<stonematt> Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2018Feb/0011.html
<scribe> scribe: dlongley
stonematt: We've extended the
time block for use cases for Joe today.
... Introductions -- anyone new on the call this week?
<stonematt> https://lists.w3.org/Archives/Public/public-vc-wg/2018Feb/0010.html
stonematt: Dan Burnett sent out a note about the F2F meeting.
<JoeAndrieu> I have news.
stonematt: To the mailing
list.
... We're starting to think about what we want on the
agenda.
... Trying to work through some of the final logistics. If you
have any agenda items to include at the F2F please highlight
them now to get them into the minutes so Dan, Richard, and I
can work through them.
... Dan was also putting together a link off of our group, W3C
website to track logistics and do the invitations and so on and
you may see that evolve over the next few days.
gkellogg: Paying to attend IIW -- is that necessary to attend the F2F?
stonematt: It is not necessary.
gkellogg: Last time there was much more overlap.
JoeAndrieu: I heard back from
Heidi, been dealing with Phil Windley and facilitators and
space logistics. We can get a room for Friday. We're welcome to
have a space Thursday if we wanted. They wanted to clarify if
they should set something aside for us.
... They "would like" participants to buy a one day ticket.
There's a 20% off discount code on the three day tickets, but
not the one day. One day may not be strictly required but
they'd like payment.
... It will cost us -- and we need to figure out sponsorship.
Heidi said "When we worked with Manu, one of the companies
sponsored w/around $2000".
... She mentioned they also donated left over drinks and snacks
which is nice.
<Zakim> manu, you wanted to say that people should pay for the space.
manu: Last year, I think it remember it being $2500 total with everything and Digital Bazaar footed that entire bill, we'd like this year to see others pitch in. We're happy to match this year but we would prefer to see shared skin this time around.
<JoeAndrieu> IIW: here is a 20% off discount code that is good on Regular and Independent 3 Day Tickets / now and on late as well. VCWG_XXVI_20
manu: The only other thing last
year is that we bought everyone lunch which was pizza, not
super expensive. Just a lunch concern and making sure we get an
order in, etc.
... I want to point out that Phil, Kaliya, Heidi, etc have been
very generous and I suggest people pay for a ticket. I think
SpecOps would be happy to pick up tickets for
independents.
... A note -- please don't take advantage of the hospitality
that IIW has extended to us and please pay for a ticket.
gkellogg: One day ticket is
$275.
... Sales start March 10th.
stonematt: We'll probably start going around beating the bushes for contributions to help fund the event this year. Thanks to Digital Bazaar for offering to match. Will try to find others to contribute as well.
gkellogg: Regular independent is $340, $272 with discount. May as well get a 3 day independent ticket if you are an independent.
stonematt: Does the discount work on the one day ticket as well or just the three day?
JoeAndrieu: Heidi's language
implied it was for three day independent and regular
tickets.
... (Not one day)
stonematt: We know a lot of you
were planning on attending IIW and hopefully this isn't an
additional burden, piggybacking on such events. If we have
challenges on the day of overlap we'll work through
those.
... We want to take care of the participants for the day after
the event as well. A big chunk of the funds to IIW pay for
internet connectivity and food at the conference, money well
spent. As well as camaraderie of the event itself.
<Zakim> manu, you wanted to note projector
manu: Quick note: The projector
costs were insane last year so we may just bring one this
year.
... Bringing a small, portable projector along -- we can rent
one, we will handle it.
JoeAndrieu: This is Joe, there is still an open question for what we're doing Thursday. Do we want a dedicated space for say, even half the day. Or we could just fit into the flow of the other sessions. That's still an open question regarding securing logistics.
stonematt: I think last year we had an open session in the unconference and used conference space.
JoeAndrieu: I think that's right.
stonematt: If generally speaking, people will be participating in the conference then we'll just fit in, but if there's resistance then we'll have to pay for a separate space.
