Verifiable Credentials Working Group TPAC, 1st day — Minutes

Date: 2021-10-26

See also the Agenda and the IRC Log

Attendees

Present: Geun-Hyung Kim, Charles Lehner, Jeff Jaffee, Jay Kishigami, Kyle Den Hartog, Phil Archer, Shigeya Suzuki, Dave Longley, Daniel Burnett, Brent Zundel, Manu Sporny, Daniel Buchner, Ted Thibodeau Jr., Philippe le Hégaret

Regrets:

Guests: John Bradley, Rachel Yager, Shinta Sato, Noreen Whysel, Peter Bruhn Andersen, Ned Smith, Jay Kishigami, Philippe le Hégaret, Brian May, Kristina Yasuda, Jeff Jaffee, Eric Meyer

Chair: Brent Zundel

Scribe(s): Charles Lehner, Brent Zundel, Phil Archer

Content:

• 1. Intros.
• 2. Review of Current Charter.
• 3. Next Steps for New Charter.
  • 3.1. VC and mDL/other efforts.
  • 3.2. VC delegation and guardianship.
• 4. V2 issues.

Brent Zundel: plan for today: briefly review current charter, talk about next steps for new charter..
… bulk of conversation: VC Data Model 2.0.
… Goal is to make sure that what we want to work and what are chartered to work on have enough overlap..
… Then … will have more conversation.

1. Intros.

Brent Zundel: Please say where you are joining from and what company you represent.

Jay Kishigami: I’m happy to join this VC, I’m coming from the W3C KO, also I’m a researcher for DID / blockchain work and other VC work..

Peter Bruhn Andersen: I’m working for the Danish agency for digitization. We’re looking into using verifiable credentials. Not part of the WG, just an observer..

Charles Lehner: I’m charles Lehner from Spruce systems.
… working on VCs and DIDs.

Jeff Jaffee: Hi, I’m Jeffe Jaffe, W3C CEO. I’m just making my rounds to various meetings at TPAC.

Brent Zundel: Very good to have you with us.

Daniel Burnett: Hi, I’m Dan Burnett. Executive director of Enterprise Ethereum Alliance. here as an invited expert. One of the original editors of the W3C Spec. Co-chairing WG with Brent..

Dave Longley: Hi, I’m Dave Longley with Digital Bazaar. We do a lot of work with VCs and DIDs..

Eric Meyer: Hi, I’m from Cleveland, Ohio. Here from Igalia, as an observer..

Geun-Hyung Kim: Hi, I’m from Gooroomee, South Korea. First time participating in this WG. I have participated in the DID WG. I am interested in Self-Sovereign Identity..

Kyle Den Hartog: Hi, I’m Kyle Den Hartog. I work for a startup in New Zealand called MATTR, working on DIDs and VCs. I’m one of the editors of the v1.1 and v1.2 work..

Brent Zundel: Thanks, WRT timezones.

Manu Sporny: Hi, Manu Sporny from Digital Bazaar. One of the editors of the DID spec, and the VC spec, and some Linked Data Integrity work..

Ned Smith: Hi, I’m from Intel, monitoring the direction of the group, trying to see how the tech fits into the bigger picture of things..

Phil Archer: Hi, I’m Phil Archer from GS1 Global. I’ve taken on a role to coordinate in this area. I’m involved in the DID work, passively. I note the particular interest here from Asia Pacific. We’re seeing that at GS1 as well… We should have been involved before..

Shigeya Suzuki: Hi, from Keio University. I’m attending as a member, not as W3C like Jay.. I’m part of the DID WG. First time to attend VCWG as a member. Interested in usage of VCs. Hope to have fun with this WG..

Shinta Sato: Hi, Shinta Sato, I’m working for the .jp registry..

Ted Thibodeau Jr.: Hi, I’m Ted Thibodeau from OpenLink Software. Involved in standards work for many years. I have sometimes been known as a professional “thorn in paw”.

Wayne Chang: Hi, I’m Wayne Chang, one of the co-chairs of the VCWG. Working on Spruce on VCs working with blockchain accounts..

