See also: IRC log
<burn> present Gregg_Kellogg
<burn> present Tzviya_Siegman, Dan_Burnet, Richard_Varn, Reto_Gmür, Charles_Engelke, Gregg_Kellogg
<manu> Chair: Richard_Varn
<manu> Chair: Richard_Varn, Matt_Stone, Dan_Burnett
<scribe> scribenick: cwebber
<stonematt> TPAC topics: https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0
<burn> TPAC topic list/agenda is at https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0
varn: we want to review issues /
topics etc for TPAC.. you don't have to be the person about the
topic to organize it
... we don't have leaders for test suite / ... ?
... want to swap to the agenda while waiting to hear back from
privacy group?
... we've moved a few things on the agenda, in general things
are where they were originally but we moved around the
coordination with the credentials cg and the web commerce cg.
that was because of a specific request by the web commerce cg
to meet on tuesday at 10pm (?) but that was moved(?)... so we
want to have the cg to be moved nearby to lunch-ish
... we have a 60 minute slot on friday morning, we're leaving
that slot open in case we hear back from the privacy folks in
case we hear anything back
... as richard said we do need leaders for most of the topics
listed
... that's all I wanted to say for now
... though if you look at the agenda you'll see openid / saml
has 0 time. that may be combined with the following topic on
the agenda which is u-prove etc
DavidC: basically wanted to say I
won't be at TPAC even though I'm listed to list topics 1, 2,
and 3 so that needs to be corrected unless there's remote
access
... not sure you need video conferencing
burn: only topic I have you as leading is the one we need to prepare for TPAC
DavidC: but see also Uprove with Nathan George
burn: oops you're right... we didn't specifically request remote access but maybe we can do it? timewise you *might* be able to attend though I think it's not great for you
DavidC: it's 8 hours difference... California time? I think that's about 6pm?
burn: right not as impossible as the afternoon
DavidC: right
varn: Nathan, are you on the line
yet?
... first leading remotely, it's best to have as best video
conference if possible but we can use speakerphone. liam would
know
DavidC: just to be sure could you remove my name?
varn: we will
manu: I signed up for the bundled
claims thing, so there's a discussion we need to have on
profiles / etc
... I volunteered myself / dlongley / cwebber for the test
suite, we hope to have it ready by then
... I also wanted to mention that at W3C TPAC you almost always
have dial-in support
... only issue is time difference... but 9:30AM Pacific is
probably still workable for you in EU
<gkellogg> s/varn: right no/burn: right no/
manu: only other thing I wanted to point out is we don't have any time for issue discussion. I'm planning on putting in a good chunk of a week to flesh out PRs etc. I'm expecting there will be 8-10 PRs by then, which we may want to put a bit of time aside to discuss or if some wrap up faster than others like 60 minutes for test suite seems like a bit much, maybe we can finagle things
varn: how much time should the issues need?
burn: I need to jump the queue...
getting to CR, the first hour on the first day, that's
specifically for any issues we'd care to work on so we can move
forward
... we can try to allocate more time and we have this slot at
the end for anything that comes up, but we didn't want it to
just be focused on issues we can address in a call... topics
that require a lot of discussion time we wanted to address
varn: manu does that address part
of it? once we get the first 10-12 issues down maybe we can fit
things in
... two questions remaining: how do we get the leaders... we
could ask "who's likely to lead that"? if they aren't on the
call we can see if they're on the list and recruit them to do
the work
<Zakim> manu, you wanted to discuss likely people
manu: for negative claims I know
Christopher Allen had an interest in this but I know he's got
pretty strong feelings about it specifically around reputation
networks. If we have anyone who does reputation networks we can
do that, but since we can rathole on that pretty quickly let's
timebox it
... for subject != holder I think DavidC and myself and ?? have
thoughts on that
... and identity verification... maybe we could have someone
from veradium (?) who does biometric stuff
burn: you can put my name down for it
<Zakim> burn, you wanted to mention attendees tab
burn: in that particular google
doc we're looking at you'll see there's a tab for attendees...
