Credentials Community Group Telecon

Minutes for 2014-10-14

Agenda
http://lists.w3.org/Archives/Public/public-credentials/2014Oct/0023.html
Topics
  1. W3C TPAC and Credentials CG
  2. Credentials CG Use Cases Review
  3. Start Discussing Roadmap Document
Resolutions
  1. Publish a preliminary Credentials Use Cases document and vote on publishing it as a first public working draft before W3C TPAC. Start the vote at 5pm ET on Tuesday October 14th 2014 and keep it open for 7 days.
Organizer
Manu Sporny
Scribe
Chris McAvoy
Present
Chris McAvoy, Manu Sporny, Dave Longley, David I. Lehn, Bill Gebert, Mary Bold, Sunny Lee, Mark Leuba
Audio Log
Chris McAvoy is scribing.
Manu Sporny: On agenda today, review credentials cg usecase document. Reminder, it's a draft doc. It will be presented at TPAC. We need to vote on the document. 7 day vote minimum per the charter. Also, need to discuss the roadmap document. 2 other things we may want to talk about, 1) W3C TPAC allocation of time. We have 3 slots at TPAC that we're going to present at. We need to make sure our presentation material has been approved by the community.
Manu Sporny: Anything else to add to the agenda?
Dave Longley: Nothing else from me
David I. Lehn: Nope.

Topic: W3C TPAC and Credentials CG

Manu Sporny: First up, cover TPAC.
Manu Sporny: Announcement coming tomorrow about payments wg discussion at TPAC
Manu Sporny: We're looking for volunteers to spend 5-10 minutes about credentials outside of payments, including the biz case your org has. Any volunteers?
Bill Gebert: Would like to present
Manu Sporny: Great…will talk about details offline
Manu Sporny: Expectation is to create a rough framework for the hour
Mary Bold: Suggest we also reserve 5 minutes for accreditrust / mary / erik korb
Mary Bold: To round out issues based on what people are saying
Manu Sporny: Sunny / chris, is there a prepared statement about badge alliance?
Sunny Lee: We'll talk about it and get back to you
Manu Sporny: Av facilities are great
Sunny Lee: Cool
Manu Sporny: 1 Hour slot on credentials on monday
Manu Sporny: Tuesday dedicated slot for credentials cg to meet face to face 11am - 3pm
Manu Sporny: Room tbd
Manu Sporny: Wednesday, 10k foot overview of credentials for W3C orgs
Manu Sporny: Weds overview will include payments as well as credentials
Manu Sporny: Room and time on weds tbd
Manu Sporny: TPAC has lots of credentials / payments time allocated.
Manu Sporny: Questions about TPAC?
Manu Sporny: Next step is putting a slide deck together to present at TPAC.

