Meeting minutes
Benjamin_Young: Hi We'll give it a few minutes for everybody to wander in.
Benjamin_Young: I'm going to give it till 5 after and then we'll get started.
Benjamin_Young: Okay, it's 5 after. So, let's get started. thanks for coming everybody. This is the call currently known as the VC entity and recognitions one of the things we'll be discussing today is naming. but we'll get there gradually. does anyone have any announcements or introductions of yourself or anything else you want to say before we dive in? Any agenda additions, key things you want to look at? there has been a flurry of confusion around mostly other people's meetings.
Renaming Specification Poll
Benjamin_Young: Not this one, think. but who knows? I just wanted to confirm again that this time was good for all of you on the call at least. I think we shifted to this call time just before everything shifted to the BCWG. So maybe we were ahead of the class. But in any case, I just wanted to do another check-in to make sure we can keep this call time or if anybody needs any tweaks while that's a trending topic. Okay, to the topic everybody signed on to discuss. we are renaming the specification.
Benjamin_Young: Manu sent a poll out sometime last week and we got a handful of votes based on goodness almost 20 choices checking through a various set of recount options for this rank choice voting the winner looks to be recognized entity by a tiny margin over verifiable recognition. anyone have complaints about recognized entities very agreeable today everyone. Thanks or your mics are all broken.
Benjamin_Young: Awesome. Then I will record that on our renaming issue, which I'm certainly at. Go ahead. Whoever that was. Shigeya S:
Benjamin_Young: I just heard that. All good. anyone have thoughts? I think this is probably last call on this topic. All right.
Ted_Thibodeau_Jr: I failed at the poll. I would definitely prefer the second name that you said,…
Ted_Thibodeau_Jr: not recognized entities, but the other one Can you share the link to it?
Benjamin_Young: So yeah,…
Benjamin_Young: something we could decide to do in part because it's a fairly lightly intended attended call is to give the poll just a little bit more time. I am not able to see who responded. is it done? Yeah, I can.
Ted_Thibodeau_Jr: My mail client is misbehaving in bad ways.
Benjamin_Young: Let me confirm this is the right link.
Ted_Thibodeau_Jr: That's why I didn't see it.
Benjamin_Young: That is not the right link. trying to find it myself.
Benjamin_Young: Ted problem is I'm now logged into the system for the voting, so I can't see any of the links. I am getting it out of my inbox.
Ted_Thibodeau_Jr: That's special.
Steve Capell: Hello all.
Steve Capell: My apologies for joining late. I was on another meeting.
Benjamin_Young: There it is. Yeah, no worries.
Ted_Thibodeau_Jr: Thank you.
Benjamin_Young: And Coyote's got us covered the links in the chat.
Benjamin_Young: So Steve, just to catch you up, the current discussion is around keeping the name renaming poll open a bit longer. we could even just, say we're going to keep it open for the next 20 minutes if you all want. the original plan was to conclude this part of our story together today,…
Benjamin_Young: but we can leave this poll open for a bit if y'all want to put a few more votes in andor we can take a vote on leaving it open for another week to see if more things come in. Anyone have thoughts one way or another?
<Kayode_Ezike> Renaming vc-recognition Specification | OpaVote
Steve Capell: I've already voted,…
Steve Capell: but I'd be happy to give time for whoever wants to vote. s*. Oops.
Benjamin_Young: Thank you,…
Benjamin_Young: Dad, did you get your vote in?
Ted_Thibodeau_Jr: I'm in the process.
Ted_Thibodeau_Jr: Thank you.
Benjamin_Young: It's only 20 choices to pick from and…
Ted_Thibodeau_Jr: Yeah, it's I suppose I could just go with one.
Benjamin_Young: you can rank them all if you want. Yeah, that's also a thing.
Steve Capell: I was interested to you you can learn what's in the minds of a participant by how they want to name something. And so it's interesting that some of us me come from this we need to recognize authoritative registers like the Australian business register and stuff like this. Whereas others are coming from we might have a peer group of people that trust each other and want to say something like I trust Ted because Manu trust Ted and I trust Manu right and the word peer I think it was Ted that was proposing that implies that sort of different purpose and it's not to say that those two different purposes can't be met with the same spec but
Steve Capell: It highlights a use case, I suppose, in my mind that isn't mine, but equally important.
Benjamin_Young: And pure pier something was on here. I'm looking through the list. BC peers and BC pure I think were the only two that made it in. Kevin, I don't know that we're gonna add any more names to the list.
