W3C

- DRAFT -

Verifiable Claims Working Group

29 Aug 2017

Agenda

See also: IRC log

Attendees

Present
Nathan_George, Chris_Webber, David_Lehn, Matt_Stone, Gregg_Kellogg, Adam_Migus, Dave_Longley, Manu_Sporny, David_Chadwick, Christopher_Allen, David_Ezell
Regrets
Chair
Richard_Varn, Matt_Stone, Dan_Burnett
Scribe
manu, amigus

Contents

<manu> scribe: manu

Reintroductions

dchadwick: I'm an invited expert; I've been building VCs. I started over a year ago. a coiple of pilot applications the last one was the ??? ; we signed medical patients up using a mobile app; they were using VCs to sign up, get prescriptions, etc. and they found it easier than traditional methods. They said they loved it because they didn't have to use usernames and password and wished it would be offered officially

Status of Web Commerce IG

not being minuted, member only

<scribe> scribe: amigus

Data Model Spec

<manu> https://w3c.github.io/vc-data-model/

<manu> https://github.com/w3c/vc-data-model/pull/69

varn: PR69: we are sent requests for comments; looks like 2 of 4 are processed; manu is is done?

manu: yes, it's gtg and there are no pending PRs
... so there is no active work going on the spec which is not ideal

varn: we're focusing on PR69; it's in?

manu: yes, it's in

<manu> Here's the milestone: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22VCM1%3A+Basic+Issuer%2C+Claim%2C+and+Signature%22

varn: our first major milestone were to complete the documents as they relate to issuer and verify; so is there anyone here who wants to work on it? is it alreayd done?

burn: is it done already and if not please speak up to say it's not done and what you want to do

dchadwick: working on the security review; its WIP. the first version will likely have a set of limitations on it

jandrieu: two things:
... what's in the milestone

<stonematt> milestone is "basic issue and verify"

jandrieu: I'm offline and can't see it myself

<Zakim> manu, you wanted to say we are not done, not even close, test suite - issue discussion.

manu: we're not done with this milestone we haven't completed a single of the 4 issues
... assumption is that the issues will be discussed offline but I don't see any of that
... other option is disucssion in meeting but that hasn't happened
... also, it has to survive a basic test from the testsuite which is still WIP
... as such we're weeks away from being able to closeout the milestone

<Zakim> nage, you wanted to say we are not done (cross matching issues, privacy issues, variants on signature scheme questions -- how many of these are called out as issues for later)

manu: we're not getting enough volunteers to work on it which is slowing us down

nage: question: we have a bunch of issues with cross-matching, combining and privacy; are they in scope?
... what about various in the different schemes like json vs. json-ld and if we see issues related to the them when do we bring it up?

<dlongley> let's stick with a "minimum viable milestone" ... i vote to defer matching issues and privacy for another milestone

<Zakim> manu, you wanted to note that it's all up to Evernym/Sovrin Foundation to bring these issues up and when... I suggest /after/ M1.

varn: is it advisable to set a date or should we just list the workitems and make progress

manu: setting a date and working backwards doesn't really work; chris and I are working on it but the primary blockers are lack of discussion of those 4 issues and tests in the testsuite

<dlongley> needs: 1. discussion on issues, 2. spec text to resolve them, 3. tests for them in the test suite.

manu: so specify the work that needs to be done and find folks to do it.

<manu> https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22VCM1%3A+Basic+Issuer%2C+Claim%2C+and+Signature%22

varn: (listed the 4 issues)
... the one with the most comments is the model mapping one; second most is ???; either way, is there one that's easier to work on?

