly Linson: Our that the CG bought got wrong then you can do s: / whatever was incorrect Bob / what's correct Robert and so you can fix anything and I've actually asked that as an entire Community we do that and thanks man you for putting that in there yes so so I'd asked us all to kind of keep an eye especially on the things that you say and make sure that that. Kimberly Linson: It is represented correctly. Kimberly Linson: And let's see so now I think we're too we'll skip the Scribe selection I don't think we need that because hopefully the CG bot will do that for us and we get to do introductions do we have anybody new to the community or who would like to hasn't been here for a while who'd like to reintroduce themselves. Kimberly Linson: We'd love to welcome you. Topic: Introductions and Reintroductions Kimberly Linson: And is a former educator I know to give that a very long pause but I don't see anybody and I recognize most of the names here so I'll go ahead and move to announcements and reminders. Kimberly Linson: Anybody have an announcement for us. Topic: Announcements and Reminders Manu Sporny: https://w3c.github.io/vc-wg-charter/ Manu Sporny: Yeah just two things the first one is reminder this is the weekly reminder that the verifiable credentials working group Charter is under active development please read it provide some input we're going to be talking about it today but things really do seem to be wrapping up on it so please kind of read it as it stands right now and you know. Manu Sporny: You're running out of time the chart looks is starting to look pretty good right now so I don't think this community would have any objections with it but just a reminder that that's happening the other kind of news is that it looks like the did formal objections or moving forward a bit with the director can't say much more than that but looks like there's some movement there so that's good and that's it. Kimberly Linson: Great thank you any other announcements reminders. Manu Sporny: https://w3c.github.io/vc-wg-charter/ Kimberly Linson: All right I checked and it doesn't seem like we have any action items that we need to talk about but if somebody has somebody thing that they want to bring up there now would be the time to do so. Topic: CCG Work Items for promotion to VC WG Kimberly Linson: Okay great then let's get into to the main topic for for today as I said at the beginning this was a good topic for me to have as my first one because it really gave me the opportunity to dive in and see what it is that we're doing and I have to save it as a community group it is amazing the amount of work and expertise that were contributing and I know you all know that in parallel to our work the the. Kimberly Linson: Is also doing their work and so today's topic is really to as man you said think about those items that we've been working on and do they need to be promoted to to the formal BC working group so I'm going to go ahead and turn it over to Manu to walk us through the context and then we can have a good discussion around that after he's finished. Manu Sporny: Okay thanks Kimberly Bryant I don't know if you would also I'm sorry to put you on the spot print but I don't know if you would like to say some things to kind of start at Brent's Brent's one of the co-chairs of the verifiable credentials working group or if you want me to just dive into things. Brent Zundel: Manu I will certainly leave it to you to dive into things and I'm happy to chime in if folks want me to talk. Manu Sporny: https://w3c.github.io/vc-wg-charter/ Manu Sporny: Okay awesome thanks Brent okay so Brent is our fearless leader in the verifiable credentials working group and has been a chair therefore since the since the dawn of time for a long time and currently as I mentioned we've been working on this verifiable credentials working group Charter I'm going to go ahead and share going to tempt fate and share my screen. Manu Sporny: Sorry to do this to you on your first first time Kimberly butt. Kimberly Linson: That's okay you said if you said if it was if it got broken to just call on you so since you're in charge there you go you can break it and then fix it. Manu Sporny: Exactly okay so here's the charter so the verifiable credentials working group Charter and there's a portion of the charter that talks about the group's deliverables and typically this group The credentials community group has been a feeder of incubated specifications to the verifiable credential working group now this not the only path. Manu Sporny: Earth to the VC. Manu Sporny: G but it is a path and we have a number of community work items that have found themselves in the verifiable credentials working group Charter so there's a part of the process here where this community hands are work items over to the official working group and there is a process there's a community group process for that you publish what I think is called a final community group report. Manu Sporny: People in this community then if you worked on it make concrete IP our commitments basically is asserting that yes I worked on it no I don't know about any patents or if I do know about patents I will bring them to light I will let everyone know about it in in in in most cases contribute the patents for the specific purposes of the specification so that process so if you. Manu Sporny: Dissipated in any of these items there's. Manu Sporny: Asian that you're going