Benjamin_Young: That's an interesting one.
Kevin_Dean: No, no,…
Kevin_Dean: I wasn't suggesting that that added. that was just in the context of what they were saying earlier about, I trust this person…
<Kevin_Dean> Transitive trust.
Benjamin_Young: All right.
Kevin_Dean: because Manny trusts that person. that's the concept of transitive trust.
Benjamin_Young: Right. Yeah,…
Kevin_Dean: No, I'm not suggesting adding any name to the list.
Benjamin_Young: I know. We could always have more than 20 choices. That very true.
Benjamin_Young: So Ted,…
Ted_Thibodeau_Jr: And now it's a tie.
Benjamin_Young: with your vote in, let me make sure this is getting counted properly. I'm not sure It might be. there we go. So, it defaults to an instant runoff, which is not really what we want because it doesn't properly.
Benjamin_Young: I need to make Yeah, it's showing the newest number here in terms of counts.
Benjamin_Young: So recognized entity still wins that unless that's ultimately what you pick.
Ted_Thibodeau_Jr: …
Ted_Thibodeau_Jr: I'll cry on my coffee.
Benjamin_Young: All Hold your nose and not lie down the road as Devon likes to say. And I All right. So, Any desire to leave this open even longer or to just hang out with Ted and,…
Steve Capell: It's good.
Benjamin_Young: grind your coffee?
Ted_Thibodeau_Jr: when did it actually get sent out in the first place?
Benjamin_Young: That's a good question. See if I can find the URL in my inbox.
Ted_Thibodeau_Jr: And did it indicated that a end date?
Benjamin_Young: No, I think there was probably an assumed by the next meeting, but I don't know that it was stated. Manu sent the mail out, So, I'm trying to find it. You think Gmail would support searching by URLs, but it doesn't. Okay. the email.
Benjamin_Young: It only went out a day ago and…
Benjamin_Young: it didn't go out to the whole mailing list. It went out to basically the regular attendees. Yeah. Yeah.
Ted_Thibodeau_Jr: There you go.
<Kayode_Ezike> It was sent out yesterday
Ted_Thibodeau_Jr: I will ask that it be resent with an actual explicit end date.
Benjamin_Young: Yeah. Me too. Yeah. That's not good on a number of levels. Okay. I will redo that. Yeah. I don't think that's nearly enough time. Okay, I will write that email just following this meeting. thank you everybody. Sorry about that. I thought it had gone out last week because I wasn't watching for it. okay, great. So, moving on.
Benjamin_Young: We're going to turn to issues and PRs always. so let's see…
Benjamin_Young: do you all prefer screen sharing or links? you let me know if my screen sharing is sensibly sized or not. I can zoom in and…
Ted_Thibodeau_Jr: I like the power of hand.
Benjamin_Young: resize windows and whatever. That seem okay.
Ted_Thibodeau_Jr: Roughly.
Benjamin_Young: Do you want it squarer or more horizontal?
Ted_Thibodeau_Jr: I bet if you hit the command plus once,…
Benjamin_Young: Okay. How's that?
Ted_Thibodeau_Jr: that's way better.
Pull Request: Remove Version Numbers
Benjamin_Young: So, many of these PRs are clerical and probably can just be merged. This one I was removing version numbers from people's names. It's a data nightmare.
Benjamin_Young: I don't think it needs voting. Steve, did you have something?
Steve Capell: No, no.
Steve Capell: I was just going off mute because I'm on a phone and it's hard to control that and…
Benjamin_Young: Sure.
Steve Capell: at the same time as see the screen.
Benjamin_Young: Yeah, not a problem.
Benjamin_Young: So then go ahead.
Ted_Thibodeau_Jr: I didn't look closely at the removing numbers from names.
Ted_Thibodeau_Jr: It makes sense for data. You're absolutely right. But it depends whether these people are labeled as former whatevers or active whatevers.
Steve Capell: That means whe
Benjamin_Young: So, there's a note thing that's now visible in the spec. and it puts a parenthetical after each person with the note.
Ted_Thibodeau_Jr: Perfect. Okay,…
Benjamin_Young: So, the data is still there. It's just now in a sensible place.
Steve Capell: See what he's doing. Interesting.
Benjamin_Young: And…
<Phillip Long> looks good
Ted_Thibodeau_Jr: that answers my question.
Benjamin_Young: doesn't Yeah.
Ted_Thibodeau_Jr: That's great. Thank you.
