Credentials Community Group - W3C TPAC F2F

Minutes for 2014-10-28

Agenda
http://docs.google.com/document/d/1FQmZt_2FTjRMO5YSBLS-3dwuNQFi_BFEvbIRoUg7pGA/edit
Topics
  1. Introduction
  2. Identity Proofing
  3. Scope of CG Work
  4. Use Cases / Future Work
  5. Identifier Portability
  6. Data Rights, Legacy Support
Chair
Manu Sporny
Scribe
Brian Sletten and Karen O'Donoghue
Present
Manu Sporny, Brian Sletten, Jörg Heuer, Glen Wiley, Pat Adler, Karen O'Donoghue, Mountie Lee, Pindar Wong, Evert Fekkes, Eric Korb, Bill Gebert, Mary Bold, Daniel Buchner, Shane McCarron, Josh Soref
Brian Sletten is scribing.

Topic: Introduction

Manu Sporny: Here's the presentation deck for the intro: http://opencreds.org/presentations/2014/tpac-credentials/
Manu Sporny: This is an attempt to do serious things on the Web by being able to make strong claims about what we are entitled to in a safe and secure way.
Manu Sporny: This is not an official W3C group, it's a community group. Provides input and experiments to feed into the IG work.
Bill Gebert: ETS needs to provide secure credentialing for professional development and education markets, which require the exact same underpinnings as the payment and financial industries. Those same underpinnings also support national security concerns about foreign nationals being validated for entrance into the U.S.
Jörg Heuer: Please add an 's' to Deutche Telekom on the slide. :)
Manu Sporny: Badge Alliance and Open Payments Foundation bridge the boundaries between technology collaborators (Web Payments CG, Credentials CG, Web Payments IG, IETF) and policy/regulator collaborators (US Dept of ???, educational institutions, Internet Governance Forum, US Fed)
Pat Adler: The Fed is interested in the soundness of the economy and consumer-facing requirements, opportunities for value exchange, the processing, etc.
Manu Sporny: The Master Plan is to convince the W3C and WP IG that Credentials are important enough to become their own group with applicability across multiple communities. Wants to talk advantage of the WP IG to short-track the spin out of groups to focus on a narrow set of Identity as a Credentials Group.
Manu Sporny: Credentials are important for anti money laundering, Know Your Customer, etc.
Manu Sporny: There is a lot of overlap between the financial services and credential management.
Manu Sporny: This is a very narrowly-focused approach avoiding the "solving the Identity on the Web" problem.

Topic: Identity Proofing

Jörg Heuer: Will we succeed until we solve this Identity on the Web problem?
Manu Sporny: We need to have an Identifier. Identity means different things to different people.
Jörg Heuer: When you want to prove that I am German, you need to know who *I* is.
Jörg Heuer: Credentials seem very much tied to the person. So Identity needs to be solved, no?
Daniel Buchner: Credentials are more of a specification to represent various identities (government, education, etc.).
Manu Sporny: We don't have a clear definition of Identity.
Eric Korb: We have to find point of contacts to establish identity. We need Experian and companies like that to help establish the Identity.
Daniel Buchner: They provide the Last Mile of Identity.
Daniel Buchner: There is a Many-to-One Relationship to Identity.
Bill Gebert: There are various levels of Identity. Bronze level, Silver level, Gold level based on the background or strength of the individual identities.
Pat Adler: The Credentials themselves are just a collection of attributes from a particular entity.
Evert Fekkes: The trust level is established as part of the enrollment process.
Daniel Buchner: It's easier to get buy in by having a mechanism for expressing these credentials and then saying, "Hey, Government, we have a way of expressing this..."
Pat Adler: Accumulation of identity across a variety of sources.
Glen Wiley: Sounds like we are talking about authorization, not just Identity.
Daniel Buchner: This credential can evolve over time and accumulate more attributes over time.
Manu Sporny: I think we are in violent agreement about what a credential is and how we establish trust in existing identities.
Jörg Heuer: In Germany we have a National ID by which we can now interact with the Web and it has the ability express a strong level of confidence of identity.
Pat Adler: We talk a lot of about binding the identity to the user. There is also the idea of attaching context to the binding. Time of day, duration, in particular contexts.
Daniel Buchner: We need enough inputs on the credential to express these context.
Eric Korb: My wife needs four credentials just to come to work as nurse practitioner in NJ.
Eric Korb: If her malpractice insurance expired, she can't get into the pharmacy to get medications.
Jörg Heuer: Combinations of different credentials make a lot of sense to establish the context.

