VC WG Telco — Minutes

Date: 2021-09-15

See also the Agenda and the IRC Log

Attendees

Present: Ivan Herman, Juan Caballero, Charles Lehner, Brent Zundel, Manu Sporny, Ted Thibodeau Jr., Wayne Chang, David Chadwick, Ryan Grant, Dave Longley, Dmitri Zagidulin, Michael Kupjetz, Kyle Den Hartog

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Charles Lehner, Kyle Den Hartog

Content:


Brent Zundel: Most of today will be looking at Pull Requests. We have pretty much until the end of month to get those in place.
… Welcome, rgrant

1. VCWG at TPAC

Brent Zundel: TPAC Meetings scheduled for 26th & 27th of October.
… Tentatively no agenda set, but want to keep on calendar to be available should we need to be at that point.

2. Next VCWG Charter

Brent Zundel: Update on the next charter. The process we went through: created a draft charter, reviewed by the advisory committee (AC)
… At the point of ready to announce call for participation
… Then possibility of DID WG also being a full WG. Recognition that participation of community members may be spread thin between two full-time WGs. So possibility of revising charter. Up in the air at this point.
… We don’t know for sure what the charter will be. There is agreement we want to have a VCWG, but the scope is unfortunately not clear at this point.

Ivan Herman: I think you jumped some hooplas, and we have to get the minutes right.
… We did not get ready by the AC, a long way not.

Brent Zundel: At the point of asking for it?

Ivan Herman: Not. At stage of notifying of working on new charter.
… Meaning we are happy to have discussion with the AC - an open discussion.
… When the waves are quieted at that one, can go do the formal review.
… We were at the point of announcing to the AC that we were working on this charter.
… I had most of things lined up for that, and then we got to this point.
… So we are way earlier in this process than what you described.

Brent Zundel: Apologies to the group. It was “Hey AC, we want to talk about this charter” - not “we have this charter”

3. Review PRs

Brent Zundel: https://github.com/w3c/vc-data-model/pulls

Brent Zundel: We have some PRs to review. Before we jump into PRs… David, I believe what you were looking for is a brief kind of review of GitHub guidance for raising and submitting PRs, and responding to comments in them.

David Chadwick: Yes. When working on the original version, I used GitHub Desktop. In this version, some got accepted on the browser, and that threw my desktop somehow, got out of sync, hopelessly tangled (Credentials vs. Verifiable Credentials) - which you did fix, thanks; I don’t want to get in that mess again.
… Ted, I think you said you can do everything in the browser? If that is the case, I would like to do that.

Brent Zundel: Since we did the first spec, GitHub functionality has expanded quite a bit for what you can do in the browser.
… I still prefer the desktop process, since that’s what I’m most familiar with.
… One thing you may have run into is that when you accept suggestions from folks, it can make the version you are working on online out of sync with your desktop version.

David Chadwick: Exactly, right.

Brent Zundel: So you need to pull changes to your desktop.
… But the real process is to say “this isn’t working for me, please help”
… And there are folks more than happy to help untangle things.
… Because regardless of the amount of experience you have, you will inevitably end up GitHub-tangled if you do it enough.

Ted Thibodeau Jr.: Git itself is a maze of twisty windy passages, all different.

David Chadwick: I will try using the browser, given it’s got new functionality.
… I’ve also used GitLab.
… After we finished the recommendation in 2019, for our development work we used GitLab instead, and I found that browser worked very well - so I didn’t bother using desktop.

Brent Zundel: … The web capabilities are better…

David Chadwick: … Thank you

Brent Zundel: https://github.com/w3c/vc-data-model/pulls?q=is%3Aopen+is%3Apr+-label%3Adefer-v2

3.1. Use URI id for credentialStatus and refreshService (pr vc-data-model#819)

See github pull request #819.

David Chadwick: This is a PR that uses a URI id for credentialStatus and refresh service. It has a couple approvals already.
… This was in response to an issue that said… some say URI, some say URL. This takes the two instances that say must be URL, and change to say must be a URI.
… Last time, we discussed, this might not actually be a breaking change?

Manu Sporny: This is a normative breaking change. It doesn’t matter if it’s a subset: we are changing the normative… what’s allowed.
… Even if nobody cares, it’s technically a 1.2, thing, and it’s labeled as such.

