The Verifiable Claims Group

A discussion group of the Web Payments Interest Group

Verifiable Claims Telecon

Minutes for 2015-12-01

Matt Collier is scribing.

Topic: Introduction of Participants

Manu Sporny: First up, intros
... please type name, affiliation and your interest in the work.
David Ezell: David Ezell - I co-chair the Web Payments IG, and represent NACS (convenience retailers) at W3C, and want to see credentials become a non-blocker for web payments. I've worked on W3C WGs both chairing and membering since 1999.
Shane McCarron: Shane McCarron, Digital Bazaar. I have been working in the standards space for many many years. My personal goal for this work is to have a standard way to readily exchange finely grained information; especially among merchants, payment agents, and consumers.
John Tibbetts: John Tibbetts, Chief Product Architect, IMS Global. Interest: Intense requirements in education for verifiable claims. i.e. electronic transcripts, statements of competency
Daniel C. Burnett: Dan Burnett, unaffiliated consultant, Just want to see this work replace all the outdated and misguided notions of identity that exist today.
Manu Sporny: Manu Sporny, Digital Bazaar, interested in getting this work to the next step - verifiable claims are important for payments, education, and healthcare. I'd like to see a widely deployed standard in the space.
Bill DeLorenzo: Bill DeLorenzo, currently doing consulting for Accreditrust, interest in credential architecture
... will be auditing meetings
Brian Sletten: Brian Sletten, Bosatsu Consulting, Interested in standards for machine processable, secure, privacy-preserving, portable credentials.
Gregg Kellogg: Gregg Kellogg, unaffiliated. I’ve worked on a number of RDF related standards as an editor and contributor. Generally want to make the web a better place.
Arto Bendiken: Arto Bendiken, from Datagraph ( Can't dial in today, but will observe here on IRC.
Dave Longley: Dave Longley, Digital Bazaar. Interested in helping work on a standard for user-centric verifiable claims; useful in across many different industries and generally helpful to people and creating a rich digital identity ecosystem for them.
Eric Korb: Eric Korb, CEO, Accreditrust Technologies, Warren, NJ - Credentials Community Group Founding Member
Greg Kidd: Greg Kidd, co-founder Global ID Framework
Richard Varn: I am with Educational Testing Service and am looking to support the open credentials market and standards into which our assessment data would be placed. I have worked on credentials, identity management, and security in a variety of roles.
Matt Collier: Matthew Collier - Digital Bazaar, Inc. - Credentials and payments are important work.
Others present - Nate Otto - Interim Director - Badge Alliance, Jim Goodell, content lead for the Common Education Data Standards (CEDS)

Topic: Review the purpose of the call

Manu Sporny: We had a meeting in the Web Payments Interest Group last week and there was a desire to make sure we polish up the problem statement about what the task force should be doing.
... we want buy in from organizations who have not been participating in the work.
... we want everyone to understand the problem statement and that it strikes the right balance.
... we want to refine the problem statement.
... dezell, do you agree with this direction (as co-chair of the Web Payments IG)?
David Ezell: Yes, I agree

Topic: Review Goals

Manu Sporny: This is the proposal for the task force
... there's a section that talks about the goals.
... on reading the goals, does anyone have any issues with the goals of the taskforce?
David Ezell: The goals seem good. Is there a goal to see whatever is done here is going to work in browsers?
Manu Sporny: That comes in the charter discussion.
Manu Sporny: Before talking about the charter, we should discuss the problem statement.
... I would expect browser support would be a natural part of the charter creation discussion.
... I think you're asking if we should specifically point it out...
Manu Sporny: "Web Browser APIs for issuing, storing, and consuming credentials"
Manu Sporny: We have a section that discusses web browser API
... in the work plan
... you OK with that dezell?
David Ezell: Yes
Dave Longley: +1 To goals.
Manu Sporny: Any other comments on the goals?
Eric Korb: +1 Goals
Manu Sporny: A straw poll:
PROPOSAL: Adopt the goals statement as it exists in the Verifiable Claims Task Force Proposal.
Gregg Kellogg: +1
John Tibbetts: +1 For goals
Manu Sporny: +1
Shane McCarron: +1
Matt Collier: +1
Dave Longley: +1
Daniel C. Burnett: +1 To goals
David Ezell: +1 To goals.
Brian Sletten: +1
David I. Lehn: +1
Greg Kidd: +1
Richard Varn: +1
Manu Sporny: Any objections?
RESOLUTION: Adopt the goals statement as it exists in the Verifiable Claims Task Force Proposal.
Manu Sporny: No objections indicated.
Manu Sporny: Our weekly meetings will be run like this call right now.