to make that patent commitment on the specification so what items are in this group that are moving over currently we have listed the data Integrity specification Jason Webb signature 2020 Edwards curve signature for David data Integrity the same thing for the nist. Manu Sporny: T curve. Manu Sporny: Thing for the Bitcoin also known as the Cobell its curves theory mises that stuff as well and then we have conditional normative specifications that basically say if these things progress in some groups outside of the group we will take the work up as well so there's the pgp crypto Suite which is currently in or he's repo here we've got BBS plus which. Manu Sporny: Which you know work is happening. Manu Sporny: At ietf in diff on that and we've got the jwp stuff where work is happening at diff in ITF on that so the the whole discussion today is really around like this section of the of the specification I'm sorry I forgot to mention the post Quantum crypto stuff as well that mic Pro Rock and in that groups working on so but but. Manu Sporny: Basically we're talking about this section. <mprorock> * i feel slighted ;) Manu Sporny: Write all the all the stuff in here I sent out a kind of every year we present this roadmap about what the group is doing and this I tried to update it I'm sorry if I missed something there's a lot of stuff to keep track of I tried to include all the things this community has been working on since like you know 2010 ish. Manu Sporny: 14 Ish all the way to present. Manu Sporny: A and then try to predict out that like 20:27 based on the stuff that we know this does not include work items that for example diff is working on it doesn't include work items that are happening at ietf unless they originated in the ccg so it's missing some things with the Hope here is that it gives everyone a pretty good idea of like the types of things we've worked on in the past and what we're getting ready to move over so. Manu Sporny: Cific Lee if we if we scroll down here. Manu Sporny: The red line is today so this is this is where we are today and if we scroll down here to the cryptography section right here so the cryptography section this is where we are today in each one of these items is an official work item in a official w3c working group so as you can see we are getting ready to hold like hand over a. Manu Sporny: A huge amount of. Manu Sporny: From this group to official working groups at w3c so that is like a huge success story I think they're not all going to the same working group this one here at the top actually you know what let me let me pause for a second I've kind of fire hose the group with information are there any questions at least at a high level about what we're talking about today or just general questions about the. Manu Sporny: Okay so that's either everyone understand well let's see where's the queue right so either everyone understands or we're all totally lost one of the do I'll keep going feel free to put yourself on the Queue if there's any any questions so they're really two working groups at w3c that ccg work is going. Manu Sporny: To the first world. Manu Sporny: In group is a very specialized working group to standardize this spec up here rdf data set canonicalization this spec has been incubated in this group and other groups for a decade now literally this work has been going on for a decade and it's finally moving over to an official working group with the time span of two years to standardize it the good news here is that this thing has been pretty settled for six years now. Manu Sporny: Now 7 years now but it. Manu Sporny: Goes to show you sometimes how long some of these things can take to actually get it into an official working group so rdf data set canonicalization is going into a working group called rdf data set canonicalization hashing working group at w3c that group will run in parallel with the re-chartered verifiable credentials 2.0 working group The VC 20 working group will build upon this work and and. Manu Sporny: Their work elsewhere. Manu Sporny: Um and it will be taking all of these specifications in right so things like data Integrity multi base multi hash and multi key this one's a little gray area right now but other things like Jason Webb signature the Edwards curve crypto sweet the nist crypto sweet the Cobell it's Bitcoin ethereum crypto sweet. Manu Sporny: All you know fairly well formed and inspects that can be pulled in the BBS Plus work needs more work at ietf but we've been able to basically phrase the charter so I'm going to switch back over to the Charter we've been able to phrase the charter in the in this kind of conditional normative specification term so basically this means that. Manu Sporny: Plan to publish official standards for these Technologies if the base work for these Technologies are completed before the working group ends so there's base technology for BBS plus that has to happen at ITF and there's base technology for J WP s that has to happen at ietf before the verifiable credentials working group can take it over. Manu Sporny: Over so these things are. Manu Sporny: Like optional we may not get to them we really hope we get to them but it's totally dependent on groups that are kind of external to the VC WG to deliver on the things that they said they were going to deliver on okay so going back to kind of this diagram that's why BBS plus doesn't start for maybe another year in the group