Credentials Community Group Telecon

Minutes for 2015-11-03

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2015Nov/0001.html
Topics
  1. Introductions to New Participants
  2. Work Generated as a Result of W3C TPAC
  3. WebDHT Spec Released
  4. Reorganizing this group around new Task Force
Organizer
Manu Sporny
Scribe
Nate Otto
Present
Nate Otto, Manu Sporny, Greg Kidd, Alex Jackl, Chris Webber, Dave Longley, Gregg Kellogg, Brian Sletten, Matt Stone, Stuart Sutton, Sunny Lee, David I. Lehn, Richard Varn, Eric Korb, Rob Trainer
Audio Log
Nate Otto is scribing.
Manu Sporny: On the agenda today, an overview of what happened at the Techncal Plenary last week. It went great.
Manu Sporny: We have released a decentralized hash table for the web spec -- start the conversation on that technology
Manu Sporny: Also, reorganize the group around new tasks
Manu Sporny: And, new folks today: Greg and Alex - Introductions to them at the beginning of the call
Manu Sporny: Any updates to the agenda or other items to add? ....
No updates

Topic: Introductions to New Participants

Greg Kidd: I have a background in the payments world - Worked for the Federal reserve board of governors that runs the check clearing ACH system. Interested in identity. Interested in seeing standards promulgated so that folks only need to create an identity once and use it for distributed login to many systems.
Manu Sporny: Welcome to the group
Alex Jackl: I'm the CEO of Bardic Systems. We're a Technology/Managemnt consultancy in education. Co chair of experiential learning task force, and chair of the technical board of the schools and interoperability standards. Interests in making sure the work we're doing locally in credentialing is synchronized with global work. (scribe note: Alex, could you type the names of the orgs you mentioned, because I'm sure I wrote them down wrong)
Manu Sporny: For new folks, one of the things we've been working on in this group over the last year is trying to start official working group at the W3C. We've been working on specs, technology, use cases, vision, all that stuff for the last year.
Alex Jackl: Bardic Systems, Inc. (bardicsystems.com) is my company name... :-)
Manu Sporny: We had a little trouble with W3C management getting on board with the initiative, so in order to convince them, we went out to do a bunch of research about companies requirements. We presented this information at TPAC in Sapporo Japan last week.
Manu Sporny: Specifically, we were presenting to two main groups. 1) the Web Payments Interest Group -- Payments depends on identity and credentialing pretty heavily. They're not taking on this topic in phase 1 of their work but may do so in phase 2. 2) The general W3C membership who are not in the Web Payments IG. Includes many browser manufacturers and many other companies participating in the W3C.
Alex Jackl: Schools Interoperability Framework - specification run by Access For Learning Consortium (formerly SIFA) a4l.org
Manu Sporny: Rather than go through a blow-by-blow (we don't have enough time to talk about all the hallway conversation about identity and credentialing), I'll try to summarize the outcomes
Manu Sporny: The Web Payments IG has decided that there should probably be a Credentialiing Task Force. The purpose of this taskforce is to create a charter for an official Credentials WG at the W3C.
Manu Sporny: This was more than we were asking for, so that's good. The Web Payments IG feels we should incubate the WG within the Web Payments IG with input from healthcare interests, and other WPIG consituents, then put the charter developed up for a vote
Manu Sporny: Also, because of the data we gathered, the W3C management is on board, provided we can make the more reluctant members happy. Now they are certainly convinced that the W3C should do something about it, and are deferring to the Web Payments IG to decide how to go forward to do the work
Manu Sporny: There were some concerns about how what we're doing fit with OpenID Connect, OAuth, JOSE. Those interests raised some questions that they feel MUST be answered before they would vote in favor of creating a Credentials WG
Manu Sporny: Web Payments Interest Group appointed Manu to run the proposed task force
Manu Sporny: The Technical Plenary day, we hosted an unconference session to invite any member who was not in the Web Payments work to also participate
Manu Sporny: Let me share an image. I want you to see who was in the room
A crowded room! (The Web Payments Interest Group)
Manu Sporny: To get support from a group this size is a big deal. We only need 20 positive votes, and there were ~65 people in the room. These people are already convinced they want to do something around credentialing.
Manu Sporny: On Wed, the Technical Plenary day, we picked a small room, because we hadn't done a lot of convassing group. Could fit 14, but 35 showed up.
