The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group

Verifiable Claims Telecon

Minutes for 2016-07-12

Gregg Kellogg is scribing.

Topic: Verifiable Claims Presentation at WPIG face-to-face

Manu Sporny: We took all the material we’ve been working on and presented it to WPIG two weeks ago to see if they would support the VC work going forward.
… The IG largely voted to pass it, which is great news! It will take another week for the vote to be binding.
… There was a large amount of support for the work.
… Somewhat troubling, there are two large organizations opposed to it as well as another key individual.
… We’ll see if we want to change anything to help bring them onboard.
… I want to point out to W3C members on the call to not yet point out which members we’re discussing, as the minutes are not yet public (should be next Monday).
… Presentation went well, went over various documents. No push backs on documents themselves.
… No controversial questions. We asked for feedback from critical organizations, and they had some pushback.

Topic: Identified Verifiable Claims "Weak Points"

Manu Sporny: First set of consistent pushback was that the work is too broad: we have a number of education companies, but not others such as healthcare, finanical, etc. Use cases include this, but not enought people from these sectors.
… It was suggested to hone down to education case. One organization said they don’t think we’re in the position to say it will work for these verticles.
… Until they see organizations from other verticles, they’re not convinced we can adequately work on those use cases (also govt).
… There was quite a bit of pushback from within the IG from members in these sectors, who thought the work was appropriate and necessary.
… The second criticism was that JOSE/JWT (JSON web tokens) also allows claims to be made. We analyzed this some years ago and found it wasn’t a good fit for Linked Data, but the orgnaizations pushed back saying they’d rather start with JWT and extend as necessary.
… They basically want to work off of existing technologies. Pushback is that we’re not making technology decisions and working on data model. We’d like a flexible solution, and choosing JWT would be making such a decision.
… Of course, this pushback from organizations which pushed through JOSE/JWT. there are also oranizations using Linked Data Signatures which would like to go in that direction.
… There was a philosophical point raised: one org said they felt work hadn’t been incubated enough; they want demo implementations, pilot usage. We pushed back saying we had done this, but they were unsatisifed. They couldn’t say exactly how much deployment would be enough to be satisfied.
David Ezell: I’d like to thank the VCTF for doing such a great job. In discussions with W3M, it was widely acknowledged that the work done here has been great.
Dan Burnett: One concern I would have with "just use X that's already out there and extend it" is that our starting point principles are not necessarily the same as those of the orgs working on those other technologies. Any suggestions we make for extensions in those organizations may meet with opposition merely because our goals are different.
… I wouldn’t worry too much about some of the pushback (particularly the last one), it’s likely to evaporate.
Matt Stone: I would add to that last point about incubation: I got the sense that they were looking for us to see a standard emerge from the market place. They’re not asking for a pilot, but a developed system that can be rubber stamped. We’ve been waiting for that to emerge for 15 years.
Shane McCarron: I don’t think it makes sense to approach this against a single verticle. We got pushback earlier that we were too focused on a single verticle.
… Everytime we come back with more data, the goal posts keep moving. Eventualliy, the absurdity must become broadly apparent.
Dan Burnett: For those who suggest there are existing technologies that can be extended: the principles we’ve developed would likely make getting existing organizations to adopt our needs would be difficult/imposible. I’ve seen this many times where the NIH factor makes groups reluctant to adopt outside viewpoints.
Richard Varn: I’d like to second stone’s point that we’re getting in the middle of exisint battle lines between large vested interests. If we focus too much on education, it won’t be clear that there are generic issues that are handled. This leads to a bunch of different solutions.
Carla Casilli: +1 To what RichardVarn is saying about education: and education is connected to other claims. Sorta nuts to just try to do that.
Dan Burnett: +1 Carla (and Richard and Shane)
… WRT self-soverignty, these are key to a solution, and leaving this out would make it a much weaker solution. If we don’t do this at the W3C, we may need to elsewhere.
Dave Longley: +1 Everyone so far.
Dave Crocker: References to JWT or others seems to be a fundamental technical error, not because they’re bad, but that they’re at the wrong layer. My understanding was that choices for specific formats/encodings/protocol were not being made at this point, but that we are focusing on design specific to the problem domain. This is much higher than deciding on JSON or encryption details.
… Critisisms that are proposing JSON are fundamentally at the wrong level at the wrong time.
… The issue of political motivations/self intereset, I’ve never seen this to be helpful. To the extent that there is a basis for saying there is not support in the industry, this is either true or false. The solution is to just get a broader base of support.
Dan Burnett: +1 Dave Crocker with respect to JSON-based technology recommendations being at the wrong level. May need to add to FAQ before AC review.
Manu Sporny: Appriciate the comments, it demonstrates that the concensus building we’ve done has paid off.
… There was a suggesting to move the problem statement and self-soverign as well as other important parts of our proposal. My expectation is that this group would push back hard on this, as it would imply that we don’t need to solve the problem we’ve decided to. We don’t need to satisfy the suggestions.
Dave Longley: +1 To manu about changing the problem we're solving ... not only would we be solving a different problem, it would make that problem much closer to the same problem that other technologies have solved, for example, JWT -- and then there really is no point for the work.
… Responses to issues typically don’t end the discussion, they don’t seem to be satisfied with any reasonable response.
Dave Longley: There's a problem that needs solving that hasn't been solved yet -- there's no reason to switch to solving an already-solved problme.
… I’ll also note that during the blockchain identy meeting, one organization sent in someone that was mildliy disruptive.
… While we’d like to think the best, it doesn’t seem that some organizations are playing fair. Some critisisms are an attempt to derail the work, rather than being a constructive critisism.
Dave Longley: If an organization thinks that no one is interested in solving this problem and it's all pointless, they should let it fail -- there's no reason to fight so strongly against it.
Nate Otto: +1 To manu about changing the problem we're solving. The Badge Alliance community wants to solve the problems as we've defined them in the use cases, and if we remove language about self-sovereignty, it weakens the applicability of this work to the problems the Badge Alliance and Open Badges community was founded to address.
Carla Casilli: +1 To dlongley and manu's comments
David Ezell: Respoding to Shane: I would not recommend that you do anything without engaging with W3M on the next steps. The suggestion of limiting to one vertical was a trial balloon. THe same is true for the rest, I would not change anything until you get specific feedback on what they want changed.
Dave Longley: +1 To no changes without specific requests for change
… To be clear, the WPIG passed unanimousliy (individuals). People should feel good that the work as presented was approved. You need to walk forward cautiously, but hide a big stick.
Matt Stone: The work wasn’t only approved, but recognized as being of very high quality. We were as well prepared as any that has come before. If we spend too much time responding to complaints, it lends validity to the complaints.
Christopher Allen: The JWT argument is a red herring, we don’t need to address further. Some big orgs are not of one mind; one group has constituents that need the technologies, and it may be the “old guard” which is being a problem.
David Ezell: S/hide a big stick/keep eyes forward toward progress/
… I’m generally against removing self-soverign, but could be satisfied with “peer claims” or something.
Christopher Allen: I’m not sure how to do some things with JWT that we can do with LDS.
Chris Webber: Good news so far!
Nate Otto: +1 There are a number of problems in this area that I don't see a good solution with JWT, but I do see a good path forward with Linked Data Signatures.
… What are the requiement for consent in W3C? What happens if those opposed continue to say no?
Manu Sporny: When people saw there was pushback, there was a velied threat that some members would be fine with going to other standards bodies. If W3C Membership doesn’t want to do it here, we can take it elsewhere.