there's some pre-work there that needs to be done. Manu Sporny: Let me stop there to see if there any questions. Kimberly Linson: Well I was trying to keep question mark But I added myself to the queue so I will ask you so so the official Charter like how long of a period of time does that VC working group Charter span. Manu Sporny: Right great question so the charter span see oh wow they don't have it it's two years basically right in once we know the start date will will lock those time periods in there so at the top it's typically two years and they really don't like w3c members really don't like giving Charters more time than that they don't like work that doesn't complete in something concrete so we basically have. Manu Sporny: Two years. Manu Sporny: Extensions but and they're typically granted if they're reasonable but if you have like failed to produce something implementable at two years that you basically just acts the group they shut you down which is why it's so important that we go in with pre incubated work the other thing that's interesting to look at here from timeline is section 2 6 where it talks about like what happens a month after two months after five months after 6 months. Manu Sporny: After most w3c Charters have. Manu Sporny: Are and and language like f PW d means first public working draft CR means candidate recommendation like for implementation implementer should start implementing at that point and Rec means recommendation also known as kind of like an official global standard so that's the time frame two years and it's kind of broken down a bit in here and it's everyone that's been in a w3c working group can attest to this is largely. Manu Sporny: A work of fiction. Manu Sporny: Things don't always go according to plan but you know should give you a rough idea of what we intend to do. Kimberly Linson: Thanks Charles is on the queue. Charles E. Lehner: Hi can you hear me. Charles E. Lehner: Hi I was wondering about the IP our commitment process you mentioned how it works coming from with documents coming from ccg and I was wondering how it works if it's the same for the other potential documents coming from other organizations. Manu Sporny: That's a great question documents coming from other organizations that have their own IP are mode or tend to be very problematic in that it takes us a while to figure it out now if that organization has a w3c mode like for example diff does moving things overs typically much easier for the lawyers to reason their way through it so Charles was your question mostly about external documents coming in. Charles E. Lehner: Yeah about the conditional normative specification documents but. Manu Sporny: Okay okay that's a great question because these are there are two partners here this there's a two parts to the answer here right so the BBS plus crypto Suite is a ccg work item so at some point not now but maybe in a year maybe in six months this group will have to create a final community group report on the BBS plus specification and then hand it over to the be cwg. Manu Sporny: Ever the base. Manu Sporny: Primitives will be ITF work items so ietf doesn't hand that stuff over to w3c ITF just basically says we've got it we will standardize the base cryptographic Primitives and ITF in you ccwg in your crypto sweet can refer to our specs so in the VC w g what we would do if everything is in order at ITF the V CW G would start pointing normatively. Manu Sporny: Lie to the BBS. Manu Sporny: ITF specifications did that help Charles. Manu Sporny: The other part of that question which is also interesting that I don't think many of us have been through here is this whole concept of a final community group report in so if you'll notice on our community group webpage we have these final reports in like the vc10 use cases was one of those things the data model 10 was one of those things in the did Speck was one of those things there was. Manu Sporny: A point in time where we did. Manu Sporny: Doing today where we said okay we need to hand over a bunch of specs and the editors of those specs publish them as final reports in got licensing commitments on those final reports so if I go and I click on like the did licensing commitments it's takes a while to load because it's got a load all 460 people in the group but you'll see these commitments from the credentials community group on this did spec so you'll see you. Manu Sporny: Like Dan burn. Manu Sporny: Commitment reuven made a commitment Michael Zoo Pele I mean all these people that worked on the did spec made commitments right so all this yes stuff our commitments basically saying we are not withholding any kind of intellectual property or anything on the spec but if you go down far enough like there are a lot of people that that made commitments. Manu Sporny: A lot of people made commitments. Manu Sporny: You'll see that some people did not write and that might be because they didn't contribute anything to it it might be because they don't feel like what they did contribute you know would make a difference some of these people might not have been a part of the group at the time right so really what we're looking for are commitments from people that actually contributed material and specifically things that are substantive to the specification so. Manu Sporny: The editor. Manu Sporny: A document will put it out there and publish it and then we'll publish it as a final