The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group

Verifiable Claims Telecon

Minutes for 2016-05-24

Dave Longley is scribing.
Manu Sporny: I think it would be best if do a number of introductions because we have a number of new folks on the call today.

Topic: Introductions to New Participants

Manu Sporny: If you could give a quick 2-3 sentence of who you are, the org you're with, and what you're interested in the call that would be good. Keep in mind that we want to get through this pretty quickly so we can get to Anil's intro on the DHS blockchain project.
Maria Vachino: I'm with Johns Hopkins Applied Physics Lab, Project Manager, U.S. Department of Homeland Security Science and Technology Directorate Identity Management & Privacy Research
Anil John: I'm Anil John, I'm with DHS, I manage two Programs at the U.S. Department of Homeland Security Science and Technology Directorate -- The Identity Management R&D and the Data Privacy R&D Programs in the Cyber Security Division
Darrell Duane: I'm with Xcelerate and one of the awardees of the DHS blockchain SBIR.
David Chadwick: I am David Chadwick, Professor of Information Systems Security from the University of Kent
Bill DeLorenzo: This is Bill Delorenzo and I'm with Accreditrust. We're in the business of developing platforms for creating digital credentials and processing services in various vertical segments and we're in the process of rolling a new platform, product and services in this area.
Manu Sporny: Rob Trainer and Alex are also with Accreditrust, skipping in the interest of time.
Manu Sporny: Myself, Dave Longley, Dave Lehn here from Digital Bazaar been doing work in this area for a while now.
Dan Burnett: I've done standards work on WebRTC and VoiceXML. I'm one of the current editors for the specifications in this group on Verifiable Claims Data Model. Do stuff at W3C and IETF
Anita Brady: I'm a Vice President of Product Management & Strategy with Oracle in their Financial Services Global Business Unit, participating out of interest in this group.
Jason Weaver: I'm the Director of Digital Credential Strategy at Parchment. Parchment is an academic credential company.
Kerri Lemoie: I'm the CEO/CTO at OpenWorks Group, we build smart, scalable web and mobile-ready applications for organizations and businesses focused on education and educational services. I'm also an Openbadges contributor, member, contributing to badges on blockchain.
Colleen Kennedy: I'm with Pearson, work with Acclaim Badges team, representing Matt Stone.
Christopher Allen: I'm Principal Architect at Blockstream, chair of Hyperledger Identity WG, adviser of ID2020, organizer of Rebooting Web of Trust, associated with a number of standardization activities.
Richard Varn: I'm a Distinguished Presidential Appointee at Educational Testing Service (ETS), converting high and low stakes score assessments into credentials. I've also been a CIO, legislator, and have been working on credentials for about 30 years.
Carla Casilli: I'm working with Connecting Credentials, working with Badge Chain, coming from open badges environment.
Shane McCarron: With Spec Ops, been involved with W3C for 20 years or so, Spec Ops chartered to help development of standards in this area.
Eric Korb: Eric Korb, CEO, Accreditrust (by chat), digital credentialing platform service provider
Wayne Vaughn: I'm the Founder & CEO at Tierion, a blockchain technology company, authored a protocol called chainpoint, related to VCTF WG goals. Participated at ID2020.
Alok Bhargava: I work for Cambridge Blockchain as VP of Product. Cambridge Blockchain is a young company in the identity space. Our CTO has a lot of experience in blockchain as well as identity. I'm looking to participate primarily to learn about and contribute to the push to standardize how identity is used on the Internet.
Manu Sporny: Welcome everyone that's new. We're probably missing 6-7 people due to various conferences, so not everyone. But hopefully everyone can see that we're getting a fantastic critical mass of people from different industries.

Topic: Agenda Bashing

Manu Sporny: Today we have a packed agenda.
Manu reads agenda.
Manu Sporny: We won't get through the whole agenda today, so we'll front load the call with as many of our new guests as possible and let them say a couple of things about what they're working on and how it might relate to the work we're doing here, any updates or changes to the agenda?
No changes requested.