<dlongley> https://github.com/w3c/vc-data-model/issues/33

manu: 33 is the easiest
... and then 66

<Zakim> manu, you wanted to answer nage

varn: OK, 33 and 66 should be worked on first

manu: nage: the issues you mentioned are important but it's up to Sovrin/Everynm to push for the issues that matter to you guys.
... so if you want something to get worked on sooner then lets get it on the list for milestone too
... other issues have prerequites and so are dependent

nage: just wondering if we should raise PRs now or wait until the discussions are more timely related to other work

manu: raise the issues early so everyone sees what's important and gets people thinking
... does that answer?

nage: well it doesn't make prioritization clear but we can action on it

<varn> ack dan who is only on phone

varn: you can also raise the issues even if it's too soon to be specific just so that we can assign them to milestone 2 or even 1

<manu> https://github.com/w3c/vc-data-model/issues/68

jandrieu: not sure whether issue 68 is for milestone 1 or 2 but we should issuer vs. holder
... the whole question is not part of our conversation yet and I wonder when it should be part of the it

<varn> s/ack david chadwick who is only on the phone//

dchadwick: reponse to jandrieu: we need for milestone 1, to articulate the limitations on holder vs. subject.
... so we may say the holder is the subject period.

jandrieu: so there's some clarification needed as to whats in scope. to my view there's VC for which the subject isn't the holder but ther different assumptions are a hinderance to consensus

dchadwick: most of the stuff implicity says the subject is the holder so we should be explicit

jandrieu: then we have to assure how/why the holder is the subject

varn: then issue 68 may need to be worked on to get to the bottom of this
... and either there or elsewhere we need to unpack this issue and state the assumptions that were made
... also the question is whether there's assurance of the subject being the holder

jandrieu: i think that sounds right to me and issue 68 captures most of that

<dlongley> i think that M1 does not need to deal with authenticating the presenter of a profile, just authenticating the information within the profile

varn: dan, matt and I will take this offline to figure out how to get this into the agenda/discussion

<nage> The identity assurance seems like a schema-specific issues, not sure if it could acutally be addressed globally (without adding a lot of baggage to the data model)

<dlongley> profile/credential

ChristopherA: I'm fine with moving this to milestone 2 but it should be explicit assumption that subject = holder but also very explicit that we're exploring cases where they aren't, that may make it into milestone 2

<Zakim> manu, you wanted to note that this is a protocol discussion, so probably belongs in CG and then we feed that discussion back into the WG... and to request that we move issue 68 to

ChristopherA: it should be stated in 1 so there are no surprises in m2

manu: part of jandrieu's point is important but not sure all of it is under the WG vs. the CG because of the charter so probably should have it in the CG then have the result feedback into the WG; thus put issue 68 on M2
... lets not hold up milestone one while the CG resolves the issue
... so put issue 68 in M2 and let the CG disucss it in the meantime

varn: do we need to explicitly state the holder != subject exploration, in M1?

manu: no harm and i think we should

varn: is there a volunteer to document that in M1?

<varn> david chadwick volunteers

varn: dchadwick volunteers; anyone else?

<manu> ACTION: DavidChadwick and JoeAndrieu to write up issue marker for issue 68 for VC Data Model spec. [recorded in http://www.w3.org/2017/08/29-vcwg-minutes.html#action01]

jandrieu: i will help work on it too by extending what's there

varn: volunteers assigned

<Zakim> manu, you wanted to note advances in test suite

<manu> https://github.com/msporny/vc-test-suite

<manu> https://github.com/msporny/vc-test-suite/tree/gh-pages/bin

manu: I committed some new changes to the testsuite; either way it needs to be migrated to the w3c repo; Liam? where is that?

<varn> liam what is the status of the test suite

Liam: I think it's in your court now because you have to get the repository to me

manu: permission was granted to you so you just need to transfer it. Here's a link to how to do that:

<manu> liam needs to do a transfer at bottom of this page: https://github.com/msporny/vc-test-suite/settings

Liam: last time i checked there was no transfer button; we'll try again

varn: Liam and manu should work on it offline

maru: agreed

gkellogg: question: is this test manifest based on any existing one?

manu: no, it's not based on any previous suite; we haven't decided what it will look like yet just how the driver works and how a developer would develop against it
... no decisions have been made so please help us!

gkelllogg: there's some advantage to stick with what was done in the JSON-LD one but we can take it offline

agenda item 2.3

varn: for those who did the reviewing: anything to report? findings or suggestions either here or did you put something elsewhere?
... anything wrong? left out? any changes needed?
... we have 10 minutes or so to cover it..