report and then we will ask the community hey we need you to you know make a commitment if you contributed anything make a commitment and the editors themselves will know like these five people absolutely definitely me need to make commitments or we need to know now that they're not going to make a commitment because then that that creates an air of you know. Manu Sporny: Auntie around IP are so if somebody. Manu Sporny: Substantive thing like a something fundamental and they're refusing to make and I pee our commitments then that's an immediate red flag that you know it's raised now that has never happened either that as far as I know in this group ever but what we are expecting here is that for this work. Manu Sporny: People we're. Manu Sporny: Publish F CG s is final community group specifications for these items and people are going to make those IP our commitments on these documents hopefully that made hopefully that made sense. Kimberly Linson: Thank you does anybody have any questions for me a new queue is currently empty. Kimberly Linson: All right man who are the things that we want to dive into on specifics or. Mike Prorock: +1 That or dive on VC-API implications Manu Sporny: We might want to ask each of the editors where they think they are on prepping you know each document so we might want to dive into each one individually that's one thing we could do the other thing we could do is look at the rest of the road map I don't know if folks would be interested in doing that and asking questions about why things are staged in the way they are or there's X is missing. Manu Sporny: You know why is that. Manu Sporny: Where does it fit in here. Dmitri Zagidulin: +1 To roadmap Manu Sporny: Either either you know we could we could go either way. Kimberly Linson: Mike just brought up a really good point that maybe we should discuss is the VC API work and maybe we can discuss that and then talk about the roadmap so that makes sense. Manu Sporny: Oh yeah plus one. Kimberly Linson: Mike do you want to jump in and give us kind of an overview of the. Mike Prorock: Yeah well like yeah sure and I guess really the thing that is a little bit concerning to me and I think we're making good progress now especially with some of the PRS that are in queue on VC API but there's kind of two things if that work moves over into the working group I think we should have it at a reasonable does not have to be perfect but a reasonable steady state. Mike Prorock: Which would mean. Mike Prorock: In the VC API work item we would want to kind of formalize and say Yep this is what we're considering in scope and we're just going to kind of lock this in a certain point and then re pick up work inside the working group but since that would be moving to a non-normative item that is the other question I have around kind of what are the implications of that. Mike Prorock: That could be detrimental. Mike Prorock: Normative item it may set up the path to a more normative item once we show people working on it so there's a variety of ways that could go strategically and politically and so that's kind of an open for I'd like man whose thoughts on that and then I think that might spur some interesting conversation there so. Kimberly Linson: Great guy had manna. Manu Sporny: Yeah I think that yeah Mike's totally right the this is like a very this is a super interesting what's the word conundrum that that were in with the VC API so so we've got multiple people implementing the VC API and I know the trace folks are doing it I know digital bazaars committed to it you know number of organizations committed to interrupt through the VC API but. Manu Sporny: There have been some. Manu Sporny: See members that have pushed really hard to keep protocol out of scope for the verifiable credentials working group so you will know that there is. Manu Sporny: Out of scope right normative specification of apis are protocols and we are expecting that if we try to put it in scope it would be challenged heavily if not formal objections so the what we've tried to do here is to basically say the group is going to work on a developer guide the VC to working group is going to work on a developer guide and there's going to be input to that one of them is the VC API. Manu Sporny: II just be Capi. Manu Sporny: Other ones can app like we want to be able to talk about protocols that are carrying verifiable credentials over them but we're not allowed to say anything normatively about those things so how are we you know how is this group going to feed VC API into the VC to working group The verifiable credential 20 working group. Manu Sporny: One option. Manu Sporny: When is we just handed over completely and it stops being a ccg work item and then it's up to the verifiable credentials working group to determine what what should happen to the VC API upside there is like hey it's in the group that's great but the only thing they can do is publish it as a note and one of the implications of that that Kyle did hartog brought up which I thought was a great point. Manu Sporny: Point is that because it's a note it. Manu Sporny: Kind of IPR protection whatsoever 0 IPR protection so people can start injecting all kinds of horrible proprietary patented stuff in there and there is no requirement to say anything about that now we know I think all of us don't think like that's going to happen but that is one of the concerns there so option one is give