even though the chairs will have a list of who's signed up, it
would be very helpful for us if you know you're arriving early
/ leaving late / etc if you filled that in it would be very
helpful for us
... ie if you'll be at the AC meeting that would also be
helpful. we know manu is likely to miss some for the AC meeting
for instnace
varn: anyone have any instances where someone could be the leader?
gkellogg: I signed up to lead the RDFS/OWL discussion since I've done that for quite a few other groups
stonematt: can facilitate negative claims (?)
varn: anything additional we'd
like to identify near the bottom of the list with translation
support, etc
... if you'd like to nominate someone maybe also be ready to be
the leader of the group
<Zakim> manu, you wanted to add Verifiable news
varn: I've got myself on verifiable profile.. if there's something else you think needs to be priority we need to know so you can integrate it
manu: we had a good discussion at
RWoT two weeks ago.. there's a bunch of news orgs coalescing to
do something here
... and there's interest from w3c
... all those people will be at TPAC, we should use that
opportunity to get them in and present
... I think it will either be Ed (B|V)ice? and Moses
varn: ok will add it to the
bottom of suggested topics
... so privacy group exposure, PR stuff for that
<stonematt> s/(BIV)ice?/Bice
<stonematt> Ed Bice: https://www.linkedin.com/in/edbice/
<manu> https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0009.html
manu: we're talking about privacy group exposure
<manu> https://github.com/w3c/vc-data-model/pull/73
<manu> Human readable version: http://htmlpreview.github.io/?https://github.com/w3c/vc-data-model/blob/chadwick-privacy-analysis/privacy.html
manu: PR 73, I took DavidC's
privacy document write-up that he sent to the members list,
respec'ed it, and we have a human readable version here.....
*link* you'll have to refresh that page if there's a bug in
respec
... it has all the privacy analysis questions, a good first
cut... think we'll have to do a bit more explaining. I think it
would give the privacy people enough to go on
... I think this demos that we have a good amount of privacy
analysis... I think the rest will tell the story, but I think
it's up to the privacy people to tell the rest of the story. I
fully expect to be dragged through glass/coals/tar because
crypto to protect people's privacy is not there yet, and this
raises a number of privacy/tracking concerns. counterpoint,
that's the way the web works today so we can't protect against
some
of these attacks but at least we're documenting a lot of these systems and etc
DavidC: if you look down the list
you'll see there's one question I didn't answer becuase i
didn't understand
... does this distinguish between first/third party contexts?
-- couldn't understand it so I didn't answer it
manu: it's 1.13
varn: anyone understand so they can explain it?
<dlongley> https://github.com/w3ctag/security-questionnaire/issues/7
varn: it means like bank arrangement, vs one of their affiliates...? that's a guess
tzviya: from a very quick search seems to be talking about cookies
manu: also dave longley found a link where they're talking a lot about this section
<dlongley> DavidC: https://github.com/w3ctag/security-questionnaire/issues/7
<dlongley> more discussion here: https://github.com/mikewest/spec-questionnaire/issues/6#issue-66262120
burn: I'm trying to remember what
I was going to talk about
... I think what I was going to say that we're trying to get an
official response from the privacy people about whether they'll
join us at TPAC... whether they do or not it's necessary
work
<tzviya> https://tools.ietf.org/html/draft-west-first-party-cookies-01
<Charles_Engelke> This might be relevant to first party versus third party question: https://morgandisalvo.com/wp-content/uploads/2016/07/Back-to-Basics-First-Party-Third-Party-Asset-Protection.pdf
<stonemat_> +1
TallTed: gotta wave my scope flag
again... wasn't able to get back my work again on anything ...
subject authorizes anything about them... but nonsense, this is
the web, anyone can claim anything about anything, the quesiton
is whether you can verify that *I* said that, so you can tell
whether I have credence on anything
... any time analyzing the credence of a claim comes up, a few
people say "you're right" then we go back into the weeds
<dlongley> can we identify the specific weeds so they can be removed?