Manu Sporny: The chairs of the JOSE WG, OAuth WG, IETF Domain Leads for Security/Identity&Privacy, a number of very large browser manufacturers (which was interesting to see them interested so early in the cycle)
Manu Sporny: There was a very healthy reception to the work. We showed the same presentation to show the data that shows this work is important
Manu Sporny: There were many who were frustrated that it's taking this long to solve these problems. Reason: Everyone is being a bit cautious this time around, because of so many previous failed opportunities.
Manu Sporny: Really positive outcomes.
Manu Sporny: I did have a fairly in depth discussion with sir Tim Berners-Lee, who was very interested in the ID/Credentialing work as well as Linked Data Signatures. He has extended an invitation for us to chat with some of the groups he works with. Vint Cerf was also there. All were very supportive, mainly around security and the Web & Linked Data, but were also supportive of credentialing -- && see it as vital for the next generation of the Internet
Manu Sporny: The other outcome of hallway discussion at TPAC: There is a push to fast-track community group work at the W3C. They're looking for CGs to take their work and fast-track it through the W3C process. The Credentials CG is one group that was identified as having a fast-trackable spec.
Manu Sporny: Criteria for fast trackable specs: multiple implementations, tests, .... ID Credentials doesn't yet meet the bar, but RDF signatures is a candidate
Manu Sporny: This was a firehose of information
Manu Sporny: Questions / concerns from the group?
Manu Sporny: There is an insane amount of work that the last week generated.
Manu Sporny: We'll go through the to-do list for this group next up.
Alex Jackl: Did you document the usage/needs research?
Manu Sporny: We polled 58 organizations and got 44 responses.
Manu Sporny: We asked each organization: What is your top use case, and what features do you want to see out of the Credentials work?
Manu Sporny: Alex, here's the survey response data: https://lists.w3.org/Archives/Public/public-credentials/2015Oct/0016.html
Nate Otto: What do you feel about the timeline? How do tasks line up with the calendar? [scribe assist by Manu Sporny]
Manu Sporny: There is clearly a desire.. Before TPAC, there was pushback against moving quickly. Now there is a sense of urgency to move quickly. Everyone is now pushing us to get done more quickly than we have the people to do. We have far more work in front of us than people to do the work.
Manu Sporny: Getting this WG spun up is pretty much on us at this point. The faster we can get through the background work, the faster it can start.
Manu Sporny: We need to get the Web Payments IG to finally invite non IG participants into their group. One piece of pushback from meeting: a couple members said we know credentialiing is important outside of payments but we're here to work on payments so we shouldn't include education and healthcare angle. That got pushback, because folks felt technology should be generic enough -- counter-argument to that is that without input from healthcare & ed throughout entire process we might not make something useful to those sectors. Also the sectors putting the most money into this right now are healthcare and education with financial sector lagging behind. We need to clarify to that group so that this group's members can participate.
Manu Sporny: We will likely shift these Tuesday calls to become the "Credentials Task Force calls"
Manu Sporny: The Task Force will focus on the things we've already been focusing on in this group. It would now just be an official W3C activity.
Manu Sporny: Near term, we need to get the task force stood up. Then, get the draft charter work through. Then, write a whole slew of supporting material: how we're different from prior techs, go through all those arguments, answer all those questions.
Manu Sporny: There were some very informed people who have worked on this stuff over the last 15 years who were reluctant to sign off on this. Brad Hill from Facebook (ex-Paypal, deeply involved) felt we needed this documentation to be convincing to the security community.
Manu Sporny: Bloomberg, PayPal concurs
Manu Sporny: Todo: document all the criticisms and written answers to those criticisms.
Chris Webber: Oh, I can probably make that!
Manu Sporny: Face to face in SF next Feb or Mar. It would be smart for us to convince them to have a credentialing Face to Face at beginning or end of that meeting.
Manu Sporny: Hopefully that meeting will be the final sign-off on the charter before sending it for the official vote.
Manu Sporny: If we stick to that timeline, we will have an operational WG by march/early april 2016.
Manu Sporny: The more work we get done on the technical specs between now and then, the faster we can get started.
