VC WG — Minutes

Date: 2021-10-06

See also the Agenda and the IRC Log

Attendees

Present: Brent Zundel, Kyle Den Hartog, Charles Lehner, Ryan Grant, Dave Longley, Dmitri Zagidulin, Ted Thibodeau Jr., David Chadwick, Juan Caballero

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Charles Lehner, Brent Zundel

Content:

1. vote on candidate changes

Brent Zundel: https://htmlpreview.github.io/?https://github.com/w3c/vc-data-model/blob/kdh/rec-snapshot-10062021/REC/2021-10-05/index.html

Brent Zundel: if we resolve as a group we will transition in a week and notify the group by email that they have a week to object, i believe will meet process and the narrow window to publish
… Between the 6th and 20th of December is window to publish. If reach resolution today, we should reach the center of that window just right.
… The agenda today is straightforward. Apologies for the lack of content in the agenda reminder email.
… The W3C tools were down; I couldn’t use them to construct the agenda.
… The agenda is to look at a proposal to submit the substantive changes, and all editorial changes thus far agreed upon…
… as a set of candidate changes as an updated recommendation for the Verifiable Credentials Data Model.
… As time remains after that, we will triage issues, and address editorial changes if time after making a resolution about substantive ones.
… Does anyone have questions or comments; desires for changes to the agenda?
… I will begin to construct a proposal; we can tweak the language as a group.
… Here is a rough draft of the initial proposal. I know it needs more. The link is not pretty. I think we need to add language around …

Dave Longley: I think we want to say that the text at that link will be at a static link and it’s what’s at that link that we will ask review of

Brent Zundel: the “according to the process for revising a recommendation” - the reason for being a little less specific and pointing to process… I don’t know if any other spec has gone through this the way we are doing it… so we’ve had to reach out to find out what process requires for creating a static copy… what the process has to be… like for pointing out errata - all of that is pretty new

Dave Longley: What we have is an issue that what we are voting on is at Kyle’s link, but the content will be made static using the usual process, and that link is what will be made public in the request for review.

Brent Zundel: [Reads proposal]. Does anyone want to propose changes to that before we put it to the group?

Ted Thibodeau Jr.: Is that going to persist indefinitely?

Brent Zundel: Is which …?

Ted Thibodeau Jr.: The static thing at that link, the HTML preview

Kyle Den Hartog: No, it won’t; that branch will be deleted…

Ted Thibodeau Jr.: I’m suggesting we need to put in a link to where it will be, in the minutes…
… There’s no other way for people who are reading the minutes to know what we are talking about.
… It could be a static file in our repo, or anywhere in W3C space… FWIW, the W3 systems should be up now (It was down due to cloud infrastructure provider issue for a day.)

Brent Zundel: We do have a somewhat better link…
… I wish Ivan were here, I don’t know where…

Proposed resolution: No sooner than 2021-10-13 we will submit a request for wide review of the candidate changes represented at the link: https://github.com/w3c/vc-data-model/tree/main/REC/2021-10-05. The content for review will be made static using the regular publishing process and changed modulo that process for revising a recommendation (Brent Zundel)

Brent Zundel: I’ve swapped out the link so that we have something more firm to point to.
… Does this ease your concerns, Ted, or should we revise further?

Ted Thibodeau Jr.: As long as that will be persistent, for people coming along in the future.

Brent Zundel: I think so. And I did it as a proposal. So go ahead and vote. ^

Brent Zundel: +1

Ted Thibodeau Jr.: +1

Dave Longley: +1

Dmitri Zagidulin: +1

Ryan Grant: +1

Kyle Den Hartog: +1

Charles Lehner: +1

Wayne Chang: +1

Resolution #1: No sooner than 2021-10-13 we will submit a request for wide review of the candidate changes represented at the link: https://github.com/w3c/vc-data-model/tree/main/REC/2021-10-05. The content for review will be made static using the regular publishing process and changed modulo that process for revising a recommendation

2. issue triage

Brent Zundel: See Open issues

2.1. nonce property (issue vc-data-model#823)

See github issue vc-data-model#823.

