Verifiable Claims Telecon
Minutes for 2017-03-14
- Agenda
- https://lists.w3.org/Archives/Public/public-credentials/2017Mar/0005.html
- Topics
- Action Items
- Organizer
- Manu Sporny
- Scribe
- Joe Andrieu
- Present
- Joe Andrieu, Dan Burnett, Sean Bohan, Angus Champion de Crespigny, Christopher Allen, Manu Sporny, Matt Stone, Richard Varn, Nate Otto, Nathan George, Kim (Hamilton) Duffy, Drummond Reed, Gregg Kellogg, David I. Lehn, Rob Trainer, Matthew Larson, Eric Korb, David Ezell, Adam Lake
- Audio Log
Joe Andrieu is scribing.
Dan Burnett: Any changes to agenda? ... none.
Topic: Agenda review and Introductions
Sean Bohan: I'm a product manager at at Evernym and will be joining the calls on a regular basis from now on.
Angus Champion de Crespigny: Hi, I'm Angus and I lead Blockchain Strategy for Finance at Ernst & Young. Good to be here.
Christopher Allen: Welcome Angus!
Sean Bohan: Welcome Angus
Manu Sporny: Awesome to see you here, Angus, welcome!
Angus Champion de Crespigny: Thank you all!
Topic: Status of Verifiable Claims WG Creation
Matt Stone: A few tweaks suggested to charter. Recognition that there is high interest. Some push back around privacy. Discussion about scope.
Matt Stone: Payments, educations, multi/other. as potential frames of attention for the effort.
Manu Sporny: Please speak up if payments is important (in charter process)
Topic: No meeting on 3/28 (reminder)
Richard Varn: We started in payments, so we'll be sending something in, in support. Important that it's kept in the charter.
Topic: DO_NOT_CORRELATE flag discussion
Manu Sporny: https://github.com/opencreds/vc-data-model/issues/41
Manu Sporny: Much of the criticism to-date is focused on privacy, resulting in a lot of recent focus on privacy.
Manu Sporny: At the data model there is no way to say "do not correlate" or only use data for this purpose
Manu Sporny: Sometimes this is called consent receipts
Manu Sporny: Need to express that the individual requests non-correlation.
Manu Sporny: This is a flag. it isn't inherently enforceable. that is up to local jurisdictions.
Manu Sporny: Need to be able to say "I don't want my information to be used outside the system"
Manu Sporny: Need to counter the confusion around our commitment to privacy
Joe Andrieu: Manu, I appreciate how you framed that, especially some of the "purpose binding" things you raised. [scribe assist by Manu Sporny]
Joe Andrieu: My concern with the name of the flag is that the word "correlate" is very vague. Sometimes, correlating information with itself ... like "i'm 6 feet tall, but don't correlate that with me", doesn't make sense. [scribe assist by Manu Sporny]
Joe Andrieu: How do we do purpose binding? THat's how GDPR and EU is thinking about it. [scribe assist by Manu Sporny]
Sean Bohan: Without having consequences attached, but perhaps revocation and pairwise identifiers could help prevent correlation from the start
Christopher Allen: Perhaps folding in anti-correlation approaches, such as UProve and others. Perhaps we could reverse it, to say "this is correlatable"
Christopher Allen: Also renaming it might work. Purpose binding might not be the right thing however.
Manu Sporny: Perhaps anti-correlation is a poor phrase. perhaps the flip is good. The problem is we are always emitting data. General agreement with comments.
Nate Otto: "Do not correlate" would mesh better with previous initiatives like Do Not Track that have some support in legal jurisdictions than the reverse "Please feel free to correlate me".
Manu Sporny: Pair-wise identifiers? What do you mean, Sean?
Nathan George: An identifier is created for both sides in the relationship
Nathan George: You could correlate, but it would leave both sides with clarity about whether or not correlation is intended and intentional
Manu Sporny: There isn't a singular technical solution for this.
