13:35:50 RRSAgent has joined #vcwg 13:35:50 logging to http://www.w3.org/2017/10/24-vcwg-irc 13:36:03 Meeting: Verifiable Claims Working Group 13:36:26 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0018.html 13:36:39 burn has changed the topic to: 24 October 2017 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0018.html 13:37:00 Chair: Dan_Burnett, Matt_Stone, Richard_Varn 13:37:21 rrsagent, draft minutes 13:37:21 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 13:37:28 rrsagent, make logs public 14:54:58 stonematt has joined #vcwg 14:55:29 Charles_Engelke has joined #vcwg 14:57:45 varn has joined #vcwg 14:57:51 present+ Dan_Burnett, Charles_Engelke, Richard_Varn 14:58:14 TallTed has joined #vcwg 14:58:39 present+ Tzviya_Siegman 14:58:56 present+ Chris_Webber 15:00:05 present+ Manu_Sporny 15:00:18 present+ Ted_Thibodeau 15:00:23 present+ Reto_Gmür 15:00:37 present+ Ted_Thibodeau 15:01:06 gkellogg has joined #vcwg 15:01:28 present+ Dave_Longley 15:01:32 present+ Gregg_Kellogg 15:01:44 present+ Benjamin_Young 15:01:51 present+ Benjamin_Young 15:02:03 present+ Matt_Stone 15:02:12 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Oct/0018.html 15:02:24 rrsagent, publish minutes 15:02:24 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html manu 15:02:36 nage has joined #vcwg 15:02:39 scribenick: gkellogg 15:02:40 reto has joined #vcwg 15:03:11 Topic: Agenda review, Introductions 15:04:37 manu: There are a bunch of PRs that I’d like some time to discuss at the end of the call. 15:05:13 Present+ Nathan_George 15:05:16 topic: TPAC Planning 15:05:22 JoeAndrieu has joined #vcwg 15:05:27 Present+ Joe_Andrieu 15:05:33 https://goo.gl/8voHZS 15:05:49 ^^^ TPAC Planning Document 15:06:17 burn: we had sent a request to privace IG, and haven’t heard back from them, so there may not be meeting with them. 15:06:23 MattLarson has joined #vcwg 15:06:39 … But, we have an open slot at the end, the last two hours for things that come up during the meetings. 15:06:56 … The main thing we need now is volunteers for discussion topics. 15:07:35 q+ to ask if ODRL folks might be able to participate 15:07:36 .. Credential creation vs presenttaion, TTL of Use and revocation. 15:07:46 s/../…/ 15:08:04 I can lead a Claims vs Proofs discussion 15:08:28 … Leading a discussion does not require expertice, but should have perspective and understanding of the topic. Then lead and moderate a discussion. 15:08:31 I'm willing to lead D1s3.1 VC where subject is not holder 15:08:55 q? 15:09:10 ack manu 15:09:10 manu, you wanted to ask if ODRL folks might be able to participate 15:09:13 As well as the use cases one I'm already on for 15:09:46 manu: TTL/ODRL, the ODRL group is really interesting in colaborating. Have chairs reached out? 15:10:07 burn: No, can manu send an intro email. At this point, the timing won’t change must. 15:10:16 manu: maybe we can pull people into the group. 15:10:27 matt: I can reach out if you have their email. 15:10:32 manu: too late :) 15:10:51 q? 15:11:00 dezell has joined #vcwg 15:11:56 manu: Ed Bice (sp?) has expressed interest, but hasn’t shown up on call. 15:12:31 burn: agenda is in good shape, OpenID/SAML is crossed out right now, as we may get to this before TPAC. 15:12:39 present+ dezell 15:12:47 q? 15:13:03 https://goo.gl/iC6tSq 15:13:09 tope: Web Commerce IG 15:13:18 s/tope/topic/ 15:14:31 burn: We created a presentation for people to fill in use cases. The chairs plan to do a refresher/intro to the VCWG to cover status and scope. We’re not going to review the documents in that meeting. 15:14:55 … Then we plan to list initial use cases. THen we’d like manu or dlongley to present their demo. 15:15:03 manu: Yes, dlongley would love to! 15:15:40 burn: The chairs will add some use cases, but would like to leave it openn for the commerce group, or anyone else from this group, to add more use cases. 15:16:40 … After Commerce/VC Use Cases (nudge dezell), fill in extra use cases for us to discuss. Either add slides, or fill in google slide doc. 15:16:53 q+ 15:17:03 manu: THe demo is the credential handler demo? 15:17:20 burn: yes. It’s part of the explaination of the use cases we’ve been looking at. 15:17:50 manu: use cases like showing a passport when buying a ticket. 15:18:09 burn: there’s value outside payments/commerce about how someone might deal with passports. 