Brent Zundel: Hi, I’m Brent Zundell, working for Evernym. Contributed source code… Involved in W3C for 5+ years. Co-chair of DID WG and of VC WG. Involved in Credentials Community Group. Happy to be with you..
… Questions about the set of the meeting before jumping in?.
… We’ll be using IRC to handle queue..
… Type present+.

Manu Sporny: Folks joined late… to do intros?.

Brent Zundel: Thanks, I see.

Brian May: I work for a company called Distillery, developing audiences for Ad Tech. Learning about trust models and auth models on the web, to understand what privacy and a private web looks like going forward..

Pamela Dingle: I’m Pam Dingle… [mic issues].

DanBuchner: Hi, I work for standards and research at Microsoft for DID and related work..

Manu Sporny: pamdingle: I work for Microsoft - as Director of Identity Standards, hello!.

2. Review of Current Charter.

Brent Zundel: see Verifiable Credentials Working Group Charter.
… Scope is straightforward. Maintaining the VC Data Model Rec. Published as Rec near end of 2019. Our job has been for last few years has been to collect reports of errata, to find and address them, and do editorial cleanup. That’s been the limit of it..
… Due to significant overlap between this WG and other WGs (e.g. DID WG), for first year we were pretty dormant, addressing errata. Last several months have been more active, preparing revised rec, addressing editorial changes..
… Goal is to release revised recommendation by end of year..
… Questions about what to do next?.

Manu Sporny: We have talking about the v1 and v1.2 specs on the agenda… I’m planning we’ll talk about challenges we’ve had in scheduling when that work will go out, reviews, refining. I expect we would talk about that… is that valid?.

Brent Zundel: Yes.
… Tomorrow is revised spec day. Everything we have done, need to do, and want to do..

Phil Archer: May I ask… I think no, but… is this the time now, today, to talk about scope of next charter?.
… And some of the problems we at GS1 see for this group to address, that are non-trivial, or…?.

Brent Zundel: That is what we are here to discuss today..

Phil Archer: Thanks, I will contribute when it’s time..

3. Next Steps for New Charter.

Brent Zundel: See The current draft.

Brent Zundel: This is a GitHub repository. We have been processing issue and raising PRs. The stage of this is that I stole text from a number of other charters, threw them into this draft charter, passed it around for feedback, incorporated feedback, and did that a couple more times. That’s the status of it..
… The contents of this proposed charter reflect a number of rounds of feedback. But it’s not final by any means. Not yet gone to AC for review, not announced officially. Just a draft for participants in the WG..
… Those who plan to participate in this WG are trying to hammer it out..
… The scope described in the draft charter is pretty straightforward. We want to keep building on the experience we’ve gained over the last few years of implementing and deploying verifiable credentials.
… to extend the foundations of the first rec, within the scope of data models, registries…, algorithms for expression and verification of proofs using existing cryptographic primitives.
… Out of scope is specifying new cryptographic primitives, or specific supporting infrastructure.
… That is the current text for what is in and out of scope..
… Deliverables: two: VC Data Model 2.0, and VC Linked Data Integrity 1.0 specification, to express proofs for bounded linked data integrity documents (e.g. VCs).
… Primarily VC Data Model 2.0 for the second hour of today’s meeting..
… Other deliverables: non-normative notes, test suites for different credential proof types - expanding on the original test suite.
… Looking for a note for a presentation request data model, storing VCs…, exploring aspects of privacy around VCs.
… Another possible note: an API for VC exchange, we feel that would be in-scope..
… This is a large set of deliverables, an ambitious set of work, but we feel that with the participants we anticipate being involved, it is a doable set of work..
… Feedback is welcome.

Phil Archer: I’m very conscious of the fact that we (GS1) have not been involved in the VC work to date. We have been exploring our expected use of them… plan to issue credentials of our own. Plan to work with certification bodies. We see VCs as an important part of data infrastructure around the work..
… Back in time… working at Ursim, Manu trying to get this work, I said nope… but then they got support and then it happened..
… Conscious of that… but pleased to be here.
… The thing we need fixed is not in this charter, that’s a worry.
… What state is this in? Should we invest in it? Others are… putting a lot of money in it… But which flavor of VC should we use? We’re only going to build one, not 3 or 4 or 5….
… What I’m looking for in this charter which I’m not seeing - please correct if I’m missing the point… We have different ecosystems… permathread of JSON vs JSON-LD… Hyperledger/IDUnion way of doing things… KERI DIDs - a different set altogether… what should I build?.
… Don’t know yet… want to contribute to discussion to know what to build. We want to build it..

