14:59:56 RRSAgent has joined #vcwg 14:59:56 logging to http://www.w3.org/2017/07/25-vcwg-irc 15:00:02 rrsagent, make logs public 15:00:10 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Jul/0008.html 15:00:24 present+ Ted_Thibodeau 15:00:28 Present+ Manu_Sporny 15:00:37 present+ stonematt 15:00:39 Chair: Matt_Stone 15:00:50 present- stonematt 15:00:55 Colleen has joined #vcwg 15:00:56 present+ Matt_Stone 15:01:03 present+ Colleen_Kennedy 15:01:11 rrsagent, draft minutes 15:01:11 I have made the request to generate http://www.w3.org/2017/07/25-vcwg-minutes.html manu 15:01:28 present+ Gregg_Kellogg 15:01:40 present+ Charles_Engelke 15:01:57 present+ Dave_Longley 15:01:58 present+ Liam_Quin 15:04:07 present+ Chris_Webber 15:04:47 nage has joined #vcwg 15:04:47 scribe: manu 15:05:02 present+ Nathan_Gage 15:05:02 Present+ Nathan_George 15:05:09 present- Nathan_Gage 15:05:09 agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Jul/0008.html 15:05:29 Topic: Agenda Review 15:05:52 stonematt: Short update on FPWD, then bulk of the day is focused on shifting into next topic - validation and revocation, which we started last week. 15:06:24 stonematt: I'd like us to focus on how to structure the next phase, not focus on what it is, but how we go about making progress on those topics. We're open for suggestions for next week's agenda. 15:06:41 q+ 15:06:47 ack manu 15:06:49 Zakim has joined #vcwg 15:09:01 manu: I don't know if we have an editor for the use cases spec any more, current editors busy. I'm not sure what the group will be discussing after revocation and validation errors, so I'd like to see if we can discuss where we're going a bit further down the road today. 15:09:18 manu: I'd like for us to prioritize issues for Q3 and then Q4. 15:09:33 manu: With a focus on getting to a test suite. 15:09:54 stonematt: We have TPAC coming up in the next couple of months, we need to talk about Agenda for TPAC. 15:10:07 q+ to ask that we plan "other" stuff at TPAC as well. 15:10:51 present+ Christopher Allen 15:10:55 DavidC has joined #vcwg 15:11:10 manu: We may want to also plan a few other events at TPAC. Plenary day on Wednesday, unconference. Would be good to prime the membership and to come in and find out where we're going with this work. Coordinate with the CCG to figure out messaging on Plenary day. It's the day to set up what's coming next. We want to advertise that early and often to the membership. 15:11:23 How can I get the pw for the webex page? 15:11:25 manu: If we end up rechartering this group for the next steps it would be good for the membership to be aware of it and provide input. 15:11:51 manu: So breakout sessions on VCs self-sovereign stuff and things of that nature would be good. 15:12:04 webex callin data is here: https://lists.w3.org/Archives/Member/member-vc-wg/2017Apr/0000.html 15:12:11 rrsagent, draft minutes 15:12:11 I have made the request to generate http://www.w3.org/2017/07/25-vcwg-minutes.html manu 15:12:16 >manu, thanks 15:12:37 Meeting: Verifiable Claims Working Group 15:12:50 Present- Christopher 15:12:52 Present- Allen 15:12:56 Present+ Christopher_Allen 15:13:33 Topic: Introductions and Re-Introductions 15:13:53 stonematt: Any new participants today? 15:14:26 amigus has joined #vcwg 15:14:30 No the PW did not work on webex 15:14:58 I'm hoping that people saw Anil John's twitter moment https://twitter.com/i/moments/888780606334787584 15:15:01 present+ Adam_Migus 15:15:27 OK, waiting for Liam's email 15:16:00 dlongley: Hi, Dave Longley - we work on Web Payments, identity, and blockchain. We helped start the Web Payments IG/WG, Credentials CG, and Verifiable Claims WG. 15:16:27 Topic: Status of FPWD 15:16:43 The FPWD-ready document is here, which passes pubrules and link checker: https://w3c.github.io/vc-data-model/WD/2017-08-03/ 15:17:44 manu: I applied the terminology fixes including the update to Inspector/Verifier. I added an issue based on what I could divine from the minutes. Number of roles, expected terminology, that kind of stuff. I made updates to spec to pass pubrules and link checker. A few validator errors still happen but I think those are ok and maybe a bug in the validator. 15:18:39 manu: I can talk with the w3c pubrules team about that. I did find 3 bad links in the spec, so before you send it out for publication, Liam, I'd like to address those. Other than that I think we're good to go. I believe I've addressed all issues for publication. The publication date is for Aug 3. two weeks from today to make sure all the proper levers can be pulled at w3c. Plenty of time to deal with administrivia. 15:18:43 manu: Good to go for FPWD. 15:19:12 [let me know when it's ready] 15:19:18 manu: connecting it 15:19:21 manu: I'll let Liam know when it's ready. 15:19:29 s/manu: connecting it// 15:19:50 Topic: Issues around Validation and Revocation 15:20:21 stonematt: These are topics that are important for implementers to document. We had a discussion around what is in scope for data model, and what's out of scope (protocol). 15:20:37 stonematt: I want to understand how we're going to close the loop on these items to get implementers going on data model and spec today. 