The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group


Verifiable Claims Telecon

Minutes for 2016-05-10

Nate Otto is scribing.
Manu Sporny: Introduction to new participant, then go through deliverables and their status.
Manu Sporny: As some of you may have heard, we're currently talking with the credentials transparency initiative about some naming conflicts, but we'll delay putting that on the agenda until next week.
Manu Sporny: Any other items for the agenda to discuss today?

Topic: Introduction to Alok from Cambridge Blockchain

Alok Bhargava: I work for a company called Cambridge Blockchain; young company in the identity space. Our CTO has a lot of experience in blockchain as well as identity. He's not able to participate. I'm looking to participate in this primarily to learn about the push to standardize how identity is used on the Internet. I have a very limited background in identity and crypto. I have about 12 yrs experience designing/building/marketing telecom systems. Role at Cambridge Blockchain is VP of Product.
Manu Sporny: Welcome to the group, Alok

Topic: Review of Survey Status

Manu Sporny: Next up on the agenda is a review of the survey status. Here is an image capture of the survey results.
Manu Sporny: We'll clean this up and put it into an HTML page at some point.
Manu Sporny: We have a very healthy number of responses at this point. We asked about 83 people to respond. That number of people responding is a good sign. We have responses from the financial sector, the education sector, healthcare, government, national institutions, NGOs, entertainment industry, mobile vendors. A very healthy set of people across multiple market vertcals.
Manu Sporny: I'm going to start going down from the top.
Manu Sporny: Very good support for the problem statement.
Manu Sporny: Up to around 96% positively responding that the goals are good to pursue.
Manu Sporny: This is really good, because it means we have the language on the problem we're trying to address in the goals and scope of work down really well.
Manu Sporny: We asked if people's verifiable claims problems would be addressed if the use cases proposed were expressed.
Manu Sporny: We really limited, narrowed the use cases to ensure we had a narrow scope. Most people thought that more needed to be done beyond these to fully meet their needs.
Manu Sporny: We limited use cases because large scopes make people nervous, that you won't be able to achieve, or they would have too broad reaching grant of patent rights.
Manu Sporny: We asked if people would join and participate, and 44% of respondants said that they would join and partcipate in the work.
Manu Sporny: 34% Put themselves as other in this space. They would mostly like to participate but don't know if they have the bandwidth right now.
Manu Sporny: We definitely have 16, and potentially 4-5 more if they find the time.
Manu Sporny: And typically as these things get officially started more orgs join up.
Manu Sporny: We did get some feedback that they would like to see more incubation of the work.
Manu Sporny: Some because they didn't see a specification, they weren't sure about the architecture...
Manu Sporny: We did speak with the Web Payments IG. We're getting close to the question of whether the WPIG would support the work going forward. One of the big questions is if the specification is created, who is going to implement it into their products.
Manu Sporny: We're going to go around calling people to see if we can put them down as implementers.
Manu Sporny: We're doing good with the survey. We found some other items that we have to create to make sure the vote goes well.
Jason Weaver: Are more responses desired?
Manu Sporny: Any questions on survey status or where we are with the survey?
Manu Sporny: Are more responses desired? Yeah. If you haven't taken the time to fill out the survey, please do it. If you know an organization who really should have filled out the survey, get them to fill it out as soon as possible.
Manu Sporny: We did a soft close on the survey last friday (started reporting results), but still accepting responses.

Topic: Work on Existing Docs

Manu Sporny: Went into the work with Charter, Use Cases, and FAQ. Now we're going to try to rev those documents in response to survey. Not much work is needed, we'll try to get it done in the next couple weeks.
Manu Sporny: Any questions on Charter, Use Cases, and FAQ?