Manu Sporny: Linked data integrity 1.0 item… how we got there. When originally talking about rechartering this group, it would just be about VC Data Model..
… But when we tried to do linked data integrity work in the semantic web community, there was pushback… Multiple things we were trying to do… RDF Canonicalization, and Envelope formats for digital signatures. Not new cryptography, just to package up the digital signature to allow for new types of proofs, such as DLT-anchored proofs, merkel proofs, things that are not necessarily digital.

Charles Lehner: signatures….

Manu Sporny: Two people objected strongly enough to that work… One a rep from Google… We didn’t feel it could be resolved well. So we split the work up..
… RDF Dataset Canonicalization hashing to be done in the semantic web group, great..
… Linked data integrity: trying to do it just scoped for verifiable credentials..
… The solution is a generalized solution. Concern is that by titling it for VCs it is just a one-off solution, rather than a generalized solution for signing linked data..

Dave Longley: specifically, the issue was with “unbounded data sets” – and the solution was only ever for “bounded data sets anyway” – such as VCs..

Manu Sporny: Raising this as a concern, to put it on the record… The intent is to focus on VC use cases, but to create a generalized solution for any bounded linked data document..
… Want to make sure we don’t accidentally make it only usable for VCs.

Shigeya Suzuki: The kind of specification input for internationalization mentioned - lack of multilingual support… We need both English and Japanese in a single verifiable credential..
… Without that, we need a domestic credential and an international credential… that’s not useful..
… I wonder if we can add multi-lingual support to credentials..
… In certain kinds of internationalization software, you can add something like gettext….
… But for credentials, you surely need to cover the entire thing under the signature. We need to find a way to implement this multi-lingual support..
… I hope it can be done in harmony with the current spec..

Wayne Chang: For the next chapter of verifiable credentials, I would like to see further definition around representations for proofs, whether for the embeddable proofs, or the VC encoded as JWT..
… David Chadwick mentioned being able to strip that metadata.
… We’re very interested in having embeddable signatures and better definition around that. We’ve encountered signatures not using RDF canonicalization, although our software supports both..
… Some want to use JWTs… Also zero-knowledge cryptography in the data model… Want to see this in next charter.

Brent Zundel: I’ve met with the KERI folks and the ACDC folks.
… Specifically to ask, what changes do you see necessary for the next VC spec, to be more in alignment..
… What it came down to is that the data model itself, even as it exists in 1.0, is flexible enough to be usable in those communities..
… But the framing of the VC Data Model, and a lot of the concepts built into it, may need to be adjusted to better display alignment - but that it should be possible for them to produce essentially a ACDC VC Profile, if that makes sense..
… I haven’t yet heard anyone mention anything that I feel would be outside the current draft charter scope.

Phil Archer: That makes sense. I’m fully comfortable having a model that can be expressed in different ways..
… Nevertheless, it does mean that if we are in the process… We’re a global organization, federation, GS1 Australia independent of GS1 US, etc..
… The exchange API in the charter… is that a way to take in a JSON-LD+BBS+ credential, and have it work with Hyperledger?.
… We’ve found that these things don’t interoperate….
… We want to do it… but please don’t make us build 3 or 4 different systems..

Brent Zundel: Very fairly said..

