The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group

Verifiable Claims Telecon

Minutes for 2016-02-19

Gregg Kellogg is scribing.
Manu Sporny: Last prep meeting before F2F in San Francisco next week

Topic: Current Status

Manu Sporny: Presentation is done, final report as agood as it can be before F2F, as we need input from people at the meeting.
… Ian responded in a way that might seem concerning/problematic. Basically, he thinks we should focus on a narrow set of things, and we’ve responded that we’re trying to gather data to make decisions.
… Comments may appear to be obstructive, but he gets the benefit of the doubt right now.
… The report covers what we’ve discussed in the interviews and surveys and makes a suggestion at the end. Nobody is saying we should not do work in this area, as SAML, OpenID-Connect don’t address our needs.
… We’ve proposed to work on the data model and syntax and analyze if that fits into existing technlogies. That would be the first 1-1 1/2 years of work.
… We have pushback that protocols exist, such as OpenID-Connect, but it’s not clear. We don’t want to be pulled into the protocol fight.
… The charter is designed to put a foot into the ground and demonstrate that we can use these protocols, or to clarify what the issues are with the existing protocols that need to be addressed.
… I told Ian I would specifically ask the group if we do or do not have concensus on this direction.
John Tibbetts: I agree with direction
Richard Varn: I agree
Shane McCarron: If you’re looking for voices, I think a measured approach is reasonable. Specifying formats to see if they can be supported with existing technologies is a good first step.
Manu Sporny: We’re trying to see if we’re misrepresenting what people said in surveys or interviews.
John Tibbetts: I think the direction is good. On the letter I wrote last week, he thought I had disagreed with our direction, as I indicated we should consider nouns and flows. I’m fine with the direction of starting with the data models/ontologies.
Manu Sporny: If this comes up again at the F2F and he claims there’s no concensus, as you didn’t discuss use cases with interviewees. We should create a charter to put forth the work and go back to the interviewees again for their concerns.
Gregg Kellogg: One thing that is clear that this is an area that has been fraught with problems and people are wary about folks coming into this space. That's the sense that I got from interviewees. I think an incremental approach, as frustrating as it may be, is really the only way to move forward a step at a time. [scribe assist by Manu Sporny]
Gregg Kellogg: That is what the charter of the group should be - only clear way to make progress. A number of interviewees were skeptical that we could do something, but hopeful that something could be done. [scribe assist by Manu Sporny]
Dave Longley: My view is that the interviewees were saying that “yes something should be done, and good luck doing it.” Everyone has different or narrower goals.
… Problems may come from having a larger vision.
… I agree we should take small steps, but do so with a larger vision in mind. Talking about data models and syntax allows us to grow in that direction without constraining ourselves to too small a vision.
… I agree with Gregg, and think it’s the only way forward. But, it’s important what kind of steps we take, and this direciton is a good one.
Manu Sporny: I think it’s clear that the VCTF thinks we should go and send that info back to Ian and to the F2F.

