14:55:15 RRSAgent has joined #vcwg 14:55:15 logging to http://www.w3.org/2017/10/17-vcwg-irc 14:55:23 rrsagent, draft minutes 14:55:23 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html burn 14:55:27 rrsagent, make logs public 14:55:43 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0008.html 14:56:03 Chair: Richard_Varn, Dan_Burnett, Matt_Stone 14:56:14 Meeting: Verifiable Claims Working Group 14:57:53 reto has joined #vcwg 14:58:10 varn has joined #vcwg 14:58:38 gkellogg has joined #vcwg 14:58:50 Charles_Engelke has joined #vcwg 14:59:31 present+ Tzviya_Siegman 14:59:41 present+ Dan_Burnett 14:59:47 present+ Richard_Varn 15:00:00 present+ Reto_Gmür 15:00:25 present+ Charles_Engelke 15:00:37 present Gregg_Kellogg 15:01:42 present Tzviya_Siegman, Dan_Burnet, Richard_Varn, Reto_Gmür, Charles_Engelke, Gregg_Kellogg 15:01:45 present+ Dave_Longley 15:02:03 present+ Manu_Sporny 15:02:08 rrsagent, draft minutes 15:02:08 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html manu 15:02:20 stonematt has joined #vcwg 15:02:21 Chair: Richard_Varn 15:02:22 kimhd has joined #vcwg 15:02:28 present+ Ted_Thibodeau 15:02:31 Chair: Richard_Varn, Matt_Stone, Dan_Burnett 15:02:48 present+ Matt_Stone 15:02:52 rrsagent, draft minutes 15:02:52 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html manu 15:02:59 DavidC has joined #vcwg 15:04:26 cwebber has joined #vcwg 15:04:29 present+ 15:05:16 scribenick: cwebber 15:05:36 Topic: TPAC topic review & TPAC Planning 15:05:40 agenda: https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0 15:05:49 s/agenda/TPAC topics/ 15:06:20 TPAC topic list/agenda is at https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0 15:06:24 q? 15:06:28 varn: we want to review issues / topics etc for TPAC.. you don't have to be the person about the topic to organize it 15:06:42 q+ 15:06:44 varn: we don't have leaders for test suite / ... ? 15:06:57 varn: want to swap to the agenda while waiting to hear back from privacy group? 15:07:58 MattLarson has joined #vcwg 15:08:02 varn: we've moved a few things on the agenda, in general things are where they were originally but we moved around the coordination with the credentials cg and the web commerce cg. that was because of a specific request by the web commerce cg to meet on tuesday at 10pm (?) but that was moved(?)... so we want to have the cg to be moved nearby to lunch-ish 15:08:25 varn: we have a 60 minute slot on friday morning, we're leaving that slot open in case we hear back from the privacy folks in case we hear anything back 15:08:34 varn: as richard said we do need leaders for most of the topics listed 15:08:44 varn: that's all I wanted to say for now 15:09:14 varn: though if you look at the agenda you'll see openid / saml has 0 time. that may be combined with the following topic on the agenda which is u-prove etc 15:09:17 q+ 15:09:36 q? 15:09:43 ack DavidC 15:10:00 DavidC: basically wanted to say I won't be at TPAC even though I'm listed to list topics 1, 2, and 3 so that needs to be corrected unless there's remote access 15:10:07 DavidC: not sure you need video conferencing 15:10:20 varn: only topic I have you as leading is the one we need to prepare for TPAC 15:10:33 DavidC: but see also Uprove with Nathan George 15:10:57 varn: oops you're right... we didn't specifically request remote access but maybe we can do it? timewise you *might* be able to attend though I think it's not great for you 15:11:11 DavidC: it's 8 hours difference... California time? I think that's about 6pm? 15:11:17 varn: right not as impossible as the afternoon 15:11:20 DavidC: right 15:11:26 varn: Nathan, are you on the line yet? 15:11:41 present+ 15:12:13 s/varn: oops/burn: oops/ 15:12:16 ack manu 15:12:18 varn: first leading remotely, it's best to have as best video conference if possible but we can use speakerphone. liam would know 15:12:27 q? 15:12:29 DavidC: just to be sure could you remove my name? 15:12:35 s/varn: only topic/burn: only topic/ 15:12:49 varn: we will 15:12:57 s/varn: right not/burn: right not/ 15:13:05 manu: I signed up for the bundled claims thing, so there's a discussion we need to have on profiles / etc 15:13:06 zakim, who's on the phone? 