Topic: Introduction to Anil John and DHS Blockchain R&D

Manu Sporny: Anil, if you could give us some background on the DHS blockchain project that would be great.
Anil John: Good morning everyone, good X for different time zones :).
Anil John: Stepping back, science advisor of homeland security, job is to look 5 years out and understand what's coming down the line. There's irrational exuberance around blockchain. Our interesting blockchain tech is quite the reverse. As PM in this area and someone who has been in the field for some time, I'm a skeptic when it comes to blockchain tech. The proposal we put out there is to get at the root of what blockchain can do.
Anil John: If you are in the identity attributes space, there are fundamental set of principles to make it real. [lists them].
Anil John: On the privacy side, selective disclosure, pseudoanonymity, etc.
Anil John: Proposal is to find out how or if blockchain tech can implement those principles and if it makes sense to do so.
Anil John: As part of it, we've awarded to four companies, Digital Bazaar, Respect Network, Xcelerate, and Narf Technologies.
Anil John: Need to find out if the tech can be built out. If it's true, there are a set of things that become open. DHS is an authoritative source for a variety of claims and attributes, eligibility to work, first responder attributes, so on. Shared responsibility with DHS and FEMA, local as well.
Anil John: There are use cases there but not going there or recommending to customers without having foundation proved or disproven.
Anil John: Companies working on this will give us an answer or tell us to go somewhere else to spend our time on.
Anil John: That is DHS' interest in the technology and why we're funding the projects.
Manu Sporny: For those new to the call you can type: "q+" to get on the speaker queue.
Manu Sporny: Please add yourself if you have any questions.
Manu Sporny: If you don't want to speak or can't, you can type into the chat channel.
Manu Sporny: Everyone in this group is trying to figure out what the architecture for a self-sovereign/user centric identity system would be like. We're also trying to translate that into specs to take through W3C process.
Manu Sporny: Could you give us your thoughts on that ... are you looking for products or standards or a hybrid?
Anil John: I don't have a clear answer. This is a conversation that I know people in self-sovereign identity people have heard this speech from me before. My concern in general is that there's a drive ... everyone agrees that there is value in individuals controlling their data and their ability to assert whatever you define as identity. My comment to that has always been "great", but in general the adoption or lack thereof in this space has always been driven by imbalance in power of asserters of info and consumers of info.
Anil John: Consumers have a lot of power in accepting or rejecting that. If you want those people to accept your self-sovereign identity or any other type of identity, it needs to be vouched for and trusted ... by someone the relying party trusts.
Anil John: I haven't seen an effort to address that particular point, more like an effort to create an identity production thing. Large scale lives or dies on that. The authoritative nature of the claims and how you prove that authoritative nature is critical to address.
Manu Sporny: Great, thank you, Anil.
Arie Y. Levy-Cohen: I have a comment on self-sovereign identity control points just made.
Arie Y. Levy-Cohen: With regards to self-sovereign identity, fine and good for we the people ... I'm sure that there are regulatory and governmental reasons for not relinquishing control over identities to people themselves might be an issue, but isn't that solved somehow with an elegant layer of permissioning depending on the circumstance?
Anil John: Yes, and I think I agree with you. At a higher level, it's irrelevant to someone who is trusting an assertion ... maybe too strong of a word, doesn't matter where it's from but more that someone is standing behind it and that they can trust that entity.
Anil John: That needs to be addressed by whatever mechanism you put into place. That seems to be lost in the noise.
Manu Sporny: I think part of the issue that we've always had in this group is terminology, but we've heard enough of it to understand that what Anil is saying is something we hold to be true in this group. The consumers of the credentials need to be able to trust the issuers and it needs to be dynamic some consumers will trust one set others a different set.
Manu Sporny: Self-sovereign can be part of the solution... I see this as a good sign, we're gaining momentum.
Eric Korb: +1
Anil John: I slightly disagree, the person that issues the claims might be disparate from the person who is vouching for them on behalf of the person.
David Chadwick: Plastic cards provide a good model of how they work in practice today
Anil John: It is irrelevant to me who is the issuer, an org, an individual, what is important to me is who is standing behind it.
Anil John: It doesn't need to be the same identity.
Manu Sporny: Yes, absolutely, I think there's a lot of alignment on that.
Anil John: Yes, digital signatures also give you this -- it doesn't matter who is presenting a credential, it matters who makes the claim (who is standing behind it)
Manu Sporny: There's also some discussion in the IRC channel.
Alok Bhargava: I just have one clarification that I'm looking for, the point that Anil just made, I don't think that's related to technology.
Manu Sporny: No, I think it's somewhat related, but is technology agnostic.
Alok Bhargava: I think whether we support the notion that he brought up, what tech to use is a separate question.
Manu Sporny: Yes, and that's part of the technical work we've been doing and will continue doing.
Dave Longley: Because we were talking about how technology may or may not have to do w/ separating who is making an assertion and who is making it. The technology that we're working on here is very different from service-centric. Instead, we have decoupled those who make the assertion from those who verify the assertion. [scribe assist by Manu Sporny]