15:21:04 q+ 15:21:14 ack manu 15:21:14 manu, you wanted to ask that we plan "other" stuff at TPAC as well. 15:21:17 ack ChristopherA 15:21:20 stonematt: I'll open the floor to how we've done this in the past. Manu and Christopher have to submit some text. 15:21:40 ChristopherA: I wanted to point people to Anil's conversations that he started - https://twitter.com/i/moments/888780606334787584 15:22:45 ChristopherA: There are misperceptions on Verifiable Claims - the Presenter is not necessarily the Subject, might be most controversial point, but is whole point of this architecture. It's worthwhile to look through that discussion and think about what it is that we can do to make it easier for these discussions to happen outside of this community. 15:22:48 q+ 15:23:01 ack manu 15:24:13 manu: On the topic of how we're going to process these issues, the onus is on myself and Christopher to propose some text around verification. "How do you know whether or not this VC meets your needs?" That's the general discussion. We will have a section in the spec indicating the sorts of the checks you can run. Christopher and I need to author something, so we're blocked on us, there's not much more we can discuss on the call. 15:24:46 manu: We can discuss that topic for months or we can propose some text and then have people pick that apart on the calls. So a PR from Christopher and me is needed. 15:24:59 q? 15:25:36 manu: Revocation is a subprocess of the verification/validation process. We haven't picked what word we're using verification/validation/etc yet, so using them interchangeably. We should have a good complete list of steps. Revocation is one of those steps. Whenever we talk about those things, Revocation should always be considered as a subpart of this validation process. 15:26:41 manu: In the spec, the section should probably be verification/validation as the top most level and a section on Revocation in there as a subtopic. Currently we have it as being completely separate in the spec. I'm a bit conflicted from an editor perspective -- do we want to describe revocation in the data model and then refer to that later or do we want to have a revocation section and then talk about how to do it in the data model. 15:26:42 q? 15:26:47 manu: So I'd like to hear from others what they think. 15:26:49 q+ 15:26:52 q+ 15:27:06 manu: Or should data model be very light? And then shove those bits into that section. 15:27:07 q+ 15:27:11 ack ChristopherA 15:27:33 ChristopherA: Small point, there is a difference between "what you check for revocation" vs. "the process that you go through to revoke". 15:27:46 q+ to say something controversial - "process to revoke is out of scope" 15:28:07 q+ 15:28:17 ChristopherA: In the data model, we can focus on "things that you check to see for revocation", but actions to revoke something should be separate. 15:28:27 q+ to note that his comment is no longer controversial. :P 15:29:37 ack stonematt 15:29:43 stonematt: There is a difference between what we report and how we report it... We have to understand the "how" to what we write down in the data model. When I think of the things that have to be able to be done - we have to issue, we have to store, validate/verify, we have to revoke... those beg to be primary sections in the data model. That may help you think about it. Validation is just a check on the claim. So we probably need a bit of both, that language 15:29:43 will lend itself to one path or the other. 15:29:54 ack dlongley 15:30:22 catch-22 15:30:36 DavidC: I think that the actual revocation process may say what's in the data model. I'm not sure how we can have a data model when you don't know what the revocation process is. 15:31:09 Credentials Group will try to do first pass. 15:31:12 stonematt: We have challenges like that in this group - we're restricted to data model here, our boundary is gray, it will continue to be a challenge to navigate that. 15:31:56 DavidC: Is it possible to put into verifiable credential that says "revocation method" and that's a URI to be determined, so when you get around to defining revocation process, you can do that... alternate revocation methods. 15:31:57 q+ (after dlongley) 15:32:13 q- (after dlongley) 15:32:22 q+ 15:32:44 stonematt: Maybe we can side step based on stuff in 'revocation' parameter. 15:33:15 q? 15:33:23 dlongley: I wanted to briefly respond to DavidC - we can define specific guidance... this is the information you need... we have this in the spec now. 15:34:49 dlongley: What should we do in terms of editorially - we should separate out data model, not introduce ideas early or piecemeal - each section belongs in spec because we have data model specs. We are bringing in process/data model - if we can have pieces of data model in each area, we can be specific about ... each data model section should be qualified - we don't want one huge data model section. People will look at something and say something is out of scope. 15:34:49 We should talk about each piece of entire framework one at a time, and in each section talk about how it affects data model. 