15:13:06 Present: Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, cwebber, bigbluehat 15:13:20 q+ I signed up for RDFS/OWL 15:13:21 manu: I volunteered myself / dlongley / cwebber for the test suite, we hope to have it ready by then 15:13:34 manu: I also wanted to mention that at W3C TPAC you almost always have dial-in support 15:13:50 manu: only issue is time difference... but 9:30AM Pacific is probably still workable for you in EU 15:14:32 s/varn: right no/burn: right no/ 15:14:38 q? 15:14:42 manu: only other thing I wanted to point out is we don't have any time for issue discussion. I'm planning on putting in a good chunk of a week to flesh out PRs etc. I'm expecting there will be 8-10 PRs by then, which we may want to put a bit of time aside to discuss or if some wrap up faster than others like 60 minutes for test suite seems like a bit much, maybe we can finagle things 15:14:57 varn: how much time should the issues need? 15:15:17 burn: I need to jump the queue... getting to CR, the first hour on the first day, that's specifically for any issues we'd care to work on so we can move forward 15:15:53 burn: we can try to allocate more time and we have this slot at the end for anything that comes up, but we didn't want it to just be focused on issues we can address in a call... topics that require a lot of discussion time we wanted to address 15:16:16 varn: manu does that address part of it? once we get the first 10-12 issues down maybe we can fit things in 15:16:45 q+ to discuss likely people 15:16:54 varn: two questions remaining: how do we get the leaders... we could ask "who's likely to lead that"? if they aren't on the call we can see if they're on the list and recruit them to do the work 15:16:58 ack manu 15:16:58 manu, you wanted to discuss likely people 15:17:09 q+ to mention attendees tab 15:17:35 q? 15:17:36 manu: for negative claims I know Christopher Allen had an interest in this but I know he's got pretty strong feelings about it specifically around reputation networks. If we have anyone who does reputation networks we can do that, but since we can rathole on that pretty quickly let's timebox it 15:17:52 zakim, who's on the phone? 15:17:52 Present: Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, cwebber, bigbluehat 15:17:57 manu: for subject != holder I think DavidC and myself and ?? have thoughts on that 15:18:11 present+ 15:18:28 manu: and identity verification... maybe we could have someone from veradium (?) who does biometric stuff 15:18:40 burn: you can put my name down for it 15:19:00 ack burn 15:19:00 burn, you wanted to mention attendees tab 15:19:07 q? 15:19:45 burn: in that particular google doc we're looking at you'll see there's a tab for attendees... even though the chairs will have a list of who's signed up, it would be very helpful for us if you know you're arriving early / leaving late / etc if you filled that in it would be very helpful for us 15:20:10 burn: ie if you'll be at the AC meeting that would also be helpful. we know manu is likely to miss some for the AC meeting for instnace 15:20:20 varn: anyone have any instances where someone could be the leader? 15:20:28 ack gkellog 15:20:39 gkellogg: I signed up to lead the RDFS/OWL discussion since I've done that for quite a few other groups 15:20:56 q? 15:21:16 present+ Chris_Webber, Benjamin_Young, Kim_Hamilton_Duffy 15:21:26 stonematt: can facilitate negative claims (?) 15:21:29 present- cwebber, bigbluehat, kimhd 15:21:42 zakim, who's on the phone? 15:21:42 Present: Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, Chris_Webber, Benjamin_Young, 15:21:45 ... Kim_Hamilton_Duffy 15:22:02 varn: anything additional we'd like to identify near the bottom of the list with translation support, etc 15:22:12 q+ 15:22:13 varn: if you'd like to nominate someone maybe also be ready to be the leader of the group 15:22:18 q+ to add Verifiable news 15:22:27 ack manu 15:22:27 manu, you wanted to add Verifiable news 15:22:32 varn: I've got myself on verifiable profile.. if there's something else you think needs to be priority we need to know so you can integrate it 15:22:32 present+ David_Chadwick, Gregg_Kellogg 15:22:52 manu: we had a good discussion at RWoT two weeks ago.. there's a bunch of news orgs coalescing to do something here 15:22:53 q+ to comment on verifiable news 15:22:58 manu: and there's interest from w3c 15:23:10 manu: all those people will be at TPAC, we should use that opportunity to get them in and present 15:23:26 manu: I think it will either be Ed (B|V)ice? and Moses 15:24:02 varn: ok will add it to the bottom of suggested topics 15:24:15 present+ Matt_Larson 15:24:20 q- 15:24:31 varn: so privacy group exposure, PR stuff for that 15:24:37 q? 15:24:44 s/(BIV)ice?