VC WG Telco — Minutes

Date: 2022-01-26

See also the Agenda and the IRC Log

Attendees

Present: Charles Lehner, Shigeya Suzuki, Brent Zundel, Michael Prorock, David Chadwick, Michael Jones, David Waite, Logan Porter, Kyle Den Hartog, Kristina Yasuda, Gregory Natran, Orie Steele, Joe Andrieu, Ted Thibodeau Jr., Juan Caballero

Regrets: Manu Sporny

Guests:

Chair: Brent Zundel

Scribe(s): Charles Lehner, Juan Caballero

Content:

1. Agenda Review.

Brent Zundel: Brief update on the status of the editorial improvements that we resolved to include once the spec revisions are published..
… The we will move to discussion of some of the feedback we got on the v1.1 corrections, and what we want to do about those..
… Even briefer, to talk about the test suite..
… Then, the bulk of the meeting, conversation on the next VCWG charter and the draft of that..
… Any questions, comments?.

2. Introductions/reintroductions.

Michael Jones: Hi, I’m Mike Jones, I work on identity and security standards at Microsoft..
… I’ve done some work that this group has taken as a dependency - lead editor of JSON Web Token spec, also JSON Web Encryption and Algorithms, and JSON Web Key..

Brent Zundel: Glad to have you. Anyone else?.

Orie Steele: Hi, I’m Orie Steele, CTO of Transmute, editor of DID spec, impmentations of VCs and linked data proofs, active in CCG and Decentralized Identity Foundation.

Michael Prorock: Hi, I’m Mike Prorock, CTO of mesur.io, co-chair of CCG.

Kristina Yasuda: Hi, I’m Kristina, I work on identity standards at Microsoft. Nice to meet you..

Brent Zundel: Glad to have you all here..
… Please join IRC, type present+.

3. v1.1 Editorial Improvements status.

Brent Zundel: These are improvements we resolved to make, purely editorial..
… Kyle, I believe you are our resident editor on the call, you’re welcome to take the topic, or I can hand-fist my way through it..

Kyle Den Hartog: Are you talking about the edits from Google, or the ones I merged yesterday?.

Brent Zundel: the ones that were merged.

Kyle Den Hartog: The majority have been merged, except mine that I’ve been slow to update. They hit the 14-day mark..
… The one with requested changes, it was agreed that could be a secondary issue. That was related to the SVG diagrams, to make them smaller in size..
… A new issue was opened for that..
… The last editorial issue that needs to go in, David and I worked on it in a public Google document, need to make a PR.
… PR 847 needs to be reviewed..

Brent Zundel: The changes you mentioned are specifically going to be made in 847?.

Kyle Den Hartog: Yes. Context and credential schemas difference. We found some alignment, some text we are both satisfied with, but may want consensus from the larger group..

Brent Zundel: Any more questions or comments about these changes?.

4. v1.1 feedback.

Brent Zundel: See List of open issues.

Brent Zundel: Feedback we received… We’ve opened some tracking issues ^.
… These were comments, not intended to be blocking (no formal objection)..
… We should as a group make a determination of how to proceed, whether to address in v1.1 or in the future..
… Both of these were brought to us by a Google representative..
… There are some concerns, to summarize, that the loosening of the normative requirements in the ZKP section made in response to implementations made it more difficult to rely on it as an interoperability mechanism.
… Comments, questions, concerns… recommendations for moving forward?.

4.1. [Tracking Issue - Proposed Corrections Feedback] ZKP Section Normative Changes (issue vc-data-model#863)

See github issue vc-data-model#863.

Kyle Den Hartog: One of the considerations that I think comes into play here is how to handle the well-known ZKP solutions, and when do we want to handle that..
… I don’t think there’s much in the way of additional editorial changes that would be in scope, that would be normative changes that I think would be much larger..

Orie Steele: I think it can only really be fixed in V2..

Kyle Den Hartog: So I’m glad the rep is okay with it being in v2, there may be a lot of work..

Orie Steele: +1 to what kyle is saying..

Kyle Den Hartog: The AnonCreds community is thinking of separating it out.

Michael Prorock: +1.

Kyle Den Hartog: Need to consider what is useful for the market… to move away, or to bring closer..
… Two aspects at play here; would like to have more time.

Brent Zundel: To summarize, best to keep the changes we’ve made, and make it a focus of v2 to address this section?.

Kyle Den Hartog: Correct..

Brent Zundel: This text will be added to the issue. Anyone object?.
… Not sure how much formality is needed. A lot of folks seem aligned with this as a way forward..
… Anyone object to having v2 address this?.
… Not hearing any, going to throw a v2 label on it..
… So it will still be there for the next iteration of our work..