JoeAndrieu: I liked getting IIW members that were new to the conversation and that's useful.
stonematt: Unless we hear objections, we'll plan to use the conference space and not get dedicated space on the overlap day. Any objections?
none
<manu> +1 to using conference space on Thursday, we don't need a dedicated space... also, we need to make sure we know what we're presenting...
stonematt: We're going a little longer on our time slot today, a little flexible so it's ok.
stonematt: Let's make this five minutes, quick brainstorm of ideas we want to cover without going into discussion. Give us a chance to think about it offline and then have a follow up. What should we cover at the F2F?
manu: I guess the question is --
what do we do on Thursday and what on Friday. On Thursday, my
thoughts are that we give people a run down on where VC are
today. An intro to give people a taste. I talked with Drummond
on this and Nathan we need to coordinate as well.
... Talking about the story with DIDs, VCs, and OCaps all weave
together to create this self-administered/self-sovereign
identity.
... We want to weave a story throughout IIW. Day 1 and 2 may be
DID centric. Maybe on Thursday we talk about how VCs and DIDs
fit together. Save the VC stuff for Thursday don't go too deep
into it until then. We may, on Tuesday need to do a quick
update and then do in depth on Thursday.
... Topics for Friday, I imagine we'd want to focus on test
suite and implementations. It would be really good if we had
people that volunteered to read and review the spec and provide
feedback *before* they show up at IIW. For example Evernym,
Sovereign folks say spec supports what they need and we get
issues before we show up.
... Then focus some time on that Friday F2F about how to move
the test suite forward and how we'll get full coverage and
things of that nature.
<stonematt> .q?
manu: At least those are high level thoughts on how we could structure the week.
<nage> +1 to IIW introduction sessions and test suite and implementation time Friday
<manu> +1 to focal use cases
JoeAndrieu: I want to endorse the
Tuesday and Thursday comments from Manu. We could run multiple
sessions. DIDs deserve their own sessions earlier in the week
as do VCs. People would try and show up and do an hours
conversation about it. I'd like to figure out what the focal
use cases are. What are the five use cases we need to get more
depth on. I think that fits in on Friday.
... I'd like to dive into that as a group.
stonematt: Is that focal use case idea, a discussion we could go through later on the call?
JoeAndrieu: Yes.
stonematt: I think that would be
time well spent.
... Ok, we're at time there, that's good, moving on.
<stonematt> https://github.com/w3c/vc-data-model/issues
stonematt: We currently have 34
issues open on the data model spec today. As it sits right now.
We had a call to action for the group to go in and start
working through issues that haven't had activity recently and
we might be able to bring towards closure.
... It occurred to us as we were planning on Friday that we
haven't been attentional enough at getting these issues
disposed of. Closing, table, etc. or working through
them.
... I had 4-5 that I spun through that deserve some discussion.
Manu mentioned at the top of the call that there were a few
he's been working through this week as well. I hope the group
has had some time to refamiliarize with the issues there. I'm
going to make this an item over the next few weeks to get
issues resolved.
... So we can move on.
... Please get on the queue to discuss.
DavidC: I did start at the beginning of the week and we managed to close one off. I've been very busy this week -- but I do plan to spend time this week and get rid of the old ones first.
stonematt: I really appreciate the activity and effort spent last week.
<Zakim> manu, you wanted to note how he's processing issues as an Editor.
manu: I started processing
issues, just as an editor. I'm looking for things that we have
already resolved or that we've closed the issue or that we
could resolve with a tiny bit of effort, oldest issues
first.
... Often they no longer apply because of some scoping issue,
etc. the group has had. Unfortunately I didn't find too much
low hanging fruit.
... I wanted to draw attention to suggestions. I want to
suggest we start wrapping things up for the 1.0 spec. If we
haven't made progress on an issue -- even if people think it's
important -- we're not going to get there I don't think by the
time we get to REC.
... If we don't have a spec editor for the thing or an
implementation for it -- then it's not going to move
forward.