Benjamin_Young: Doesn't bugger up my robots anymore for one thing. Cool. okay.
Pull Request: Renaming Specification Update
Benjamin_Young: So, I'll merge that one later. this one. Yeah. So, I think Avon's wanting a few more revisions just to make it clear where the activity is moving to, including the mailing list. But this original PR was actually about renaming. But I think we'll hold off…
Ted_Thibodeau_Jr: It may be worth a comment back to Ivon that he means moving from CCG
Benjamin_Young: until the vote completes and then maybe I shouldn't because there's some link I'll do another pass on this.
Benjamin_Young: Y'all can plus one it and I think we can merge it while the thing's being renamed and…
Steve Capell: I'm going to follow
Benjamin_Young: do another one unless folks have objections to that.
Ted_Thibodeau_Jr: G to WG, not W3C.
Benjamin_Young: Yeah. it's the inner temple of the W.
Ted_Thibodeau_Jr: Yeah, it's just the part where that look like the CCG is not part of W3C and that's
Benjamin_Young: Yeah, Yeah, there's ongoing tension there about use of the word W3C on CCG specs and all kinds of stuff, but yeah, point point taken. yeah, I'm not going to bother commenting live right here, but if you want to say something to Avon about it, that's fine.
Benjamin_Young: So, we have two other PRs from three weeks ago. Looks like this one has processed most of your feedback, dead. Some of it's outdated, too. A lot of it's outdated and it has approvals that came in around the same time. yeah.
Pull Request: Revise Specification Text
Ted_Thibodeau_Jr: That's probably fine. There's some weird GitHubisms that don't properly handle people putting in this correction,…
Benjamin_Young: Yeah. Right.
Ted_Thibodeau_Jr: but it doesn't show up as having been applied. steve capell:
Ted_Thibodeau_Jr: It just shows the old not that outdated and that's injury review probably.
Benjamin_Young: Okay.
Benjamin_Young: Are you okay if this gets merged Okay. And we can right here.
Ted_Thibodeau_Jr: You've got a resolve conversation there. I haven't found Where is this? Yeah, you've got a resolve button. I don't think that I do.
Benjamin_Young: That's interesting…
Benjamin_Young: because I would think as the author you could resolve your own comment.
Ted_Thibodeau_Jr: Yeah, you would think that.
Benjamin_Young: If you want I can do them for you now. or we can just leave them here for posterity in case somebody realizes they didn't get added later.
Benjamin_Young: But probably makes sense to merge this and…
Benjamin_Young: do any further editing separately.
Ted_Thibodeau_Jr: I found it. And that's leave it until a little while after this meeting and I'll review those and we'll
Benjamin_Young: Okay, that's fine.
Benjamin_Young: and just ping us when you're happy. We have another one 61. I haven't been dropping links in here. I'm sorry y'all or even saying the names numbers. it's not great for the minutes. This one likewise has one approval and…
Benjamin_Young: yeah, we had gone through each one of these in discussion. And it looks like there's a just tiny handful of tweaks here.
Ted_Thibodeau_Jr: Yeah, these don't say Good. Yeah,…
Benjamin_Young: No, because I'm not sure why the other ones did either. I think what probably happened with those is Monu accepted some of your changes but not all of them.
Benjamin_Young: And so then that somehow messed up like the dates earlier.
Ted_Thibodeau_Jr: that's a challenge if some things are accepted and others aren't. Unless it says I'm not accepting this,…
Benjamin_Young: Right. right sure Shadea there's a comment from you from recently on this PR
Ted_Thibodeau_Jr: then I don't know to argue it.
Pull Request: Digest SLI Consideration
Shigeya_S: Yeah. yeah. later the issue that mentioned that the digest SLI u type of the protection is not introduced in this spec but it's mentioned in the BGDM spec already. So I think it's natural to include digest here if there's something you want to remove digest.
Shigeya_S: So It's of course security consideration but the text goes that mentioning about the digest mice. So I just mentioned
Benjamin_Young: Yeah, that's fair.
Benjamin_Young: No, they're both presented as equal in the BCDM. so they should both probably be listed and we do have an issue for that. I'm personally in support of that. Anyone have thoughts or concerns with that comment?
Benjamin_Young: And it very well will probably come in as a separate PR if somebody wants to take that on after this one goes in I would guess.
Ted_Thibodeau_Jr: Yeah, I think that makes sense.
Ted_Thibodeau_Jr: And the issue will track it.
Benjamin_Young: And thank you for the issue as well. That is very helpful.