it completely over to the verifiable credential working group but all they can really do is work on it as kind of like a note a developer guide that kind of thing. Manu Sporny: Option two is that we keep it as a ccg work item and we continue to incubate it here it has IPR protection in this group and will continue to have IPR protection in the group and what we can do is hand over snapshots to the verifiable credentials to working group we can basically tell them hey can you snap shot this in they can publish it as a note and they can snapshot you know couple times throughout the year the benefit there is that it has IPR protection and we can continue to incubate it as kind of. Manu Sporny: A high priority item. Manu Sporny: So it'll get like the air it needs to breathe here and have protection while also signaling to the w3c membership that we do plan on doing protocols at some point like maybe not right now but maybe in the VC 30 working group the recharter we plan to put protocols in scope so that's option two option three is to just keep it in the ccg and keep working on it and it would be good you know I don't know. Manu Sporny: If there are other options too. Manu Sporny: Other options of the things that we could do with it or it would also be good to hear back like what do folks feel we should do with that item. Manu Sporny: Let me ask a more pointed question traceability folks what do you want to do with that item I mean you guys depend on it right. Mike Prorock: Yeah I mean I am honestly fine with it going in as a note on the w3c side one of the kind of bigger picture items that we have to balance as kind of the multiple aspects of traceability because a lot of digital traceability is also coming up and there seems to be a critical mass actually on the ietf side right with some working groups there and that's where. Mike Prorock: We have to still find out. Mike Prorock: Willing to be friendly to use of VCS and Ed's right in especially linked data usage and that's a bit of an unknown right now and that's kind of a high risk I don't know or eicu on the queue as well. Orie Steele: Yeah I agree with the what Mike said you know I think when we consider technologies that are related to verifiable credentials dids and the sort of basic cryptographic envelope formats like Jose Jose come to mind and I would want to make sure that I think you know just speaking frankly the verifiable credentials a. Orie Steele: P I work for her. Orie Steele: That's not the only thing that's important support for traditional Jose and cozy a is also really important especially for kids and and so I think. Orie Steele: My experience with the w3c you know especially after the did working group I'm not sure that the w3c is really the best place to do anything related to protocols I think I agree in large part with some of the positions that other w3c members have held that the w3c is not really great at developing protocols and in particular support for Jose and cozy which are. Orie Steele: Of users are actively contributing to and maintaining them at ietf I think there is a future where the VC apis that exist today might be better served becoming more of a dids plus Jose and cozy at ITF but that is the kind of thing that you know it's about going to where the contributors are and asking them how they want to see these Technologies working together. Orie Steele: And recognizing that. <mprorock> it is really nebulous and makes me highly nervous <mprorock> I don't think CCG helps it long term either Orie Steele: Not everyone wants to use the same tools to build their favorite sandcastles so I think the verifiable credentials API as a non normative item at the w3c obviously doesn't really do anything to secure its future anywhere like it could just become a non-normative item and then never be defined further could become a normatively defined API at W3 for support for the defined verifiable potential formats. Orie Steele: I think that's a best-case scenario but. Orie Steele: My experience over the last few years is that even when you plan for something like that you may not actually be in control of achieving it especially given the you know kinds of contributions we see the w3c standards so if it feels nebulous and scary the yeah that's kind of how I feel about it. Kimberly Linson: Go ahead manu. Manu Sporny: Yeah so I mean this is this is this is new to me and that does seem like a very big change in scope and Direction Ori. <orie> there is OIDF as well, working on protcols related to this Manu Sporny: And so where it's so I haven't seen work like this done at ITF ever there's low-level protocol bits and bytes stuff that does happen at ITF but not application you know layer protocols like sip is an example HTTP an example but those are you know much more lower lower level than the VC API we're in the w3c has. Manu Sporny: Unlike application. Manu Sporny: Linked data platform you know they did you know protocol work there we're at ietf are both of you thinking the work would fit in like it would be a complete rewrite of the specification I think that's what I mean that's what I'm hearing is like hey let's not use verifiable credentials let's use something else and let's not do a w3c spec Let's do an ITF spec so it sounds to me like this is a totally different specification. Manu Sporny: And you guys talk. Manu Sporny: What where where did IETF with the work happen. Orie Steele: So I'm not