Brent Zundel: This link should give us any issues not marked with a … label

Kyle Den Hartog: I’m not certain… we brought up an issue on BBS+, planned to link to it but couldn’t find it…
… I will link to that. +1 to dmitriz’s suggestion… not sure though because nonce is related to proof property - need to double-check on specificity, for specific suites…
… could result in additional text

Dave Longley: I think they are largely asking questions - but ultimately about a property that is not part of the VC data model - it’s part of the proofs
… When VCWG recharters … we might cover this, or defer to other specs

Dmitri Zagidulin: We do mention challenge in the Verifiable Presentation section.
… Unless I’m looking at the wrong version and we took it out…
… I’m wondering if that might be the place to contrast challenge and nonce.

Brent Zundel: We had a similar issue in the Presentation Exchange spec…

Dmitri Zagidulin: or maybe it would be good to add language to the VC Implementation guide?

Dmitri Zagidulin: ohhh, this is the section I meant. It IS in the implementation guide https://www.w3.org/TR/vc-imp-guide/#presentations

Brent Zundel: https://identity.foundation/presentation-exchange/#presentation-request

Brent Zundel: We recognized that alongside the presentation definition object, a verifier might want to specify the challenge or nonce. We put some generic language there, that might be appropriate here

Dave Longley: We could certainly put something informative in the spec… but I don’t know if that would resolve this person’s issue… they are looking for something more concrete…
… We are looking to add that to the next charter, with specific details.

Kyle Den Hartog: This would require changes to the context, which we’ve traditionally declared defer-v2
… I think we should defer it, not a handwavy approach
… It is close to authentication protocols - might need to put that in scope - but more controversial - in the charter

Dave Longley: +1 to defer v2 and question labels

Kyle Den Hartog: +1

Brent Zundel: Label “defer v2”” and “question”?
… [Describing the resolution for David and Juan who just joined the call]

3. v1.1 issues

Brent Zundel: See V1.1. issues on the repo

Brent Zundel: All these issues we anticipated would be editorial. Understanding editorial changes don’t require the same review period.

Kyle Den Hartog: Shall I close all the ones that have PRs open?

Brent Zundel: I don’t have a problem with that

Kyle Den Hartog: (Some were not closed automatically that should be have been)

David Chadwick: It’s more than that…

Brent Zundel: If in your editorial purview you feel the PR that was merged properly addresses the issue, then make that statement and close it.

3.1. Does pseudo-anonymity require the issuer to cooperate? (issue vc-data-model#209)

See github issue vc-data-model#209.

Brent Zundel: I vaguely remember this conversation… several years ago. We talked about it a few months ago
… At the time I was confident I could write a PR to address this, but now reviewing it I no longer recall…

Kyle Den Hartog: … We left it more vague… questions about pseudonymity… a cover clause to abstract around ZKPs…
… that the issuer must give you something you can derive from

Dave Longley: I think that is good and helpful… Letting people reading the spec know that if the issuer is not cooperating to do this, then you don’t get it.
… The issuer has to offer you this feature, and not try to backdoor recreate correlation or collision
… The notion is that there is some trust in the issuer to cooperate in this scheme for it to work.

Kyle Den Hartog: This is the statement in the spec, that I think generally covers this: “The verifiable credential MUST contain a Proof, using the proof property, so that the holder can derive a verifiable presentation that reveals only the information than the holder intends to reveal.”