Benjamin_Young: So again, with this one, I think it's probably up to Manu to accept these. I may check with him if he's okay with me taking over his PR because he's the author of both of these. he might appreciate the help, but I'll check before we merge these two. Okay, we'll go through issues. we just discussed number 68. let's see. It's a bunch ready for PR. there's our change document title one. I'm going to all the way down here.
Benjamin_Young: Add the vote. That look okay to everybody?
Benjamin_Young: I'm just saying to the folks on GitHub, here's the vote using rank choice.
Ted_Thibodeau_Jr: Yeah, that makes sense.
Ted_Thibodeau_Jr: Put a note in that you get one shot at it.
Benjamin_Young: Yeah. Yeah.
Ted_Thibodeau_Jr: If you submit your ballot with only two names on it, you can't go back and add more.
Benjamin_Young: for Yes, that's interesting. I thought it would let you do it. Go back and tweak your vote. But wow,…
Ted_Thibodeau_Jr: Unlike most W3C things, it does not have
Benjamin_Young: this one's totally separate. It'd be great if the W3C had a rank choice voting system. put it under here.
Benjamin_Young: I look okay.
Benjamin_Young: Ted, please know you only get one chance.
Ted_Thibodeau_Jr: I think most important.
Ted_Thibodeau_Jr: Yep.
Benjamin_Young: Okay, So, that's done for anybody who is only watching GitHub. There's a few people that might be Okay, let me take out the PR ones, which this one I'm going to go ahead and mark ready for R as well. It's pretty straightforward.
Issue: Document Use Case Purpose
Benjamin_Young: Steve, you posted issue 66 and are here. I thought can't see the …
Steve Capell: Yeah,…
Benjamin_Young: you are. Hi.
Steve Capell: this is just documenting a purpose, I don't even know whether it goes in the spec or whether we have a part of the spec here's some use cases. in which case not exactly these words would go in The intent of this issue is just to share with this group. what are use cases? so what's the do we create separate use case documents or…
Steve Capell: do we use cases in specs?
Benjamin_Young: Yeah. …
Benjamin_Young: we do indeed in this case have a separate use case document. This guy here,…
Steve Capell: Okay. Yeah. Okay.
Benjamin_Young: use cases. I'll drop the link in the chat. And I think we obviously are managing the issues for it in the same place, but your issue can likely go straight into that document as a VR and then we usually have a use cases. Okay, I'm gonna add a use case label.
Benjamin_Young: And then try to a PR would be ideal on the use
Ted_Thibodeau_Jr: Yeah. If nothing else,…
Ted_Thibodeau_Jr: if nothing else, that use case document gets used as a sort of checklist. Have we implemented all the features that are necessary to satisfy all the use cases?
<Benjamin_Young> vc-recognition/use-cases.html at main · w3c/vc-recognition · GitHub
Steve Capell: Yeah. Yeah,…
Steve Capell: of course. Entirely reasonable. So, do you want me to raise a PR or what's next? Because I don't know if I changed the wording a bit. All right. Okay. I can do that.
Benjamin_Young: case document. Yeah, good look.
Steve Capell: Did you say you put a link in the chat? I'm just going to find that.
Benjamin_Young: Yeah, it's just in this repo and it's called use cases.
Steve Capell: In the same rep. I'll find it then.
Benjamin_Young: Yep.
Steve Capell: No worries. I might change the wording a bit when I wrote it as a explainer to this group as opposed to a, …
Benjamin_Young: Has it right? steve capell:
Steve Capell: a publisher. So, I might tweak the words and make a PR.
Benjamin_Young: Yeah,…
Steve Capell: Okay. I don't mind.
Benjamin_Young: that sounds great. Do you want any feedback on this before? would you like to recap that on today's call or prefer that people read this and send you feedback?
Steve Capell: What would the group prefer?
Benjamin_Young: I think it'd be great to get, a five minute overview or…
Steve Capell: All right.
Benjamin_Young: however long you need.
Steve Capell: The primary use case we have is linking credentials to some sort of authoritative basis. And there are a few slightly different variants. For example, a crossber invoice as a verifiable credential issued by an exporter seller would be signed by their did but the verifier in the other country doesn't know who that did is really and so you add a lot of value if the exporter can choose it is their choice, right?
Steve Capell: But if the exporter can say, and by the way, here's my formal business registration where the registar has confirmed that I am the controller of this did and asserts that the controller of this is also known as this for example Australian business number. What that means is then the verifier can confirm not only that the invoice hasn't been tampered with but it was issu issued by string and business such and such. This is helps with things like customs clearance trade finance access. I think it's about $2.5 trillion worldwide of available trade finance that is not granted. In other words, the bank has the borrower wants it, but the bank says no.