Ted Thibodeau Jr.: normative, but should not be breaking, because it relaxes requirements. I think it does class as a typo bug.

Brent Zundel: Question for group: do we agree that this is a bug in the specification?
… If it’s not, it needs to be deferred to v2.

Manu Sporny: I didn’t get a change to review… I recall we limited it on purpose - but don’t remember if it was these two things specifically.
… I want to be careful about this change because I believe we said you want to be actually able to go out and discover this information.
… I’d like a little more time to review it, to make sure we are not undoing something we wanted to do.

David Chadwick: @manu +1

David Chadwick: I also remember that it was a URL so that it could be fetched

Brent Zundel: That is the primary question. Is this addressing errata. Is it substantive… because we can only make substantive changes in response to errata.
… If we can’t answer that, it will be deferred.

Kyle Den Hartog: The only time I’m aware of this being a concern is with credentialStatus and Revocation Status 2020. There is a normative statement that references an id and says it needs to be linkable.
… They are utilizing the VC Data Model… that could create a conflict… suggest taking a look at it.

Manu Sporny: Now… my memory is being jogged… we absolutely meant URL. So I believe probably the fix is wrong and we shouldn’t merge this.
… But I would like more time to dive in and consider it.

Ted Thibodeau Jr.: I’m fine with having the discussion in the GitHub pages… but having a URL does not guarantee it is dereferencable any more than URI…
… URL abstracts by location… just a construct that makes it easier for humans to look at it… It’s a difference without a difference.
… Like I said, we can have the argument in the GitHub pages… but it will just go on forever if we need to.

Dave Longley: there would be no problem with revocation status type imposing additional constraints on top of the vc data model spec

Dave Longley: (in response to kyle)

Brent Zundel: Reminder, the conversation minuted here will automatically go into the PR. I agree that conversation should continue there.

Manu Sporny: I agree with TallTed – we probably need to say “you have to be able to get information from the URI” or something to that effect

Brent Zundel: We’ll move to the next Pull Request.

3.2. update normative statements in ZKP section (pr vc-data-model#818)

See github pull request #818.

Brent Zundel: PR 818. Update normative statements in the ZKP section. A little more extensive of a PR.
… Kyle, since you’re here, can you walk us through the changes

Kyle Den Hartog: Just trying to update things as best as possible. Particularly in the normative statements, but also to go around addressing smaller fixes to make it more readable
… to make the ZKP section be able to fit CL signatures, particularly with Anon Credentials
… but also to allow the BBS+ suite.
… The main things are the list, basically removing the requirement to use a credentialSchema - and also tweaking the possibility to generate a proof…
… It says it must contain a proof property… obvious. The additional constraint is so the holder can derive credentials to reveal only what they want to reveal.
… So I was trying to convey the ZKP must have some … property
… The ZKP layer, mainly around the guarantees of the credentialSchema, making sure not to change guarantees around leaking additional information.
… Also in the proof, the ability to link things to the credentialSchema.
… Sorry, that was tough…

Brent Zundel: Thank you, we know it is late/early where you are
… Ted has raised concern about some language around holder binding. I think these are valid concerns and we should have conversations around it.
… I don’t know if this place is the right place to have those conversations.

Dave Longley: I don’t think this PR uses that language (would have to double check)

Brent Zundel: The comments were around things in the spec that this PR isn’t changing.
… I wouldn’t want to hold up this PR, but would like to work on addressing this concern.
… What does the group think?

Ted Thibodeau Jr.: I’m fine with spinning it out into a different issue - I just raised the comment there because that’s when I noticed it - don’t know how it slipped by in past readings.

Brent Zundel: I think this is an important conversation to have, ties in with other issues.

Kyle Den Hartog: To add to that, I think this is an indication that … broader changes, decoupling the subject/holder binding issue… better to address separately.

Brent Zundel: Ted, if you would open a new issue…

Ted Thibodeau Jr.: I’ll spin one up now.

3.3. Removing proofs from examples (pr vc-data-model#817)

See github pull request #817.

Brent Zundel: 817. Removing proofs from examples.
… I think we could have quite a conversation around this today - happy to spend time doing that.
… This PR does what it says the title is - removes the proof property from examples.
… What do folks think?

