The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group


Verifiable Claims Telecon

Minutes for 2017-03-14

Joe Andrieu is scribing.
Dan Burnett: Any changes to agenda? ... none.

Topic: Agenda review and Introductions

Sean Bohan: I'm a product manager at at Evernym and will be joining the calls on a regular basis from now on.
Angus Champion de Crespigny: Hi, I'm Angus and I lead Blockchain Strategy for Finance at Ernst & Young. Good to be here.
Christopher Allen: Welcome Angus!
Sean Bohan: Welcome Angus
Manu Sporny: Awesome to see you here, Angus, welcome!
Angus Champion de Crespigny: Thank you all!

Topic: Status of Verifiable Claims WG Creation

Matt Stone: A few tweaks suggested to charter. Recognition that there is high interest. Some push back around privacy. Discussion about scope.
Matt Stone: Payments, educations, multi/other. as potential frames of attention for the effort.
Manu Sporny: Please speak up if payments is important (in charter process)

Topic: No meeting on 3/28 (reminder)

Richard Varn: We started in payments, so we'll be sending something in, in support. Important that it's kept in the charter.

Topic: DO_NOT_CORRELATE flag discussion

Manu Sporny: Much of the criticism to-date is focused on privacy, resulting in a lot of recent focus on privacy.
Manu Sporny: At the data model there is no way to say "do not correlate" or only use data for this purpose
Manu Sporny: Sometimes this is called consent receipts
Manu Sporny: Need to express that the individual requests non-correlation.
Manu Sporny: This is a flag. it isn't inherently enforceable. that is up to local jurisdictions.
Manu Sporny: Need to be able to say "I don't want my information to be used outside the system"
Manu Sporny: Need to counter the confusion around our commitment to privacy
Joe Andrieu: Manu, I appreciate how you framed that, especially some of the "purpose binding" things you raised. [scribe assist by Manu Sporny]
Joe Andrieu: My concern with the name of the flag is that the word "correlate" is very vague. Sometimes, correlating information with itself ... like "i'm 6 feet tall, but don't correlate that with me", doesn't make sense. [scribe assist by Manu Sporny]
Joe Andrieu: How do we do purpose binding? THat's how GDPR and EU is thinking about it. [scribe assist by Manu Sporny]
Sean Bohan: Without having consequences attached, but perhaps revocation and pairwise identifiers could help prevent correlation from the start
Christopher Allen: Perhaps folding in anti-correlation approaches, such as UProve and others. Perhaps we could reverse it, to say "this is correlatable"
Christopher Allen: Also renaming it might work. Purpose binding might not be the right thing however.
Manu Sporny: Perhaps anti-correlation is a poor phrase. perhaps the flip is good. The problem is we are always emitting data. General agreement with comments.
Nate Otto: "Do not correlate" would mesh better with previous initiatives like Do Not Track that have some support in legal jurisdictions than the reverse "Please feel free to correlate me".
Manu Sporny: Pair-wise identifiers? What do you mean, Sean?
Nathan George: An identifier is created for both sides in the relationship
Nathan George: You could correlate, but it would leave both sides with clarity about whether or not correlation is intended and intentional
Manu Sporny: There isn't a singular technical solution for this.
Manu Sporny: There's just so much data we are sending out
Manu Sporny: Fairly easy for people to collude, e.g., advertising networks
Manu Sporny: That doesn't mean we shouldn't work on it, but is the flag the back up to enable this?
Manu Sporny: Privacy loss happens when privacy expectations aren't met (quoting Joe from github)
Manu Sporny: Being able to be explicit may help. multiple protections. Defense in depth.
Manu Sporny: When we apply those approaches together you may have better results than later
... (than otherwise)
Christopher Allen: No problem referring to a document that specifies applicable terms of use
Christopher Allen: That may be sufficient as a hammer
Christopher Allen: If its out of scope of the protocol, I'd rather have it as a reference
Christopher Allen: BTW, the Bitcoin LIghtning Network uses Tor by default.
Christopher Allen: It is a payment network.
Dan Burnett: Yes, this can give a false sense of security
Joe Andrieu: I like that you've brought up advertising network, we could tag a claim that we share, it needs to be in a verifiable claim. Feels like a false positive. I like CHristopher's proposal, link to terms of use. [scribe assist by Manu Sporny]
Manu Sporny: We could have something like a creative commons for privacy. we have a link friendly data model. so that seems like the foundation for a good proposal, linking to a terms of use
Manu Sporny: First line of defense is technical, but the linked terms of use could be the back up
ACTION: Manu to put together proposal for anti-correlation technique for VC Data Model.

Topic: WoT use case

Christopher Allen: Two issues on this topic. The "story" document. The use case story of a child of refugees who wishes to participate without risking family.
Christopher Allen: The story is to drive the PGP use case: what are the specific peer-to-peer minimum capabilities to replace PGP
Christopher Allen: Things like "trust on first use", where a verifiable claim could be useful. These are low hanging fruit
Manu Sporny: Christopher, Joe, Adam, Nathan and I had a call last week about a demo at RWOT IV that demonstrates progress on shipping code
Christopher Allen: The story in use cases: https://github.com/opencreds/vc-use-cases/issues/31
Manu Sporny: The WoT use case was discussed as a demo, specifically the PGP "I am a person" and countersigned by others
Christopher Allen: The data format for Web of Trust: https://github.com/opencreds/vc-data-model/issues/32
Manu Sporny: Going to try to get something by April
Manu Sporny: PGP is fairly geeky. people who use it understand the underlying tech.
Manu Sporny: This population commonly uses GitHub, so maybe we can use it to start digitally attest using that identity namespace using verifiable claims
Christopher Allen: This also demonstrates the peer oriented of verifiable claims.
Manu Sporny: Next steps, try to show something at RWoT IV
Christopher Allen: This use case would demonstrate the commitment by our group that anyone can be a peer
Christopher Allen: Are there examples in education? Like "I was in a class with that person" Rather than a one-way claim.

Topic: Action Item Review (https://goo.gl/V4XTBT)

Kim (Hamilton) Duffy: Hoping to make a pass at that, this week
Dan Burnett: Chairs are in contact. It's an ongoing process
Sean Bohan: +1 For JoeA
Joe Andrieu: I've unzipped the file!
Manu Sporny: Spoken with uPort. They are interested.

Topic: Suggestions for next week agenda

Manu Sporny: It's conference season.
Manu Sporny: Let's get these different venues in the conversation.
Manu Sporny: If you'd like to run your slide decks by the group, that'd be great to discuss in the group
Drummond Reed: The number of conferences coming up this spring is INSANE
Manu Sporny: It is INSANE! :)
Drummond Reed: I do like the idea of sharing decks so we can take advantage of seeing the best ways of explaining VC
Christopher Allen: There are multiple conferences going on. Would love to meet up with anyone at these conferences. But they are also going to add a challenge to participating in the calls.
Joe Andrieu: With regard to the Joram demo feedback, time is the issue now... [scribe assist by Manu Sporny]
Joe Andrieu: Any further items about the Joram demo?
Manu Sporny: Yes, will try to read and provide feedback. [scribe assist by Manu Sporny]
Christopher Allen: Would like to see it published by RWoT IV
Joe Andrieu: Me too.