Steve Capell: And half the time it's because of identity and document integrity concerns and the difficulty of checking them. So what reason I'm here in this group I suppose is that when almost all the talk about verifiable credentials is about verifying a credential. but how do you get into ubiquitous technology stacks the consistent way to verify linked credentials really the graph behind multiple credentials and that's the reason we're here right and I know this is all these use cases are mostly in the business and business to government and trade and commerce space not the private individual ual identity space.
Steve Capell: and so sometimes what you want to protect for very good reasons in the personal space exactly what you want to publish and prove in the business space right and so yeah I think this idea of verifying a small graph of linked data that's cryptographically connected between multiple credentials is really fundamental to the future of automated due diligence in supply chains for example. so this is just talking through a kind of an expectation about how that might work.
Steve Capell: So there's a presumption here for example that if an authority is going to say here's your business registration credential where the subject did that authority didn't issue because it's a self- sovereign did created by the member of the register then the authority needs to confirm that the requesting party is the genuine controller of that deed and so I suppose that raises these questions about what are the boundaries of this spec? Are we just saying here's what a entity recognition credential looks like?
Steve Capell: But are we also saying what are your obligations as an issuer of an entity recognition credential when it comes to for example confirming that the subject genuinely controls so I'm trying to raise those sort of questions in this group about sort of outside the pure credential data model what are the rules about issuing them and what are the rules about verifying link credial so that we get this consistent approach because otherwise there's a risk that some implement just might not verify control of it in which case the whole architecture breaks down right so yeah I remember exactly…
Benjamin_Young: All right, then.
Steve Capell: what I wrote now it was a week ago during the last …
Ted_Thibodeau_Jr: Sounds good. I skimmed it when it went in and it looked reasonable. I think the focus of this particular work item, I think, is similar to the old signing parties for PGP keys.
Ted_Thibodeau_Jr: It's the mutual web of I know you,…
Steve Capell: I don't have this very Yeah,…
Ted_Thibodeau_Jr: I know them, or I've just met them, but I recognize that them, and that means that I give them some more credence than if I had just encountered them. how much more credence depends, of course, on who you are and what tests you've put them through. it's going to be a gradual thing. This is a developing environment which I don't think anybody has a real handle on yet.
Steve Capell: that I think you're obviously dead right that…
Ted_Thibodeau_Jr: Good step forward.
Steve Capell: who issues the entity recognition credential and what governance processes around it. Is it just Manu knows Fred or is it an authoritative register that has and every authorative register exists under some different national regulation and has different degrees of identity controls and so So it is up the way at least in some of the UN projects we're dealing with dealing with that is different of registers.
Ted_Thibodeau_Jr: Yep.
Steve Capell: So for example if you're a legal authority in the US it would be a state level business register. in Australia it's a national one but doesn't matter. it's a government-run register that's been around for 200 years and is now just looking to do what it's always done on paper but digitally and verifiably. If they come under that nation state legal governance framework then they would appear on the UN grid register which is a register of legal authorities right but there's other kinds of registers where it's also useful to know for example the party that signed this invoice is genuinely a member of the Monuka Honey Association and so the product is likely genuine Monuka honey.
Steve Capell: This has got nothing to do with state level regulations, right? So now you need a different register to say,…
Steve Capell: Monica Honey is a verified industry association. That's all you can say, so yeah,…
Ted_Thibodeau_Jr: What? Yeah.
Steve Capell: I think what we'll end up doing is really distinguishing between these different lists, right? and the conditions to join that list and that's how you get some sense of to what extent do I trust this yes and…
Ted_Thibodeau_Jr: Yeah. it's the matrix of shoot. I just had the word. It's not reliability, but it's reputation.
Steve Capell: sometimes that reputation is earned through years of ethical participation right this is the more like peer trust framework.
Steve Capell: I got five stars on Amazon because I've been there for 10 years and everyone loves me. and sometimes it Yes.
Ted_Thibodeau_Jr: That's the one too that you have to watch out for the inflation,…
Ted_Thibodeau_Jr: and somebody who has a high rating just because they've been there for 10 years, not because of anything they've actually done with an equal challenge going forward is that national registers are not necessarily automatically trustworthy.
