14:56:29 RRSAgent has joined #vcwg 14:56:29 logging to http://www.w3.org/2017/09/26-vcwg-irc 14:56:37 Meeting: Verifiable Claims Working Group 14:56:48 TallTed has joined #vcwg 14:56:57 Chair: Dan_Burnett, Matt_Stone, Richard_Varn 14:57:53 present+ Tzviya_Siegman 14:58:13 present+ Dan_Burnett 14:58:38 TallTed has changed the topic to: 2017-09-26 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0019.html 14:59:03 burn has changed the topic to: 2017-09-26 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0019.html 15:00:11 present+ Ted_Thibodeau 15:00:14 gkellogg has joined #vcwg 15:00:31 present+ Benjamin_Young 15:00:35 varn has joined #vcwg 15:01:38 present+ Manu_Sporny 15:01:40 colleen has joined #vcwg 15:01:50 present+ Gregg_Kellogg 15:01:55 present+ colleen_kennedy 15:01:58 present+ Richard_Varn 15:02:42 scribe: manu 15:03:02 Topic: Agenda Review 15:03:31 Varn: We're going to hear from Tzviya and Benjamin today about RA21 and Verifiable Claims 15:03:41 Varn: Then prioritize W3C TPAC efforts. 15:03:52 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0019.html 15:03:54 present+ Dave_Longley 15:04:04 Varn: Data Model spec, current milestone progress - what are issues in the way, prioritize, etc. 15:04:15 Varn: Then discuss future agenda topics. 15:04:35 Topic: RA21 and Verifiable Claims 15:05:00 rrsagent, make mintues 15:05:00 I'm logging. I don't understand 'make mintues', manu. Try /msg RRSAgent help 15:05:07 rrsagent, make minutes 15:05:07 I have made the request to generate http://www.w3.org/2017/09/26-vcwg-minutes.html manu 15:05:28 http://ra21.org/ 15:06:07 tzviya: We did discuss this briefly last week. Benjamin and I have been working with RA21 - scholarly publishing community. This is very similar to Education use cases in this group. Wiley publishes many journals and releases them into the library world. A user can be an institution or individual. 15:07:00 tzviya: We need to authenticate in many ways, which is bad, we don't want a NASCAR situation. There are issues on the use case. We met with RA21 leadership yesterday to discuss if they want to move forward with Verifiable Claims. They have two pilots going right now, one based on SAML, and another based on an older technology. They want to do a Verifiable Claim Pilot. 15:07:26 tzviya: We do need to sit down with them to document the use cases. They're a bit slow with cutting edge tech, so they need more reassurance that this works today. 15:07:36 q+ to discuss SAML and Credential Handler API Demo. 15:07:54 q+ 15:07:59 q- 15:08:01 burn: Ok, thanks - good use cases. 15:08:19 ack manu 15:08:19 manu, you wanted to discuss SAML and Credential Handler API Demo. 15:08:20 tzviya: There is a good bit of focus on UI - similar interfaces... 15:08:55 current SAML related pilot at RA21: http://ra21.org/index.php/pilot-programs/p3-wayf-pilot/ 15:09:17 manu: So two things: The SAML thing is interesting partly because we're looking into how to carry VCs across SAML stuff, so that's not out of scope. I understand these older orgs have SAML setups and may be hesitant to move away because of time and energy put into it. We have looked into how to express a VC in a SAML communication and there's a fairly straightforward way of doing it. 15:09:28 manu: It does require some new systems to be setup. But it is compatible with the systems these orgs have setup. 15:09:36 manu: Maybe a way to move forward there. 15:09:40 zakim, who's on the phone? 15:09:40 Present: Tzviya_Siegman, Dan_Burnett, Ted_Thibodeau, Benjamin_Young, Manu_Sporny, Gregg_Kellogg, colleen_kennedy, Richard_Varn, Dave_Longley 15:09:44 present+ ChristopherA 15:09:46 manu: There is also an email that went out to the list yesterday. 15:09:58 Credential Handler API Polyfill: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0020.html 15:10:14 manu: This goes to your consistent UI thing you're talking about. There's a new Credential Handler API polyfill. A demo video we put out last night that is showing what the UI could look like when moving VCs around. 15:10:20 present+ Kim_Hamilton_Duffy 15:10:24 MattLarson has joined #vcwg 15:10:48 manu: That may help you and Benjamin to get your mind wrapped around the UI we're talking about. That's experimental stuff but it's out there and works to ship VCs around. Based on both possibilities you've outlined this group has ways of engaging on both of them. 15:10:49 present+ Matt_Larson 15:11:15 q? 15:11:21 tzviya: Yes, that helps... this is a large group, moves slowly, just giving you a heads up that publishing doesn't move at a rapid pace. 15:11:40 burn: Is there something that you want this group to do as an action item? 15:11:54 tzviya: I need to touch base with RA21 and then I'll follow up with the group. 