The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group

Verifiable Claims Telecon

Minutes for 2016-08-02

Shane McCarron is scribing.
Manu Sporny: We need to talk about Wendy Seltzer's responses. We'll do that at the beginning of the call. Any other changes to the agenda?
Nate Otto: Manu, David Chadwick also requested to add two items to agenda: "i) expiry time of credentials, ii) definitions for user-centric and privacy-enhancing"

Topic: Feedback on Charter from W3C Management

Manu Sporny: Wendy is the domain lead for the activity. needs to be okay before we put it to a vote.
... has provided some high level feedback. Similar to stuff we have been hearing for a while.
... has not made specific suggestions. Just raised general concerns.
... High level points:
... Problem Statement is too over-arching
... Usually a charter problem statement will be solved when the group is complete.
... she asserts that our statements are visionary.
... we assert that there is no widely used self-soverign standard...
... pushing back on widely used. can't be sure that will be solved.
... if the scope of data model, we are not specifying a protocol. so there is no way to pass them back and forth.
... we are not talking about transacting because there is no protocol.
... She also took issue with the word verifying. There is a big difference between this has a valid signature and this is connected to valid data.
... we are saying that there is a mechanism to verify a digital signature, but there is no way to ensure that the data is valid.
... There is substantial infrastructure required to make self-soverign meaningful.
... we would need more to have a complete ecosystem.
... there is no way to ensure that the claims would be used in a privacy-enhancing manner. The links could be used in a privacy invasive manner.
Dave Longley: (If this is helpful: digital signatures are a mechanism for verifying the authorship of the claim ... that's what what is 'verifiable' about the claims)
Manu Sporny: She found similar problems with the goals.
... she would like us to narrow the goals down to things that are achieveable.
... Also saying that she does not quite understand how service provider independence would work with what we are proposing.
... She doesn't see how we can develop vocabularies for groups that do not participate.
Dave Longley: And the vocabularies are interoperable
Manu Sporny: There is some confusion about what we are proposing. We are not saying that we will define the terminology. We are saying we will define the data format FOR the vocabularies.
Manu Sporny: We will need to close the loop with her on some of these. We can probably make edits to address some others.
Manu Sporny: We have not heard back from the JWT folks.
Dave Crocker: There was a discussion at the IETF meeting
... it was brief. two items stand out.
... One clarified the suggestion about education vertical. Wendy made the comment that it was suggested because that was where the effort had gotten support as far as she knew.
... The other was more general: She wasn't seeing a depth of support that would encourage one to believe that it would get adopted once the work was done.
... I can't evaluate how accurate that is.
... Sometimes efforts like these get started because some people are enthusiastic. When there is a strong support of implelentors and consumers there is more likelihood of success.
Manu Sporny: These are the organizatins that say they're going to implement:
Manu Sporny: One of the issues we have with that sort of comment is that we have gone to a lot of trouble to present those organizations.
Manu Sporny: Demonstrate that there is industry support:
... as far as industry suypport we went to a lot of trouble to demonstrate that there is industry support.
... I am wondering if she still feels that is not enough. If so that is very confusing to me
... We have had others that had far less support and got started.
Manu Sporny: I feel like we have answered the question over and over again. Either Wendy has not seen the links or they are not convincing to her.
Dave Crocker: I have known wendy for a long time but not very well. My superficial assessment is that she is focusing upon pragmatics.
... my experience with these types of situations is that they need a sit-down dialog with the proponents and thrash it out in realtime.