Manu Sporny: To respond to Phil’s concerns, I certainly share them.
… Because we’ve seen some success with the VC 1.0 spec, there is this desire to expand it to doing more..
… What we’re seeing proposed in the current charter is more variability, not less..
… I think that is the root of what Phil is concerned about. Certainly is for me..
… I expect we may have no choice but to define that variability..
… Different axis: JSON vs JSON-LD, going on forever… Only consensus has been to try to support both, in an awkward way, so people could choose not to support JSON-LD.
… But folks not happy with that, wanting to pick one or the other.
… The WG keeps being pulled into a state of awkwardly allowing both..
… Other axis: how to do the digital signature: embedded or external. Again we could not come to consensus, proposed to do it both ways: external (JWT), or with linked data integrity. More optionality..
… We keep saying we want a unified infrastructure, but innovating at the edges.
… Not making the hard decisions we need to.
… In an ideal world there would be one data model and expression mechanism.
… We didn’t decide that, some think that’s good, but it generated an enormous amount of work… Similar trap here.
… We all know the best decision is to give people one choice, that would force interoperability.
… But I don’t think the group is ready to make that sort of hard decision.
… Unfortunately that results in what Phil is concerned about.
… We feel the pain… Our customers want all the options, because we don’t know what to pick..
… Our charter kicks the can down the road so that hopefully the market will make the decision for us..

Wayne Chang: I just wanted to follow up about Manu’s comments about flexibility. How we’re doing it at Spruce….
… Because it doesn’t have to be a JWT, we can have conformant VCs working with blockchain accounts, 10s of millions of active users. We can cryptographically bind credentials to blockchain accounts using the proof section… Very valuable to us in our use cases, preventing creator fraud by doing so..
… Being able to conform to the data model is great. Wouldn’t want to not be conformant anymore….

Phil Archer: Thank you for the responses. I suppose, I take that point Wayne, once you build something, you don’t want to change it - that’s why we’re afraid to build it..
… The last mentioned deliverable, the API for VC exchange, as one in a long list of non-normative deliverables - may have potentially more importance.
… Doesn’t matter what system you use, there is an API you can use, put this in and get that out… could be any of these different flavors. Realistic, to get us past this point?.

Kyle Den Hartog: Yes, also worth mentioning that outside the realm of where many of us operate are very similar aspects of technology, such as mDL (mobile driver license) at ISO, also ICAO (passports).
… effectively achieving the same product outcomes, but doing it in different standardized ways, maybe with different key infrastructure..
… Remains relevant to ask ourselves if that fits with our work, in scope, to align with, or just let exist outside our realm of thinking..

Manu Sporny: Yes, to follow up with what Phil said about API development….
… I think I understand at a high level what Phil wants… That work is being incubated in parallel..

Manu Sporny: https://w3c-ccg.github.io/vc-api/.

Manu Sporny: Good news: there is a partial solution in the works, getting a lot of effort, the VC API. Multiple implementations, a test suite, weekly meetings to talk about the VC API (right now it’s HTTP-based).
… We meet every Tuesday at 4pm Eastern.
… It’s not ready… It’s implemented by multiple vendors, interoperating, but under heavy debate of what it should or should not do..
… We should pull it into the VCWG, but it’s still in incubation….
… Not mature enough yet.
… Will we ever have something that can translate from one digital signature format to another… In rare cases maybe, but in general you can’t translate signatures between formats very easily..
… So unfortunately it’s premature to propose that work… We are working on it, making painful progress, but expect another year or 1.5 years before ready to move into a WG.

Phil Archer: Thanks manu.

Manu Sporny: Also want to highlight what Wayne said, I agree with everything said, but I want to say something controversial… We could pick one or two of these things..
… There is one that addresses all the use cases, and another that is popular, implemented in industry, but does not address all the use cases we are thinking of.
… This is the linked data integrity vs JWT debate.
… My suggestion is to not use JWTs… they solve near-term problems but not long-term.
… If we had to make a hard decision, we should drop JWTS, support some version of it in linked data integrity… But I don’t think that would happen… there would be formal objections.
… Similar for JSON vs JSON-LD.
… Trying to get it so the charter would not get formal objections. That is resulting in too much optionality, causing pain to GS1 members.

Brent Zundel: Just to note that the order of deliverables in the draft charter is not reflective of anything..
… Also want to invite PRs.
… One of the best ways for these conversations to continue is for an issue to be raised in the draft charter repository, or even a PR for what you think the draft charter should say.
… Please don’t hesitate to do that.
… Also to slightly tweak what Manu said, that it’s not possible to translate a signature… It’s not possible without transferring the root of trust.
… For vaccination credentials, there is the VCI SMART Card style….
… and the VCI Blueprint style… more complicated.
… Good Health Pass said could convert a SMART Card into another VC.