15:18:29 q? 15:18:32 ack dezell 15:18:32 … THis gives us something to refer to when talking about use cases later. 15:19:08 dezell: I would suggest that, in addition to status of working drafts, talk about how the community is responding. 15:19:40 … I’m going to forward a link to Matt’s email to the Commerce IG to get this started. 15:19:53 … It’s a forward motion area for commerce/payments. 15:20:40 dezell: Apparently, there are 80 people signed up for Commerce IG, but will be smaller. 15:20:51 Topic: Readiness for Privacy Group exposure 15:21:06 https://github.com/w3c/vc-data-model/pull/73 15:21:35 q+ 15:21:41 burn: This PR has not been applied yet, but is there anyone to speak to it? 15:21:43 ack manu 15:22:36 manu: There’s been discussion on this. I think the PR is good to go and would like to pull it. THere’s been some review. 15:23:00 burn: any discussion/concern on pulling $73? 15:23:17 … seeing none, go ahead and merge. 15:23:59 present+ David_Lehn 15:24:13 q+ to discuss other privacy things 15:24:23 ack manu 15:24:23 manu, you wanted to discuss other privacy things 15:24:35 List of all privacy section related PRs: https://github.com/w3c/vc-data-model/pulls?utf8=%E2%9C%93&q=is%3Apr%20is%3Aopen%20privacy%20 15:25:02 manu: We have 5 outstanding PRs to expand privace section. This competes every section we’ve identified. 15:25:37 … A while ago we identified concerns and were going to work through them before privace review. Because this may happen soon, I’ve added PRs to fill in other sections. I’d like to pull them in before review. 15:25:48 There's also: https://github.com/w3c/vc-data-model/issues/75, just an issue no PR 15:26:07 … I don’t expect there has been much review, but it would be great if people could review so we could pull. 15:26:38 manu: we should add something about that too, I’ll get that in. 15:27:02 burn: As I understand it, you’d like to finish these up before we request a review. 15:27:51 … Personally, I’m fine with this approach; we called out to the group, and it’s better to engage sooner rather than later, but we need to show we’ve been thinking about it. 15:28:18 … I think we’ve done what we need to to show it’s important to us. If we can speak with some at TPAC, great, otherwise, this shows progress. 15:28:50 rrsagent, draft minutes 15:28:50 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 15:28:59 manu: It would be nice to have a number of the PRs merged before TPAC, so the document is in a full form. The only part of the spec missing is the security considerations section. I’ll have 5-8 more PRs in this section shortly. 15:29:05 Just added https://github.com/w3c/vc-data-model/issues/87 15:29:41 present+ ChristopherA 15:29:52 … After these, we’ll have a full/cohesive document. It would be nice to have for TPAC. However, we only have two more calls, people would need to review within the week and merge next Tuesday. 15:30:27 burn: I don’t want to pre-judge when they’ll go in. The most we can do is ask for review. We’ll see where we are next week. 15:30:33 q? 15:30:41 (it was a subset of #75) 15:31:04 Topic: Data Model Spec current milestone issues 15:31:18 https://github.com/w3c/vc-data-model/milestone/3 15:32:36 manu: Those topics haven’t had work, except the second one. I’m trying to schedule changes to the spec that fill in content. These are bigger changes we might discuss today. 15:33:04 q? 15:33:46 … dlongley raised an issue on the spec that we keep talking about VC as this thing, as if they’re self-contained, but they’re not. They’re only useful when inside a credential and signed, and that’s what the data model is all about. 15:33:51 q? 15:34:07 +1 agreement with Manu on this 15:34:28 q? 15:34:30 q+ 15:34:31 you don't just "sign a claim" to make it verifiable ... you encapsulate it in a credential (which contains other semantics as well) 15:34:44 … When we say “Verifiable Claim” it confuses people, because you can’t reallly point to something in the spec. THis boils down to that we should probable call it the “Verified Credentials” spec. We should talk about credentials vs. claims. 