15:12:26 tzviya: To set expectations, it'll be a slow start punctuated with WE NEED IT NOW! 15:12:37 q+ 15:12:37 tzviya: We'll know more by W3C TPAC. 15:12:50 ack bigbluehat 15:13:27 Benjamin: Thanks to everyone that worked on the polyfill - it looks very close to what RA21 wants wrt. UI, so that's good. We'll both be at TPAC, and I'll be in the VCWG meeting, will provide updates there. 15:13:46 Topic: TPAC topic review and planning 15:13:51 https://goo.gl/8voHZS 15:14:35 burn: If there is something that's not on that list, please put it on there. 15:14:35 kim has joined #vcwg 15:15:02 burn: There may be overlap with finish off current milestone and other topics listed. Don't worry about overruning time, that's a good problem to have. 15:15:33 varn: We only have one discussion leader identified - who can lead discussion on these items? Do we need to assign. 15:15:35 q+ 15:15:48 ack manu 15:16:25 manu: Haven't had the bandwidth to volunteer for anything yet, I will volunteer one thing and may volunteer Longley for another since he'll be in the same room. 15:16:38 burn: Any other volunteers? 15:16:44 q+ 15:16:48 ack varn 15:17:09 Varn: If we get to it, I can volunteer for Claimvelope, Verifiable Credential, Verifiable Profile. 15:17:50 Burn: We're coordinating with other groups now, the Agenda will get more structured going forward. 15:17:59 Topic: Data Model Spec - Current Milestone Issues 15:18:09 https://github.com/w3c/vc-data-model/milestone/3 15:18:14 q+ to provide update. 15:18:22 ack manu 15:18:22 manu, you wanted to provide update. 15:18:33 https://github.com/w3c/vc-test-suite/tree/gh-pages/tests-1.0 15:19:52 manu: Chris Webber doing travel/client work, not working on test suite this week or next. There have been additional tests added to the test suite, we now have all the tests we need to pass every milestone. The thing that is holding us up is implementations. Chris was on to do implementations but hasn't had enough bandwidth. DB may pick up some of the implementation stuff or at least get our JS based libraries on task to get us past milestone one. 15:20:54 manu: There were a couple of things that came up with creating the test suite. Specifically, the newer sections like evidence field ... how do you list the evidence that was collected to generate the VC ... there's not much we can test there without more discussion. It might be a TPAC discussion topic, we need people to tell us what kind of evidence they want to list with a VC. For example, I issued a Driver's License and the evidence I used was that they 15:20:54 took the paper test, driver test, I saw them in person and verified their SSN and saw their SSN card, etc. 15:21:04 manu: So we need concrete use cases for that evidence field. 15:21:09 present+ Nathan_George 15:21:46 manu: Same thing for revocation. We have a simple revocation list thing but we need to discuss the format. Hopefully in the next couple of weeks ... there's not much that can happen with milestone 1 until the test suite is done and I suggest that we move onto other issues until we're unblocked. I hope we have an operational test suite for TPAC. 15:21:57 manu there are good test scenarios for evidence in education. I can help round some up 15:22:01 Burn: That brings up a point - make good use of TPAC time 15:22:19 Manu: Kim, thanks - that would be super helpful. 15:23:04 manu: I think the issues will naturally slot into the schedule we have. But we may want to triage them. We may want to shove the issues into each one of the issues that have been raised. Identify verification or bundled claim, etc. They should map cleanly to issues we have. That's another way of building the agenda. 15:23:06 DavidC has joined #vcwg 15:23:38 Burn: I suspect the Chairs are going to try to balance completing items that can be finished quickly/efficiently and have significant topics to discuss. It may not be a goal of getting all of M1 done by then. TPAC time is valuable for general discussions, as you know. 15:24:13 Burn: Will RWoT affect attendance? 15:24:18 I'll be at rwot 15:24:24 +1 15:24:47 Zakim, who's here? 15:24:47 Present: Tzviya_Siegman, Dan_Burnett, Ted_Thibodeau, Benjamin_Young, Manu_Sporny, Gregg_Kellogg, colleen_kennedy, Richard_Varn, Dave_Longley, ChristopherA, Kim_Hamilton_Duffy, 15:24:52 ... Matt_Larson, Nathan_George 15:24:52 On IRC I see DavidC, kim, MattLarson, colleen, varn, gkellogg, TallTed, RRSAgent, Zakim, burn, tzviya, liam, cwebber, ChristopherA, manu, dlehn, trackbot, dlongley, robert, 15:24:52 ... bigbluehat 15:25:24 question: who from our group is involved with the credential transparency description language be worked by http://credentialengine.org/ and they had a new release in August see http://credreg.net/ctdl/release 15:25:57 q+ 15:26:21 q+ to ask about federation use cases 15:26:27 manu: It's really the evidence thing. The revocation thing we can guess at and put something in front of the group. We need use cases for evidence. Kim did say she could round some up with the education space. 