Topic: Scope of CG Work

Manu Sporny: The clear sign that this initiative will fail is if the Use Cases keep growing. If it looks like we are heading down to a very complex endeavor, that's a sign that we are solving the wrong problem.
Manu Sporny: We can't prescribe how you get a Level 3 National Identity card.
Manu Sporny: Education has a different set of requirements than healthcare. That's not the problem we want to solve.
Daniel Buchner: There are different ways to take a fingerprint (ink vs camera). I don't want to specify what it means to express a fingerprint.
Bill Gebert: Who determines what is High Stakes. It's the consumer who decides. The level of sophistication and compliance is the consumer itself, not the binding.
Bill Gebert: We collect retina scan, fingerprints, etc. to deal with fraud. That might be Gold Standard identity to some people, but not others.
Daniel Buchner: These things he's talking about didn't exist twenty years ago. Our definition of the standards or faith in them change over time.
Pat Adler: The bindings can change in time during expiration of credentials and re-upping the identity. You get a new token or a new card.
Glen Wiley: It seems we need to talk more than just about transmission of credentials.
Brian Sletten: The use of JSON-LD will allow us to model different kinds of credentials (Fingerprint vs InkFingerprint).
Jörg Heuer: We should think about both sides of this: Who is guaranteeing the credentials and the consumer who is establishing a level of trust.
Manu Sporny: Fantastic discussion, I am hearing a lot of agreement and it seems aligned with the definition of CG.
Karen O'Donoghue: Here is a link to the IETF mailing list that is starting a discussion around vectors of trust or levels of assurance.
Karen O'Donoghue: There is no chartered work at this point, but this is a preliminary mailing list to discuss possible directions that this might go, and one of the possible directions might be contributing to an update of NIST SP 800-63
Jörg Heuer: I don't think Payment requires Identity. You need sufficient funds. Cash is useful for anonymous interactions we should protect it.
Pat Adler: What does this mean at the Protocol Level? What are the core components of the transaction? Identity is part of some transactions, but not other.
Jörg Heuer: Even if we don't establish the identity of the consumer for the payment, we are still dealing with pseudonyms and technical identifiers like email accounts ("Mickey Mouse identity") and that may still be important to keep track of.
Evert Fekkes: Each Identity maps to a certain context.
Pat Adler: Entitlement can apply to groups. Buying as a member of group (digital media, Kickstarter, etc.)
Pat Adler: There can be multiple identities associated with a payment.
Brian Sletten: Access control specification sounds like a different approach than not prescribing the credentials. In order for me to express a restricted use of credentials, we need to agree on what that means.
Pat Adler: We need to protect the transmission of the credentials via extensible authorization and authentication mechanisms as well.
Manu Sporny: Ok, let's break for lunch and meet back here in an hour to dive into the use cases, specs, or demos.
Group breaks for lunch.

Topic: Use Cases / Future Work

Karen O'Donoghue is scribing.
Manu Sporny: Options for what we could do this afternoon (use cases, draft specs, demos, etc...)
Jörg Heuer: We could try to distill the earlier conversation
Daniel Buchner: Would use cases accomplish this?
Manu Sporny: Since this is a CG we can recharter at any point based on a vote of the group itself
Manu Sporny: Before we start adding use cases, we should look at the ones we already have
Pat Adler: We could analyze the use cases for domain factors and look for commonality
Pat Adler: Need to visualize the relationships, one to one, one to many, many to one, etc
Manu Sporny: We should probably develop something like that
Pat Adler: I will make a first attempt at this graphic
Manu Sporny: These use cases were taken out of the Web Payments workshop
Daniel Buchner: What vantage point were these use cases taken from
Manu Sporny: This document is nowhere near done
Jörg Heuer: Are we expecting credentials to live on forever?
Eric Korb: They have a expiration date