Dave Longley: I think this should be stated in the spec

Ted Thibodeau Jr.: I recall the issue was about active participation by the issuer, rather than about making a derived credential of a credential one has in their hand

Dave Longley: One attack: even if the issuer is following these protocols… if the issuer is creating a different public key for every user they issue a credential to, they re-introduce a way to correlate and track users.
… Issuer should opt in, and must also decide not to track you

Kyle Den Hartog: I see that, think it could be added to the privacy section, not tie specifically to ZKPs only
… There are other ways an issuer could create pseudonymity… active issuer policies

Dave Longley: thanks brent

Ted Thibodeau Jr.: +1 kdenhartog’s described editorial addition, whether done by kdenhartog or brent

Brent Zundel: I’ll put a PR in, and we’ll see if it’s acceptable

3.2. Have fields for locale-specific information (names, addresses, etc.) been checked? (issue vc-data-model#734)

See github issue vc-data-model#734.

Brent Zundel: Have fields for locale-specific information been checked? This is a comment from the Internationalization folks that came in after the Candidate Recommendation wide review period.
… The issue speaks for itself.
… Would anyone like to volunteer to review the spec, or to write a PR to address this?

Ted Thibodeau Jr.: There’s no standard for this. “name” and “address” - leave it at that

David Chadwick: It doesn’t matter if the address is specific to a country if it says what the country is in the address, because it’s destined for that country.
… In our examples we could have addresses, India, Thailand, …
… Address for England has to be an England address, etc.

Ted Thibodeau Jr.: The point of their comment is that there are subfields listed, street, city, province, postal code, etc. UK address breakdown does not work in US address breakdown. The breakdown is the problem. That is where it breaks down ;)
… So just say name, and “address”.

Dmitri Zagidulin: +1 to what Ted said. We should change out detail tags with a single address field, like already modelled

Ryan Grant: also +1 to non-schema address examples

Brent Zundel: I agree, solution would be to make examples less specific rather than more specific

Dmitri Zagidulin: I can volunteer to make that change

Charles Lehner: I was going to say I’m familiar with that use of the country as the separator, but I don’t know the standard for that

3.3. Cover “authenticatability” of credential (issue vc-data-model#751)

See github issue vc-data-model#751.

Charles Lehner: I looked at this and started trying to write something to address it. It was too difficult, but I could post what I have or link to it.

Dave Longley: https://www.w3.org/TR/vc-data-model/#dfn-verify is what the spec says today

Ted Thibodeau Jr.: comment that on the issue

Charles Lehner: thanks, i’ll do that

Brent Zundel: We do have a verify definition, but look forward to comments from cel, but don’t see reason to take away Manu’s assignee status there.

3.4. Add details about difference between contexts and credentialSchemas property (issue vc-data-model#781)

See github issue vc-data-model#781.

Kyle Den Hartog: I have a partially written branch on this… will get around to it.
… Trying to editorialize what was stated in that CCG thread, and put it in an appendix

David Chadwick: [offered to help with 781]

3.5. Example uses a timestamp for what should just be a (floating) date value (editorial nit) (issue vc-data-model#733)

See github issue vc-data-model#733.

Kyle Den Hartog: I’m pretty sure we addressed this in two PRs, but need to check that. One is marked pending close…

3.6. Optimized SVG diagrams (issue vc-data-model#721)

See github issue vc-data-model#721.

Brent Zundel: Kyle, can you give us an update here?

Kyle Den Hartog: For this one, I believe there is some work in progress for getting these updated;
… the problem is the way we are updating these SVGs I don’t think went all the way to meeting it.
… There are some optimized, some unoptimized. I don’t have the original images that were used to generate.
… I don’t know how Chaals was generating them…
… Another issue is to make it more accessible - those two could probably be combined and done at the same time.
… If someone has those images, please post them

3.7. 4.1 Link to going anywhere that makes sense (issue vc-data-model#732)

See github issue vc-data-model#732.

Brent Zundel: [reads title “4.1 Link to going anywhere that makes sense”]

Kyle Den Hartog: Context URLs are failing… that’s the empty folder.
… I think we need Ivan’s help with this
… The basic problem is the ids are not linking to the human-readable descriptions

Brent Zundel: Thank you everyone
… Chairs and editors will make transition request

4. Resolutions