15:34:53 +1 process is context for datamodel elements. 15:34:58 q? 15:35:06 ack manu 15:35:06 manu, you wanted to say something controversial - "process to revoke is out of scope" and to note that his comment is no longer controversial. :P 15:35:40 https://w3c.github.io/vc-data-model/WD/2017-08-03/#revocation-model 15:37:01 manu: Process of revocation is out of scope at this point. I agree with David Chadwick that it's hard to specify a data model when you don't know what the process is. But what Dave Longley was saying and what David Chadwick ended with is that we can say "there's a slot in the data model where the revocation model will live" without specifying in detail what the revocation model is. We're going to have many different types of revocation models. You can 15:37:01 publish a file to a website, you can use a blockchain, and others. Each has a different process and data model. There won't just be one way. So the mechanism that we use should be fairly flexible. 15:37:02 q? 15:37:36 manu: That said, we really should specify one to demonstrate it works. The CCG could do it, for example, doesn't have to be in this group. We do have to make sure that it works if we're putting it into the spec. Doing two different revocation methods with interop would show it works. 15:39:17 manu: It's not rocket science, I'm not that concerned about it. The data model for revocation can be fairly generic and then specifying one simple implementation showing how you'd do a revocation spec and then doing one experimental implementation outside of the group. If we do those things, we will have all bases covered and we'll have a solid revocation section in the spec. I suggest we do this. Based on the other feedback that I heard just now, what 15:39:17 Longley said resonates the most, which is don't just talk about the data model in the abstract. And this goes to what Matt Stone said, talk about we need to able to do with verification claims in the ecosystem, like issuing, verification. And when talking about those actions specify how those actions are supported by the data model. 15:39:25 q? 15:39:49 manu: That's different from what we've been doing so far but we tried that in JSON-LD and people felt that it worked out well there. Thanks and I think I know how to talk about this stuff now in the spec. Now it's a simple matter of putting spec text forward in the group 15:40:06 It will also make it easier to add future specs in the same format that actually *do* get into protocol and process. 15:40:10 and read them together. 15:40:25 (my comment is on structure) 15:40:44 ack TallTed 15:40:53 stonematt: We were time boxing to 15 minutes - we're at 20 minutes... let's hear from Ted and Christopher. 15:41:12 TallTed: I'm hearing more blurring of lines, this is about confirming that a given claim was issued by a given source. 15:41:59 TallTed: Revocation is being talked about in a few different ways here - I don't know if these are applicable to verifying whether a claim was issued by a given source. Was it cancelled properly? These are different questions, they should be part of the question, but they are extensions. They are well beyond "did this statement come from that source". 15:42:36 TallTed: That sort of amorphously expanding topic set seems like a recipe for endless discussion, frankly. The way the most of the framing for revocation constantly blurs the lines. 15:42:36 q+ to clarify that what we have said we want to do in the spec is have a whole section on validation and put revocation *in* there as a subsection. 15:42:43 +1 bring us back to the fundamental question "was this claim issued by this source" 15:43:01 ack ChristopherA 15:43:25 ChristopherA: My proposal is that there are some things that we can say - "is the DID revoked?" - you have to check the DID, the spec doesn't say anything about how it's checked, how it's checked 15:43:33 q+ to say DIDs are out of scope... we talk about URIs. 15:44:28 ChristopherA: Are the keys revoked or rotated - we should suggest something about that. You don't quite know if its revoked, rotated. Then there is "is this specific claim revoked"? Ancillary revocation style stuff, like Subject refutes it. 15:45:33 ChristopherA: Knowing whether or not DID is revoked - BTCR has a technique, second technique to deal w/ keys being revoked/rotated. Two different methods, data model way, update the issuer's copy of claim - newer date... revoked, list in different object - list and reissuance of claim. This particular one is revoked. 15:45:43 ChristopherA: The other two are outside of data model spec, you should check to see. 15:46:21 stonematt: We need something more tangible to discuss/debate - we need spec text. 15:46:30 q- 15:46:45 q- 15:46:55 stonematt: If we don't have anything more pressing wrt. process, we need to move on. 15:46:59 stonematt: Any objections? 15:47:02 No objections. 15:47:29 Will just say in IRC: I think what we want to do will address TallTed's concerns ... we want to have an overall validation/verification section ("Is the claim valid?") where we put these more concrete examples/ideas into subsections. 