Topic: Verifiable Claims Data Model Specification

Manu Sporny: Dan Burnett, I'm going to hope that you give a quick overview of the Verifiable Claims data model.
Manu Sporny: When we got the survey, we got a number of people saying "that's great that you're going to do the work", but if we don't see a proposed technical solution that we have moderate buy-in on, there's nothing to standardize, and we can't see if we support it.
Dan Burnett: Very drafty spec proposal: http://opencreds.org/specs/source/claims-data-model/
Manu Sporny: This is kind of a new dynamic at w3c. You used to not need this (often counterproductive), but some big companies are pushing for this
Dan Burnett: There is a draft document, includes some reSpec errors to correct; includes some about identity.
Dan Burnett: We have a data model for how verifiable claims work, but there are different languages that different users of this technology would like to use to define the syntax for this data mode.
Dan Burnett: Challenge: to show how data model can be represented in the three syntaxes people want to use
Dan Burnett: Using the terms "claim" or "verifiable claim" to mean what we used to call "credentials".
Dan Burnett: One of the things that wes important would be to distinguish between claims, and "verifiable claims". The latter has a signature.
Dan Burnett: In the data model, you'll see a section for claims, and for verifiable claims.
Dan Burnett: You'll see examples of how to express these
Dan Burnett: One thing I wanted to write up, but no set location to put it: how to write about identities. We need to have an ability when we're talking about ids in claims, the ids are suppose to reference identity @ids.
Dan Burnett: Until we figure out how to describe that more generally, it's here.
Dan Burnett: A lot of text came from the original identities and credentials document is here in appendices, pulling from as we try to expand and write introduction/abstract, etc.
Dan Burnett: We have a bunch of reSpec errors. Shane and I are fiddling with them for now.
Dan Burnett: Obviously drafty. If there are problems with the webIDL, don't worry about that yet. If there's something obviously wrong with the rest, let us know.
Eric Korb: Korb 908
Richard Varn: Did you start with the Open Badge Initiative for what you'd expect to find in a spec, or is that something that needs to be brought in still?
Richard Varn: I'm glad you're representing identity. It's tricky, but it has to be done.
Dan Burnett: As far as what I started from, posting a link...
Dan Burnett: My history doesn't go far enough back to know where all that came from. If I've put in something inappropriate or left out something appropriate, let me know.
Dan Burnett: My aim was to show the data model, separate from a syntax, and then show implementations in syntaxes.
Dan Burnett: We need to avoid problems with critics right away who say something like "It needs to only be represented in webIDL"
Manu Sporny: Richard, the specification we have right now in this group, we believe can fit the Open Badges stuff in in its entirety. Open Badge is just another claim as far as the system is concerned. Whatever that claim is, we can just stick it in the claim and see how that works. We haven't discussed this a lot in this group recently. Would be good to hear from Nate and maybe Kerri on where OBI fits in.
Manu Sporny: We should be good to go as far as open badges go.
Manu Sporny: Let me jump back. burn, thanks for putting this into this new form. Spot on, I think it's great to explain what the data model is in prose and then talk about how you express it in JSON-LD, WebIDl, etc. Will work for a lot of communities. It increases our ability to have this stuff reused.
Manu Sporny: For example, there has been a lot of interest in blockchain communities to inject these credentials in sidechains and other structures.
Manu Sporny: All in all, I think the spec is a step in the right direction, Dan.
Manu Sporny: Two comments; One of them is the removal of the word credential. We have decision to make on that if a credential is a set of verifiable claims, for instance. The word identity as well may be the other most controversial.
Dave Longley: +1 For using credential but burying it in the document as just a container for claims
Dan Burnett: Actually debated for quite a while whether I wanted to remove the word credential. If we started with the word credential right at the top, I thought we'd have trouble based on the conversation at the last month. But I wasn't trying to change semantics (for what I'm calling "claims data set"), so if we need to go back, we can.
Brian Sletten: I just want to get a sense because you said this is a new thing being asked by some of the bigger members. Seems like fluctuation on a sine wave -- we can't proceed without technical details... we can't define technical details at this stage.
Manu Sporny: There is disagreement. Some members think that this is not appropriate to do at this stage. Others think it should produced right now.
Manu Sporny: The reason we're producing this spec right now is to answer the people who say "you don't have a technical proposal".
Dan Burnett: Dlongley, the original doc had credential as a container for claims, which means the main section titles would talk about "credentials". I'd want to hear more about how you think we could bury it while still having it be the outer container name
Manu Sporny: For the organizations who say "you shouldn't enter with a technical proposal", we say "we were asked to do a technical proposal. None of this is set in stone; it's the job of a working group to decide on the technical proposal". We're not trying to make each side 100% happy but meet the minimum bar that each side has.
Manu Sporny: This is one of the things we think we need to stave off formal objection from some large organizations.
Manu Sporny: Does that make sense?
Brian Sletten: "Ish"
Jason Weaver: Richard asked about the model working with Open Badges. My question stems from that. A lot of what we call these things today are being exchanged in different regional standards. How to PESC, __ align with the architecture?
Dan Burnett: I think by "bury" all we need to do is make the main subject about "claims" ... start the document by talking about what claims are and how this spec will detail how to model them. then we can get into how a credential is a "set of claims" ... i just think we need to avoid having it front and center is all. (i don't think we're too far off from that now) [scribe assist by Dave Longley]
Manu Sporny: We are aware of PESC. We're trying to create a generalized way of expressing claims. Anything those other standards can express should be able to be expressed in this data model. We do want strong semantics to go along with these claims. It will probably be up to those standard-setting bodies to decide how they want to express their claims in this data model. We have not seen a case where a standard couldn't use this model to express claims.
Jason Weaver: EMREX is the EU data standard
Dan Burnett: Dlongley, would love to talk with you offline after the call. I will email you.
Manu Sporny: Key point is to make those groups understand that we can build a way for our model to map to their data model. For example, working with Credential Transparency Initiative to see how we can express their model in our data model. Haven't had to change the model. Just a matter of figuring out what the vocabulary is.
Nate Otto: From the open badges perspective, we expect to be able to express the open badges data model via a verifiable claim. Given that it builds off of other specs - we'd specify how you do an open badge using verifiable claims. [scribe assist by Manu Sporny]
Dave Longley: +1 To nate
Manu Sporny: Until we have ratified specification, it'll be a constant discussion on how best to express this stuff, but as NateOtto says, there's no reason why we can't express many types of data in this model. If you find a case where you can't, this means we screwed up and it needs to be fixed.
Manu Sporny: If there's no more questions, burn hopefully you have time over the coming month to keep whittling the spec down to something we want to include in the package to the w3c for voting.