4.2. [Tracking Issue - Proposed Corrections Feedback] URL to URI (issue vc-data-model#862)

See github issue vc-data-model#862.

Brent Zundel: One of our proposed corrections changed a URL to a URI..
… I believe that there is language within the conversations we’ve already had around this issue that would address the concerns..
… [reading from thread].
… Questions or comments?.
… Sounds like this one needs a PR. Is there someone who can be assigned to this issue to raise a PR to address it?.
… It is an editorial change at this point..

Kyle Den Hartog: You can assign it to me and I’ll take care of it today..
… Just what was proposed in that comment?.

Brent Zundel: Yes, the quoted line.
… Putting a v1.1 label on it.

Kyle Den Hartog: Will do.

Juan Caballero: i can do it.

5. test suite feedback.

5.1. [Tracking Issue - Proposed Corrections Feedback] Test suite improvements are needed (issue vc-test-suite#126)

See github issue vc-test-suite#126.

Brent Zundel: Some of the corrections we made were not reflected in the test suite, that needs to be addressed. Charles, can you give us a status on this issue?.

Charles Lehner: I’m still a little stumped by what changes to make.

Brent Zundel: I think.
… one of your PRs from sept addresses this already.

David Chadwick: as written, this feels impossible– “full range”/”all possible” is infinite; “representative values” or “one example of each” would be a better wording.

Brent Zundel: maybe a good first pass would be making a current list of all normative statements; i think tests for anything else (like proof and credential schema properties) would be overkill.
… but still appreciated as a stretch goal.

Charles Lehner: sure, normative statements sounds a good first step.

Brent Zundel: i’m not sure any second step is mandatory, that can all wait til v2 WG.

Juan Caballero: where is the old list of normative statements, and how out-of-date is it?.
… just to ask if normative statements have ever been compiled.

Brent Zundel: I don’t know if there is such a list.
… Could ask Manu or Dmitri.

Juan Caballero: ok sounds good.
… i’ll do that before meeting with Charles to continue this.

Brent Zundel: Any other questions or comments?.

6. Scheduling issues.

Kristina Yasuda: We may have a scheduling conflict.

Brent Zundel: This time is every other week, the other one is in 8am pacific.
… Could alter the time for the later meeting, will save 5min for that.

Michael Jones: There’s a number of us that need to be on the WebAuthN call, at noon pacific every other week..
… If we can shift it to the same time but a week later, then we can alternate with WebAuthN..

Michael Prorock: +1 shifting a week works for us better as well.

Michael Jones: Right now it’s a conflict for us and also others, e.g from Ping Identity.

Shigeya Suzuki: +1 as far as at same time.

Orie Steele: +1.

Kyle Den Hartog: +1.

Brent Zundel: We can shift it, next week will meet at this time and begin alternating after that.

David Waite: Webauthn will likely move back to weekly meetings once their charter is approved; we’ll make sure to re-raise the issue for coordination of the two groups at that time to see if one or the other wants to move.

7. VCWG Draft Charter.

Brent Zundel: See charter issues.

Brent Zundel: These are the set of issues on the charter that we will look at, as well as pull-requests that are open..

7.1. Multilingual support for selecting a image file (issue vc-wg-charter#38)

See github issue vc-wg-charter#38.

Brent Zundel: “Multilingual support for selecting a image file” Raised by Shigeya..
… There is conversation in the PR.

See github pull request vc-wg-charter#44.

Shigeya Suzuki: The original markdown… not only the text but also the image file….
… This PR and the last one, for multilingual text support, replacing strings….
… to support both localized string and localized images..
… I had some conversation… I hope she understands my intention….
… Committed by some folks at Keio.
… I’m still working with Kristina on some of these changes.
… If she is satisfied with that, I’ll create a PR.

Kristina Yasuda: Are you suggesting to keep the original PR, or accepting the change request?.

Shigeya Suzuki: I’m a bit confused about your comment 2 hours ago.
… The support for multilingual is not limited to …?.

Kristina Yasuda: “Support for multilingual representations of resources not limited to the text strings that can be included by reference or by value”.

Brent Zundel: Thank you both.

7.2. Standardizing JsonWebSignature2020 / JsonWebKey2020 (issue vc-wg-charter#45)

See github issue vc-wg-charter#45.

Brent Zundel: PR 45 raised by Orie. Orie, can you talk us through this?.