15:26:37 Topic: Evidence for Verifiable Claims 15:27:06 Kim: I'm interested with aligning OBI w/ Verifiable Claims - I'd like to align those examples. I'd want to run them by that group to make sure they're representative. 15:27:17 q? 15:27:18 Kim: They should be fairly easy to round up, make sure the examples are solid. 15:27:40 ack varn 15:27:48 manu: After we get through the evidence thing we may have some burning issues to discuss. 15:28:19 Varn: This relates a bit to evidentiary items... who has been involved with Credential Transparency? 15:28:57 manu: Stewart Sutton who had participated early on in the group is the one that did a lot of the work for the CTI. But he has not been able to join us as of late. Gregg ... I don't know if you're on the call today, you might seem him at the DCMI meetup thing that you're going to. 15:29:04 manu: No one is participating regularly that I know of. 15:29:07 present+ David_Lehn 15:29:22 Varn: Have you looked at their Vocabulary - are there evidentiary items in there? 15:29:45 q+ 15:29:57 q- 15:30:18 ack tzviya 15:30:18 tzviya, you wanted to ask about federation use cases 15:30:18 Varn: The only reason I mention it is because these folks have to recognize credentials. I would expect that they would have worked on that, we want to reuse their work if they have. 15:30:37 tzviya: Someone asked me if I had use cases for Federation - what are you looking for? 15:31:05 present+ David_Lehn 15:31:06 dezell has joined #vcwg 15:32:51 joe said this last week... :JoeAndrieu: please raise issues for any use cases not yet represented, especially if they can be highlighted as education-related... booked elsewhere the next couple weeks, but can dig into this again thereafter 15:33:09 tzviya: I'm talking about with respect to login - I go to NYU, have access to all of NYU library, then move universities - how do I get access at the new university? 15:33:32 https://github.com/w3c/vc-data-model/issues/71 15:34:14 dlongley: W3C TAG has a self-questionnaire on security and privacy - we should produce a response that runs down these questions... we may not be able to answer some of these questions because they don't apply... but they will ask us to fill this out at some point. 15:34:41 Burn: Who is "we"? Is there someone that can volunteer to take a first stab at it. 15:34:59 DavidC: I'm happy to do that, I've already started on security and privacy document. 15:35:00 present+ David_Chadwick 15:35:06 DavidC: I'm happy to do a first cut of that for next week. 15:35:08 thanks david! 15:35:22 ACTION: David_Chadwick to do security/privacy review for TAG. 15:35:22 Sorry, but no Tracker is associated with this channel. 15:36:01 q+ 15:36:24 manu: I do want to do some front running... going down the agenda. There's a thing on Identify Verification that Joe Andrieu brought up. 15:36:47 manu: "How do you establish that the holder of the VC is also the subject?" ... So how do you know that it's me that's handing over a driver's license/educational cred/etc. 15:37:30 manu: We have something running in production that does that that's aligned with the various VC specs. The problem is that there's a very fine line and we should only be working on the data model. There are things in the data model that apply but we can also say something non-normative to talk about how to authenticate yourself as the subject of a claim. 15:37:36 q? 15:38:14 manu: To say "this is me, this is my driver's license." I'm going to try and draft up some language to cover that ... any objections from the group or do you think anyone would complain and say it's outside of the charter even though it's non-normative? Any thoughts on that? If no, I can just draft something and see what we think. 15:38:53 q+ 15:38:55 Burn: From a Charter perspective, we're ok - I'd err on the side of putting text in and having someone request that we take it out of the spec. 15:39:27 dlongley: There are data model elements to this aspect, so saying that this is where you have this info in the data model, so it's interoperable, and give examples of how it could be used is not normative. We show how the data model can be used... use case for it. 15:39:35 ack DavidC 15:40:05 DavidC: I think part of the verification is that there is something in the claim links to the person that's presenting it. The data model needs ot have some aspect - we don't want to support masquerade. 