... these types of differences in perception don't get resolved in emails.
Manu Sporny: We have tried to get a meeting for a long time. Wendy is very busy.
... my hope is that we can have that sit-down soon. We are having it with microsoft now and we are making progress.
Christopher Allen: Has there been any progress with Google?
Manu Sporny: No - not yet.
Dave Crocker: Who's the contact?
Manu Sporny: Chris Wilson the issue but it was mainly on process. It is not clear if Chris was coordinating with the Google identity team.
... if anyone ahs a contact there please letme know.
Manu Sporny: My thinking is that if google withdraws their objection, microsoft will follow suit.
... we would prefer they both say this is great stuff and we want to be involved.
... we are still trying to get in touch with Google.
Eric Korb: Is there someone else who can contact them?
David Chadwick: Perhaps microsoft's objection is different than google's
... maybe it is a business issue, not a technical issue.
Manu Sporny: That may be the case, but it is not what they said on the phone and in email.
... they are usually straight forward.
... we have not seen them strongly oppose work that actively overlaps with one of their business units. But that doesnt mean it is implossible
Shane McCarron: I can reach out to Google. [scribe assist by Manu Sporny]
ACTION: ShaneM to reach out to Chris Wilson about google contact
Nate Otto: Are we going to edit the problem statement? Or are we waiting?
Manu Sporny: Yes - I am going to do it because I am the only one who has been in contact with everyone.
... I will put it up as a draft alternative. Bring it back to see if the group agrees.
... might be a fairly aggressive set of changes.
... which will be okay if the group goes for it... and if that satisfies the objections.
Nate Otto: Good luck!
Manu Sporny: Probably no meeting next week.
Nate Otto: Here's some text I put together as we were chatting, you may consider -- or it may be quite a bit off where you want to go with it: "There is no standard data format and vocabulary that may currently be used to make claims about entities and the properties attributable to them in a way that is compatible across industries, carries verifiable digital signatures, and protects the privacy and agency of the individuals and organizations that are the subjects of these claims."
David Ezell: I have a conversation coming up with Microsoft.
Manu Sporny: Different than the one I have been having.
David Ezell: Mike Champion and I have worked together for years. No one has a crystal ball. Some objections might be about making a complicated set of udner constructions standards.
... it is kind of a thin argument. None of the activities may be adequate. The group has tried looking at things that are already in progress.
... I know MS cares about ISO and X9. I know that the people involved from the Petro and Payments side are pretty disenchanted as they apply to payments. even if you look at the ISO/X9 way of doing things there are things missing.
... it may come up that the WG that is being proposed will develop the data model, but then step back and give the requiremetns to the speciality groups to create the PKI structure or whatever.
... I would like to talk with you, Manu, before my meeting with Mike.
Manu Sporny: We are actively working the problem. Trying to find common ground.
Christopher Allen: MS is doing a variety of things relating to blockchain. Daniel Duchner is working with the block stack people on bringing that tech into MS related work
... as I understand it they are working with other groups. I know that blockstack is planning on using verified credentials and JSON-LD and other things.
... so there is work in this space ongoing at MS. They put a lot of importance into BC.
... whoever is talking to them might remind MS that internally they are already interested.
Manu Sporny: There are three touchpoints. dezell is speaking to the AC rep. Manu is speaking with the identity contact. And then Kim Cameron - identity czar at MS
... Mike doesn't have a position as far as I know. Anthony doesn't seem as opposed. Kim's group is already actively looking at VC.
... there isn't one opinion at MS. They are coming up to speed.
... It is migrating to "let it run its course" or "let's get more involved".