15:34:51 rrsagent, draft minutes 15:34:51 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 15:35:09 q+ 15:35:16 present+ Matt_Larson 15:35:22 q+ 15:35:32 +100 confusion abounds and rekindles during reading/re-reading 15:35:36 q+ 15:35:48 … Does the group stay the course, or push for a change to talk about Credentials? Does this have charter implications? We should start talking about Verifiable Credentials. This is limiting progress. 15:35:49 there is further confusion that arises from "Verifiable Claims" -- namely that some people tend to get confused about *what* is verifiable -- they think that the *claims* are verifiable. That's not the case -- what is verifiable is their authorship. 15:35:56 "credential" does a better job of communicating that. 15:36:01 … The vocabulary is easier in time. 15:36:21 people understand "credentials" to be documents from some authority making assertions. 15:36:22 … The hold up is claims vs credentials. 15:36:25 q? 15:36:28 ack stonematt 15:37:13 In the identity space credentials are more commonly used for things like access tokens, so signed data envelopes for data being called credentials confuses folks too. Moral here: all vocabularies we chose will confuse some group or another. 15:37:14 i think that the confusion with "login" is limited to one community -- (the security community) 15:37:15 ack varn 15:37:16 matt: We get a lot of pushback during chartering about credentials which are used for login. We may have traided one confusion with another. THis is a morass that will be hard to get out of 15:37:27 whereas "claims" is confusing to ... almost everyone. 15:37:38 +1 to richard 15:37:58 varn: I always liked Credential; I’m not sure how many people _only_ think that credentials are related to login (not many). 15:38:07 q+ to comment as newbie 15:38:30 … We can deal with it in how we build our data model. YOu could just define Claim to include Credential, a Claim being a special case of Credential. 15:38:55 +1 to nage that someone will always be confused -- let's go with confusing the fewest people, which i believe would be to use "verifiable credentials" instead of "verifiable claims" 15:38:57 q+ 15:38:57 … Perhaps we could change our name sometime. 15:39:59 in our data model, there is no "verifiable claim" entity. 15:40:02 manu: I don’t think there’s a sub-class of Claim that’s not a Credential. Except maybe some text with a signature. There’s no such thing as a verifiable claim that stands on it’s own, only verified credentials that contain claims. 15:40:04 only "verifiable credential". 15:40:14 ack burn 15:40:37 q+ 15:41:26 burn: When we first created the document, we had to avoid the use of the term “Credential” I referred to a set of claims, such that not each claim is verifiable, but that the set of claims is verifiable. 15:41:38 q+ 15:41:41 … If we think we should change the name, we should do it sooner rather than later. 15:41:58 q? 15:42:02 … That kind of name change could require another FPWD, due to potential for new patent exclusions. 15:42:07 ack reto 15:42:54 reto: For me, Credential is associated with what you need to identify yourself, and is necessarily verifiable. 15:43:21 … I like the terminology in the charter which distinguishes between claim and credential, and uderstand that claim is broader than credential. 15:43:23 https://factsmission.github.io/twee-fi/ 15:43:39 http://schema.org/ClaimReview 15:43:50 … I interpreted the term Claim as being the same term as used in ClaimReview. 15:43:57 ack tzviya 15:43:57 tzviya, you wanted to comment as newbie 15:44:48 tzviya: When I first started to explain this to my group, the term Claim was quite confusing. Both terms have their own problems, a new term would be worse. 15:44:58 … I found the term Credential was clearer. 15:44:59 ack JoeAndrieu 15:45:41 JoeANdrieu: We’re not verifying the underlying claim, which is confusing, but only the credential, but we should have a term for that attestation. 15:45:52 +1 biggest problem with "verifiable claims" is that it miscommunicates what is being verified 15:46:27 ack ChristopherA 15:46:29 … This might addressed by changing the language when talking about what’s been verified. We usually talk about presenting claims, but we really present profiles. The validity of the claims is verified by verifying the credential. I’m wary about changing names. 15:46:29 +1 on claims as the payload we are NOT verifying 15:46:33 q? 15:46:58 not verified, but verifiable 15:47:00 the claims are never being verified -- they are being *trusted*. 