Manu Sporny: There's just so much data we are sending out
Manu Sporny: Fairly easy for people to collude, e.g., advertising networks
Manu Sporny: That doesn't mean we shouldn't work on it, but is the flag the back up to enable this?
Manu Sporny: Privacy loss happens when privacy expectations aren't met (quoting Joe from github)
Manu Sporny: Being able to be explicit may help. multiple protections. Defense in depth.
Manu Sporny: When we apply those approaches together you may have better results than later
... (than otherwise)
Christopher Allen: No problem referring to a document that specifies applicable terms of use
Christopher Allen: That may be sufficient as a hammer
Christopher Allen: If its out of scope of the protocol, I'd rather have it as a reference
Christopher Allen: BTW, the Bitcoin LIghtning Network uses Tor by default.
Christopher Allen: It is a payment network.
Dan Burnett: Yes, this can give a false sense of security
Joe Andrieu: I like that you've brought up advertising network, we could tag a claim that we share, it needs to be in a verifiable claim. Feels like a false positive. I like CHristopher's proposal, link to terms of use. [scribe assist by Manu Sporny]
Manu Sporny: We could have something like a creative commons for privacy. we have a link friendly data model. so that seems like the foundation for a good proposal, linking to a terms of use
Manu Sporny: First line of defense is technical, but the linked terms of use could be the back up
ACTION: Manu to put together proposal for anti-correlation technique for VC Data Model.
Topic: WoT use case
Christopher Allen: Two issues on this topic. The "story" document. The use case story of a child of refugees who wishes to participate without risking family.
Christopher Allen: The story is to drive the PGP use case: what are the specific peer-to-peer minimum capabilities to replace PGP
Christopher Allen: Things like "trust on first use", where a verifiable claim could be useful. These are low hanging fruit
Manu Sporny: Christopher, Joe, Adam, Nathan and I had a call last week about a demo at RWOT IV that demonstrates progress on shipping code
Christopher Allen: The story in use cases: https://github.com/opencreds/vc-use-cases/issues/31
Manu Sporny: The WoT use case was discussed as a demo, specifically the PGP "I am a person" and countersigned by others
Christopher Allen: The data format for Web of Trust: https://github.com/opencreds/vc-data-model/issues/32
Manu Sporny: Going to try to get something by April
Manu Sporny: PGP is fairly geeky. people who use it understand the underlying tech.
Manu Sporny: This population commonly uses GitHub, so maybe we can use it to start digitally attest using that identity namespace using verifiable claims
Christopher Allen: This also demonstrates the peer oriented of verifiable claims.
Manu Sporny: Next steps, try to show something at RWoT IV
Christopher Allen: This use case would demonstrate the commitment by our group that anyone can be a peer
Christopher Allen: Are there examples in education? Like "I was in a class with that person" Rather than a one-way claim.
Topic: Action Item Review (https://goo.gl/V4XTBT)
Kim (Hamilton) Duffy: Hoping to make a pass at that, this week
Dan Burnett: Chairs are in contact. It's an ongoing process
Sean Bohan: +1 For JoeA
Joe Andrieu: I've unzipped the file!
Manu Sporny: Spoken with uPort. They are interested.
Topic: Suggestions for next week agenda
Manu Sporny: It's conference season.
Manu Sporny: Let's get these different venues in the conversation.
Manu Sporny: If you'd like to run your slide decks by the group, that'd be great to discuss in the group
Drummond Reed: The number of conferences coming up this spring is INSANE
Manu Sporny: It is INSANE! :)
Drummond Reed: I do like the idea of sharing decks so we can take advantage of seeing the best ways of explaining VC
Christopher Allen: There are multiple conferences going on. Would love to meet up with anyone at these conferences. But they are also going to add a challenge to participating in the calls.
Joe Andrieu: With regard to the Joram demo feedback, time is the issue now... [scribe assist by Manu Sporny]
Joe Andrieu: Any further items about the Joram demo?
Manu Sporny: Yes, will try to read and provide feedback. [scribe assist by Manu Sporny]
Christopher Allen: Would like to see it published by RWoT IV
Joe Andrieu: Me too.