Topic: Review Weekly Meetings

Manu Sporny: We have a wiki page
Manu Sporny: Any concerns about the calls being minuted, recorded, time, how we take minutes, etc?
John Tibbetts: +1 On calls...they're way better than our IMS calls!
Dave Longley: The links on the wiki are inaccurate.
Manu Sporny: That should be corrected
PROPOSAL: Adopt the weekly telecon format, tools, and time listed here http
Richard Varn: +1 On calls
Eric Korb: +1 On calls
Shane McCarron: +1 On calls
Gregg Kellogg: +1
Manu Sporny: +1
Daniel C. Burnett: +1 On calls
Dave Longley: +1
Matt Collier: +1
David Ezell: +1
David I. Lehn: +1
Brian Sletten: +1
Greg Kidd: +1
RESOLUTION: Adopt the weekly telecon format, tools, and time listed here with fixes to the URLs pointed out by Dave Longley.
Manu Sporny: Next up is the section on definitions.

Topic: Review Definitions

Manu Sporny: The verifiable claim is the easiest definition.
Manu Sporny: Verifiable claim - a cryptographically non-repudiable set of statements made by an entity about another entity.
Manu Sporny: Any issue with the scope/wording of this term?
David Ezell: Non-repudiable is a strong word.
Dave Longley: Non-repudiability is a common term used in cryptography
Dave Longley: The fact that the statement was made is provably true, but the contents of the statements are not necessarily true.
David Ezell: I like the term cryptographically secure
Matt Collier: You're saying you like "cryptographically secured" better? [scribe assist by Manu Sporny]
Dave Longley: I think cryptographically secure is OK
Dave Longley: Some people might mistake this term for something referring to encryption
Dave Longley: Perhaps cryptographically authentic would be better?
Daniel C. Burnett: I think non-repudiable is the correct term to use.
David Ezell: I would like to withdrawal the suggestion to change the term.
Manu Sporny: We can certainly make changes in the future as necessary.
Manu Sporny: There is a user centric design philosophy which puts people in the middle
... a service centric ecosystem give a lot of power to the system, and not so much power to the users
Manu Sporny: Ramifications of user-centric vs. service-centric architecture:
... I don't know if we need to go through each bullet item.
... it's a summary of the work of the credentials CG
... the reason for this comparison is because we need to demonstrate that what we are attempting to do does not have a set of standards behind it.
... some could argue that there are service-centric means already in existence.
... however, we have found that there are not user-centric standards.
... user get to choose where credentials are stored, when they are sent, issuers are separate from consumers which is separate from storage.
... there are many differences between the two philosophies.
... are there concerns about the bulleted list?
Dave Longley: A straw poll asking if the differences between the two philosophies are important.
PROPOSAL: There is a significant difference between user-centric and service-centric architectures when it comes to verifiable claims.
John Tibbetts: +1 In significant difference
Brian Sletten: +1
Gregg Kellogg: +1 There is a significant difference
Dave Longley: +1
Matt Collier: +1
Daniel C. Burnett: +1
Manu Sporny: +1
Richard Varn: +1
Shane McCarron: +1 There is a big difference - and I like users
David Ezell: +1 There is a significant difference
Manu Sporny: Please +0 if you have no opinion.
Jim Goodell: +1 And +1
David I. Lehn: +1
Eric Korb: +1 Is a difference
RESOLUTION: There is a significant difference between user-centric and service-centric architectures when it comes to verifiable claims.
Manu Sporny: Now back to the definitions
Manu Sporny: Does anyone feel we need additional definitions at this point?
PROPOSAL: Adopt the definitions as they stand in the Verifiable Claims Task Force Proposal.
Brian Sletten: +1
Matt Collier: +1
Shane McCarron: +1
Manu Sporny: +1
Gregg Kellogg: +1
Daniel C. Burnett: +1
Dave Longley: +1
John Tibbetts: +1
Jim Goodell: +1
David Ezell: +1
David I. Lehn: +1
Richard Varn: +1
RESOLUTION: Adopt the definitions as they stand in the Verifiable Claims Task Force Proposal.