Manu Sporny: I would like David to intro - but I have to go in two minutes. Real quick… I think it’s problematic to remove the proof property from all examples.
… I think it’s okay to talk about Credentials vs VCs - that has been merged…
… I think we should have example of JWT-based proof, vs. no proof, vs. linked data integrity proof.
… But this PR removes proof from all examples… strong -1 to doing that.

David Chadwick: I’ve put my rationale in the PR.
… Basically, when we started, we all thought every credential would have a proof property.
… I don’t think anyone thought we wouldn’t have a proof property.

Manu Sporny: We thought there would be VC w/o proof property

David Chadwick: We didn’t know what it would like, so we put "proof": ...
… Then Oliver added JWT… we had the discussion what does the proof look like for JWT…
… Manu argued the proof property should be removed, so it was…

Manu Sporny: That’s definitely not what the set of arguments were :(

David Chadwick: That makes all the examples invalid if you are talking about verifiable credentials in general.
… I think we should be consistent…
… Either use JWT, or remove proof…

Brent Zundel: To rephrase what Manu was saying, I don’t think he was disagreeing with you in principle… just may need more deliberation rather than wholesale removal of all of them.

Manu Sporny: Yes, what Brent said.

Manu Sporny: -1 for removing proof from majority of examples :(

David Chadwick: I can go along with that if the majority…
… but just to randomly scatter properties into the examples without a logical reason - I’d like to know what the reason would be

Dave Longley: maybe we want a comment above the "proof": "..." property that says “// or ‘proof’ is externalized via JWT”

Kyle Den Hartog: What i saw come from Michael Herman that I thought was reasonable was the ability to do multiple credentials - with a tab format
… Would it make sense to use [different formats]?

David Chadwick: I think that would be great, but a lot of work… And the ZKP people may ask for a tab.
… And the mobile driving license people may ask for one…
… There is just that issue to consider.

Brent Zundel: +1 kyle

Kyle Den Hartog: Yeah, in my opinion, ZKPs would be reasonable since we have sections to describe it. mDLs may be out of scope, as no one has been able to align the two data models to show compliance at this point.

Dave Longley: +1 to tabs being a better solution

Kyle Den Hartog: I’m happy to help around work for this stuff as well to get the tabs in

Brent Zundel: Conversation can continue in the PR.
… There is a possibility that as the PR is reviewed in the next few weeks we can come to agreement on it - or in beginning of October… pretty firm cut-off point for normative/substantive changes in the revision.

3.4. clarification of schema property (pr vc-data-model#816)

See github pull request #816.

Brent Zundel: Next: PR 816

David Chadwick: I raised this because it was on a different list - TallTed asked me to point to it here.
… Some people are creating schemas that cover the credential subject and not the whole credential.
… I thought this could be because the text is not clear.
… First thing I found is that there is no statement that the credentialSchema must be present.
… But that would be a breaking change. So made it a “CAN”.
… I think the text is clear that the schema property is for the entire credential.
… But there are now two other issues which I’ve put there: what about verifiable presentations?
… There could be different flavors of VPs… If the group agrees, we could put schema for VPs.
… The second issue: Should we put a note in, to specifically say that the schema is not intended to apply just to the subject.

Kyle Den Hartog: +1 I’m good with adding those to this PR

Brent Zundel: I am personally fine with those additional pieces of text being added to this PR, just because it is part of the same conversation we’ve been having.
… I’m not opposed to the addition of normative language if it’s needed to address errata.
… I agree with Manu that in this case it would be difficult to say how this would be testable. Making a normative statement may not give us the assurances we are hoping for. And as you said, changing it to a “CAN” is fine.
… So the normative change would be to add a schema property for use in the VP. I think that is arguably errata and could be incorporated in the revisions we make, as long as it goes in this review period.
… Any questions, comments, before moving on to the next PR?

Manu Sporny: o/

3.5. Added intended audience, purpose, goals/non-goals (pr vc-data-model#814)

See github pull request #814.

Brent Zundel: 814 is intended audience purpose and goals and non-goals.
… This is in response to a couple of issues. This PR adds to the introduction some deliberate language around who the intended audience for the recommendation is or should be, or who we were writing it to.
… Long conversation back and for there; as well as a purpose statement, for the goals of the specification.
… I think a number of these additions could be beneficial for the specification. Some of them are not clear to me how necessary they are.
… I don’t see Michael Herman here…
… I know he and Dave have been having the bulk of the conversation…
… Dave, would you talk about this PR?