Topic: Use Cases Document

Shane McCarron: I don’t think the new information changes the use cases right now.
… The document has been re-structured based discussions here and elsewhere. Theirs basic boilerplate and introduction. I stress that even though we have terminology, we’re not talking about architecture.
… The terminology section is based on a common terminology used elsewhere.
… Section 3 Examples talks about flows. This may look like it describes a protocol, but it is not intended to. A simple flow for how we might create a Verifiable claim. The next section describes how Jane might prove her age using this without disclosing too much.
… The use cases have been pared down. They’re described as Essential or something less.
Shane McCarron: It must be possible for any entity to issue a verifiable claim.
… For each use case, we’ve classified a requirement along with a motivation and then various scenarios that were suggested that led us to believe there is such a requirement.
… Financial scenarios are pushed to the top, but other supporting scenarios are also included to show wider applicability.
… The scenarios were not heavily edited to try to stick to the original intent of those describing the scenarios.
… Use cases are organized by the fundamental task that might be used, issuing, revoking, using, managing, ...
… I think we’ve done a good job of sticking to original intent and avoiding protocol.
… Appendix A is extended use cases, is everything organized as in section 4.
… It’s definitely a WIP, but is worth showing around.
Dave Longley: Big thanks to you guys!
Manu Sporny: Thanks to the editors working on this stuff.
… I think the structure is fantastic; it helps us show people what we’re talking about. I’m comfortable showing the IG and others these use cases.
… Ian responded and said that the use cases were not part of the work of the VCTF, but I disagreed.
… In his recent email he said: “That’s fine, we can talk about them, but need to know which the interviewees think we need to address."
… The way we’re going to pitch to the IG is that we do want to know what’s interesting, but the right way to do that is to write a draft charter and pair the use cases. This allows us to be more specific when soliciting feedback.
Shane McCarron: FYI we already winnowed the list - there is all sorts of additional raw material.
… We’re going to have to pair down into a simpler set for the purpose of the charter. Long term, the group may hand-select use cases vital for the first charter.
John Tibbetts: Gregg started out by asking if the flows will pass muster. I think they’re increadibly helpful without crossing the line into politically sensitive areas.
Manu Sporny: Speaking for myself, I think the editors walked a fine line. It does assert different actors, but that’s part of the problem statement. Diagrams do talk a bit about protocol without calling out specifics.
Shane McCarron: Thanks for saying that, we did walk a fine line. Part of that line is that we tried to use the terms in the flows, and the terms are very generic.
… As long as we’re generic, I think we’re safe.
Dave Longley: I think people might look at the flows and nit-pick, and question how it is different or protects privacy. That’s expected, and we should be prepared to talk about it.
Manu Sporny: The problem statement and list of requirements is a good response.
John Tibbetts: When I look at the education use cases there are 2 classes covered: one kind is the book company is an authorization scenario to determine if we’re entitled, and maybe issue it.
… This is a use case which is handled by current technologies pretty well, but we could do better.
… The veterans affairs or drivers license are quite a bit different. Electronic transcripts gets into territory that is not handled at all. These are truely verifiable claims and not just used to access a resource.
Dave Longley: Perhaps we need to add competency-based and transcript claim use cases
Manu Sporny: It’s good to point out things that aren’t already solved problems.
… The charter will specify that we do an analysis of existing technologies and this may be a good use case to point out new work necessary.
Manu Sporny: I don’t think we can go back to interviewees with use cases by next monday.
Shane McCarron: John, if you have some more use cases you’d like to see added, let me know. We didn’t retain everything, and we may have it elsewhere.
John Tibbetts: Unfortunately, I’ll be at IMS meeting next week. Maybe after next week we can pair down to a couple of strong use cases.

Topic: Verifiable Claims Task Force Presentation

Manu Sporny: The presentation is an overview of the report. We talk about the purpose of the task force, the problem statement, research data, then go into research findings.
… These include areas of concensus and areas of concern.
… we then go into specific payments use cases and will resonate with many at the F2F.
… These includes customer loyalty, shiping goods, proof of gooks, KYC, etc.
… The next steps we’re being agressive on. We’re saying what we believe we should do next and start socializing the charter so we can iterate/refine based on feedback.
… One of the things that will come up is that someone will say they don’t think we have concensus and need to start another data gathering excersize.
… If there’s push back, there’s nothing to stop us from going straight to W3C membership. We have the option of going to AC meeting in march or going straight to members instead of coing through W3CM.
… The biggest disaster that could happen is if we’re not convincing to the 40 people at the F2F. That would reflect badly on going forward. Note that staff was against creating VCTF but were overruled.
… If we have a greenlight to proceed after next monday, we’ll do so.
Shane McCarron: I’m cautioiusly optimistic. Reminder that that staff contact isn’t actually in charge. We can proceed however we, as a TF/IG, believe we should.
Gregg Kellogg: +1 To ShaneM
Manu Sporny: I believe that staff is acting in the best interest of W3C and members; if we can convince, that will be very useful.
… Ian wanted to hear from interviewees. We need to overcome that.
Gregg Kellogg: What is the protocol for the meeting - is it open, does it require invitation? [scribe assist by Manu Sporny]
Manu Sporny: By invitation, and they’ve been stingy with invitations. I’ll ask.

Topic: Verifiable Claims Task Force Final Report

Manu Sporny: The report could use more editing, but we’re short on time.
… The first five sections are pretty solid.
… Concensus/Concern could use more eyes on it. Ian is most concerned with 6.5 “Minimum first step”. If we try to pair it down more, there’s really not much left to be done. That will be the main bone of contention.

Topic: Draft Charter Proposal

Manu Sporny: This is not done, and needs a bunch of work. Hoping to spend time on it.
… We’re proposing data format and syntax work as main work of group, secondary an analysis of how this can fit into SAML/OpenID Connect, etc.
… We may work on two modles in parallel to address different technologies. In the analysis we can say that they either work within existing protocols, or that there are use cases that can’t be addressed with current protocols.
… This either requires changes to existing protocols, or that they’re fundamentally flawed which would require a new charter for a group to work on this.
Shane McCarron: There’s a risk in even talking about stacks as people may construe this as proposing a solution.
Manu Sporny: We should probably not say that then. We can not specify OpenID/SAML.