... So I'm suggesting that we close those issues. That usually
prompts people into doing work or gets people to admit we won't
address the issue now.
<stonematt> https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is%3Aissue+is%3Aopen+sort%3Acreated-asc+JWT
manu: The oldest issues we have
are around JWTs. JOSE Web Tokens, etc. How to express VCs using
JWTs. The only organization that I know of that are using
claims with JWTs are the uPort folks. We don't know what those
JWTs look like -- my hope is that they start attending these
calls more.
... I don't know any one else implementing... you can still
take a VC and shove it in a JWT, but no one knows what those
look like/aren't using them. Folks in the group aren't
following that path. So I suggest we close those issues because
-- if no one shows up with an implementation and no one is
taking lead in writing the spec text then we're done with
that.
... That doesn't preclude us from working on it later on, but
we can close issues.
<manu> https://github.com/w3c/vc-data-model/issues/1
<manu> https://github.com/w3c/vc-data-model/issues/2
<manu> https://github.com/w3c/vc-data-model/issues/3
<manu> https://github.com/w3c/vc-data-model/issues26
<manu> https://github.com/w3c/vc-data-model/issues/26
<manu> https://github.com/w3c/vc-data-model/issues/93
manu: Those are the issues we
might be able to close because we say that no one is here doing
work on JWT in a way that we can say something normative in the
spec.
... Another set of issues that fell into a class were:
<manu> These fall into the class of needing examples: https://github.com/w3c/vc-data-model/issues/41 https://github.com/w3c/vc-data-model/issues/32
manu: We could close these issues
if someone could create an example of how the data model
expresses that. We have this pattern where people say "What
about this type of credential" ... the only way to close the
issue is to come up with an example to say how. Without a
company pushing that forward there's no progress.
... We could close those issues if someone could volunteer to
write the VC around that.
gkellogg: I was going to suggest
procedurally that it can be quite difficult to be faced with a
whole raft of issues here as someone who wants to try to
comment and know where to start.
... One thing we talked about in JSON-LD is to use some labels
to drive this. So we could have each meeting ... for example
there's a "blocker" label. If there are specific things that
prevent progress and they had such a label that would provide
us with some means to drive discussions vs. a page and a half
of issues that show up on the website.
... We could similarly do that with things we might otherwise
close but might want to defer. Rather than closing issues we
could mark them as deferred. That would allow us to filter them
out from different issue views.
stonematt: I like that idea. I
was wondering if there was a status for closed but not resolved
and deferred might be that.
... If we think that's appropriate I wouldn't be against that
kind of activity.
DavidC: For now we'll take the
FIFO methodology. In future meetings we may say "we'll talk
about privacy/security/xyz label" and use that as a construct
for discussion.
... I don't know if you want to delve into specific issues --
we've been talking high level so far. But subject != holder is
a topic I'm interested in. It seems like that text that
describes VerifiableProfile it doesn't say what the ID is and
we say then that the ID is the ID of the holder it would
resolve some of the issues. We would have a way of signaling
whether holder == subject or not.
... Another thing we might want to do there is put some sort of
relationship property to indicate what the holder's
relationship is to the subject. Whether you believe it or not
is a different issue. Those are some thoughts on resolving
subject != holder issues.
<JoeAndrieu> +1 to relationship as an optional field in profile
stonematt: I think that's a good
discussion to start in one of these issues and if we have some
example text to bring into the spec (or start discussing) that
would move that idea forward.
... I also went through and tagged some issues with the
milestone "subject != holder" and, David, you're closer to this
and if you can assign a milestone to an issue that would be
helpful, but let me know if you can't and I'll do it for
you.
<nage> We need to start thinking of this about binding to an entity, not necessarily to a particular ID (remember that attribute based credentials prove correlation to an entity without disclosing an ID)
DavidC: So you'd like subject != holder be milestone 2?
stonematt: There is a milestone for it. You can associate an issue with that milestone. I suspect everyone can do that so try it and if it doesn't work let me know. Shoot me the issue number and I'll do it.