TallTed: if the charter isn't scoped enough it needs a rewrite... any usecases not met by the charter needs to be slashed... something is broken at this point
<stonemat_> Maybe that should be added to the introduction of the spec. "I can claim the Eiffel Tower is 3in tall" and that this is a claim that I made can be verified, not the fa
TallTed: the third sentence "with full consent of the subject except in special case where holder is not the subject"... the special case is the all but universal aspect
DavidC: maybe that's where I disagree
TallTed: we're talking about payload not whether Joe said this
varn: reasonable discussion but what the question asks and what it says... traditional convo we've had is "if you're subject you can assert whether or not you're spoken about"
TallTed: eifel tower can assert
what's said about it?
... this was my question based on my first call.. what is
actually being verified? is it the content of the claim? That's
really hairy. Or is it that eminator made that claim, whatever
it may be
burn: I understand your concern,
you've raised it several times, I get it. the claims we're
verifying is not the content of the payload, what we're
verifying is that *there is a claim which has been made by an
entity*, not that the claim is true
... MIT may claim I have a degree from them, but we can't prove
that, we can just claim they claim it
TallTed: what you've just said is that MIT has a payload ... ???
dlongley: I think what you're
responding to TallTed is you're reading something out of the
privacy assessment, which is based on a survey for ananalysis
on protocols that are for protocols in browsers
... we aren't making one of those, but we have to provide a
privacy assessment that realates on how it may be used in
relationship to a protocol we're not making
TallTed: the questions are themselves way out of scope
dlongley: that's fine to make that assertion but part of your charter was you have to do privacy assesment, here's the process here's the survey fill this out
TallTed: I've been playing the w3c game myself, one of the process things is to say "this is outside our control/scope"
dlongley: full consent of the
subject has nothing to do with the content of the claim it's
just sharing the ???
... someone's holding on to a claim, when they say subject what
they're saying is they have the claim and are giving consent to
have it
reto: I was a bit confused by
"what are we verifying"... this is not a "verified claim
working group" we are just caring about things being
verifiable
... such as we know who made a certain claim
<kimhd> I think dlongley's rationale makes sense. We _could_ preface it with "out of scope, but speaking to anticipated uses..."
<varn> ack manu\
<Zakim> manu, you wanted to request an issue with concrete changes.
manu: this is a request that we close discussion, Ted raised an issue and some spec text, let's move on
varn: I hear what you're saying is that shutting down conversation on primary level discussion
TallTed: If I didn't get +1s every time I say something about this, I'd drop it, but I do, so something is definitely wrong
<dlongley> we need concrete text to fix the problem
manu: this makes sense to those of us who have been around since the beginning of the meeting... the right place is to do this is in the issue tracker
DavidC: just a couple of points to make to Ted, if Subject and Holder are same person, you assert what's in the claim
TallTed: subject holder may not know what's in the claim... with cc you are consenting to it
<dlongley> TallTed: A simple fix to this problem is to propose concrete text to address the issue, that can be done on github. Since you're getting +1's it we'll likely reach consensus and accept it.
DavidC: we should question whether we can go along with that... if a person is presenting something they know nothing about that seems to me to be... how can you consent to that when you don't know what it is
varn: this is a typical
head-of-a-pin problem, this can go on forever, we should work
on it offline
... if we can't get resolutions offline... we're not cutting
off any discussion that way
... next topic
<burn> https://github.com/w3c/vc-data-model/milestone/3
burn: manu was gone on this one so we just wanted a status update
manu: current status on data
model spec, thing that's been blocking us is we're not getting
enough people contributing content, a couple of sections
continue to be unfilled. I'll just take an action to fill those
things out and hopefully people will chime in on the changes. a
couple of PRs to fill out all the sections on the spec
... the other thing that's been blocking us is the test suite,
we need to get it operational, in order to do that we need to
get someone to do it, cwebber is super busy with activitypub so
dlehn may be helping as well as possibly myself
... given those two things we have people working on them
actively; we expect progress before TPAC. the other analysis is
about an analysis between SAML and OpenID Connect; I think this
is purely a data model discussion?