Dave Longley: Sure. My feedback is largely around do we agree on the purpose and intended audience.
… I thought was added here might be a little broad.
… I’ve given that feedback to Michael… I think he said he would address those concerns.
… I think more people should look at this PR
… to make sure it matches our intended audience and purpose.
… I think we should get more approvals on it to accept it.

Brent Zundel: +1, please review.
… This one in particular, is arguably editorial, but makes a lot of statements.
… If we don’t agree these are statements that we as a group want to make… those are questions we need to address.

Ted Thibodeau Jr.: +1 more reviews/input/confirmation == more better

3.6. Clarified subtitle of Data Model (pr vc-data-model#780)

See github pull request #780.

Brent Zundel: https://github.com/w3c/vc-data-model/pull/780

Brent Zundel: One more… in case anyone has had this brilliant realization: what should the subtitle of our data model be?
… There has been quite a conversation, refining it…
… The summary at the end was… let’s just keep looking.
… If no one has anything more to suggest, we’ll move on to issues.

4. Issue Triage

Brent Zundel: Not seeing anyone jump on the queue…

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+-label%3A%22substantive+change+v1.2%22+sort%3Aupdated-asc+-label%3Av1.1+-label%3Adefer-v2

Kyle Den Hartog: I wanted to see if we could prioritize the substantive changes, since that’s what I had prioritized.

Brent Zundel: Yes - I am fine doing that, because any issues that we triage as 1.2 - it’s pretty much too late to actually address at this point.
… If no one else is opposed, we can do right to the 1.2 issues that have already been triaged.
… How do folks feel about that?
… Okay, then let’s do that. Good point, Kyle.

5. Review v1.2 Issues

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+label%3A%22substantive+change+v1.2%22+sort%3Aupdated-asc

Brent Zundel: This is all of the 1.2 issues ^

5.1. ZKP implementation - why proof and schema mandatory within derived VC? (issue vc-data-model#726)

See github issue #726.

Kyle Den Hartog: First one I’m seeing is issue 726…
… This one we were able to get covered - there is a PR for it.
… The discussion is ongoing in #818.
… I believe we should be able to get that through after the issue that TallTed was able to open for us.
… I’ll go ahead and triage…

Brent Zundel: Do we feel that the PRs that are open address these issues specifically?

Dave Longley: +1 that ZKP PR would address this

Brent Zundel: For this one, I believe yes
… but look forward to others’ opinions.

Kyle Den Hartog: Looks like yes, in IRC chat… I’ll assume it’s good to go.

5.2. RFC 3339 vs ISO8601 vs XSD Date Time (issue vc-data-model#782)

See github issue #782.

Kyle Den Hartog: Next we have 782
… Orie found some good details where xsd:dateTime is slightly different from what’s defined within RFC 3339, then goes to highlight this.
… There’s currently no PR open. It was my intention to open a PR for this, but not sure how to do it. Manu has dropped some suggestions…
… We’re waiting for someone from i18n since they opened it.

Brent Zundel: My recommendation is if we get in a PR today, we can announce it is under review at the CCG today… then we can refine that PR according to discoveries we make during the two-week PR, and will have addressed the process requirements
… so that this change can end up as part of our revision.

Kyle Den Hartog: That makes sense.
… I’m uncertain if I’ll get to it today - but in the next day or two.

Brent Zundel: As long as we get a PR whose review period would end by end of September, we should be okay. So today or tomorrow.

5.3. URIs or URLs for ids (issue vc-data-model#748)

See github issue #748.

Kyle Den Hartog: https://github.com/w3c/vc-data-model/issues/748

Charles Lehner: This issue was about a variation between URLs and URIs and there’s a PR open to address it

Brent Zundel: We discussed earlier that a determination needs to be made around if this is errata or now
… there’s an argument to be made that it’s not and I’m happy to here arguments on if it is errata
… right now it’s considered an errata and we need to finalize that decision as a WG

David Chadwick: I don’t think we have to resolve this today - can give Manu more time.

Kyle Den Hartog: I agree, and expect he may be able to cover it, although he may be on vacation.