DavidC: I'll have a look at
it.
... I'm quite happy to put an action on me to do some draft
text along the lines I've suggested to give something to the
editors.
JoeAndrieu: Although this undermines Manu's effort to get closure on the JWT issues ... there was a lot of feedback at the last IIW against canonicalization and it would be good to talk to the advocates to get their engagement within the group.
stonematt: I think it would be good to try and get their engagement before we strike it.
<Zakim> manu, you wanted to note that he's listed suggested close dates.
manu: +1 for getting any kind of
JWT engagement. The problem we've had with that approach hasn't
been a desire for someone to go and work on it. It's been
someone actually doing it. It's people saying "just use JWTs
they solve your problem" and no one coming in and showing how
they work in this use case (particularly in the complex
ones).
... If we had someone come in and give us a spec and a proposal
solving all the use cases with JWTs that would be great. What
we can't deal with is mere assertions that JWTs solve
everything with nothing else.
... We did try and make sure that JOSE and VC work together.
The RsaSignature2018 signature suite uses JWS. So folks can't
say we're not using the JOSE stack now, we are. We are also
packaging additional things to fine tune the security
characteristics of the packages. And making sure things work
across multiple syntaxes, CBOR, XML, JSON, etc.
<JoeAndrieu> +1 to "doing the work"
manu: It's going to increasingly
become part of the narrative that someone has to do the work to
get these sorts of issues resolved otherwise we will be forced
to close them.
... The conversation at IIW should be -- if you think JWTs can
solve the issue, the people who have done work disagree and we
want counterexamples of how they can work for these
cases.
... The other comment I put myself on the queue was to respond
to how we talk about these issues. I think the chairs should
just pick a small set of issues to talk about during the call
and we just go through it.
... You get everyone's thoughts and proposals for addressing an
issue on the call.
... I'm a slight -1 to just deferring to issues. People don't
respond to that. People will just say they'll provide their
input later. Deferred just means "we won't deal with it in 1.0"
and closing it forces people to talk.
... That's better than deferring. Keep in mind we can always
reopen issues. A VC 2.0 group can always do that. Deferring
issues just clutters the list and makes it seem like the WG is
working on them but it really means we aren't.
<gkellogg> maybe both mark deferred and close, then can find closed deferred issues later.
manu: I think seeing the issues list is a tool for understanding scope and light at the end of the tunnel.
<Zakim> dlongley, you wanted to ask if that was before/after signature updates
<manu> dlongley: Just wanted to ask, in response to Joe -- at IIW there was some concern around canonicalization. Was that before we addressed some of those issues w/ signature suites that use JWS now?
<manu> JoeAndrieu: I don't know, one of the core issues was canonicalization and not particularly the use of JWS or not.
<manu> JoeAndrieu: Some of the substantive concerns was the extra layer of overhead which reduces adoption.
stonematt: Time check -- we
promised Joe 15 minutes for use cases so let's change
topics.
... Otherwise I had a handful of issues to talk about.
... I think it's right to shift gears to use case discussion
and bring the open issues discussion back next week with a
handful of issues we could get resolution on during the
call.
... Any objections to changing topics?
none
JoeAndrieu: I think we've had a
good experiment at trying to see if excel driven use cases -- a
mechanism to rate them and bubble up the ratings. We haven't
gotten much engagement. That's not working the way I'd hope it
might.
... I wanted to suggest, the idea that what we really need are
to understand a core couple of use cases that we can illustrate
explicitly. One in particular -- this came up in holder !=
subject, what are the use cases around a marriage
license.
... The notion of both an easy use case -- here's an example of
a use case with a marriage license in a normal, default
situation. And then what's the sticky wicket version of that
where it gets complicated. And we can handle both cases.
... That gives us more insight into the flexibility and power
of the spec we're creating.