Nate Otto: Yes, have to do a lot of planning for BA over next several months - need to make sure this lines up well with that. [scribe assist by Manu Sporny]
Manu Sporny: Any other thoughts/ concerns about what happened last week
Dave Longley: Just a general thought: "Great work Manu"
Manu Sporny: All the prep work we did over the last year really paid off at TPAC. I don't want to make it sound like it was all roses and unicorns and it was great, but all the criticisms that were raised we had answers to. I think that helped convince everyone that we were ready to go to the next stage.
Manu Sporny: Thanks to everyone, that work helped us make this breakthrough at W3C.
Manu Sporny: Now let's review all this work that's in front of us.
Alex Jackl: Could you talk more about the pushback and what obstacles might show up along the way?
Manu Sporny: There are two basic levels that the pushback occurred on. At the technical level; At the Political level
Manu Sporny: The technical pushback has to do with questions around why we're not reusing some of the technology that exists out there. For example JOSE, which tells you how you digitally sign JSON data.
Manu Sporny: We use a different approach called Linked Data Signatures. The JOSE group is asking us to defend why JOSE doesn't work for what we're trying to do. I met with Richard Barnes (sp) who's co-chair of JOSE group. His perspective: This stuff isn't rocket science. You just have to make sure the primitives you use are well tested. He'd be happier if we use the JOSE stack (& threw out some ideas for how that might work). The chairs of this work are very level headed.
Manu Sporny: The other side of that coin is -- we sat down for a 1-on-1 with Tim Berners Lee & his group at MIT AI Lab, lots of future-looking web research. Tim felt the LD sigs work and dataset normalization needs to be done as soon as possible. He's been trying to get it done for close to a decade. dlongley has been involved.
Manu Sporny: Tim had tried to address these problems a number of years ago, along with many other researchers.
Manu Sporny: When it comes to the political stuff -- you can tell who the orgs concerned about this work by noticing their lack of presence in the room. e.g. in the Web Payments work, VISA and MasterCard aren't there. There's a perception that there isn't anything but downsides for them in the Web Payments work (but not true!). Big social networks like G+, FB aren't involved in identity work because it may disintermediate their place as providers
Manu Sporny: The people who raise those points often try to raise this in process or technical issues ("we should be using IETF specs" ... )
Manu Sporny: Can you talk about the browser manufactures being in the sessions
Manu Sporny: The pushback was in the minority, but some of those players work for very large organizations, and we can't not respond to this.
Gregg Kellogg: There was something you said about JSON-LD Patch along with LD signatures work? That's part of the LD platform, but curious why this was put together.
Manu Sporny: I had a hallway chat related -- there are a number of specs associated with Linked Data that are languishing. Some of these specs are failrly complete and ready to go. RDF Normalization is an example of this. I have no familiarity with LD Patch, but it was suggested that it is in this same ballpark. The chances that another WG would be created around LD Patch are very low -- there isn't enough desire to overcome the heavy weight of the process. Some folks recommended putting specs that are ready to go to Recommendation status into this working group as well.
Gregg Kellogg: If we're doing that, JSON-LD Framing really needs to be considered.
Manu Sporny: Concern: if we put in too many specs, this lightweight process becomes a heaviweight process, and we might lose the ability to fast-track other specs.
Manu Sporny: The process with these proposed fast track groups: The first publication you do as an official WG is skip right to the candidate Rec stage. WG lifespan is supposed to be a year, because we're supposed to have the implementations.
Manu Sporny: The question is then, is LD Framing there? Is LD Patch there? Some people wanted to put LD Signatures there, but I have reservations.
Manu Sporny: If it looks like we're headed toward success after 6months, then there will be an opportunity to fast track other things as well.
Manu Sporny: That's generally the thought process threre.
Manu Sporny: There is a desire to fast track something, to test out the process.
Manu Sporny: We folks who have been working in this space for a while, we tend to test out new processes. We're being asked to be the guinea pig in this new fast track process.
Gregg Kellogg: I'd be willing to participate
Manu Sporny: Heads up... you might be called on to chair some groups
Manu Sporny: That's where we are with the fast track work