MattLarson: Not my area of expertise but as an implementor: one of the things is storage providers and privacy as it relates to them. what's the groups feeling about storing the cred vs. generating it on demand?
... there seems to be an assumption that it's static hence the question; what does the group think?
... what about revocations lists
... everything else seemed reasonable to me.
... one more thing: a lot of credentials in the badging space use email but that's correlatable. thoughts?

varn: good questions; my observation: the assumption that we're making is that a bundle is encrypted and passed around which would imply static vs. you're the only person who can generate it which seems at odds

<stonematt> +1 Acclaim represents the governing body of the credential - becomes a delegated issuer.

<TallTed> TallTed: note that email address can be problematic as agent identifier -- e.g., role addresses often lead to multiple people, both simultaneously and over time

mattLarson: the idea is that a user creates a claim which can then be distributed but it's not actually stored with us; only a memento that can be used to reference it

dlongley: the data model has no restrictions that would preclude any of the behavior we're talking about but it sounds like you're talking about an issuer who creates a claim then takes it somewhere. just listening it sounds like it fits in cleanly. issuer can issue claims using the data model then the generated claim/credential which is then stored in a repo which can then be used elsewhere. the claim can be signed in different ways so as to make it fit for

different uses

<Zakim> nage, you wanted to speak about identifiers (as part of protocols) and revocation

stonematt: echoing what dlongley said; having a claim works that way is fine; if someone wants to assemble various credentials and put them together as a portfolio which then itself becomes a claim that the platform issues. it's a new example of agency and delgation in which the acclaim is working on behalf of the issuer

<dlongley> Acclaim has been empowered to act as the "Issuer" and it fits nicely in the architecture this group has produced

<ChristopherA> (I have to leave to prepare for CG meeting)

nage: when we get into protocol in the CG it's important to be specific about this stuff but here we've making no assumptions so this is a CG issue right now but one that needs to be handled carefully WRT privacy

<liam> [vc-test-suite transfer in progress... done... now https://github.com/w3c/vc-test-suite]

nage: that said, some of this will have to be represented in the data model and/or will influence it

MatlLarson: my question was answered

varn: we need for folks reviewing the security and privacy section get that done so it'll be on the agenda next week.

<nage> identifier management and correlation is especially important to revocation design (revocation lists reveal too much information for many use cases)

Summary of Action Items

[NEW] ACTION: DavidChadwick and JoeAndrieu to write up issue marker for issue 68 for VC Data Model spec. [recorded in http://www.w3.org/2017/08/29-vcwg-minutes.html#action01]
 

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/08/29 15:59:09 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/varn/burn/
Succeeded: s/dan is dan burnett//
Succeeded: s/oops//
Succeeded: s/ack joe andrieu who is also only on phone//
FAILED: s/ack david chadwick who is only on the phone//
Present: Nathan_George Chris_Webber David_Lehn Matt_Stone Gregg_Kellogg Adam_Migus Dave_Longley Manu_Sporny David_Chadwick Christopher_Allen David_Ezell
Found Scribe: manu
Inferring ScribeNick: manu
Found Scribe: amigus
Inferring ScribeNick: amigus
Scribes: manu, amigus
ScribeNicks: manu, amigus
Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0014.html
Got date from IRC log name: 29 Aug 2017
Guessing minutes URL: http://www.w3.org/2017/08/29-vcwg-minutes.html
People with action items: davidchadwick joeandrieu
[End of scribe.perl diagnostic output]