6. Triage Issues

Brent Zundel: Anything else? Or can do some issue triage for 1.1 issues to address

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+-label%3A%22substantive+change+v1.2%22+sort%3Aupdated-asc+-label%3Av1.1+-label%3Adefer-v2

Brent Zundel: This should be all the issues that do not have a label ^

Kyle Den Hartog: https://github.com/w3c/vc-data-model/issues/797

Kyle Den Hartog: First one I’m seeing is #797

6.1. [PRINCIPLED OBJECTION] The VC data model specification 1.0 is not implementable in the ways it appears to be intended based on the text of the current specification document (issue vc-data-model#797)

See github issue #797.

Kyle Den Hartog: Short summary: this is basically something that’s led to a separate CCG work item - hence why I’ve labeled it related content… really just a filtering mechanism so I don’t have to keep having it pop up in front of me as something untriaged…
… Intent is to have closed… given it is a CCG work item I don’t think we need to formally track it.

Brent Zundel: Because he has formulated it as a “principled objection”, I do need to, as a chair, reach out to him… There is a little more process we have to go through before saying we are resolving this.
… I will reach out to Michael Herman…

David Chadwick: I didn’t think that it was a CCG work item… I thought we have a meeting next week that it is a proposal for a new work item - and won’t know if it will be accepted until next week.

Brent Zundel: I agree. Hopefully another work item owner volunteers.

David Chadwick: I think we’ve had another volunteer already.

Brent Zundel: Excellent.

Kyle Den Hartog: I believe that covers it for now.

6.2. [VC-DATA-MODEL] This recommendation has no stated purpose, goals, or intended audience statements. (issue vc-data-model#813)

See github issue #813.

Kyle Den Hartog: #813. This is actually a non-triaged one - what we want to do in terms of handling the PR that is already opened.
… We’ve been able to discuss this now… about making sure that people are reviewing this.
… I think the general assessment here is that if there is something, it would be a v1.1.
… My personal take is that these are kind of obvious things that don’t need to be statement.

Brent Zundel: +1

Kyle Den Hartog: So I kind of see this as a non-issue if it is anything.

Brent Zundel: Agree… does anyone disagree that this is a v1.1?

Dave Longley: it if ends up being addressed it’s 1.1, IMO

Brent Zundel: if it ends up being addressed, that it is non-normative and non-substantive?
… Okay, I’ll go ahead and add the v1.1 label to it, and we can move on.

Kyle Den Hartog: Sweet, thank you. Next one is #815.

6.3. VC-DATA-MODEL: adding more examples of non json-ld credentials (issue vc-data-model#815)

See github issue #815.

Kyle Den Hartog: This one is a thing that has spawned out of one of the PRs that he raised, I believe. This is about being able to add the tabs in there…
… I did do some research on how this is possible… Looks like there is some good stuff already written out in the JSON-LD spec that makes this possible…
… I’ll look at it, but unlikely in the next day or two…
… If we’re fine with triaging this as 1.1, I think that gives us a little more time. Is that correct, Brent?

Brent Zundel: Yes, we have a couple more days to produce a static version with all the substantive changes that require a 60-day review.
… If at the end of the review, we have unsubstantive changes, I believe it is okay to add those… is that right, Ivan?

Ivan Herman: I’m not going to correct you :-)

Brent Zundel: I’ll go ahead and label this 1.1.

6.4. Question: Using Refresh Service Property to update a credential when Credential Subject has a new field (issue vc-data-model#820)

See github issue #820.

Kyle Den Hartog: Sweet. Looks like we have one minute left…
… last one is #820 - a new one that just popped up
… I haven’t had a chance to read it…
… I don’t even know how to address this…

Brent Zundel: On first reading it doesn’t seem like they are requesting changes
… to the specification, just asking for clarity
… I believe we can label it as a Q

Kyle Den Hartog: I believe this may be similar to David Chadwick’s PR… I’ll take a look

Brent Zundel: In the meantime, I’ve put the label.
… Thank you everyone for your hard work, especially these last few weeks.
… I look forward to seeing I think one more PR Kyle from you, then we’ll make a static version, vote on as a group that we want to submit it as a revised recommendation, and that begins the 60 day review period.
… So we are still on track. Thank you everyone. Thanks Charles for scribing.