Topic: Verifiable Claims Face-to-Face Agenda

Manu Sporny: Based upon most recent feedback it is not going to happen in time for TPAC
... the most we can hope for is that if the vote is open we can invite people to participate. Bring people up to speed.
... we have asked the WPIG for a block of time.
... There is an opportunity to hang the meeting off another meeting at the end of October.
... Last day of IIW and day after
... We have floated the idea past Phil just to get it on the radar. Given the schedule that is the most reasonable plan we could have for a F2F meeting.
... The upside is whether the WG happens or not we can probably do something at IIW.
... We are going to have to plan all of it ourselves and pay for it ourselves.
... We need to find sponsors, figure out space etc.
Shane McCarron: +1 To attaching it to IIW
Manu Sporny: It'll be around October 27 & 28
Nate Otto: Can't come -- in London for MozFest until the 31st. But +1 to attaching a F2F to a compatible event sometime in the latter half of 2016.
Christopher Allen: We also have a rebooting web of trust at the end of september
... We have had enough people who are critical who feel like they cannot make that meeting.
... We want it to be a 3 day event but the first day is a conflict.
... We were talking about moving it to the three days before IIW.
... MS says that they can hold that space for us.
... 10 or so people have paid for the original dates so we are closing the loop with them.
... Maybe we should contact Daniel about the MS space and if that might work for the VC F2F.
ACTION: Manu to contact Daniel and ask about the space around IIW.
Christopher Allen: Does this change the TPAC plan?
Manu Sporny: There will still be 2 VC events at TPAC. Breakout session on Wednesday and another during the WPIG meeting. Talk about charter questions etc.
Christopher Allen: I am trying to rate my attendence at that meeting. This is the only topic I am interested in. Do I travel to Lisbon for that?
Manu Sporny: It would have been ideal to have a f2f there... but it is too slow.
David Ezell: As we are building this agenda for TPAC (WPIG) manu you should get a page and put this down as a definite session.
Manu Sporny: I thought Ian said he didn't want anything definite yet.
David Ezell: Well, putting your name on the slot makes it more definite.
Christopher Allen: What was that topic named?
David Ezell: If you have additional topics for the IG that would make the meeting more interesting just let me know.
... I know that I wanted to talk with you ChristopherA about emerging markets. Maybe that is of interest?
Christopher Allen: Thank you.
David I. Lehn: Not available. At a meeting in Paris.
Richard Varn: As noted before, EDUCAUSE is october 25-28 in Anaheim. i am currently planning on attending that
Christopher Allen: I could do the friday before IIW (21st of October).
Richard Varn: I can do that
David I. Lehn: I could probably do that. I need to know pretty soon though.
Nate Otto: Doesn't make a difference for me. I'm blocked October 15-31. But I'm just one.. :)
Matt Stone: My calendar is open for late Oct.
Manu Sporny: That is really pretty interesting. We could do it the friday and saturday...
Christopher Allen: What is the paris event?
... WG meetings are usually two days. I think having it on the 27th and 28th. But if there is no venue then it doesn't matter.
Manu Sporny: I will keep you in the loop ChristopherA so that we are not stomping on one another's events.
Dave Crocker: The anti-abuse group is meeting in Paris at that time.
Nate Otto: in Paris M3AAWG Oct 24-27 FYI

Topic: Terminology and Expiration

David Chadwick: I am writing a paper about VC and an implementation we ahve done
... a key point is that VC are user centric and privacy enabled. They are not in the glossary. They should be.
... I have provided some candidate definitions.
Manu Sporny: We have definitions int he charter
... they should have been in the glossary. Can you look them over and see if you agree or if they should be changed?
Nate Otto: I see self-sovereign, but I don't see "user-centric" or "privacy enabling"
David Chadwick: They key terms are not in that glossary.
Christopher Allen: +Q
Dave Longley: We stopped using the term user-centric. We switched to self-sovereign. We had some discussions about privacy enhancing and how much we wanted totalk about that.
David Chadwick: We don't have the term defined. It would be okay to have a local definition of user-centric or replace it with another.
David I. Lehn: I recommend against using the term with a new definition.
Dave Longley: Our intention was to replace the term.
Christopher Allen: I am responding to the privacy question... I am hoping that we can defer identifier and confidentiality issues.
... I need the format now. We can dive deeper in another round of work.
... are we saying there are real privacy enhancements now?
Dave Longley: "Omnidirectional vs. unidirectional"
Manu Sporny: We are saying that we are enabling it. Privacy has a lot to do with the idenitifiers that are used. If an identifier is long lived and ties everything together it is NOT privacy enhancing. If you have one that is generated on each transaction...
... let's not do this in 1.0. we can do it in 2.0 as long as we are very aware of the limitations.
Christopher Allen: In many cases it is not even the data. I didn't know if moving things forward causes thigns to be unclear. We just want flexibility for the future.
Manu Sporny: We have 10 minutes left.
David Chadwick: Expiration time. Nothing has really come of the discussions.
Dave Longley: <-- much of this supersedes the VCTF final report, so whatever terms are there are what we're proposing to W3C
David Chadwick: I thought we had agreed that there should be a time in the credential.
... there needs to be a way to ensure that credentials can expire. Nothing is in there now.
Nate Otto: On expiration: Sounds like something the official work should take up and make part of the vocabulary. I don't think expiration should be a mandatory property of a credential.
Manu Sporny: There is nothing in the proposal, but it is all over the spec. I think what you are asking is that it is there in the definition.
David Chadwick: It should be a mandatory propoerty of a credential.
Manu Sporny: The group has typically landed on that propoerty being optional and specified by the vertical.
Matt Stone: Should recommend the verification package have an expiration period that's separate from the claim itself
Manu Sporny: On the other hand ever use case we have seen has included expiry information.
... we have always intended stuff to expire in the general case.
Christopher Allen: In Smart Signatures, the expiration is part of the signature, but it is a separate standard.