<Zakim> burn, you wanted to ask about https://github.com/w3c/vc-data-model/milestone/3
burn: manu, we actually have a set of issues part of the milestone, that appears to be included, so any update on any of those is welcome.
manu: sure, VC as a concept /
direct data mdoeling, hopefully next 2 weeks
... RDFS / OWL we're putting together at least a json-ld
context but we should hopefully have but tpac
... identity profile I think we'll get in there
... those items will be part of PR I think
varn: any more discussion on data model?
cwebber: I said it
varn: do we have additional things to report
manu: no except we're putting dlehn and myself on it
<manu> David Chadwick wrote a document comparing SAML and ODIC - https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0010.html
<manu> https://github.com/w3c/vc-data-model/pull/74
<manu> Human readable version: https://htmlpreview.github.io/?https://github.com/w3c/vc-data-model/blob/chadwick-saml-oidc/comparison.html
manu: the other PR is OpenID Connect; DavidC wrote a PR / document comparing SAML and OIDC... I put in a PR for document DavidC sent; this is a fairly short human-readable comparison. human readable version is here
<burn> no current plan for SAML/OpenId people in room at TPAC
<burn> but probably eventually
manu: it's a good comparison, I'd love for DavidC to be in the room when the OpenID / SAML people show up, though we may want to soften the language somewhat, but as far as PR is concerned it's at least a first good cut
<burn> agree that even a first draft text is better than none (and this is pretty good for a start)
varn: do we want to have a
discussion about anti-correlation on this call
... or a call
manu: yes, worth our time
<DavidC> +1
<stonemat_> +1
<manu> +1 to talk about anti-correlation and how hard that is to accomplish in reality.
<burn> present
<burn> present Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, Chris_Webber, Benjamin_Young, David_Chadwick, Gregg_Kellogg, Matt_Larson, David_Lehn, Liam_Quin
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/agenda/TPAC topics/ Succeeded: s/varn: oops/burn: oops/ Succeeded: s/varn: only topic/burn: only topic/ Succeeded: s/varn: right not/burn: right not/ FAILED: s/varn: right no/burn: right no/ FAILED: s/(BIV)ice?/Bice/ Succeeded: s/kimhd/tzviya/ Succeeded: s/If I didn't get +1s every time I say something then I'm not wrong/If I didn't get +1s every time I say something about this, I'd drop it, but I do, so something is definitely wrong/ WARNING: Replacing previous Present list. (Old list: Benjamin_Young, Charles_Engelke, Chris_Webber, Dan_Burnett, Dave_Longley, Kim_Hamilton_Duffy, Manu_Sporny, Matt_Stone, Reto_Gmür, Richard_Varn, Ted_Thibodeau, Tzviya_Siegman) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ Tzviya_Siegman, Dan_Burnett, Richard_Varn, Reto_Gmür, Charles_Engelke, Dave_Longley, Manu_Sporny, Ted_Thibodeau, Matt_Stone, Chris_Webber, Benjamin_Young Present: Benjamin_Young Charles_Engelke Chris_Webber Dan_Burnett Dave_Longley David_Chadwick David_Lehn Gregg_Kellogg Liam_Quin Manu_Sporny Matt_Larson Matt_Stone Reto_Gmür Richard_Varn Ted_Thibodeau Tzviya_Siegman Found ScribeNick: cwebber Inferring Scribes: cwebber Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0008.html Got date from IRC log name: 17 Oct 2017 Guessing minutes URL: http://www.w3.org/2017/10/17-vcwg-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]