Topic: Other Introductions

Alex Oberhauser: Hi Alex Oberhauser, I'm the CTO of Cambridge Blockchain. [scribe assist by Manu Sporny]
Jen Behrens: Hi, I specializes in privacy and policy analysis, governance, data analytics, information technology, and identity management solutions. My main focus is on privacy compliance and the implementation of trust framework governance structures for pilot programs as awarded by the National Strategies for Trusted Identities in Cyberspace (NSTIC).

Topic: United Nations ID2020 Summit Recap

Christopher Allen: I just put a twitter status into IRC that you can go to see my slides.
Christopher Allen: It was at the UN. It's a big deal, we had ambassadors and policy makers, etc. there. Goal to bring the legal, gov't side of things (legal code) to the technologies who have software code.
Christopher Allen: Goal is leaving no one behind, provide legal identity for all, a UN mission, to do by 2030. 16.9 million or 19.6 (I forget exact number), leave no one behind, want partnerships with technologists and they want innovation. Call to action. We want to do a lot of education, interesting blockchain opportunities, need policy commitments, balancing short term and long term needs.
Christopher Allen: Slide 3, what can get in the way? There are risks, but we need to protect communities, not create new problems, we don't want to become ... "digital colonialists" into these worlds. We need to figure out the appropriate role of gov't and lots of individual challenges around adoption.
Christopher Allen: Next slide about specific problems with identity, carrier problems, people who don't have voice, tilted toward first world, lots of issues in the financial sector, want to give access but also protect people. Information rights and records to be careful. Next slide is the reality. 10 million stateless people in the world and 1.5 billion without citizenship. How do we handle refugees and voters. Need a unified vision.
Christopher Allen: Be careful with regard that identity could be weaponized.
Manu Sporny: Christopher talking through
Christopher Allen: We talked about best practices and what the role of biometrics is. Talked about what tech can do to make this a reality, want individual freedom. I was quite pleased to hear an ambassador use the term self-sovereign identity. We need to be flexible.
Christopher Allen: I think that's a good summary, the event was very much a high level overview, there were opportunities for meeting and networking but not for creating specific initiatives or documents, proclamations or things of that nature. The want to do another one a year from now. I used this to lead into Rebooting Web of Trust.
Christopher Allen: Self-Sovereign Identity as a concept was well received
Manu Sporny: Thanks, Christopher. Before we go on, event was deeply moving. Was about people who are most vulnerable on this planet and how identity and identifiers could be something that could help. Tying the work that we're doing ehre to people in refugee camps that could use these techs to make their lives better was one deeply important and moving. And two we were able to make contact with a number of people that are on the ground in these refugee camps and people that are trying to prevent human trafficking and view identity as a way of reducing it.
Manu Sporny: We have access to a number of people that are doing that and before we didn't. Now in Web Payments and in Credentials work there are a number of people who want to help people in vulnerable positions and but now we've made contact with peopel on the ground and hopefully we can tighten up the feedback loop to build something to help people in these positions.
Manu Sporny: Anil did you have comments on the event?
Anil John: It was a good event, it was remarkable in that there were three different communities there, policy makers, technologists (very heavy on blockchain front), and people with deep pockets.
Anil John: I look forward to seeing how the problem that supposedly brought them all together will motivate them toward a common goal. I was heart broken by the challenge and the issue but I wasn't overly enthusiastic over what came out of it other than as a networking event.
Christopher Allen: +1 Anil
Brian Sletten: I was just curious if the negative side of identity side came up as a concern.
Christopher Allen: That was a big part of what my goal at ID2020 was to make sure those issues were brought up.
Manu Sporny: Absolutely, it also became a big part of the discussion at Rebooting Web conference. A number of people who work at refugee camps w/Syrians have said that many Syrians dont' want to be identified because exposing their identity would allow people back home to be harmed.
Manu Sporny: It could create a terrible event. So there was focus on tracking and the dangers that come with that.
Christopher Allen: Something that fed into the next day, there has to be some better understanding on the ground. There are some warm places to sleep but it requires a handprint to enter and people would rather sleep in the mud and cold because of a general fear of the identity tech.
Christopher Allen: We need to understand these types of things at all levels.
Manu Sporny: Absolutely, any questions, concerns before next topic?