Steve Capell: That's right. That's right. Yes. Yeah,…
Ted_Thibodeau_Jr: I don't want to impugn any given country at this time, but I would imagine that somewhere in Southeast Asia or somewhere in Africa or in the island nations might set up a registry for the spammers of the world.
Ted_Thibodeau_Jr: And that would quickly get bad reputation, but that might not matter if they've got enough robots set up to upvote each other. Yep.
Steve Capell: if it's a recognition mechanism, So I think some will be peer recognition and some will be hierarchical, So if a register like that was created and it was on the UN grid, then there would be governance processes about stripping it. But similar for conformity assessment, Product quality there. How do you distinguish between a certifier who is just any random party and one that is accredited? there's another link in the chain. You go to a national accredititation authority and then you go up to IAC global mutual recognition.
Steve Capell: In other words, our use cases are really all about one pattern,…
Steve Capell: which is not trying to reinvent trust architectures, merely trying to digitize existing trust architectures, right? And so,…
Ted_Thibodeau_Jr: Yep.
Ted_Thibodeau_Jr: And…
Steve Capell: yeah. Yeah.
Ted_Thibodeau_Jr: one of the challenges of this, right, is to avoid accidentally setting up a recentralization of the stuff that we've done a lot of work on decentralizing. Okay.
Steve Capell: And that hence my initial comment about this being B2B and a lot of the ethics around this I entirely subscribe to, Personal identity, decentralization, control of your data, these are all sound principles. but at the same time these existing architectures of trust that actually matter even to people exist right and…
Ted_Thibodeau_Jr: Yeah. Yep.
Steve Capell: don't want to force centralization that doesn't previously exist only to empower existing quite important trust architectures. I mean, if you're presented with a driver's license, you do want to be sure it was issued by an actual driver's license authority, and there are hundreds of them all over the world. so how can you be sure, So, that's still protected. The personal identity protection is I should be able to abstract or redact whatever I want when I show you my driver's license, but you as the verifier want to be sure it's a real driver's license. Right?
Steve Capell: So there is a good blend somewhere of a decentralized personal identity protection and basically leveraging existing trust architectures in the paper world that have existed for 200 years for good reason.
Ted_Thibodeau_Jr: Mhm. Yep.
Steve Capell: And it's surprising how often I've found myself in presentations and discussions when people are talking about let's say a trust register and they mean something like some new infrastructure that is a list of trusted I don't know wallet issuers and okay where did that come from and who's governing that and how do you know who it's trusted you get into all kinds of complex questions when you reinvent not reinvent but invent some sort of new governance model
Steve Capell: because behind all of these registers there has to be some sort of process and governance right and I think we just want to reflect existing ones not new ones and there's actually a lot of benefits that acrew from that because people create registers all the time there's one called I don't…
Kevin_Dean: Yes.
Steve Capell: if you're familiar with it the legal entity identifier and it's run by an organization called glyife the global legal entity identifier federation I think it's a not Swiss not for profofit and supposedly they're the global authority for business identity.
Ted_Thibodeau_Jr: Hey, Yep.
Steve Capell: My argument is really since when does an Australian business answer to a Swiss not for profofit? this is an attempt to centralize something around a technology that in my view makes almost no sense. because the actual authority of course is the government under which you registered your business, not a Swiss not for-p profofit, And so I'm trying to distinguish very clearly between these kind of fanciful attempts at centralization and just Yeah.
Ted_Thibodeau_Jr: And it's self-declared authority registar is not necessarily inherently bad or wrong, but it's more questionable than a long-term governmentally provided thing or…
Steve Capell: Yes.
<Shigeya_S> This spec will be an important piece to implement balanced trust architecture among centralize/decentralized, imo.
Benjamin_Young: You go ahead, Kevin.
Ted_Thibodeau_Jr: I don't know about provided but recognized and accepted and which government and where these things are all come into play. Kevin, you're
Kevin_Dean: And this is one of the things that I've been advocating with verifiable credentials for quite a while. for those of you who are not aware I originally started in supply chain. I got into verifiable credentials when I was with GS1 which is the supply chain standards organization responsible for the retail barcode. and I'm fully with Steve on this this is the beauty of this work that we're doing here it means that we can adapt credentials the organizations that are doing any kind of certification or any kind
Kevin_Dean: of role recognition can add verifiable credentials to their processes and…
Steve Capell: Okay.
Kevin_Dean: there isn't anything that we need to do or should do that say that that dictates how those certifications take place. It's simply an organization stands up and says I am doing X to recognize businesses other entities or individuals and anybody who wishes to consume that credential is doing so because they are looking for that kind of certification and the verifiable credential is the means by which is being done.
