Meeting minutes
Phil Archer asks for intros
Hiroyuki Sano - introduced last time
Reflections on F2F
Phil Archer: f2f meeting brought people together working toward a common goal. Biggest takeaway.
Manu Sporny: Wesley Smith to talk about forgery defense to Wes.
recognized Entities TF
Manu Sporny: recognized enitities - good discussion, including a threat model for that spec. Developed a threat model with many use cases making sure the GS1, UNECE and the rest are supported
Manu Sporny: how to achieve that remains.
Manu Sporny: won't go to a CR without concrete solutions that work for all concerned
Manu Sporny: Threat modeling as it applies to recognized entities spec. We are appoint a single person to put together a cohesive threat model draft. The Data Flow Diagram needs updating, and all threats addresses with cross-linking
<Manu Sporny> w3c/
Manu Sporny: will be in CR as a result of TPAC
Joe Andrieu: on the diagrams please change the shapes of things for accessibility reasons
Manu Sporny: tried it but it didn't looked good. What is our symbology for these diagrams?
<Joe AndrieuAndrieu> https://
<Ted Thibodeau Jr.> a11y will ding us for the "color is your only clue" ... as I flagged yesterday
Manu Sporny: used Google Draw
Phil Archer: Manu Sporny's approach likely will be trend setting for diagramming
Joe Andrieu: should have a uniform language
VC Forgery Defense
Wesley Smith: Forgery defense - talked about next steps in F2F. Best thing to do publish this forgery defense as a separate specification. Want to discuss this proposal publishing forgery defense of a stand alone doc and puiblish it
Phil Archer: is it a rec or note?
Wesley Smith: it's a req by intent
Ivan Herman: we can do that. When we do it we should present it and sell it to the outside world that it's under the quantum safe crypto suites
Phil Archer: do we do working draft vote today?
Wesley Smith: wants to run a proposal to adopt the document formall and run the FPWD
phlla: hoping to copy Manu Sporny's style for the threat model as Wesley Smith has done great work on it.
<Wesley Smith-smith> Suggested proposal: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", adopt this document in the group (under the VC Barcodes and Data Integrity task force), and publish this document as a first public working draft.
<Wesley Smith-smith> +1
<Dmitri Zagidulin> +1
Phil Archer: the proposal includes a first public working draft- should drop that part as it's not ready yet.
Wesley Smith: agreed will split it up
<Wesley Smith-smith> PROPOSAL: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", and adopt this document in the group (under the VC Barcodes and Data Integrity task force).
<Phil Archer> +1
<Manu Sporny> +1
<Ivan Herman> +1
<Wesley Smith-smith> +1
<Dave Longley> +1
<Kayode Ezike> +1
<Michael Shea> +1
<Jennie Meier> +1
<Ted Thibodeau Jr.> +1
<Phillip Long> +1
<Joe AndrieuAndrieu> +1
RESOLUTION: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", and adopt this document in the group (under the VC Barcodes and Data Integrity task force).
Ivan Herman: should no there is a publication moratorium as of the 3rd of July, if not it will slip until later in July
Wesley Smith: If it's ready by next week will that be in time?
Ivan Herman: we can try
Ivan Herman: FPWD's are accepted much more quickly
Wesley Smith: will try to get it in shape.
Phil Archer: the home page news paragraph also needs done
Ivan Herman: today's the 17th, so next week at this meeting we must have the resolution. Can't make the request without that.
Phil Archer: would it be helpful to have the resolution now?
Ivan Herman: We can make a resolution "as soon as it's in the right shape ..." now.
<Phil Archer> PROPOSAL: The WG seeks to publish the vc-forgery-defense document as a FPWD as soon as it is ready, given that the substantial work is already done.
Ivan Herman: this works
Wesley Smith: works for wes
<Ivan Herman> +1
<Dmitri Zagidulin> +1
<Wesley Smith-smith> +1
<Phillip Long> +1
<Jennie Meier> +1
<Phil Archer> +1
<Ted Thibodeau Jr.> +1
<Joe AndrieuAndrieu> +1
<Dave Longley> +1
<Kayode Ezike> +1
<Hiroyuki Sano> +1
RESOLUTION: The WG seeks to publish the vc-forgery-defense document as a FPWD as soon as it is ready, given that the substantial work is already done.
Ivan Herman: needs abstract and intro
<Michael Shea> +1
Phil Archer: congrats Wesley Smith
Confidence and threat models
Phil Archer: Joe Andrieu's reflections on the F2F
Joe AndrieuAndrieu: did an Sebastian Schmittnerrcise with Legos to model threats and responses. Helps you get out of your head and learned a lot from it.
Joe AndrieuAndrieu: scope of work concerns raised. Simplying the threat model guide is needed
Joe AndrieuAndrieu: the full threat model approach is useful but it's not where the WG is - capturing what the WG is aware of to describe them and their mitigation. Want to keep threat modeling from being more work than the spec.
Joe AndrieuAndrieu: got 33 threats modeled and feedback using the VCALM spec as test case. Confidence Method also has a threat model session. What is the privacy preserving method for biometrics?
Joe AndrieuAndieu: A photo image was one suggestion, and the other is a biometric template using a service to provide a biometric match and how to secure that
Joe AndrieuAndrieu: this covers the f2f
Phil Archer: what stage will threat modeling be at by TPAC?
Joe AndrieuAndrieu: hesitancy is the level of work (completion, throroughness, etc). Will have something toward an an acceptable draft of the sectiosn for review and discussion for TPAC
Phil Archer: hopes to get a bunch of CRs out after TPAC
Ivan Herman: we need horizontal reviews before going to CRs, not just security but accessibility and internationalization, as well.
Joe AndrieuAndrieu: hopes to have a draft ready for horizontal review
Ivan Herman: that's more realistic
Phil Archer: want's many CRs ready for horizontal review
Remote participation
Jenny: interesting to get an overview of the different TFs
Phil Archer: others for feedback?
Kevin Dean: alot was accomplished, comparable quality to previous years
Michael Shea: remote participation was quite good. Content excellent, depth and conversation was really good.
Phil Archer: another f2f in may/june of next year under discussion
Phil Archer: it was worth it and would be good to have another.
<Sebastian Schmittner> I do as well think that remote participation was pretty nice
<Sebastian Schmittner> could not take part in the Lego and Beer most unfortunately, but the hybrid setup in that room was great and I was well able to follow the discussion :)
Vocab TF
Carolynn Bernier: excellent meeting, more productive than she expected. Only vocab person and had discussion about whether this WG was right place for cross border vocab discussions. Things brought to VCWG because there aren't really other places to do it.
Carolynn Bernier: should create a registry for VCDM compatible vocabs with use cases
Carolynn Bernier: on the work itself they now have a scop of work that is clear. Short term: guidance document discussing why using VCs is useful for issuing a DPP use cases is valuable.
Carolynn Bernier: mid-term goals - test suites for VCDM for example. Want to create a EU compliant VCDM implementation.
<Michael Shea> Carolyn, I would be interested in participating in these efforts.
Carolynn Bernier: Longer-term - decided to postpone decision to create another DPP vocab.
<Phil Archer> https://
<Ivan Herman> s/VPD (?)/DPP/
Phil Archer: concerns about others addressing DPP
<Hiroyuki Sano> https://
Carolynn Bernier: how do payment wallets relate to credential wallet is unclear.
Phil Archer: dmitri in text mode, - render method will be summarized later
Phil Archer: Brent gets together with phila on Monday's to get agenda items together. Trying to insure inclusivity.
Phil Archer: congrats to Wesley Smith, Manu Sporny, and a great scribe job ;-)