Topic: Work Generated as a Result of W3C TPAC

Manu Sporny: Really quickly in 15min, let's go over the work we have to do
Manu Sporny: Create proposal for Credentials Task Force in Web Payments IG: need to do this this week.
Manu Sporny: Standards Implementation Foundation is moving forward: a place to put money to pay people to write specs
Manu Sporny: In order to speed up process, we need to funnel some money toward people doing this work. We have been asked to put in place a board of directors, as well as create an advisory committee
Manu Sporny: Board will be people who are not receiving money from SIF and have demonstrated propensity to support the open source implementation
Manu Sporny: Advisory Committee for Standards Implementation Foundation also
Manu Sporny: We need to get the SIF spun up sooner rather than later, because there is a lot of pressure to get things done over the next few years
Manu Sporny: Start conversation on Creating proposal for Fast Track Linked Data Platform WG (LD-Patch and RDF Dataset Normalization) right away
Manu Sporny: Linked Data Key management spec needs to be created, lots of specification work on this list
Manu Sporny: We need to make sure that Dataset Normalization spec does what the existing implementations do
Manu Sporny: We need this to-do list pretty much done by the beginning of January. This is an incredibly aggressive timeline. If this work is slowed down, it will be our fault, not anybody else's.
Manu Sporny: Any questions on the to-do list?
Manu Sporny: Please suggest additions to the to-do list if something isn't on our radar
Nate Otto: That's a dangerous suggestion, manu!
Alex Jackl: Manu, are you the project manager for making sure these tasks get done?
Manu Sporny: This group does not have a chair yet. I'm just organizing temporarily until chairs are selected. stonemat_ and Richard Varn have volunteered. I'd be happy to step away when possible, but until then, I'm the point of contact.

Topic: WebDHT Spec Released

Manu Sporny: One of the nice things about being trapped on an airplane for 11+ hours is you can do some spec-writing.
Manu Sporny: I wrote down our current thinking for the Web DHT spec
Brian Sletten: False. There is nothing nice about 11+ hour plane rides.
Manu Sporny: The credentialing work requires that you assign credentials to a decentralized identifier, basically an identifier that people own. Domain names are not good enough (email addresses too) if you don't pay your yearly fees, etc. If you end up on the wrong side of a trademark dispute, or government watch list, your domains can be taken away.
Manu Sporny: If we're going to tie identifiers to someone, we need to make sure they have control of their identifiers.
Manu Sporny: Other methods exist: NameCoin, IPFS; there are all kinds of ways of doing this. The WebDHT method is a proposal built on web technologies & has a better chance of getting through the W3C process than others.
Manu Sporny: Some proposals in this group, like authorization.io are built on WebDHT
Manu Sporny: That document is out there now - The Web Payments IG is having a healthy discussion about this right now. Encourage all to read it to understand some of the assumptions that WebDHT is built on. It is completely uncertain when this may be taken to standards track
Manu Sporny: So: that's WebDHT. Any questions?

Topic: Reorganizing this group around new Task Force

Manu Sporny: We've been operating for quite some time as a Community Group
Manu Sporny: This type of group has no official standing at W3C. It's where most pre-standardization group at W3C is done. We have been fairly successful, and now people want to move this to the next stage.
Manu Sporny: Question: should we add a new parallel call for the Task Force, or replace this call with the Task Force.
Manu Sporny: The idea is that everyone who is currently participating will be able to continue to participate.
Manu Sporny: What are the feeling of the folks on the call?
Dave Longley: +1 Replacement if CG members can join.
Chris Webber: +1 To replacing
Matt Stone: Say for a minute if we added a second call, how would agendas differ?
Nate Otto: +1 To replacing the call
Gregg Kellogg: +1 For replacing call
Brian Sletten: +1
Alex Jackl: +1 For replacing
Stuart Sutton: +1
Manu Sporny: The big IF is with w3c membership. Typically non-W3C members are not allowed to participate in IG meetings. Manu will try to convince Web Payments IG chairs to invite non-members in. There is a concern around patent/royalty commitments.
Manu Sporny: Other paying members can get annoyed when they see non-paying orgs participating in payment-only spaces.
Manu Sporny: It looks like the group agrees -- we'll propose this in the Web Payments IG and see where that goes.
Manu Sporny: We'll definitely want to meet again next week
Manu Sporny: Anything else before we go?
Chris Webber: Packed call!
Chris Webber: But good coverage :)
Alex Jackl: Glad to be participating... thank you
Nate Otto: Lots of people talking about Backpack and OpenBadges - we may want to align that work with this work. [scribe assist by Manu Sporny]
Manu Sporny: Congratulations to everyone on a victory well earned
Eric Korb: +1 To all