Topic: Review Problem Statement

Manu Sporny: Next up is the problem statement.
Manu Sporny: Hopefully you've already read the problem statement.
Manu Sporny: Anyone feel anything should be changed before we review?
Manu Sporny: This is the primary statement that W3C wanted to make sure we have buy in for.
Manu reads the problem statement.
Eric Korb: +1
David Ezell: Now I remember - "reduced privacy" is not just for the credential holder - also for the checker. Not sure if that deserves a mention.
Dave Longley: My only minor nitpick would be to say "identity credentials" instead of "credentials" to better differentiate from other types of credentials.
Dave Longley: (In the aka parenthetical)
Manu Sporny: Anything confusing about the first bullet point?
Shane McCarron: I want to say that the term privacy could be expanded.
Manu Sporny: Privacy is a key element of the user-centric design.
Shane McCarron: You agree we could say more about privacy?
Manu Sporny: Yes
Shane McCarron: Anyone else misunderstand how 'privacy' is being used?
Eric Korb: Privacy is important to Edu, Med
David Ezell: I think privacy should definitely be in there and we should indicate the importance to all parties
Dave Longley: Suggestion: "and reduced privacy [for all stakeholders]."
Shane McCarron: There is also a potential lack of granularity in a service-centric model.
Eric Korb: Edu - FERPA, Med - HIPPA
Eric Korb: US Banking is now under HIPPA
Gregg Kellogg: Issuer has no expectation of privacy. user has expectation that claim will only be used by consumer. consumer has expectation that it is a private transaction between user and consumer, unless claim is verified, in which case the issuer necessarily knows the consumer has interest.
Eric Korb: I'm trying to understand if reduced privacy is a positive or a negative?
Manu Sporny: We want to increase privacy.
Manu Sporny: The goal is to increase privacy.
Eric Korb: I also indicated that education and banking are also affected.
Manu Sporny: I hear that we need to be stronger about privacy.
Eric Korb: And Health Care
Richard Varn: Privacy is a relative term.
Richard Varn: Loss of control or reduced control might be a better way of saying it.
Shane McCarron: +1 - I like control of confidential information
Manu Sporny: We have 10 minutes on the call and 2 bullet points left, let's tighten up the comments.
Manu Sporny: Any other issues with the first bullet point?
Manu Sporny: Reads second bullet point.
Manu Sporny: Concerns about second bullet item?
Jim Goodell: Well worded statement!
Dave Longley: In a service centric ecosystem, your identity information is spread out across the ecosystem.
Shane McCarron: I don't like 'coherent'
Dave Longley: Cohesive?
Nate Otto: What @dlongley just said was more specific and understandable than "coherent"
Shane McCarron: Yes, I like cohesive
Eric Korb: How about "standardized"?
Nate Otto: Cohesive is better. Maybe we can add "that is not fractured between different systems."
Eric Korb: Collective?
Brian Sletten: +1 On cohesive vs coherent
Daniel C. Burnett: +1 Cohesive
Dave Longley: +1 Cohesive, seems like simplest change to the sentence to me
Manu Sporny: Any other issues with second bullet I item.
Eric Korb: I want to make sure that a user is not 'required' to put their credentials in one place.
Manu Sporny: Now on to the third bullet item.
Shane McCarron: There is no standard that makes it easy for users to restrict the information exposed to a service provider to the bare minimum that service provider requires.
... any issues?
Shane McCarron: S/makes it easy/allows/
Daniel C. Burnett: +1 Makes it easy
Greg Kidd: Apologies, I have to head out. Highly supportive of direction of conversation.
Shane McCarron: +1 That affordance is not a word in common use
Eric Korb: How about "simple"?
David Ezell: +0
John Tibbetts: +1 Makes it easy
Richard Varn: Enables
Richard Varn: Ok
Nate Otto: I like "affords" for its precision but it would take us away from nice simple language of the sentence. I like this statement. +1
Manu Sporny: Any other concerns about problem statements after the revisions we've made on this call?
Daniel C. Burnett: +0 For adding (no objection)
Eric Korb: +0
David Ezell: +0
Dave Longley: +0 (I'm supportive of it, just worried about complexity or redundancy in problem statement)
Daniel C. Burnett: Agree with dlongley
PROPOSAL: Adopt the Problem Statement in the Verifiable Claims Task Force Proposal with the changes made during the call today.
Brian Sletten: +1
Dave Longley: +1
Daniel C. Burnett: +1
Shane McCarron: +1
Gregg Kellogg: +1
Nate Otto: +1
David Ezell: +1
Matt Collier: +1
Manu Sporny: +1
John Tibbetts: +1
David I. Lehn: +1
Richard Varn: +1
RESOLUTION: Adopt the Problem Statement in the Verifiable Claims Task Force Proposal with the changes made during the call today.
Manu Sporny: We will be having another call next week to go through the rest of the proposal and ensure we have buy-in. Thanks all!
Manu Sporny: Same time, same channel