Topic: Rebooting Web of Trust Design Workshop Recap

Manu Sporny: There was an event directly after ID2020.
Manu Sporny: Christopher has been putting these together.
Christopher Allen: We had some documents to capture, photos, whitewalls, etc. The goal of a design workshop is to have a facilitated discussion and create output that can be iterated upon by the community. Goal was to have five whitepapers out of the conference and other benefits of bring people and ideas together.
Christopher Allen: At the link in IRC there are advanced readings.
Christopher Allen: There to give people context and focus.
Christopher Allen: We did a report about the results from our last conference to make sure people are on the same page. Then went through an exercise to imagine 2021 and to look at the differences and the language issues and places where people disagreed and such. By middle of first day driving into topics and Manu and Wayne had already addressed things like differences with proof of publication and so forth, other projects brought up. In the end we'll have 8-9 whitepapers/specifications come out of this design shop over the next couple of weeks as people have a chance to massage the info. I'd like to have people from the design shop say what it was like from their side but I'm very positive about it and the results. Architecture for self-sovereign ID, decentralized identifiers, identity correlation info, lots of great stuff.
Manu Sporny: Wayne, any thoughts on the workshop?
Wayne Vaughn: Great workshop, 40-50 people there, tech founders, lead engineers, from NYC area. I had brought chainpoint protocol info ... lets you provide a verifiable proof of publication. Very much related to the proof of publication work Manu is doing.
Wayne Vaughn: We had taken a previous version of chainpoint and done it in JSON-LD and it turns out that it was very much like Manu's ... done indepdnently, very close, very interesting. After working together it is clear we're all working on the same path and a clear path forward.
Wayne Vaughn: For something we can propose to standardize.
Christopher Allen: Focus was to capture and ship ideas, not just talk.
Manu Sporny: Thank you, that's just one example of like 30 similar experiences there. One example is a breakout group got the VCTF architecture and worked on it themselves and there was huge overlap with what we've done ... lots of deep technical expertise from each blockchain company talking about to have decentralized identifiers and proof of publication, associating creds with blockchains ,etc.
Kerri Lemoie: +1 Decentralized identifiers and sharing amongst chains
Manu Sporny: I cannot underscore how deeply technical the people in the room were and I'd say that they may even have more experience in implementing things than this group which is saying something because we have heavy hitters in this group.
Manu Sporny: People looked at the VCTF architecture and didn't throw it out, instead iterated on it and we're going to have those folks come to this group and present.
Manu Sporny: One of those folks is a person that worked on the email standard and he also worked on the domain system standard we depend on.
Manu Sporny: So we've also got Christopher Allen who worked on TLS as well, so very heavy hitters in this space.
Christopher Allen: (The review of vc use cases was really transformative of them)
Manu Sporny: We got a bunch of really good comments on the architecture and we'll be getting those into the group, comments on the use cases, etc.
Christopher Allen: I just wanted to close to say that there's going to be a W3C blockchain meet up at the end of June and we're hoping to revise more items at that conf and it appears so far from the survey that the last week of Sept will be when we have another Rebooting Web of Trust in SF, Microsoft will host.
Christopher Allen: So people can keep in their heads if they will be joining and participating.
Manu Sporny: Awesome and I dropped the link to the W3C blockchain workshop in IRC.
Christopher Allen:
Manu Sporny: Any questions Rebooting Web of Trust Workshop or work that happened there and it's relation to what we're doing here?
Christopher Allen: Vermont bill H.868, passed by house and senate, expected to be signed by the Governor Peter Shumlin any day now, has around page 307 a section § 1913 titled "Blockchain Enabling" KEYQUOTES: * As used in this section, “blockchain technology” means a mathematically secured, chronological, and decentra[CUT]