Kevin_Dean: while there are some issues with GLE and the legal entity identifier I don't think there's anything in what we're doing here that would prohibit them adapting this to to your LEI in a VC although they do have their own VC model already and it's no no and…
Steve Capell: Yeah, I don't mean to be too negative about life.
Steve Capell: Sorry, I came across that way.
Kevin_Dean: it's but it's Yeah,…
Steve Capell: But yeah, it's just these claims sometimes.
Kevin_Dean: but this…
Steve Capell: Yeah. Yes. Yes.
Kevin_Dean: but there's a lot of things in supply chain that can benefit from this.
Kevin_Dean: As you said earlier, the payment issue is a tricky one to solve.
Kevin_Dean: And with the right framework for a VC, we can solve that. we can or at least make it easier.
<Benjamin_Young> 👍
Benjamin_Young: Yeah, thank you Steve for taking us through that.
Benjamin_Young: K to go ahead.
Kayode_Ezike: Yeah, I have two questions comments. so the first thing is I'm looking at the steps you outlined here. There's a place where you said using something like did webv to discover the issuer of the DIA. I question are we correct in assuming that I guess the business item for example who's given this credential to assert that they're part of this network is do they always have to know that they're on a list can an organization decide to recognize an entity without them necessarily asserting that themselves and als
Kayode_Ezike: Also the other thing around that is is that the way to go if basically kind of my understanding put you can control that as the controller of that data right so it's not I guess up to you in as much as it is up to the issue of the DIA and…
Kayode_Ezike: so I'm a little concerned about
Steve Capell: All right.
Steve Capell: So I think I understand your question. yes, the member of any register will always know that they are a member of that register because there's a governance process to achieve membership, at least in our use cases.
Steve Capell: And part of your question I think goes to the discovery mechanism of how do I go from I've and this credential was issued by regular with the word trust right but trusted issuer there are two pathways right what one is you go and search the register and say is party
Steve Capell: on it. The other one is the party presents a credential signed by the register that says they're on it. and part of this there are two different and both may be valid but in our use case almost exclusively it will be from the transaction like an invoice to a credential issued by an authority register. In other words, you're discovering through the ID not through the register. and that's partly because of the scale of things, I mean, a small medium-sized economy like Australia has 2 million registered businesses and about somewhere between two and 500 changes to the register every day.
Steve Capell: So if you imagined a register level credential listing all members, it would just fall apart. It'd be impractical, Plus, some registers carry information that the registered member may want to communicate to parties they know, but it's not public information. so you always want to basically traverse a trust graph from transaction to registration to directory and up that way. which is why I bring in didv who be not because I'm saying did VH is the only way to do this.
Steve Capell: I'm just saying a key part of our expectation is that the way you discover the entity recognition credential is through a service endpoint or through the did document of the registered or the recognized entity right and that's also not part of this spec as far as I can see but for us it's a really important part of I can't draw a trust graph if I can't find the credential that I need for my trust graph and if there's 20 different ways to find it, it won't scale very well. Right? So yeah, the simple solution here for verifiers is to be able to basically follow a set of verifiable and cryptographically link data until you hit something you trust.
<Benjamin_Young> acknowledged source?
Steve Capell: No, you might stop at just the invoice because you actually know the did of the invoice issuer. Is your business partner you've been trading with for 10 years and by some out of bounds method he says this You don't need to go any further. I just trust it. You might not know it and you go up to the next level that says here's a Australian business register issued entity recognition credential that says this party is that Australian business. good. You might have maintained a register of a directory if you like of all business registers around the world and the Australian one is atto.gov.au/
Steve Capell: EU/ something okay or you might not have maintained a list of the roughly thousand registers around the world authoritative ones that register businesses and in which case you go one step further and you get to the UN that says this is a national recognized business register so you stop wherever you want…
Steve Capell: until you hit something you trust is the operating theory but you've got to be able to discover it through the identifiers not by searching ing a register you may not even know exists.
Benjamin_Young: This has been great.
Benjamin_Young: Steve, I think you've got support for your use cases. I don't think anyone's raised any concerns. anyone have thoughts out of this in terms of any actions we need to take relative to the specification as written
Phillip Long: I think this works perfectly for the businessto business kind of context. it doesn't of course if the member is actually an individual and…
Steve Capell: memory actually.