Phil Archer: Again thank you all - very helpful.

Brent Zundel: Possible to do, but significant caveats..

Dave Longley: if i understood brent correctly, i.e., an intermediary can resign and convert a VC from one format to another.

Manu Sporny: I agree with Brent’s correction – he is right, I was sloppy with my language, that is a legitimate strategy..
I was trying to say “the signature itself cannot be transformed to keep the same issuer”.

Daniel Buchner: To Phil’s topic about transference/exchange of credentials… There have been several groups working on the Presentation Exchange spec, which works across VC HTTP API, across Aries, and across OIDC.
… Just a data model, not a full protocol, but made to be embeddable across that..

Brent Zundel: yes, that is what I meant, and the intermediary becomes a new root of trust.

Daniel Buchner: Could look to standardize that?.
… It doesn’t have a “pick my thing” requirement… No contention.

Dave Longley: so there may be a place in the market for parties to function as these trusted intermediaries that will convert formats..

Kristina Yasuda: To follow about the APIs comment… Manu spoke about VC HTTP API. There is work in the OIDC Foundation about OIDC for VP, uses Presentation Exchange, works across JSON and JSON-LD, embedded and external signatures.
… Adopts OIDC API protections.
… Leverage OpenID Connect… Most importantly, it works and is ready to go..
… Also there is work on standardizing issuance using OpenID Connect… requires binding to user’s DID, potentially a similar request syntax but new requirements… work ready to go, ready to collaborate.
… Second thing: I hear people talking about market forces. Maybe we want to see where those market forces are going before we flesh out the VC Spec..
… Looks like we don’t have enough guidance to solve the hardest problems in the spec..

Brent Zundel: Meeting for one hour… free-form… touched on the agenda items… Has this format been sufficiently satisfying and rewarding, to continue, or prefer more focused conversation?.

Manu Sporny: For charter, I suspect Digital Bazaaar would be supportive as-is. Section 2.2 Other Deliverables, we list things but don’t explain what they are….
… I think we should note what those things are… To have test suites we need specs, at least as notes..
… We may want to say specifications / “notes” for verifiable credential proof types.
… Talk about linked data integrity stuff and JWT stuff, as things we intend to produce.
… The reason to say intend to produce as Notes is the expectation that those notes will eventually be pulled into a rechartering, to becomes standards/recommendations that the group wants to publish.
… Should put notes in other potential deliverables.

Brent Zundel: Encourages open discussion.

Manu Sporny: My read of the groups seems to be that people are OK with the charter, modulo people uneasy about us not picking a winner.
… there are things that industry is expecting us to weigh in on. One is mDL.
… is this compatible? Competing? May want to do some outreach.
… Some of us are more involved in mDL than others. Anyone got plans towards convergence?.
… Reqs coming into DHS may create confusion.
… Doesn’t mean that we have to change the charter. But outreach is a part of what we do.
… We have a lot to do in the next charter.

3.1. VC and mDL/other efforts.

Brent Zundel: How should (if at all) to address those things.

Kristina Yasuda: What would be the concrete ideas for convergence of mDL into VCs?.
… Those two are different standards..
… VC is a data model. mDL is a full spec including data transport, handshakes etc.
… there’s not a full overlap.
… Do we just want the model included? Or more of the whole thing?.

Manu Sporny: I thik that touches on some of the things we could do. The mDL spec has a data model in it. The simplest thing we could do is show how to express an mDoc in a VC data model.
… Does the ISO group pull that in? OR do we demo that?.
… Second part is that there are devices that can sign the mDoc… [missed a bit] … holding the smae info, or, demonstrate how we can wholly just take an mDoc, data payload, and put it into a VC.
… further up the stack - not everything, not all the protocol mechs are defined. Verification not defined for example. No open APIs, proprietary APis as a result.
… So maybe we need to show how W3C open standards, maybe with VC API, to issue an mDL in a VC-compatible format?.
… It feels like that’s important work to be done but it also feels like a distraction.