15:40:22 ChristopherA: Or at least, optionally support masquerade. 15:40:54 DavidC: Masquerade is pretending to be someone that you're not. Saying "I'm not the subject, I'm someone else" is fine 15:41:08 ChristopherA: I agree with the semantics. 15:41:19 ChristopherA: From a cryptography standpoint, it's more nuanced. 15:41:24 ack ChristopherA 15:42:09 ChristopherA: I'd like to get input from the group wrt. what the language requirements are - Bitcoin community could be a lot more evangelized if we have a C++/Python version. 15:42:12 q+ to talk to Python version. 15:42:36 presenter offers what data elements to verify self and describes role as subject of claim or holder/broker. They also have to present data elements proving they have permission to present it if they are not the subject. 15:42:40 ChristopherA: What libraries do we have, what's their status, what are the needs of various parties? Java version, Go version... 15:42:52 q? 15:42:57 ack manu 15:42:57 manu, you wanted to talk to Python version. 15:43:40 q+ 15:44:16 manu: Just to talk to the Python version. Chris Webber has been working on a Python version that works more or less. That thing's doing fairly well. At the close of the milestone we should have JS and Python implementations. So LinkedDataSignatures, VC libraries, etc. We should be able to support the bitcoin community with a Python version. The C++ version is more challenging. Like 6 years ago we had a JSON-LD processor in C++ but it's a non-trivial 15:44:16 undertaking as usual with C++. Scripting libraries will get support much sooner than non-scripting ones. 15:44:30 manu: We're pretty far along with node.js and in the browser, and Python and Ruby and Java I think. 15:44:39 manu: There's a Go implementation for JSON-LD. 15:45:12 ChristopherA: What I'd like to see then as part of the documentation or a repo ... a unified list of these resources and where they are in github and maybe some pointers on who is working on them. Unified place for them. Have that as a work item to keep that up. 15:45:13 +1 15:45:15 manu: +1 15:45:28 burn: A link off of the WG would be fine that points to a page with running implementation stuff. 15:45:32 ack DavidC 15:45:36 ACTION: Manu to create link to running implementations off of WG page. 15:45:36 Sorry, but no Tracker is associated with this channel. 15:46:32 DavidC: About presenter comment from Richard Varn - do we have recursive credentials? So, presenter provides credential and recursively includes other credentials. 15:46:42 good idea. not that i know of. may not be thew only way we want to do it. 15:46:49 q? 15:47:41 DavidC: I have a credential which has some property and I want you to take over that property and take over that credential... I put a VC given to me, into the VC, I put your identifier as the holder, and I put me as the issuer and sign it. 15:48:15 q+ 15:48:39 dlongley: We do have a concept of a chain of trust, so if you present a VC that is signed by you or someone else - you can look at the other entitity. So you get an education credential from some university and you can go to the university to see if they have accreditation. I don't see why you can't bundle all of those into a single container. is that the cocnept that you're tlaking about? 15:48:45 q+ to talk about recursion vs. graphs. 15:49:31 DavidC: When you think of the X509 Certificate Chain, similar things could happen w/ Verifiable Claims... instead of having linking and separate credentials, you have one credential which has one property inside the other one. You can recursively go through the code - parsing/validating as you go along. 15:49:47 DavidC: At some point, you fidn that the property is not a credential, and you find that it belongs to outer-most holder. 15:50:03 Longley: So you're asking to have credentials embedded in credentials. 15:50:28 DavidC: I wasn't sure it was supported - but if it is - it would provide someone that is the subject to specify that they're the holder. 15:50:42 ack varn 15:51:13 correction: the subject to specify that the holder is authorised to present the credential 15:51:21 Varn: The other dimension that I want to capture - whether person presenting is authorized to do so - you could do it with or without nesting - within statements/permissions - there are different reasons why I might authorize someone to present my credential. 15:52:00 yes, terms of use/policy issues. 