Orie Steele: Sure. For those who don’t know, in the VC Data Model 1.0 JSON-LD context, which are included and supported..
… One is Ed25519, one is Secp256k1..
… Both use detached JWS with algs from the JOSE registry.
… Since the work ended, those are the only ones in the context..
… This proposal would add support for all JWK key representations that could be used to verify verifiable credentials, as well as adding support for the JSON Web Signature 2020 signature type, which supports all those types..
… This expression is a superset of what the VCDM already supports.
… If we accept this, it will support RSA and NIST curves, as well as the already-supported Secp256k1 and Ed25519.
… JWK is critical to VC Data Model.

Kyle Den Hartog: Some considerations need to come into play. For that context, I think Manu agrees with this as well, is pulling things out of it, rather than adding to it..

Orie Steele: yep, +1 to not creating a single context..

Kyle Den Hartog: We’ve had conflicts with it. I don’t think it leads to actionable changes in the charter..
… More important: what we will face as interop problems.
… I don’t necessarily see it needs to be discussed in the charter.
… But I could see it blocked if we are trying to support multiple signture types, JSON and Linked Data Integrity.

Orie Steele: The time to fix this IS at charter time :).

Michael Jones: I support Orie’s points. Standardizing JWS-based signatures will improve interoperability quite a lot..
… Those are based on existing IETF standards..

Michael Prorock: note PR https://github.com/w3c/vc-wg-charter/pull/47.

Michael Jones: I hear Kyle about supporting 2 things, that that’s already the case. Fully supporting JWS and the associated JWKs will improve interoperability with existing systems, not hinder it..
… So I don’t see that resulting in charter objections, I think it would result in charter support..

Orie Steele: I agree about the context… I’m expecting this will be handled differently..
… The job of the WG is to solve this..
… The work items in the linked data integrity work stream are trying to define suites at charter time, to make it explicit what’s in or out of scope..

Michael Jones: +1 that this should occur at charter time.

Orie Steele: This could result in some intention. We should bear the cost now, at charter time, to make things smoother moving forward..
… Thanks.

Kyle Den Hartog: I think it’s actually quite useful for us to have these conversations. Personally, I believe having this JSON support is very beneficial. But since VCs and Linked data integrity has already been deployed….
… If we can get it supported, great, but I don’t see if it helps us get interoperability..

Orie Steele: I don’t share your long term goal :) I believe suits should be defined… its not our job to tell folks which suites to use..

Kyle Den Hartog: Arguments can be made it’s not that big a problem; it’s probably resolvable in the charter. If we can do that, it may be useful..
… So I’m in favor of having the conversation now, to see if we can figure it out early.

7.3. Linked Data Signatures for JWS (pr vc-wg-charter#47)

See github pull request vc-wg-charter#47.

Brent Zundel: Related PR adds language to the charter.
… Has been reviewed and approved..
… Specifically this PR, is there language here that would be opposed?.

Michael Jones: Merge it!.

Kyle Den Hartog: I see no objectionable issues with this..
… I think the one we need to check with is Manu.
… I see has not approved it yet. That is one reason to hold off..

Brent Zundel: Would you ask for him to look at it in the PR?.

Kyle Den Hartog: Yes, he had some delays in his work, so we may be waiting, but I’ll raise it.

Michael Jones: I’m new to this WG and don’t know your processes in general. But looking at it, there’s 7 approvers. I don’t think Manu has some special status over others in the WG. I would propose instead we merge it, and if he wants to create a PR with language modifying it, he could do so.

Orie Steele: +1 git will keep track of history, and we can debate PRs that have objections..

Michael Jones: I’d rather see progress than waiting.

Kyle Den Hartog: Normally I would agree with you, but this PR has only been open a day.
… I want to see if there will be controversy we can address ahead of time..
… I can see arguments “It’s already in there, don’t pull it out”.
… Don’t want to get into that too early.
… Would like to get alignment and agreement. It’s to manage the way the group is going to achieve consensus..

Orie Steele: +1 brent… this is a charter that still has to be approved….

Brent Zundel: Because this is just a draft charter, not a spec… If people actually showing up object to the work, it won’t get approved.
… So I have less heartburn about merging this PR….

Kyle Den Hartog: In that case, I’m fine with merging it, if you feel comfortable that it’s not going to be a problem. Mike makes a good point, let’s make progress.
… I’ll just make sure Manu is at least alert to it.

Michael Jones: Thanks, Kyle..

Joe Andrieu: I don’t understand the rush here. If there are some concerns that someone in this community might object, I think we should tag the and give them 24 hours to respond. That’s all..

Kristina Yasuda: +1.

Brent Zundel: Opposition to course of action, Kyle will tag him, and if we don’t see objections by tomorrow, I’ll merge it?.