Topic: Linked Data Encrypted Signatures

Christopher Allen: (I.e. the signature expires, not the cliam)
Nate Otto: Reading use cases and saw that no use case requires the actual subject of the claim. That seems strange in a self-sovereign architecture.
... it feels inconsistent in that any older of a claim could share the claim with anyone else without the approval of the subject.
Matt Stone: In concept, the claim payload is still available, but no longer verifiable in "this" transaction
... I proposed an optional extension to have the subject and the issuer to agree on inspectors who can verify the claim.
Manu Sporny: We had a discussion off line and in email about encrypted signatures. So that only the targeted recipient can decrypt the signature and verify the data.
... how does this really protect the subject.
Christopher Allen: That feels like a signature format
Dave Longley: I'd like to see any of this be heavily use case driven
... not clear. But regardless it demonstrates how flexible linked data signatures are.
Manu Sporny: If the goal is to make sure that the receiver of the information cannot misuse it... well, that's not possible. Once an inspector has the information, they can do anything with the data.
Nate Otto: To be clear: any information that an individual has may be shared with others. I posit that there is a significant difference between a verifiable claim and an unverifiable claim (a claim with a signature that cannot be verified by the holder).
Christopher Allen: (You can make it such that forwarded it doesn't validate)
Manu Sporny: We don't think the technical solution prevents misuse of their information.
Christopher Allen: You can't prevent someone from taking the claim information and passing it on, but you CAN make it such that the signature is not valid when you pass it on.
Nate Otto: +1 To ChristopherA. I think this subtle distinction may be significant in the long run. At least enough that I may be interested in implementing this behavior.
... if you are only relying upon VC as being valid, then it will work.
David Chadwick: The issue is about trust. You use the signature so that you know who sent it. If I cannot check the signature but I get it from someone else who says "I chedked it" and I trust them, then I have a trust chain and it holds up.
Dave Longley: Very clear use cases will help
Manu Sporny: That all folds into whether the information remains trustworthy. If you want to restrict forwarding of VALID data there are ways to do that.
Christopher Allen: (It is even possible to link those two, such that the sign fails untill the countersign is made)
Manu Sporny: In case people are not aware, the current protocol has the subject countersign the claim when it is handed over. One is from the original issuer, and one from the subject that indicates "I was in control when I handed it over to you, inspector".
Nate Otto: +1 To David. A chain of trust is a valid use case for this. This is not designed to prevent an inspector who has verified the signature from telling others about that information in a technical sense. That is actually a valuable use case as well. I doubt that all implementers of VCs will want to implement this extra complicated behavior, but there are some valuable use cases I think for some people implementing this.
Manu Sporny: Even that mechanism does not prevent the misuse of information.
Nate Otto: Sounds like my task will be to define a better set of use cases. Thanks for bringing this to the floor, manu.