saying any work what happened ietf I'm saying that ITF works on things that I care about deeply and if you look at you know the work on an app that's happening and ietf you can see that you know clearly ITF has ability to gather folks who are passionate about these issues and work on standards there I'm mostly saying that from a software supply chain or hardware supply chain use cases dids and VCS are. Orie Steele: Obviously an important part of that but I think also. Orie Steele: Port for existing cryptosystems like pgp Jose and cozy is an important part of that and bgp Jose and Jose have been defined at ITF so I'm mostly just saying that work will happen where people are and you know obviously the VC API is currently being incubated here in the w3c ccg and the plan is to work on it as a non normative note in the w3c verifiable credentials working group assuming the charter is approved. Orie Steele: It's all I can say about that as I. Orie Steele: I'm just noting that like there are also other things that are happening out in the ecosystem like now and the open ID connect verifiable presentation Flows at open ID foundation and you know I'm interested in contributing to these items as well so maybe really what I'm saying is that work happens outside of the ccg and w3c as well. Kimberly Linson: Thanks Orie, Mike did you want to add some something to that. Mike Prorock: Yeah I mean I can add some color and then some concern I mean the I think a I think fundamentally having the VC API live as a were even traceability for that matter live as a long-term ccg non-normative items not going to be helpful to adoption right and that's that's concerning to me so we have to start thinking even if it's a way down the line where's this going to work in a graduate to in quotes right. Mike Prorock: https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-00.html Mike Prorock: The I think you know Trends I am seeing in ietf are for sure more work going on on exactly this kind of thing and a case in point there's I'm going to link an individual draft that's dealing more with supply chain from a software supply chain like s bomb and things like that this this work is going on. Mike Prorock: Whether we like. <bumblefudge> Fraunhofer SIT 🤩 Mike Prorock: And so it's kind of forcing some decisions like can we you know try to engage in a positive way and help move those work items forward while also making sure our needs are met from a like I have no desire to move away from verifiable credentials like none whatsoever so you know it's stuff we just kind of have to be aware of that is happening and unfortunately because the players involved that stuff. Mike Prorock: I'll get critical mass. Mike Prorock: Like there's not only you know major players involved in this kind of stuff and at that actual like protocol API level type definition in architecture level definition but it dition Ali there is regulatory momentum to go ahead and push some of that stuff through I mean we're seeing increasing amounts of executive orders on like how do you respond to zero trust architecture things like that so these are you know items at least from the US perspective. Mike Prorock: Spective as well as also you know increased. Mike Prorock: On the EU perspective that we're going to see some of this stuff either you know get moved out of our hands because we're not getting stuff ready quick enough or you know in a presentable State quick enough or sometimes is as as I've seen happen a couple of times lately take the work too far before getting the conversation going with other players right and then then it does become one of those like worst-case scenarios where you're sitting down and rewriting stuff or readapting. Mike Prorock: Whatever you just. Mike Prorock: Forced into using and we want to avoid that as well so so it's a complex it's a complex issue and it does make me nervous and I think it should ultimately anyone who is working heavily on things like VC API or off shoots of it and profiles should be thinking about this stuff you know broadly and from a big picture with you know who are the players in the ecosystem taking this stuff seriously. Mike Prorock: You know who made. Mike Prorock: Out-compete whether we want them to or not. Manu Sporny: Yeah I guess it's so I what I'm hearing is that there are other groups out there that are working on technologies that either directly compete with verifiable credentials or directly compete with the verifiable credential API and we should be aware of those initiatives I think that's the one of the things I'm hearing the other thing I'm hearing is that. Manu Sporny: Ricci might not be the best place for some of this work and I think there was a finger pointed at the VC API potentially so those are the two things I heard both Orion and Mike you saying please correct me if I didn't hear that correctly the third thing is a bit it's so nebulous it's hard for me to understand what you're asking the community to do. Manu Sporny: Do other than be. <orie> I am not asking for anyone to do anything. <orie> contribute where you think you should. Manu Sporny: In the be aware even that is kind of like it's you know it's not clear to me what the alternate plan wouldn't what an alternate plan would be so I'm not hearing a very okay so are you saying he's not asking anyone to do anything just be aware that other work is happening elsewhere so let me let me stop talking no mics on the