Ted Thibodeau Jr.: +1 to a tag and pause.

Brent Zundel: Thank you all for that conversation..

7.4. Standardizing MultiKey2021 (issue vc-wg-charter#46)

See github issue vc-wg-charter#46.

Brent Zundel: Issue 46. Orie, can you talk about this one?.

Orie Steele: Yes. This is a cool one..
… For folks familiar with the DID specification, that are really two key representations that the DID specification acknowledges as existing: publicKeyJwk (previous PR), and publicKeyMultibase (this PR).
… A community of folks working on multiformats… Filecoin, IPFS community… multibase emerges from those communities. Public key representations based on binary encoding with uvarint..
… Folks want to use publicKeyMultibase to create verifiable credentials..
… This proposal is to support publicKeyMultibase as a class of verification method, consistently..
… For every JWK with a multibase representation, let’s do the work to see how they are related….
… Allow using for verifiable credentials… Define suites specific to raw cryptographic operations not based on JWS but coming from the same cryptographic primitives that JWS is built on..
… Like the JWK proposal but using publicKeyMultibase….
… I have talked with Manu about this, he’s not in favor of supporting it across the board, only for P256 and Ed25519, but perspective may have changed.

Kyle Den Hartog: I like the idea of consolidating around keys within a suite. I’m not sure how well it fits in the VC spec. Maybe it could..

Orie Steele: look at the existing JSON-LD context to see how it fits..

Kyle Den Hartog: Other question: within the DID Core data model, we define two but allow extensions that define any verification method… Creates arbitrariness that may create more complexity at the VC layer.
… Not sure if standardizing it helps. How well does it fit within this system?.

Orie Steele: I agree with you again kyle :).

Kyle Den Hartog: The JSON-LD context… I want to pull that stuff out. Just keep the terms defined by the data model specifications..

David Waite: Multiformats are interesting, but I worry… A spec like JWK has a definition of a key, standardized, has libraries, W3C references it in other specs like WebCrypto. Multiformats does not have a lot of uptake… multiformats.io is not a standards body, no versioned specification.
… We might be taking on work to define it.
… What is a crypto format… in the VC charter?.
… Could that work be elsewhere? Maybe in IETF, doesn’t have a standards track… Not all IETF either..

Orie Steele: agree with everything David is saying, this is mostly to ensure that we discuss this before the charter is approved, and that we address this consistently, and not on a 1-off basis..

David Waite: So I have some concerns. Also about how to profile usage of the crypto, in a working group mostly talking about data models, at least traditionally..

Orie Steele: please comment on the issue..

Brent Zundel: Good conversation, please continue in the issue, so we can see if there is consensus..

7.5. Protocols and APIs should remain out of scope (issue vc-wg-charter#24)

See github issue vc-wg-charter#24.

See github pull request vc-wg-charter#43.

Brent Zundel: Issue 24. Originally raised by Mike, before he was even in the group. Recently had more conversation. Opening up the floor.
… Mike, would you like to introduce the issue?.

Michael Jones: Thank you. The point was made on the issue that there are a lot of protocols using the spec, which is great, that’s a form of adoption, that’s happened without us doing any of the protocols..
… I think it would overload us and present us with more interop challenges if we are defining protocols..
… But fine to talk about how choices in the data model may affect protocols..
… Consider protocol considerations in scope, but I don’t think it should be our job to pick winners among protocols..
… So should remain out of scope, like it was for v1..

Orie Steele: I agree with everything Mike just said.
… One area of VCDM v1 where we experienced a lot of pain, regarding the JWT implementation.
… We don’t have a great way of going from the identifier to a key.
… With the URL to URI change, same thing.
… I know how to resolve URL, but not URI. Destroying interoperability. I agree with them, we have to be careful….
… If we say there is an identifier and something behind it, we should be careful not to hand-wave that could lead to non-interoperability.
… Maybe it doesn’t fall into what this group considers a protocol. Apologies if it’s not right place.

Michael Prorock: Quick option, having a note similar to an implementation guide, etc., that if you want to exchange this over REST, you might want to use this… Maybe one way to approach it, I think in line with Mike Jones’s comment.

Michael Jones: I agree.

Kyle Den Hartog: General understanding was to leave this non-normative..
… I think the current text allows that to happen, and allows us to talk about the impact, and discuss it with other groups..

Brent Zundel: Thank you all. Please continue the conversation in the PR.
… Welcome to everyone new here..
… Next week meeting same time. Will update calendar. Thanks all.

Michael Jones: Thank you for welcoming us..