/Bice 15:24:52 Topic: Readiness for Privacy Group exposure 15:24:53 Ed Bice: https://www.linkedin.com/in/edbice/ 15:24:58 https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0009.html 15:25:03 manu: we're talking about privacy group exposure 15:25:11 https://github.com/w3c/vc-data-model/pull/73 15:25:32 Human readable version: http://htmlpreview.github.io/?https://github.com/w3c/vc-data-model/blob/chadwick-privacy-analysis/privacy.html 15:25:43 manu: PR 73, I took DavidC's privacy document write-up that he sent to the members list, respec'ed it, and we have a human readable version here..... *link* you'll have to refresh that page if there's a bug in respec 15:26:06 manu: it has all the privacy analysis questions, a good first cut... think we'll have to do a bit more explaining. I think it would give the privacy people enough to go on 15:26:53 q+ 15:26:55 q+ 15:27:22 manu: I think this demos that we have a good amount of privacy analysis... I think the rest will tell the story, but I think it's up to the privacy people to tell the rest of the story. I fully expect to be dragged through glass/coals/tar because crypto to protect people's privacy is not there yet, and this raises a number of privacy/tracking concerns. counterpoint, that's the way the web works today so we can't protect against some 15:27:22 of these attacks but at least we're documenting a lot of these systems and etc 15:27:25 q+ 15:27:39 ack DavidC 15:27:57 DavidC: if you look down the list you'll see there's one question I didn't answer becuase i didn't understand 15:28:01 present+ David_Lehn 15:28:16 DavidC: does this distinguish between first/third party contexts? -- couldn't understand it so I didn't answer it 15:28:19 manu: it's 1.13 15:28:40 varn: anyone understand so they can explain it? 15:29:12 https://github.com/w3ctag/security-questionnaire/issues/7 15:29:36 varn: it means like bank arrangement, vs one of their affiliates...? that's a guess 15:29:44 kimhd: from a very quick search seems to be talking about cookies 15:29:46 stonematt has joined #vcwg 15:29:51 stonemat_ has joined #vcwg 15:29:57 q? 15:29:59 manu: also dave longley found a link where they're talking a lot about this section 15:30:02 s/kimhd/tzviya/ 15:30:47 DavidC: https://github.com/w3ctag/security-questionnaire/issues/7 15:31:20 more discussion here: https://github.com/mikewest/spec-questionnaire/issues/6#issue-66262120 15:31:21 ack burn 15:31:34 burn: I'm trying to remember what I was going to talk about 15:32:01 burn: I think what I was going to say that we're trying to get an official response from the privacy people about whether they'll join us at TPAC... whether they do or not it's necessary work 15:32:02 ack TallTed 15:32:15 https://tools.ietf.org/html/draft-west-first-party-cookies-01 15:32:28 This might be relevant to first party versus third party question: https://morgandisalvo.com/wp-content/uploads/2016/07/Back-to-Basics-First-Party-Third-Party-Asset-Protection.pdf 15:33:03 +1 15:33:03 TallTed: gotta wave my scope flag again... wasn't able to get back my work again on anything ... subject authorizes anything about them... but nonsense, this is the web, anyone can claim anything about anything, the quesiton is whether you can verify that *I* said that, so you can tell whether I have credence on anything 15:33:25 TallTed: any time analyzing the credence of a claim comes up, a few people say "you're right" then we go back into the weeds 15:33:51 can we identify the specific weeds so they can be removed? 