Q I'm having a hard time. Mike Prorock: Yeah I can get I can get into some very specifics you know from like my personal and this is not chair hat right this is just like me personal member of the community writing and deploying software that is dependent on these specs right and building a business that touches all this stuff you know you know I think this is one of the reasons I fought very hard to make sure in. Mike Prorock: The working group. Mike Prorock: Order for the next version of the VC API that we can discuss from a practical developer standpoint what are the implications of this and how do you work with these things and I fought very strongly for the inclusion of two key items one was the ability for us to discuss the oid see work going on you know for exchange of credentials right over oid see that is obviously work that is going on outside the w3c that is directly related. Mike Prorock: And impacting on VCs I don't think that's. Mike Prorock: I think that's just a thing right but we when we think about it from a broader verifiable credential standpoint we need to be able to guide and provide advice around how do you actually interact with that stuff are we so you know what is helpful etcetera same thing with the VC API and I don't see a problem and I'm fact I plan to and I've stated multiple times in the working group you know plan to one author you know or make significant contributions. Mike Prorock: Tribution stew that developer guide for both. Mike Prorock: And for the VC API aspect if not fully flushing and helping to fully flush out into find the VC API in a note standpoint so I that is the path that I am proceeding down that does not negate more detailed you know specific work that may have normative requirements either in w3c or elsewhere right and so that's I think the hit man who does that help clarify a bit like you know but I. Mike Prorock: Yeah and in the main reason on like the be. <identitywoman> The Relying party problem (where can VCs be accepted) is a really big one - the OIDC relying party "solution" is reasonable - expecting everyone to rip and replace completely to use VCs. <identitywoman> is not reasonable Mike Prorock: It's like especially from you know and I'm you know being blunt here but like especially when we look at the Microsoft's the IBM's the sap is the world right these are the folks that to date have had a Stranglehold on this kind of information exchange possibly also with GSX if you want to go down the EDI path also you know additionally and so we need to be aware that they will do you know players that have an established foothold will do what they can to prevent losing. Mike Prorock: That established footholds. Mike Prorock: And it's just something we talked around that issue a lot but we should be aware of it concretely and also be very much Mindful and watching carefully what they are doing in a standards basis to that could potentially serve as something that is a competing standard that is a standard possibly even sometimes in name only in order to justify a proprietary solution and those are things we need to avoid from a lock-in standpoint etcetera. Kimberly Linson: Thanks Mike Adrian you're on the Queue next. Adrian Gropper: Yes after working on this issue that we're talking about now for about a year and talking to a lot of people my conclusion has is that the protocol work that's going on here under the very reasonable flag of self Sovereign identity and authentication things does not Translate. Adrian Gropper: Late in. Adrian Gropper: Moving those under that decentralisation self Sovereign flag to protocol work as it's being done in w3c and so I at least you know have am completely moving the protocol attention to ietf basically because you know the things that are very much in the news these days whether you want to call. Adrian Gropper: Them human. Adrian Gropper: You trust or other things like that have to do with the platform issues regulating the platforms and and things like that and we just seeing that every day and to me the protocol work that I've witnessed here is just completely detached from the reality of what the world is worried about in Europe and different cultures. Adrian Gropper: Seeing again from this antitrust and human rights perspective thank you that's it. Kimberly Linson: Man who I have you on the queue. Mike Prorock: +1 Manu Manu Sporny: Yeah just real quick to Adrian Adrian that is just not true we have gotten delegate abby'll authorization capabilities working for the VC API full delegation so it achieves the things you've been asking for for a long time we have yet to put it in scope because the group's not ready to do it yet so I strongly strongly disagree with your notion that we're not paying attention to things like human rights and delegation. Manu Sporny: And specifically. Manu Sporny: Ensuring that providers don't prevent you know those holders from delegation so that's the first point the second Point Orion Mike maybe I read what you two are saying as in as a you're abandoning the be Capi work I don't think that's what you meant to communicate but that's how I read it or even abandon the be Capi work at w3c so. Manu Sporny: +1 To support VC-API, yes, DB is fully committed to that work item. Mike Prorock: Okay quite the yeah and I'm on Q I'm just going to act myself because of time and quite the opposite I mean that's why I stated clearly like I plan on you know if not