Kristina Yasuda: The current mDL spec is not that friendly. Transport is over NFC, Bluetooth etc..
… There is work happening to make it more friendly but driven by device spec. Hard to pull away from that tendancy to Web-friendly mechs.
… so… I think what Manu has just described, there’s not much dependency on ISO, (well, there’s a JSON-friendly data model), but the mobile OS providers have concerns about chip capabilities to sign.

Brent Zundel: Any more comments on this subtopic?.

Manu Sporny: I wasn’t expecting you to say that. That’s great..

Ted Thibodeau Jr.: rumor (from David Chadwick) had it mDL v2 data model was aiming to be fully VC compatible if not fully VC based.

Manu Sporny: But it raiss the question as to whether W3C should be doing anything in this space. Some companies would like that. SDOs tend to try not to step on people’s toes.
… the main thing you said was that there may not be as much of a dependency n ISO as some people thought.

Brent Zundel: Noodles around possible subtopics.

Kyle Den Hartog: Something I’ve not seen….
… right now the way in wich a relying party is able to process a VC that’s been delegated to another party..
… is not clear. There’s a lot left to implementer choices.
… I think it would be of interest to look at those processing models. delegation? Holder transfer?.

3.2. VC delegation and guardianship.

Brent Zundel: Tjose who are implementing delegation and guardianship - is there something in the spec that would be helpful? What problems do you see?.

Manu Sporny: You should not do delegation using VCs..

Kristina Yasuda: +1.

Manu Sporny: But… this is the concept that people believe that you can hand someone’s a driver’s licence and that guardian is now able to use it.
… I think it’s difficult. What’s being delegated is your authority to do something.
… There are auth capabilities and there are things that you use to get those authorization, but from a tech standpoint, they are different. Need a bright line between the two.
… Here be dragons (paraphrase).

Dave Longley: i’d say: people can’t literally be other people :) they can only act on their behalf – authority is delegated not identity / attributes … and so DON’T represent authority via VCs, represent identity / attributes (claims about subjects)..

Manu Sporny: We should def talk about guardianship. But I don’t know how many of us have those kinds of use cases.

Brent Zundel: Pauses discussion to welcome new people.

Kyle Den Hartog: Just t respond to Manu. I agree very much.
… Some of my blog posts have been intentionally ironic. It’s a necessary topic as the spec current has text that suggests it might be good.
… To your point about lack of use cases - Director credentials - where someone acts on behalf of an org.
… there is no clear distinction between a guardianship approach cf. a delegated approach..

Manu Sporny: Yes, and I strongly disagree with those aspects of the spec (that say delegation is something you should do with VCs). :).
They are in an appendix, and I was hoping we could have removed that from the spec before publishing it..

Kyle Den Hartog: Get us going down this path to say it’s dangerous and point out how to apply the tech in the legit use cases.

Daniel Burnett: I wanted to make a comment on guardianship. When Manu said there may not be many with use cases… having been a legal guardian for many years….
… the mental model is almost exactly the same as a parent-child..
… But you have authority to act in essentially all ways on behalf of another person.

Manu Sporny: I didn’t mean to say “use cases”, I meant to say “actively working on guardianship” – as in implementing it into their products… I’m just concerned that w/o direct implementer feedback that we might do harm..

Brent Zundel: This isn’t reflective of my own views - my understanding of where the confusion may lie, it’s not in … the VC can be used to authorise certain capabilities.
… expression of the authn is separate from the VC. There is confusion as to why the VC can’t then be used as a vehicle for the expression of that authn.

Kyle Den Hartog: Another aspect.. understanding that a mobile wallet is acting in a way as a digital guardian on behalf of the subject.
… I frame it that way bc what happens when a malicious wallet comes into play.
… In that regard it made me realise that trying to represent transferring a credential between a user’s devices is effectively a guardianship relationship.
… I’m transferring to myself.

Dave Longley: VCs allow you to make claims about subjects, irrespective of the verifier..
… The VC doesn’t represent the permission.
… If you want to be able to to delegation… you might need a new vocabulary to describe invocation of authority from elsewhere.

