Credentials Community Group Telecon

Minutes for 2015-10-20

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2015Oct/0017.html
Topics
  1. W3C TPAC Credentials Presentation
  2. Introduction to Rebecca Simmons
  3. Introduction to Deb Everhart
  4. Linked Data Signatures Update
  5. HTTP Signatures Update
Organizer
Manu Sporny
Scribe
Manu Sporny, Matt Stone, Dave Longley
Present
Manu Sporny, Matt Stone, John Tibbetts, Deb Everhart, Eric Korb, Nate Otto, Rebecca Simmons, Dave Longley, Sunny Lee, Annie Janssen, Stuart Sutton, Rob Trainer, Brian Sletten, David I. Lehn
Audio Log
Manu Sporny is scribing.
Manu Sporny: Any changes to agenda?
Matt Stone is scribing.

Topic: W3C TPAC Credentials Presentation

Manu Sporny: TPAC is a venue for many W3C working groups. Many people are interested in learning about new groups
Manu Sporny: Web payments on mon/tues - presentation on Wednesday will focus on gov't, health care, etc.
Manu Sporny: 44 Companies responding, many large, interested in identity credentials work. Gathering evidence to convince W3C to promote this effort to a "Working Group"
Manu Sporny: Trying to get language right.
Manu Sporny: Break slide 2 into a couple slides - too much text here.
Slide 3: shows substantial progress to date by CG
Slide 4: pivot to industry survey: inventory of business/commercial use cases, also indicating gaps in current capabilities.
Manu Sporny: Stonematt: maybe define "KYC" for non-financial vendors
Slide 7-9: more detail from survey
John Tibbetts: Leave order as is on slide 7 - represents a "lifecycle" order rather than order by preference as stonematt suggested
All agreed
Deb Everhart: Why aren't holders a stakeholder in the ecosystem?
Slide 10: quick inventory of ecosystem
Deb Everhart: Any data about whether methods are meeting holders' needs?
Holder example: medical professional, laywers, licensed professionals,
Matt Stone: Are the holders the customer or the product?
Deb Everhart: Thanks for including holders- in my arena, students, the holder is the key stakeholder
Matt Stone: When issuers are operating - holders are the product? [scribe assist by Manu Sporny]
Manu Sporny: That's one way to look at it - another is that holders get to hold their own product (themselves) in a vault. [scribe assist by Manu Sporny]
Eric Korb: Holders are entities?
Matt Stone: Holders are customers - but they do get lost in the mix. [scribe assist by Manu Sporny]
Slide 11: shows interest form organizations aren't members yet. - the member pie gets bigger
Slide 12: call to action.
Nate Otto: A very rapid workshop after a meeting would be good, or a face to face early next year. I would commit to attending.
Dave Longley: +1 To fast tracking as much as possible
Dave Longley: +1 To WG asap.
Nate Otto: +1 Would like a Working Group around these problems and solutions
John Tibbetts: +1 To WG
Eric Korb: +1 To WG
Manu Sporny: Wait, are people pushing for a WG or an IG?
Eric Korb: EK wants to Push!
Manu Sporny: IG is an "easy sell" - they don't do the technical work. our CG has been pretty similar to IG, but IG will introduce W3C approval process
Manu Sporny: IG starts to narrow the scope, WG are very focused on the technical problem/solution

Topic: Introduction to Rebecca Simmons

Manu Sporny is scribing.
Rebecca Simmons: I work out of NYC - I work in payments, represent banks, financial institutions (clearing and settlement) as a lawyer at Sullivan and Cromwell.
Rebecca Simmons: Getting involved in virtual currencies - met Manu at Chicago Payment conference - this is interesting - and where things are moving.
Rebecca Simmons: I worked on regulatory front for Identrust
Rebecca Simmons: I have an extensive background in commercial law - working on UCC (Universal Commercial Code)
Rebecca Simmons: We're trying to figure out how to adjust law to meet new tech needs and vice versa.

Topic: Introduction to Deb Everhart

Deb Everhart: I'm Deb Everhart (@ariadne4444) - formerly at Blackboard - academic and learning credentials - which is exploding right now - working on several working groups and research projects. I chaired the endorsement working group in badge alliance.

Topic: Linked Data Signatures Update

Dave Longley: This is the most recent update to the Linked Data Signatures spec - this update was primarily about two things - first thing was getting this specification in shape so we can remove things that are unnecessary and move them to other specs.
Dave Longley: Removing stuff in the spec that didn't have to do with signatures - update spec to use new normalization algorithm - that spec has also been updated.
Dave Longley: With credentials that we're creating - we need to be able to sign credentials and compose identities - composing identity means being able to select credentials that specify attributes about an identity.
Dave Longley: It's not a complete view about the identity, just specific attributes - once you have composed identity, you need to be able to sign it before you hand it over to someone.
Dave Longley: Being able to do that requires new normalization and signature algorithms - this spec was updated reccently to use this new algorithm and remove bits of the spec that don't need to be in there. This is for more technically minded people - if you have questions about signatures for credentials - we need to address issues in the spec.
Dave Longley: We need to work on algorithm agility, as crypto changes over time we can update easily, etc. we have issues in there noting these items. This spec is much simpler/shorter than it used to be.

Topic: HTTP Signatures Update

Dave Longley is scribing.
Manu Sporny: The HTTP Signatures spec has been updated as well. These are the nuts and bolts that make the credentials ecosystem work. The Linked Data Signatures spec is fairly high-level and is in the W3C domain, and the HTTP signatures spec is low-level and in the IETF domain. So we use the HTTP Signatures spec to let software running on your behalf do certain things.
Manu Sporny: For example, searching for jobs, applying for new positions, ordering medication you need, we expect software to be able to do that and we use the HTTP signatures spec for that. It's been in development for ~4 years it's been stabilizing over the last 2 years. Henry Story from the Social Web WG is working on an implementation of the HTTP Signatures spec, Joyent has one in use already.
Manu Sporny: There aren't any real updates to the spec other than updating the author information and draft expiration date.
Manu Sporny: Next week is W3C TPAC, we're canceling calls for that. But we'll have calls the following week with a lot to discuss.
Manu Sporny: So no call next week.
John Tibbetts: Send out an email with results so we don't have to wait so long? :)
Manu Sporny: Ok.