being a primary author like major contributions on the actual developer guide node or whatever that ends up becoming and that will include how do we do restful exchange and handling of verifiable credentials period end of sentence right but so and I'm assuming that we'll start with the. Mike Prorock: Capi we bring that in and then we evolve it as well. Mike Prorock: Group I'd be that's. Mike Prorock: That is absolutely my attention there so I don't I think that Baseline how do you do this stuff over rest is such a core implied thing that we have to talk about it as working group right and to the point where I am willing to sacrifice a lot of my own time to go make sure that gets done so. Kimberly Linson: Thanks Mike, Orie. Manu Sporny: +1 To what MikeP was saying. Orie Steele: Yeah I'm you know working with folks on the verifiable credentials Charter on in support of the work items that have been added both you know as normative deliverables on non-normative deliverables and in the VC working group is going to be the place where the VC API even gets defined better or it doesn't but good news is that it's a note in either case so I mean I'm contribute to working in that workgroup on the item and yes like at some point this community. Orie Steele: Group should theoretically. Orie Steele: Each day final Community Draft before handing that work to them but if it's going to go into a note it doesn't seem like that really matters and so really what I'm saying is I'll continue to do work on the item wherever it is. Manu Sporny: Yeah okay plus 1 that's so that's that's crystal clear and that's good thank you for making clarification like a Nori the note thing a w3c has traditionally been used to signal that the group would like to pick something up like groups actually right in the top of the document we intend to pick this up as a normative work item at some point in the future and that is usually a very good signal that leads to a smoother each ordering process so that's why. Manu Sporny: Some groups have published notes for things. Mike Prorock: +1 Manu Manu Sporny: To take wreck track in Annex recharter it just makes it all you know it makes all of it much much easier my suggestion is that we can do both we can continue to work on that in this group and refine it and get the test Suites get interoperability working while throwing snapshots over the wall to the verifiable credential working group I think that gets us the best of both worlds. Manu Sporny: And keeps us very nimble. Manu Sporny: In ensures that we keep it at number one priority will not be a number one priority in the verifiable credentials working group but we as the ccg for the VCA be I can keep in a you know very high priority and in finish it up with respect to like work going on elsewhere yes indeed be again to be to be blunt I think that there is damaging work happening in other organizations when it comes to protocols and verifiable credentials. Manu Sporny: And I don't expect that to be. Manu Sporny: Traversal will point fingers at which organizations are doing it but you know I think you're both Orion my core right we need to be on top of that we need to pay attention to the work happening elsewhere in there are very powerful Market forces that could either accidentally re centralize everything or on purpose centralized things for you know the purposes of market dominance and things of that nature that's it. <orie> Many folks feel the same way about the CCG manu... it's the nature of human tribalism. Kimberly Linson: Mike you've got 30 seconds. Mike Prorock: Yeah and in conclusion I would also say that and you know in a little bit of clarification man who around like damaging work I think in some cases like the software supply chain stuff I think it's extremely well intentioned and really important work just that VCS weren't on their radar neither were kids but there was a desire to go after there is a desire to go after decentralisation so they seem willing to learn and engage at least at the you know early stages. <bumblefudge> perhaps they were really wed to COSE? <orie> yes, some folks like COSE over JSON. <manu_sporny> I know folks feel the same way about CCG, Orie :) -- and it is the unfortunate nature of tribalism. People spend time on the things that they want to contribute to, where they want to contribute to them. Mike Prorock: They can write and ultimately could help adoption if you know if we approach the right way if we don't approach it in a you know we can't you know like anything right you can't go in assuming that we have the only right path and everything else right it's yes we have a a path it is right in many many ways but it also can be adopted into other things right or as a piece of other things so. <bumblefudge> patience!? Kimberly Linson: Great thank you this was a really interesting discussion and I'm I learned a lot about sort of how the community group and and the working groups work together and so I really appreciate everybody's input we're just about at time so I'm going to go ahead and wrap us up I'll let you know that next week I'm going to be talking about decentralized storage thank you everybody for your patience with me today and have a great rest of your day thank you. <manu_sporny> You did great, Kimberly! :) <heather_vescent> Great job Kimberly!! <bumblefudge> you're doing great! thanks so much <kerri_lemoie> Thank you!
Received on Monday, 4 April 2022 14:01:44 UTC