15:47:49 Topic: Outstanding Issues in Github Repository 15:48:22 https://github.com/w3c/vc-data-model/issues 15:48:54 q+ to request we move to Pre-TPAC, Q4 issues. 15:49:15 stonematt: Which of these issues are necessary to resolve to start implementations. 15:49:46 q? 15:50:35 manu: What we've found in other groups is that it really helps to create short milestones and focus on what we need to do implementations on those. Going to what Ted just mentioned, let's talk about the core mission. We need to able to issue a verifiable claim that has something in it that lets you know who the issuer of the claim was. 15:51:32 manu: That's minimum viable test suite/implementation -- it needs that before doing anything else. I'd like to set a milestone in the issue tracker for a minimum viable implementation. Can you issue a verifiable claim and have someone check the signature on that and have something good happen. We've got interop between two implementations and both issuing and verifying the signature (just the signature) of the claim. I have a feeling that we may already 15:51:32 be there. 15:52:41 q+ 15:52:50 ack manu 15:52:50 manu, you wanted to request we move to Pre-TPAC, Q4 issues. 15:52:55 q+ 15:52:58 manu: I'm guessing that there should be no issues put into that milestone. We should be able to do that today. However, there may be people in the group who feel we can't do that today. I want to set a 1 month milestone to have people move issues into that milestone so that they think have to be addressed for that simple case. If we find out we're in good shape there, then the group should figure out what the next atomic thing is. Others may say 15:52:58 revocation list, others may say proof that went into the creation of the claim, or whatever. I'd like to move the group towards a short term milestone based approach. 15:53:01 q? 15:53:14 manu: Focusing on implementations. Pausing here to see what the group things on that approach or if there's a better way. 15:53:19 ack DavidC 15:54:02 DavidC: I think that's a good approach, wrt. with Revocation - it isn't essential, you can issue non-revokable credentials. There is one thing missing from that proposal - Is this verifiable claim appropriate for use by person presenting it? Just that it's been issued, and valid, doesn't mean Relying Party should rely on it. 15:54:07 judging fitness isn't our mission 15:54:38 DavidC: I could take someone's passport and become American... you have to have proof of possession. 15:54:47 stonematt: I don't think our mission is judging fitness of use - we need to figure out if a receiver can decide 15:55:02 q+ to support DavidC's proposal - we need to make sure data model supports proof of posession. 15:55:12 ack ChristopherA 15:55:45 i think our mission to show how to model these elements -- or to at least provide a framework and extension points for modeling these elements. 15:56:22 ChristopherA: There are some things that are very implementer oriented short term - I'd like to have some closure on expiration and how that works, how it differs, etc. I think that's simple, straightforward, I need it as an implementer. There are some big scale things that worry me. There seem to be people that want to use Verifiable Claims for evidence, reputation, etc. It's in the 3 kinds of claims paper, I want to be convinced that our model supports that now. 15:56:37 we want everyone using VCs to expect to find the elements in the same place, modeled using the same framework -- but where the specifics are extensions. 15:56:44 q? 15:56:57 ack manu 15:56:57 manu, you wanted to support DavidC's proposal - we need to make sure data model supports proof of posession. 15:56:57 ChristopherA: I think that has been one of the propositions, but it may be a longer-term discussion. Dividing into categories by people implementing is important to me. There is a lot of bikeshedding that can happen from non-implementers, and that worries me. 15:57:34 manu: Yeah, I just wanted to underscore David Chadwick's point. I think he's right. Here's where. The data model has to suppose proof of possession. Matt, you're right -- that defining proof of possession is outside of the group, but the data model must show how it supports it. 15:57:54 manu: The good news there is that we have a story there as an added signature on the entity profile. 15:57:57 q/ 15:57:59 q? 15:58:02 (I have to go to Credentials WG as I'm hosting — Ciao!) 15:58:17 manu: Making sure the data model supports it is in scope, potentially defining them specifically could be out of scope. We just need to demonstrate that it can be done. 15:58:20 q? 15:58:36 manu: We shouldn't be quick to say what David is out of scope, a part of it definitely in scope and absolutely required. 15:58:56 stonematt: We're out of time, unless there are any questions/comments, we'll close up. 15:58:59 TallTed: not saying it's out of scope, but it's definitely downstream 15:59:11 rrsagent, draft minutes 15:59:11 I have made the request to generate http://www.w3.org/2017/07/25-vcwg-minutes.html manu 16:00:28 amigus has joined #vcwg 16:01:26 amigus has joined #vcwg 16:14:43 stonematt has joined #vcwg 18:01:52 Zakim has left #vcwg