Topic: Credentials CG Use Cases Review

Manu Sporny: We've taken the use cases / what if's and put it in the document above
Manu Sporny: It's a draft, expect use cases to be added or dropped. use cases will be edited
Manu Sporny: Doc starts with terminology…then overall design criteria, specifically not use cases, but functionality we want to support over time. things that won't go in the first version, but we'll include down the line, so we don't want to prevent them. first example is data portability.
Manu Sporny: Questions on design criteria?
Bill Gebert: I believe the design is general in nature and will be specific over time.
Manu Sporny: Any objections to the general approach?
Mark Leuba: I agree with bill
Manu Sporny: Having beent hrough this with web payments wg, this approach results in fairly useful use cases. we can look back at the use cases and figure out if we're overstepping our bounds. reason for this approach is that some use cases dont' fit neatly into a use case category
Manu Sporny: Anything else about design criteria?
Manu Sporny: Let's look at the data portability…ensuring credentials can move between different data services
Manu Sporny: Does anyone feel that the data portability example isn't the right approach to design criteria?
Manu Sporny: Someone who isn't familiar with our work should be able to read the criteria and understand them
Manu Sporny: Other criteria, data-rights - annotate credentials to only be used for certain things. legacy-support - make sure we can integrate with older credentialing systems, ie emails / username password combinations. can't assume that the entire web is going to support the credential specs. how does this integrate with legacy systems? flexible-access-controls - access can be provided interactive or non-interactive. example, "i authorize this hospital to retrieve my credentials at any time" reuse-extend-existing-tech - reuse things where we can, only reinvent things when we can't avoid it
Manu Sporny: Identifier-alignment came from nate otto, make sure that 2 systems that have nothing to do with each other can align systems on shared data…name & dob, social, etc. if they don't want to use urls as an identifier. legacy system that doesn't want to pull that complexity into their system. how to align db records and user accounts
Manu Sporny: Any questions?
Mary Bold: Seems like a sensible approach.
Manu Sporny: Jumping to use cases
Manu Sporny: Use cases point out general use case, then use examples to show how a specific use case can use it
Manu Sporny: Verifieable claims is a good place to start
Manu Sporny: Reviewing verifiable claims as an example of how a use case is set up
Manu Sporny: Questions or comments on use case layout?
Chris McAvoy: General question, is this how all wg / cg's layout use cases?
Manu Sporny: Yes and no…it's up to the cg / wg…everyone does it differently
Manu Sporny: The use cases fit the type of work, there isn't a standard way to represent them
Manu Sporny: Real question is, once the tech is done, can we look back at the use cases and say definitively that we've acheived the use cases…does anyone feel that if we do the tech work around these use cases, will we know where to stop
Chris McAvoy: That was great, thanks
Mary Bold: Chris, can youg ive us guidance on the appraoch?
Chris McAvoy: I actually like the approach, I was just curious to understand how the W3C works. [scribe assist by Dave Longley]
Chris McAvoy: I like the approach, just a general question about how W3C works. My only concern is, from a development perspective, it sounds like these are not set in stone. As we move along, we can continue to adjust them. We're not entering into a contract, as long as that's the case, this is a great approach. [scribe assist by Manu Sporny]
Chris McAvoy: From a development perspective... it sounds like these aren't set in stone, as we move along we can continue to adjust them. We're not entering into a contract so we have flexibility to change it as we go. As long as that's the case I think this is a great approach. [scribe assist by Dave Longley]
Manu Sporny: Tech working groups have a requirement to build for success…and manage the wg to keep it from going off the rails
Manu Sporny: Also clarifies for ip protections
Manu Sporny: Also allows the community to understand what could conflict with existing ip, heads up to the lawyers about the scope of the work
Chris McAvoy: ::Thumbsup:
Manu Sporny: Not a contract, not set in stone, assertion by the group that this is what we intend to work on.
Manu Sporny: Also gets the group on the same page
Manu Sporny: Any other questions?
Manu Sporny: Going to review the use cases
Manu Sporny: Storage - can store a credential and a requestor can request a credential
Manu Sporny: "Must" is in red, special language that denotes a mandatory feature
Manu Sporny: "Should" is an optional feature
Manu Sporny: It's a choice by the cg / wg about whether or not we use must or should
Manu Sporny: Be careful about how we pick MUSTs and SHOULDs
Manu Sporny: Interactive-transmission and non-interactive transmission, design criteria and use case. you should be in the loop if someone is requesting your credential
Manu Sporny: That's an interactive use case
Manu Sporny: Non-interactive is given an org the ability to pull information whenever they need it
Manu Sporny: With that ability the non-interactive org can pull that credential whenever they want
Manu Sporny: Need-to-know- share the bare minimum you need to to be able to get the data to the website
Manu Sporny: Need to know protects sender and receiver
Mary Bold: Side point, when we use kids being 13, somewhere we need to review access around the globe. us uses coppa. internationally it's different. need to define "underage" as an international term
Manu Sporny: Agreed, need to follow up
Manu Sporny: Composability - multiple credentials can be combined to get you access to something
Manu Sporny: Example, "two forms of identificiation to open a bank account"
Manu Sporny: Endorsement - multiple signatures…sort of
Manu Sporny: Anonymity - pseudo anonymous identity, just transmit specific bare minimum data
Manu Sporny: Identity aliases - short names, @mentions, etc...
Manu Sporny: Questions or comments?
Chris McAvoy: Yes, one
Chris McAvoy: Endorsement is a pretty loaded term
Chris McAvoy: In the ed space there's a bunch of use cases around endorsement
Manu Sporny: Please send the info to the mailing list so we can discuss it
Chris McAvoy: From a Badge Alliance perspective, endorsement is a loaded term - so, can we add some stuff to that use case. [scribe assist by Manu Sporny]
Chris McAvoy: Ok, we can do that
Bill Gebert: One comment on use case that includes use of SAT
Bill Gebert: Would like to change it to gre or toefel
Manu Sporny: Will fix that right now
Chris McAvoy: Mary: agreed, gre is a better example, +1
Manu Sporny: Any other questions or concerns?
PROPOSAL: Publish a preliminary Credentials Use Cases document and vote on publishing it as a first public working draft before W3C TPAC. Start the vote at 5pm ET on Tuesday October 14th 2014 and keep it open for 7 days.
Dave Longley: +1
Manu Sporny: +1
Chris McAvoy: +1
David I. Lehn: +1
Bill Gebert: +1
Mark Leuba: +1
Mary Bold: +1
RESOLUTION: Publish a preliminary Credentials Use Cases document and vote on publishing it as a first public working draft before W3C TPAC. Start the vote at 5pm ET on Tuesday October 14th 2014 and keep it open for 7 days.
Manu Sporny: Will put together questionaire and vote for the end of the day today
Dave Longley: +1 To the same format
Manu Sporny: Suggesting similar format for this vote as web payments
Group has no objections, manu will get the vote out by 5pm today.

Topic: Start Discussing Roadmap Document

Manu Sporny: Last item on the agenda, need to discuss roadmap document to plot out what we think needs to be finished for this stuff to hit a world standard bar…example, spec, implementations, test suite, public review, etc
Manu Sporny: Need to propose a timeline that isn't more than 3-4 years
Manu Sporny: It's ok to propose this in parallel
Manu Sporny: Proposal / drafty document of the roadmap (above)
Manu Sporny: Draft doesn't include edu cases…need badge alliance to fill that out
Chris McAvoy: We're ok with that ;)
Manu Sporny: Review of active collaborators
Manu Sporny: Yes please, badge alliance would like to be put into the active collaborators section
Chris McAvoy: Thanks
Manu Sporny: This roadmap won't be presented as anything official at TPAC, people need time to digest and give feedback. if there's tech / orgs / that need to be part of this, we need to get them into the doc
Manu Sporny: We have a body of documents that can be reviewed
Manu Sporny: Please take these docs back to your colleagues for review
Manu Sporny: We will meet again before TPAC
Manu Sporny: Any concerns?
Mary Bold: Looks good
Manu Sporny: Thanks all, closes the call.