Phillip Long: not another organization. In that context,…
Phillip Long: you would do something more along the lines of a recommendation kind of credential. and the business contest has worked well.
Steve Capell: Yes. I acknowledge that I've just got one use case,…
Benjamin_Young: And…
Steve Capell: and that kind of ear trust or peer recognition is an equally valid use case.
Benjamin_Young: I think the question, probably for us as a group is can we incorporate ate both those use cases mentioned into our currently being renamed specification.
Steve Capell: And particularly I think what do the use cases mean for the boundaries of the spec so this business of discovery of the credential through did that probably applies equally to the peer one right because how do I find when I'm talking to Ted that he's trusted by Manu if not through Ted's did maybe there's another way I don't know but the spec as far as I could see at the moment doesn't only talks about the data model of the entity recognition credential
Steve Capell: not a consistent way to discover the entity recognition credential which in our case is equally important.
Phillip Long: The context that I'm thinking about in the background is the recent approach that the state of Utah has taken with the state endorsed identity
Phillip Long: which makes a distinction between the provision of the role versus the individual.
Phillip Long: So that if you can revoke the status of the role but you don't want to revoke anything associated with the did of the person and as long as we preserve that distinction I think we're
Steve Capell: Yeah. So me yeah there is a layer that we haven't spoken about in this whole business registration stuff…
Steve Capell: which person represents the business today and that gets tricky right because you've got two identities the identity of the director who for a transient period as long as he is a director of that business or she I'm sorry has an authoritative role the business identity itself doesn't change directors come and go so that sort of relationship is typically managed by the business registers and each one does it differently and at least for our purposes we add a lot of complexity if we try to trace
Steve Capell: the business identity to the legally authorized person identity that's acting for that business.
Steve Capell: And I'm trying to avoid that at the moment, but yeah.
Phillip Long: Ex I think that's exactly right.
Phillip Long: Because in a sense that you want the role to re revocable not anything to do with the individual behind that role in other contexts. Right? So,…
Steve Capell: It's almost I want to know that the business exists how long it's existed and that it hasn't been dregistered really right…
Phillip Long: Mhm. Exactly.
Steve Capell: which is there's no personal parties party in that at all right unless my use case is about sometimes you do have a use case that requires a person right are you an accredited vet we're doing this phyto sananitary inspection of agricultural produce being exported.
Steve Capell: It is going to end up with a personal identity. but we'll have to be Yes.
Phillip Long: Yeah, that's…
Phillip Long: where I think the notion of an endorsement of the individual's provision as opposed to the individual's identity is the key.
Benjamin_Young: Awesome. Thank you everybody.
Steve Capell: Yes. Absolutely. Okay, thank you for the PR.
Benjamin_Young: I am gonna cut us off because we're at time. this was a great discussion and it should certainly continue. Steve, I think you've gotten plenty of blessing on this use case. That'd be great to see that written up. and Phil or anyone else with keen interest in this, it would probably be good to see where it fits and if we could even add an example or two to the appendix related to this to both confirm that we have all the pieces and to highlight this use case because it's existing.
Benjamin_Young: it has an implementation of sorts and we want to make sure that this new spec matches what's been done so far.
Steve Capell: Thank you.
Benjamin_Young: Let's talk again maybe next week.
Phillip Long: Understood. How about that?
Benjamin_Young: Yeah, how about that? All right, we'll see you all in about seven days. Thanks everybody.
Ted_Thibodeau_Jr: a planned.
<Kayode_Ezike> Will be an interesting test for wallets, which will need to support checking registries and tracing back from the VC backwards, but worth exploring
Ted_Thibodeau_Jr: It is
Benjamin_Young: Bye. Okay,…
Kayode_Ezike: Cheers.
Phillip Long: Ben, I will be in the SETI meeting next week. in Utah on the state.
Benjamin_Young: thank you. all good.
Phillip Long: But I want to try to figure out how we can make sure that we continue to keep that separation between a provision of a role and the individual.
Benjamin_Young: Yeah, I think that's important. do you want to file an issue on that? Okay.
Phillip Long: And I'll try to file an issue on it if I can figure out how to say it plainly enough.
Benjamin_Young: Yeah, say it poorly. That's fine.
Benjamin_Young: It'll just make sure it gets discussed.
Phillip Long: Okay, sounds good.
Phillip Long: Thank you. Bye.
Benjamin_Young: Thank you, Phil. Take care. Bye. Meeting ended after 01:00:28 👋 This editable transcript was computer generated and might contain errors. People can also change the text after it was created.