Topic: Recent Vermont Legal Finding

Christopher Allen: In the house and senate in Vermont, they passed bill H.868 with section "blockchain enabling" ... which is says any mathematically secured ledger [more specific legal text]... but that allows for both bitcoin like blockchains and other types. They are saying that an electronic record in a blockchain shall be considered self-authenticating which comes from previous digital signature legislation which means you can use it for business activity. The date and time of a record in the blockchain can be considered fact, you can know who the person is that recorded that record.
Christopher Allen: There are some caveats here, the bill doesn't say the validity about the truthfulness of that record but it's basically reversing burden of proof on this, doesn't require state gov't to use this at this point, but it does say that the legality or authorization of an activity which is verified through blockchain ... so later if you put your proofs on bitcoin and the govt says they don't like bitcoin, your proofs are still valid even if the blockchain is used for something else.
Christopher Allen: I met the guy who helped draft it and trying to recruit him and other political people to get similar things added. If I were to do one thing differently, I'd change format as per an international standard.

Topic: Update on Work Items

Manu Sporny: Thank you Christopher -- update on work items. I want to iterate to the group that this group will not become "blockchain blockchain blockchain", we just had a lot of events about it. This is just a heads up about what just happened and we're concentrating on a single call.
Christopher Allen: (I'm at MIT media lab and some good verified credentials interest here)
Dan Burnett: Claims data model draft spec:
Carla Casilli: Blockchainz 'R us. ;) Great to hear all of this activity.
Manu Sporny: Dan Burnett, can you give us an update on the data model spec?
Dan Burnett: Not enough time to cover everything, I sent an email about it. The main ones are that there's a JWT example, I renamed Credential to be TBDCredential because we didn't pick a prefix, we just need to decide that, that's probably the biggest item other than review. I updated examples to be as real as I could.
Dan Burnett: I haven't decided what we want to say in the intro but not go too far in making people think this is a decision vs. some ideas.
Dan Burnett: There's a big topic on the list and we can discuss that sometime.
Christopher Allen: (At some point I would like to see that optional proof of publication be a requirement of any alternative forms)
Shane McCarron: Use cases updates?
Manu Sporny: Thank you. Charter hasn't been updated, use cases had several hours on it at design workshop changes are pending, haven't updated the FAQ, got data model spec updated from Dan, survey results in a holding pattern but found someone to update that doc and produce it. Still need someone to write a one page summary for W3C AC reps. Architecture document got a tremendous amount of work this weekend at the workshop.
Manu Sporny: This is a group of six people at workshop that did a review of the use cases, no contact with this group previously and in the next 2 weeks or so they'll get the review to you, Shane.
Manu Sporny: We've got about a month to get this in front of the Web Payments IG and then push it to W3C for a vote.
Manu Sporny: We have the first three weeks of June to get it done.
Kerri Lemoie: Excellent call. Thank you
Manu Sporny: Sorry the call was so packed today, we're out of time -- thanks to all and we'll see you all next week at 11am same channel.
Carla Casilli: Thanks, Manu. Congrats on all of the work!