15:52:02 Varn: if I'm presenting it for job application, application for college, limit it for that purpose - purpose of presenting, you have to bundle those together. I am presenting, I have permission to present, I have permission to present for this reason. 15:52:06 q+ to talk about delegation. 15:52:34 DavidC: Policy on use of credential is there - perhaps further policy can be more restrictive. 15:52:44 Varn: We need those descriptions in there. 15:52:48 ack manu 15:52:48 manu, you wanted to talk about recursion vs. graphs. and to talk about delegation. 15:52:55 "compositional credentials and compositional policy" 15:53:00 https://github.com/w3c/vc-data-model/issues/48 15:53:09 +1 to composition on both 15:54:04 manu: We have an issue for terms of use and I expect to see a property for that in the data model. What would help the discussion is a grounded use case. For example, an assistant needs a passport from someone they are booking a flight for to travel over seas. It has a terms of use component and it has a component ... so the terms of use thing is one aspect. 15:54:32 manu: The other aspect that David is pointing out is delegation. Terms of use is important even when you're the subject handing things over (only use my shipping address to ship a package to me, don't market/mine my data). 15:55:08 trying to deal with delegation today sounds like a big chunk to bite off 15:55:36 manu: Terms of use for a passport would be for card rental use only. And in addition to that you can delegate. It's a very complex topic and we haven't picked up and discussed in the group. Part of what David Chadwick is outlining here is "how are we doing delegation" ... are we doing it through bundling/embedding credentials or what. Fundamentally we're dealing with graph based data structures here. So that nesting is the wrong way to talk about these 15:55:36 things. You're really talking about the interconnectedness of the graph. 15:56:31 manu: Can you start at the subject and trace a path to the holder in some way. There may be many paths back to the holder. The question then becomes have we though about delegation such that it is possible to trace a path from the holder all the way back to the subject and such that the subject that the subject has expressed the terms of use on that credential. That's a pretty big multipart discussion. The suggested path forward is ... we've broken out 15:56:31 terms of use, it's own thing on the side. 15:57:28 manu: I don't think we've broken out what David just said ... how do you establish the relationship between the holder and subject when they are different entities. We will be discussing how to find out if the subject *is* the holder, but we haven't talked about tracing a path from the holder to the subject, etc. That could be super complex. There's a question of how much we want to explore because it could get complex. 15:57:35 q+ 15:57:40 manu: Those are my thoughts now that I think I understand the points David was making. We're not tracking it. 15:57:44 ack DavidC 15:58:23 DavidC: Two points - issuer provides terms of use... subject provides terms of use. Do we cover both of those in the data model? Should subject terms of use be outside of data model? 15:58:29 or the verifier suggests a terms of use that the subject will accept (or not). (not sure if that was said) 15:58:43 that's more likely when sharing credentials on the Web. 15:58:51 https://github.com/w3c/vc-data-model/issues/48 15:59:19 (heading over to w3c-ccg) 15:59:44 rrsagent, draft minutes 15:59:44 I have made the request to generate http://www.w3.org/2017/09/26-vcwg-minutes.html manu 15:59:58 rrsagent, make logs public 15:59:59 rrsagent, draft minutes 15:59:59 I have made the request to generate http://www.w3.org/2017/09/26-vcwg-minutes.html manu 16:00:34 burn: We need to know if you need dial-in for TPAC, let us know! 16:00:40 rrsagent, draft minutes 16:00:40 I have made the request to generate http://www.w3.org/2017/09/26-vcwg-minutes.html manu 16:00:56 But dialin is discouraged -- should not be the primary way to attend 16:01:10 rrsagent, draft minutes 16:01:10 I have made the request to generate http://www.w3.org/2017/09/26-vcwg-minutes.html burn 16:09:03 zakim, who's on the phone? 16:09:03 Present: Tzviya_Siegman, Dan_Burnett, Ted_Thibodeau, Benjamin_Young, Manu_Sporny, Gregg_Kellogg, colleen_kennedy, Richard_Varn, Dave_Longley, ChristopherA, Kim_Hamilton_Duffy, 16:09:06 ... Matt_Larson, Nathan_George, David_Lehn, David_Chadwick 16:25:14 burn has left #vcwg 16:39:10 gkellogg has joined #vcwg 18:04:58 gkellogg has joined #vcwg 18:34:10 Zakim has left #vcwg 19:50:54 liam has joined #vcwg 22:24:22 gkellogg has joined #vcwg 23:45:20 gkellogg has joined #vcwg