15:34:06 TallTed: if the charter isn't scoped enough it needs a rewrite... any usecases not met by the charter needs to be slashed... something is broken at this point 15:35:04 Maybe that should be added to the introduction of the spec. "I can claim the Eiffel Tower is 3in tall" and that this is a claim that I made can be verified, not the fa 15:35:13 TallTed: the third sentence "with full consent of the subject except in special case where holder is not the subject"... the special case is the all but universal aspect 15:35:20 DavidC: maybe that's where I disagree 15:35:25 q? 15:35:26 TallTed: we're talking about payload not whether Joe said this 15:35:38 q+ 15:36:08 q+ 15:36:11 varn: reasonable discussion but what the question asks and what it says... traditional convo we've had is "if you're subject you can assert whether or not you're spoken about" 15:36:22 TallTed: eifel tower can assert what's said about it? 15:36:29 q? 15:36:49 TallTed: this was my question based on my first call.. what is actually being verified? is it the content of the claim? That's really hairy. Or is it that eminator made that claim, whatever it may be 15:36:51 ack burn 15:36:54 q? 15:37:16 q+ 15:37:36 burn: I understand your concern, you've raised it several times, I get it. the claims we're verifying is not the content of the payload, what we're verifying is that *there is a claim which has been made by an entity*, not that the claim is true 15:38:00 burn: MIT may claim I have a degree from them, but we can't prove that, we can just claim they claim it 15:38:27 present+ 15:38:35 q+ 15:38:37 TallTed: what you've just said is that MIT has a payload ... ??? 15:38:37 q+ 15:38:39 q+ 15:38:46 ack dlongley 15:39:01 q- 15:39:13 q+ to request an issue with concrete changes. 15:39:15 dlongley: I think what you're responding to TallTed is you're reading something out of the privacy assessment, which is based on a survey for ananalysis on protocols that are for protocols in browsers 15:39:42 dlongley: we aren't making one of those, but we have to provide a privacy assessment that realates on how it may be used in relationship to a protocol we're not making 15:39:52 TallTed: the questions are themselves way out of scope 15:39:53 q+ 15:40:13 dlongley: that's fine to make that assertion but part of your charter was you have to do privacy assesment, here's the process here's the survey fill this out 15:40:32 TallTed: I've been playing the w3c game myself, one of the process things is to say "this is outside our control/scope" 15:41:07 dlongley: full consent of the subject has nothing to do with the content of the claim it's just sharing the ??? 15:41:20 ack reto 15:41:25 dlongley: someone's holding on to a claim, when they say subject what they're saying is they have the claim and are giving consent to have it 15:42:00 reto: I was a bit confused by "what are we verifying"... this is not a "verified claim working group" we are just caring about things being verifiable 15:42:08 reto: such as we know who made a certain claim 15:42:11 I think dlongley's rationale makes sense. We _could_ preface it with "out of scope, but speaking to anticipated uses..." 15:42:14 q? 15:42:19 ack manu\ 15:42:25 ack manu 15:42:25 manu, you wanted to request an issue with concrete changes. 15:42:37 manu: this is a request that we close discussion, Ted raised an issue and some spec text, let's move on 15:43:01 varn: I hear what you're saying is that shutting down conversation on primary level discussion 15:43:27 q= 15:43:29 q+ 15:43:37 TallTed: If I didn't get +1s every time I say something then I'm not wrong 15:43:38 q- 15:43:50 we need concrete text to fix the problem 15:43:59 ack DavidC 15:44:02 manu: this makes sense to those of us who have been around since the beginning of the meeting... the right place is to do this is in the issue tracker 15:44:20 q- 15:44:32 DavidC: just a couple of points to make to Ted, if Subject and Holder are same person, you assert what's in the claim 15:44:48 q+ 15:45:23 TallTed: subject holder may not know what's in the claim... with cc you are consenting to it 15:45:50 ack cwebber 15:45:57 TallTed: A simple fix to this problem is to propose concrete text to address the issue, that can be done on github. Since you're getting +1's it we'll likely reach consensus and accept it. 15:46:25 DavidC: we should question whether we can go along with that... if a person is presenting something they know nothing about that seems to me to be... how