Credentials Community Group Telecon

Minutes for 2015-03-03

  1. Credentials Working Group Charter
  2. Use Cases
  3. Profile Use Cases
  4. Linked Data Signatures spec
  5. Credentials/Badges Vocabulary Update
Action Items
  1. Nate to create github wiki to list all working documents for the group.
Manu Sporny
Nate Otto
Nate Otto, Manu Sporny, elf Pavlik, Brian Sletten, Dave Longley, Kerri Lemoie, Eric Korb
Audio Log
Nate Otto is scribing.
Manu Sporny: Today, profile use cases with elf
Manu Sporny: Then a quick talk about the CCG charger, use cases after that, and LD signatures spec, credentials/badges vocabulary
Manu Sporny: Any updates/changes to agenda?
Manu Sporny: Then, we'll start off with elf's item
Manu Sporny: We'll skip the roadmap update until Mark or Mary are back

Topic: Credentials Working Group Charter

Sorry, elf, We'll move your agenda item to the next week or later in the call if you get audio
Manu Sporny: Next item: credentials working group charter
Manu Sporny: There haven't been many updates to the charter, because it's simpler yet.
Manu Sporny: To do: we need to move the timeline section into this document.
elf Pavlik: Erok210, maybe you can turn of video on ?
Manu Sporny: I've been circulating the charter among w3c staff, and getting feedback
Manu Sporny: Told them we might want to skip the IG process and move right into a working group. Some staff don't see a problem; some staff don't see a problem, as long as there is not technical misalignment in the group
Manu Sporny: However, if some of these new organizations coming on, that are not yet taking part in these calls, if they don't understand the technology we are proposing, it will be nearly impossible to jump directly into a working group.
Manu Sporny: So there are two options:1) do a bunch of front-running with these new-joining companies and build understanding and technical alignment or 2) do a short Interest Group phase where we hash through issues
Manu Sporny: If we start the Interest Group process, we're looking at a year. We shoot for 6 months, but it's usually a year.
Manu Sporny: If we go IG route, the discussions there are discussions that we will need to be having anyway
Manu Sporny: If we go directly into a WG and there's any doubt of technical alignment, it could derail the work
Manu Sporny: If we had disagreement in a WG structure, it would derail discussion, and end up having Interest Group like discussions
Manu Sporny: As we talk to the big organizations who aren't on today's call, there will be a lot of getting-up-to-speed to do
Manu Sporny: My gut feeling is that we won't be able to jump right into a WG. Talking with the large organizations in question, they are at a very high level, they don't have the engineers picked out yet
Brian Sletten: Do we have consensus on the milestone items from the roadmap?
Manu Sporny: We didn't talk a lot on it
Manu Sporny: We will have to change the dates on the roadmap to Start + X Months format
Manu Sporny: Any objectsion to moving this timeline (with modifications to Start of group + N Months format) into the charter?
Dave Longley: No objection, +1 to using relative to "start time" approach
Manu Sporny: If an Interest Group starts up, the IG would take over the charter
Manu Sporny: Charter, credentials use cases, credentials/badges vocabulary, identity credentials spec would all get held up
Manu Sporny: (RDF dataset normalization, signing HTTP Messages, Linked Data Signatures spec would still move forward)
Kerri Lemoie: No objections

Topic: Use Cases

Manu Sporny: Next up, high level discussion of use cases, then specifically elf's social use cases
Manu Sporny: Trying to build a use cases format that is easy enough for journalists, but detailed enough to extract technical requirements from
Dave Longley: Perhaps 3 steps: how a credential is issued, how one is requested from you, how one is consumed
Manu Sporny: Maybe dlongley's are three different flows perhaps
Manu Sporny: The use cases are meant to frame what our vision for the future of credentials on the web looks like
Manu Sporny: Use cases are broken into phases; in payments there are four different phases; in credentials, there are three basic phases, ...
Dave Longley: The three different phases we might have in the credentials work are Issuing a credential, requesting a credential, consuming a credential.
Nate Otto: Recipient push is another flow that should be represented, not just consumer/requestor pull
Manu Sporny: If you see section 2.1 on Web Payments use case, each phase is broken into steps. Some of the steps are optional.
Manu Sporny: In credentials case, it might be much simpler than the payments case; the payments case has a number of really complex flows
Manu Sporny: I'm hoping it will be a tad bit easier for credentials than it will be for payments
Manu Sporny: Clearly the credentials flows will have a bunch of steps in each phase, and break those down
Dave Longley: Some of the refactoring of the web payments use cases reflects a similar refactor to reflecting push/pull in credentials as NateOtto noted
Dave Longley: Some of the steps would only apply to push; some would only apply to pull flow
Manu Sporny: Comments?
Kerri Lemoie: We'll need a week to think about whether the Web payments phase-based approach is the approach we want to take
Manu Sporny: I recommend Ian Jacobs slide deck (linked above) as very useful for assembling use cases.
Manu Sporny: Look at the introduction in the web payments use cases, which explains how things are broken out.
Kerri has a use cases doc to share (after elf?)