Kyle Den Hartog: +1 that conceptual approach is where I’d like to see us go Dave. If we do want to tackle this work in V2 work.

Manu Sporny: To add to Dave… VCs are the wrong tool for the job when it comes to auth. But they’re so close! Wouldn’t it be great if we could.
… There are nuances that really matter.

Dave Longley: kdenhartog: you don’t want to mix identity and authority :).

Manu Sporny: The concern is that not everyone will understand those nuances and therefore misuse VCs.

Dave Longley: having a single technology for both could be very dangerous.

Manu Sporny: They’ll confuse and mix cred with auth.
… Adds attack surfaces.
… Please don’t do that, it will lead to abuse of the data model. Be clear on the differences.

Kyle Den Hartog: Is this something that we want to include in the charter? To allow the WG to decide how to handle it?.

Brent Zundel: I think if we feel that it’s important then it could be added to the charter. Or it could be on issue on the VC Data model repo.

Manu Sporny: I think it’s something we should remove from the spec. It currently hints that delegation can be used. It’s in an appendix so what harm can it do? Well, quite a lot..

Kyle Den Hartog: Sounds good, I’m good with that approach Manu.

Manu Sporny: maybe put it in the implementation guide and explain the nuances.

Brent Zundel: In recognition of TPAC… my hope is to end this meeting in about 12 minutes from now.

Daniel Burnett: You could, if needed, add to the charter that normative guidance around use of VCs for delegation will be produced…
(understanding that that guidance may be “don’t make this mistake”).

Brent Zundel: We could jump into the issues labelled as deferred to v2?.

4. V2 issues.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Adefer-v2.

Brent Zundel: These are currently open in the VC Data model repo. Most of them came from the current WG as we decided what we were allowed to work on..
… Several of these don’t qualify as errata.
… There are a number of larger topics.
… Like the idea of binding a VC to a subject or a holder.
… the whole JSON/JSON-LD issue.
… What is a nonce, should we say more about it?.
… Which is these do you particularly care about?.

Kyle Den Hartog: I think there’s a set of classic problems. General context updates that need to occur.
… Changes of context we consider a breaking change and therefore out of scope. So we need to continue the JSON-LD work so it behaves as expected.
… and we can add new features.

Manu Sporny: I’m expecting a fairly decent JSON-LD @context restructuring in V2. Like taking th crypto suite out and making a separate resource..
… So there’s a @context for creds, and a separate one for proofs.
… The good news is that the WG would be chartered to work on that. This group has the authority to make the decisions.
… I want to go back to something that shigeya said earlier, on multi-lingualism. That’s one reason for using JSON-LD. We do have a mech for expressing multiple translations of terms in a VC. That’s there now.
… We haven’t see many multi-lingual VCs issued.

Shigeya Suzuki: Thanks manu..

Phil Archer: We’d definitely want that. Multilingualism key feature of our work in APAC..

Brent Zundel: Here’s the schema that the VC is using, and here’s the overlay to handle languages.

Manu Sporny: Yeah, perhaps we should add multilingual examples into the spec..

Brent Zundel: The current version of the spec doesn’t cover this enough. Knowledge of JSON-LD is assumed to include knowledge of how to do multi-lingual VCs.
… 28 is a healthy number of issues for a WG to start with.

Charles Lehner: What about the VC extension registry. Is that still being maintained?.

Kyle Den Hartog: +1 thanks for bringing that up.

Brent Zundel: One of the reasons that the non-normative doc list includes registries for data models… that includes briging the VC extension registry into the VCWG and formulating it as a Note. If W3C process covers registries by then, we might do that.
… Definitely within scope.

Manu Sporny: +1 to Brent..
… My expectation is that we’ll learn from the lessons in the DID registry work.

RRSAgent: draft minutes.

Brent Zundel: Tomorrow’s meeting will focus primarily on what’s left for v1.1/1.2. What can get done under our existing charter.
… Thanks to scribes.
… Thanks to observers and contributors.
… The VC WG Charter is under development. Please raise issues if you think it needs more work. We want to present it to the AC and them to say yes!.