can you consent to that when you don't know what it is 15:46:47 varn: this is a typical head-of-a-pin problem, this can go on forever, we should work on it offline 15:47:01 varn: if we can't get resolutions offline... we're not cutting off any discussion that way 15:47:05 varn: next topic 15:47:50 Topic: Data Model Spec current milestone issues 15:48:03 https://github.com/w3c/vc-data-model/milestone/3 15:48:06 ack manu 15:48:08 burn: manu was gone on this one so we just wanted a status update 15:48:49 manu: current status on data model spec, thing that's been blocking us is we're not getting enough people contributing content, a couple of sections continue to be unfilled. I'll just take an action to fill those things out and hopefully people will chime in on the changes. a couple of PRs to fill out all the sections on the spec 15:49:04 s/If I didn't get +1s every time I say something then I'm not wrong/If I didn't get +1s every time I say something about this, I'd drop it, but I do, so something is definitely wrong/ 15:49:24 manu: the other thing that's been blocking us is the test suite, we need to get it operational, in order to do that we need to get someone to do it, cwebber is super busy with activitypub so dlehn may be helping as well as possibly myself 15:49:39 q+ to ask about https://github.com/w3c/vc-data-model/milestone/3 15:49:57 manu: given those two things we have people working on them actively; we expect progress before TPAC. the other analysis is about an analysis between SAML and OpenID Connect; I think this is purely a data model discussion? 15:50:00 ack burn 15:50:00 burn, you wanted to ask about https://github.com/w3c/vc-data-model/milestone/3 15:50:20 burn: manu, we actually have a set of issues part of the milestone, that appears to be included, so any update on any of those is welcome. 15:50:34 manu: sure, VC as a concept / direct data mdoeling, hopefully next 2 weeks 15:50:57 manu: RDFS / OWL we're putting together at least a json-ld context but we should hopefully have but tpac 15:51:09 manu: identity profile I think we'll get in there 15:51:15 manu: those items will be part of PR I think 15:51:29 varn: any more discussion on data model? 15:51:39 Topic: Test Suite Progress 15:51:51 cwebber: I said it 15:52:06 varn: do we have additional things to report 15:52:19 manu: no except we're putting dlehn and myself on it 15:53:35 David Chadwick wrote a document comparing SAML and ODIC - https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0010.html 15:53:47 https://github.com/w3c/vc-data-model/pull/74 15:53:57 Human readable version: https://htmlpreview.github.io/?https://github.com/w3c/vc-data-model/blob/chadwick-saml-oidc/comparison.html 15:54:05 manu: the other PR is OpenID Connect; DavidC wrote a PR / document comparing SAML and OIDC... I put in a PR for document DavidC sent; this is a fairly short human-readable comparison. human readable version is here 15:54:42 no current plan for SAML/OpenId people in room at TPAC 15:54:49 but probably eventually 15:54:49 manu: it's a good comparison, I'd love for DavidC to be in the room when the OpenID / SAML people show up, though we may want to soften the language somewhat, but as far as PR is concerned it's at least a first good cut 15:55:34 agree that even a first draft text is better than none (and this is pretty good for a start) 15:55:45 q? 15:56:14 present+ Liam_Quin 15:56:34 rrsagent, draft minutes 15:56:34 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html burn 15:56:57 varn: do we want to have a discussion about anti-correlation on this call 15:57:01 varn: or a call 15:57:07 manu: yes, worth our time 15:57:13 +1 15:57:16 +1 15:57:20 +1 to talk about anti-correlation and how hard that is to accomplish in reality. 15:57:44 rrsagent, draft minutes 15:57:44 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html burn 15:58:06 present 15:58:33 present- liam 15:58:45 present Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, Chris_Webber, Benjamin_Young, David_Chadwick, Gregg_Kellogg, Matt_Larson, David_Lehn, Liam_Quin 16:00:14 rrsagent, draft minutes 16:00:14 I have made the request to generate http://www.w3.org/2017/10/17-vcwg-minutes.html burn 22:29:27 gkellogg has joined #vcwg