Topic: Identifier Portability

Manu Sporny: The key that we have found, when we are creating the credential we need to ensure that we don't tie it to something that can't be moved. It's strange, but URLs are great at achieving vendor lock-in.
Manu Sporny: There will have to be revocation lists
... two sides of a credential, customer and user,
Jörg Heuer: Would this be optional because there may be privacy problems here
... further discussion on how revocation might work and decisions involved
Daniel Buchner: Are there any steps involved when reissuing or moving credentials?
Eric Korb: Open badges today uses Persona, email address is embedded,
Eric Korb: Every time it is moved it goes through a validation process, the question is whether it should also go through a verification process
Eric Korb: How do you move them, what happens when you move one from the university.
Pat Adler: Is an identity provider the same as a credential provider, they are different things?
... can they play both roles?
Manu Sporny: Two sets of terminology currently in use (Badge Alliance and Credentials CG)
... credential servers store credentials issued by issuers
Eric Korb: Credential curator (backpack, key chain)
...long term issuer independent storage
Glen Wiley: Difference between registrar and registry
Glen Wiley: There are example of this type of critical service in internet infrastructure
Manu Sporny: There are examples of decentralized service but they don't exist in a web context
Glen Wiley: There are very few things that the government can't shut down, (stipulating that it has to be safe from government intervention)
Manu Sporny: Telehash is an interesting example of a technology that might address some of this
Manu Sporny: It is a decentralized hash on that
Manu Sporny: Objective is to have at least one technology solution that will solve the problem
Manu Sporny: We can solve the problem without providing this decentralized solution by tying the credential to the provider
Glen Wiley: You could get credentials from different organizations based on your level of faith in their longevity
Brian Sletten: You get the credentials from the organization that you have the most trust in

Topic: Data Rights, Legacy Support

Manu Sporny: Data rights ... almost like a reverse terms of service
Daniel Buchner: Isn't this another example of an area where
Manu Sporny: If they have a text file about you, you can copy
Manu Sporny: Data rights is a policy representation, not a technical solution
Manu Sporny: Data rights is a high level design criteria without a technical solution
Manu Sporny: Legacy Support: is there a way we can provide both the old way (user name and password) and the new way (credential based) with the new credential
Manu Sporny: Last Pass is an example of this
Jörg Heuer: Are we to replace user name and password with this?
Jörg Heuer: Sounds like OAUTH to me.
Manu Sporny: There are other technologies out there, OAUTH is more about access control
...we could wrap OAUTH credentials in the system.
Manu Sporny: What is the best thing for web developers, they don't want to implement OAUTH 2.0
Manu Sporny: Don't know how all this plays with OpenID Connect or OAUTH
Manu Sporny: OAUTH 1.0 and OAUTH 2.0 aren't really competitors to this, OpenID Connect is a more open question
Manu Sporny: We have now completely destroyed our agenda, but that's ok because we're having a great discussion. Great to see how aligned most of us are.
Daniel Buchner: It is helpful to know there is a decision trusted providers as a/the mechanism
Pat Adler: Four key things... (scribe missed the four key things)
Manu Sporny: We have to have a way to have verifiable claims
Eric Korb: We see three kinds of transactions 1) establish identities; 2) make offers; 3) verify information
Eric Korb: TrueCred Api slide
Manu Sporny: Flexible access control is about the user not being present to perform a credential exchange. For example, you authorizing emergency workers to access your credential in the event of an emergency.
Manu Sporny: We want to support two types of signatures - original credential plus endorsement (a set of signatures)
Manu Sporny: Chained credentials (an array of dependent signatures, each one dependent on the previous one)
Manu Sporny: Wrapup - we didn't cover much of our agenda, but did a good bit of ground work. This is a community group open to anyone, great to see so much interest in it. We meet Tuesdays at 11am ET. Learn more here: http://opencreds.org/minutes/