Topic: Profile Use Cases

elf Pavlik: Had posted a document in the mailing list with social web use cases
Manu Sporny: I took an in-depth use; they overlap almost 90% with some of the work this group wants to do
Manu Sporny: Question, is the Social Web WG going to plow ahead and define a solution, or are they deferring the creation of a solution to another group?
elf Pavlik: I can ask today in a meeting. There is some overlapping group, and there is a chance to offload from the SW WG, which is already overloaded
elf Pavlik: Maybe there is a chance to reuse this existing work -- here's the SW use cases elf posted, for reference
Manu Sporny: In Social Web, have they rejected JSON-LD in favor of the core protocol, but leaves JSON-LD open for those who wants to use it?
elf Pavlik: No requirement/resolution on whether or not JSON-LD is required. Many use it.
elf Pavlik: There is a meeting march 17-18
elf Pavlik: Social WG Face 2 Face
elf Pavlik: A credential is used by other parties? What's the use of credentials for personal information..?
Manu Sporny: You can self-issue credentials, say to add information to your profile like a phone number. Or you could include it as claims that are not signed by anyone.
elf Pavlik: I don't see why I have to sign information that I have posted myself.
Manu Sporny: Let's take this discussion to the mailing list -- I think we have lots of thoughts on this
Manu Sporny: I think there's a lot of overlap on here, and my fear is that the social web group will plow ahead and create something that could conflict with what we're creating
Manu Sporny: One notion is that you have just key-value pairs, and another notion is to have key-value pairs that are attached to signed credentials
Manu Sporny: You've clearly identified a big overlap between the Social Web group and any credentials work happening at the W3C
Nate Otto: Looking forward to having this back on the mailing list for some slower thinking. :)
Kerri Lemoie: Will post link to use cases draft as it stands today
Kerri Lemoie: Would be helpful to have some feedback on these cases
Kerri Lemoie: This brings in what we know about badges and previous credential work
Manu Sporny: Should we all start working in this document, and then eventually move it into w3c format?
Kerri Lemoie: That would be helpful
Kerri Lemoie: We'll think about the phases.
Nate Otto: I added in at the bottom of the doc, a brand new use case - Recipient Repudiability [scribe assist by Manu Sporny]
Nate Otto: This has to do with a case where someone says something about you that you don't want to be on the Web and you want to take it down. [scribe assist by Manu Sporny]
Nate Otto: If anyone has feedback on that case particularly, comments in the doc here are a good spot
Manu Sporny: This document might be a good place to park the document, but we'll need to denote group consensus to make them an official doc component

Topic: Linked Data Signatures spec

Manu Sporny: We can discuss which use cases are officially approved when we finish this phase
Manu Sporny: LD signatures status; Do we want to split out the key management portions of the spec?
Manu Sporny: The attaching keys to identities, registration of keys. Looks like we need to update this document to the newest GraphSignature algorithm, which uses some more secure cryptographic primatives

Topic: Credentials/Badges Vocabulary Update

Nate Otto: No new changes on doc yet - top priority is figuring out how a "BadgeClass" fits into this identity/spec - see if technical reality and doc match up. [scribe assist by Manu Sporny]
Nate Otto: Trying out a bunch of JSON-LD Framing techniques, make this notion of "X identity has badges A, B, and C". [scribe assist by Manu Sporny]
Nate Otto: From perspective of Badge Alliance - a way of reasoning about an identity wrt. how consumers are represented. What are the diferences between different badges - reason about the different folks that have them. If anyone has any technical suggestions on how to make them mesh, would be interested in talking about them. [scribe assist by Manu Sporny]
Eric Korb: Doesn't that go to the concept of Privacy settings?
Nate Otto: I'd like to see a finished product - an identity w/ an array of credentials - what are the badge classes - badges that this user has earned. IRIs of badge class - linked badges array - full representation of those badges listed. So, trying to figure out the answer to "How many badges are owned by person X?" [scribe assist by Manu Sporny]
Manu Sporny: Right now they are linked from agendas
Manu Sporny: But looking to see if we have a wiki enabled for our CG -- we do not
Manu Sporny: We had been tracking them in GitHub, but it's not easy for everyone to edit those documents
Manu Sporny: Let me see if W3C would activate a wiki for us
elf Pavlik: We could take this question to the mailing list
Manu Sporny: Any objecttions to trying to collect all this stuff in a GitHub Wiki
elf Pavlik: In Social WG/IG I also proposed using
ACTION: Nate to create github wiki to list all working documents for the group.
Nate Otto: No objections, I'll create an index to the documents discussed in the last several agendas
Eric Korb: Doesn't that go to the concept of Privacy settings?
Eric Korb: With respect to listing creds from an identity?
Nate Otto: No more on vocabulary
Eric Korb: Paging too
Manu Sporny: We will try to align some time offline to chat about the question Nate raised
Kerri Lemoie: Thank you
Manu Sporny: Thanks, everyone. will chat again next week.
Nate Otto: Thanks, all