Topic: Next Steps

Manu Sporny: The WPIG voted unanimously to take forward, those against in are not in the IG (but are member companies). W3M is reviewing the charter and will come back with changes they think will address the concerns. When W3M comes back with changes, we can review and consent.
… Regarding consensus, the easiest ones are where there are no formal objecitons and there’s support for going forward. We should have enough members to go forward
… I do expect a formal objection (i.e., we won’t satisfy there concerns). The question will be if we responded at face value. That’s usually good enough for the director to rule on the objection for us to move forward.
… It will be difficult for FO’s to keep us from moving forward.
… We’ve handed the charter to W3M, they’ll give us change suggestions, and we can accept or not. Eventually, it goes to a vote.
… The risks are that for obvious reasons, W3M may take an extended amount of time to come back. (This should be obvious next Monday).
… We’ve discussed doing an F2F at W3C TPAC in late September.
Dave Longley: (19-23 September)
Manu Sporny: W3C says charter won’t happen in time for TPAC, but that doesn’t mean you can’t ask another group for space.
… It would be bad to have such a meeting with low attendance.
… This group should assume we’ll be successful, and plan for an F2F.
… We need to address JWT thing. Of course it’s premature, but there are likely technical reasons for us to say it’s not appropriate in any case.
… The Rebooting Web of Trust meeting is happening on the west coast.
Richard Varn: It will be challenging to get travel approvals for international travel for organizations like mine so the sooner we make a decision on whether there will be a FTF (regardless of official status) the easier it will be to get approvals and make travel arrangements.
Christopher Allen: We have a 3 day event reserved. In generall, the VC technologies is of broad interest. I’ve also asked for IIW to make space for us.
Manu Sporny: Members of this call may want to wave the flag at such meetings to get broad interest in the larger community.
Shane McCarron: I think we can stop worrying about the charter and independently continue on core data model work.
Kerri Lemoie: +1 ShaneM
… That’s more the Credentials CG than the VCTF. We did a lot of editing work up to this meeting, but not enough feedback.
Nate Otto: +1 To continuing work on the documents. I have some active feedback on use cases. +1 to manu to showing how some of this works in JWT
Manu Sporny: We need to be sure the JSON/JWT stuff is tied up; perhaps provide both mechanisms.
Nate Otto: I have a couple active comments on the use cases that I'd like to go back and forth a couple more times with ShaneM and manu in the coming several weeks.
… We should also note that this has been a volunteeer effort, which is not sustainable. The amount of work will increase, and can’t be done just by volunteers.
Dave Longley: Notes that there's also Dave Crocker's argument that JWT just doesn't matter at this level -- however, it does seem to be the main sticking point for some opposition and I'm not sure they would accept the (IMO, correct) argument that it's at the wrong level.
… We need to find funding to support the volunteers. Specifcally ShameM, Burn, and SpecOps.
… We’re going into an area with well funded organizations that want to disrupt the work, which is hard for volunteers to do.
… Travel expenses, pay for editors, etc.
Manu Sporny: Next monday the minutes will be public, and we can talk more specifically about strategy. One thing is an analysis of JSON/JWT. When things are voted on, there will be other organizations joining the work who weren’t involved in these discussions.