... I know of three things: 1. To get perspective so people can
see what use case is for. 2. dive down to get depth -- use use
cases to understand our focus. A focal use case is not saying
things out of focus are not important, but limited time and
resources -- making sure the focal use cases work with some
depth, 80/20 rule.
... I'd like to shift conversation about spreadsheets to the
focal use cases that really matter. I like the marriage license
use case because it bundles a number of complex issues (subject
!= holder, etc.) multiple subjects, etc.
... That would be one suggestion for a focal use case. I'd like
to get feedback on focal use cases for your company? For your
initiatives, I think people have these issues. You know what
you care about.
... I would hope that we could talk about those interactively
over the next couple weeks and then at IIW pick no more than
five and take time to hash that out.
stonematt: So throw out/brainstorm now?
JoeAndrieu: There's finance, retail, etc. from those, what jumps out?
<Zakim> manu, you wanted to mention digital city/state/nation identity card, loyalty/coupons, single attribute claims (age, email). and to mention employee id cards
<stonematt> +1 to this approach
manu: I like this way of framing
it and more than the spreadsheet. Was hard for me to give
feedback on the spreadsheet, sorry.
... Others probably in the same boat. A question about what's
important to your company is a great way -- we're all here for
a reason. Figuring out the overlap there is a healthy way to
proceed.
... We have a commercial interest in some classes. Retail:
loyalty cards and coupons -- can we express those using VCs.
Use case is simple: You go to buy something and present loyalty
card/coupons in a digital form.
... Identity cards is next. We all agree that we might be far
off from using digital creds at a country level. But
cities/municipalities are doing it. uPort has a use case in
Switzerland (I believe, could be wrong). A small city doing a
pilot.
... The other group of organizations that are really interested
in digital ID cards are employers, hospitals, and they are
wanting to move to digital creds -- using the same system to
get access to buildings, so on.
... Final one is single attribute claims, over age 18, this is
my email, etc.
... done.
stonematt: I like what Adrian Gropper has done with medicine and there's an idea of a lifecycle with a VC and I get stuck with use cases being too narrow and in medicine it goes around in a cycle/journey.
tzviya: I think that's a great point about the journey/life cycle. The education set of use cases, the online class, etc. for my company is important. A user identity for authentication -- access to online articles and journals. Institutional but same situation for online learning.
ChristopherA: My main thing that seems to be missing from this list is developers. There's all kinds of attributions associated with software development, with teams working on code together, from educational claims to claims about objects about a particular commit signed by A and ack'd by B, etc.
<stonematt> +1 on developer concepts
ChristopherA: Since most of us are developers in some sense or another -- natural synergy of using our own dogfood.
JoeAndrieu: Thanks. There's some
work coming into the VCCG about developers and VCs. We'd like
to see that come into the VCWG potentially to be published as a
note.
... That's it.
stonematt: Thanks for the feedback today. I think it's time to adjourn. Joe is there a way you want us to continue to engage over the week?
JoeAndrieu: Yes. I would like someone to step up and have a conversation with me to flesh out one of these to get a baseline and a sticky wicket (complex) example.
<tzviya> I can do that with you, JoeAndrieu
JoeAndrieu: So we can look at one
focal use case spending 10-15 minutes next week on that.
... So contact me if you'd like to do that. Just reach out via
email.
<JoeAndrieu> joe@joeandrieu.com
<stonematt> I'm in Joe...
<manu> +1 to doing some of this at RWoT
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/Subtopic:/Topic:/ Succeeded: s/and the use/and not particularly the use/ Present: Chris_Webber Tzviya_Siegman Matt_Stone Manu_Sporny Gregg_Kellogg Dave_Longley Nathan_George David_Chadwick Dan_Lieberman Matt_Larson Joe_Andrieu Christopher_Allen Liam_Quin Richard_Varn Adrian_Gropper Benjamin_Young Regrets: Dan_Burnett Found Scribe: dlongley Inferring ScribeNick: dlongley Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2018Feb/0011.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]