Topic: Survey Results/Overview

Manu Sporny: Another document we need to generate is a summary of the survey results.
Manu Sporny: It's pretty compelling to see all these organizations agreeing with the work. Need a 1-2 pager overview of that.

Topic: One page W3C AC Rep Summary

Manu Sporny: Another thing ACs asked for was a 1 pager specific to advisory committee members. These people are usually asked to vote on many things per month, and they're usually very busy. Throwing them 20 pages will usually result in them not reading it and not voting on it.
Manu Sporny: One of the AC reps asked us to come up with a good 1 pager overview to help them on this. This work has not been started yet, needs to be done.
Manu Sporny: There were a list of questions that person included in their response, we'll go over that. FAQ: Is there a clear problem statement? Do you have buy-in? Is the scope narrow enough? is there a spec? Who's going to implement?
Manu Sporny: Those are the general things AC Reps want answered. (also: Why would this initiative need a standard in the space?)

Topic: Architecture Summary

Manu Sporny: Once we get all those answers onto a piece of paper, that'll be the 1 pager opener.
Manu Sporny: Next up is a summary of the architecture that we're building.
Manu Sporny: There's a diagram on the first page of this pdf where we're talking about issuers, holders, inspectors, repositories.
Manu Sporny: We've started thinking about that architecture through this UN rebooting trust workshop paper draft. We're probably not going to include things like decentralized ledgers, decentralized hash tables. We don't want to imply that that's what we're working on in phase 1. Clearly all of us understand that blockchains & DHTs will play a part at some point in the future of this work.

Topic: Implementers Summary

Manu Sporny: Next document we're going to work on is this implementers summary. We need to know who is going to implement this work. If it's only 2-3, clearly we're not going to be able to do this work. We need a bunch of orgs to say that "we will put this into production"
Manu Sporny: We need to gather a list of those organizations.
Manu Sporny: That's all the items that came out of the survey requests.
Manu Sporny: Charter, Use Cases, FAQ, Data Model, Architecture Summary, Implementers Summary is what makes up the pack we'll distribute for a vote. (did I miss one?)
Manu Sporny: +Survey results overview
David Ezell: July 1 Web Payments F2F has Verifiable Claims on the agenda. Was going to send manu a note to coordinate
Manu Sporny: There's a question of whether the Web Payments IG will support this work. We'll have these documents ready to go in a month and a half before that face to face. That'll go up for an advisory committee vote. Do people feel this timeline is too long?
Richard Varn: I don't object to the timeline for this standards-based work. I just see us like a squirrel in a cage going and going forever. If this continues to stretch out forever, do we have a plan B? We could have done a shorter timeline approach and be already out in the world for implementation
Manu Sporny: I'm becoming more and more convinced that this will go forward at the W3C
David Ezell: The timeline is kind of artificial, mainly because we have these face to face schedules. If the f2f worked two weeks from now, we'd be doing it then.
David Ezell: I haven't heard a lot of concern raised at the IG level
David Ezell: It's just a process to get people to vet their concerns. I think this architecture document will help a lot. I also think there is a related develoment at w3c that I want to mention -- the browser extensions community group. It may turn out that browser extensions are a way to get all this stuff implemented. Which gets us out of the way of requiring a browser vendor to write the code.
Manu Sporny: To be clear phase 1 and phase 2 don't require browser vendor support. Clearly we want their support at one point, but we don't want to put two mega-companies in the way of deploying this ecosystem that we want to see.
David Ezell: The main point is that the IG is not intentionally slowing this work down, it's just our schedule of face to faces that sets times we can talk
Manu Sporny: Either the IG's going to get behind this and support it or say No. At that point, either we go to Plan B or we go straight to the general W3C for a vote.
Manu Sporny: By July 15 at the very latest July 30 we can start votes. By August we'll know whether we have a WG or not, in time for TPAC in portugal.
Manu Sporny: That's it for the call today. We'll meet again next week to go over some of the concerns with the Credential Transparency Inititative.
Manu Sporny: Thanks everybody for joining. Chat again next Tuesday at the same time.