15:47:19 trusted claims. 15:47:30 ChristopherA: I sill think we fall into trap. We’re talking about credentials/profiles, and we need to put this language first, because it’s causing too much confusion. 15:47:53 you can trust a claim when it is presented in a credential that is signed by an issuer you trust. 15:48:09 … It’s doing so in some harmfull ways, we’re trying to move forward on “verifiable news”, and getting people like TimBL involved makes a weak argument. 15:48:17 if we're going to talk about "claims" at all, we should be saying "Trusted Claims". 15:48:37 ack TallTed 15:48:37 … I’m fine without changing the name of the group, but everyplace we say something we need to correct any misunderstanding. 15:48:41 "Trustable Claims" being too silly :) 15:48:57 +1 for trusted claims (a rare appreciation for the word "trust" in a technical context) 15:49:04 rrsagent, draft minutes 15:49:04 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 15:49:28 at least we are not verifying claims. someone can. not sure what we call that when they do. 15:50:07 TallTed: I’ve been speaking to this for the last several calls. The problem with reusing overloaded terms is that they get interpreted with a previously existing meaning. It doesn’t matter what you put at the beginning of the document, you end up falling back to the base understanding of the term. We’d be better off using a made-up word. 15:51:01 +1 it's not about the group name, but it *is* about the terms in and titles of the docs we produce 15:51:02 no. gosh no. 15:51:03 burn: I wouldn’t worry about the name of the group right now. People are used to the name of the group being unrelated to the name of the specs. 15:51:25 Topic: Test Suite Progress 15:52:31 manu: The test suite we’re hoping to have done before TPAC. The heavy lifting is done, we just need to put it into something that runs tests. Hopefully by the end of the week. 15:52:54 Topic: PR discussions 15:53:00 https://github.com/w3c/vc-data-model/pulls 15:53:42 manu: There are a number (5) of PRs that add to privacy section; shouldn’t be too controversial. 15:54:01 q+ to remind people this is not just the Manu spec 15:54:18 … Please comment on these and new PRs. 15:55:11 … PR #77 changes inspector-verifier to just verifier. We’ve had people looking at the spec that have been confused with inspector-verifier, because it seems there are multiple classes of inspectors and verifiers. Let’s just pick Verifier and go with it. 15:55:42 … The word Verifier seems to be broadly used in the market place. 15:56:09 ack burn 15:56:09 burn, you wanted to remind people this is not just the Manu spec 15:56:16 +1 to picking verifier for now (ABC4Trust inspector implies validating the contents of the claims, where verifier is validating things like signatures) 15:56:48 burn: Reminder, it’s not the “manu spec”, anyone can submit PRs. Please propose different text if you disagree. 15:57:57 JoeAndrieu: I want to highlight #26, where there was some strong interest at OAuth; they’d very much like to see JWT supported for simple use cases. THere are other specs where they tried to take out the need for C14N to make it easier for developers. 15:58:48 manu: We looked at JWT a lot, but with nobody from JWT engaging, it’s difficult to make progress. Without people pushing JWT, it’s going to be hard to get supprt there. There are also problems when you don’t C14N. 15:58:51 also, there is a JWT-compatible signature method that works with Linked Data Signatures. 15:58:59 s/JWT/JWS/ 15:59:07 … The compromise seemed to be supporting JWS. 15:59:42 … JWS seems to be the compromize solution in the community. 16:00:29 rrsagent, draft minutes 16:00:29 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 16:05:08 s;https://goo.gl/iC6tSq;Commerce IG planning doc: https://goo.gl/iC6tSq; 16:05:21 rrsagent, draft minutes 16:05:21 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 16:06:41 present+ David_Ezell, Christopher_Allen 16:06:50 present- dezell, ChristopherA 16:06:56 rrsagent, draft minutes 16:06:56 I have made the request to generate http://www.w3.org/2017/10/24-vcwg-minutes.html burn 18:33:22 Zakim has left #vcwg 20:49:45 gkellogg has joined #vcwg 23:30:04 cwebber has joined #vcwg