Verifiable Credentials Working Group Telco — Minutes
Date: 2022-08-03
See also the Agenda and the IRC Log
Attendees
Present: Kevin Dean, Dave Longley, bengo, Oliver Terbu, Justin Richer, Michael Prorock, Logan Porter, Charles Lehner, Marty Reed, Gabe Cohen, Brent Zundel, Manu Sporny, Shigeya Suzuki, Joe Andrieu, Ted Thibodeau Jr., Kristina Yasuda, Michael Jones, David Chadwick, Orie Steele
Regrets:
Guests:
Chair: Brent Zundel, Kristina Yasuda
Scribe(s): Charles Lehner
Content:
- 1. agenda review.
- 2. (Re-)introductions.
- 3. Echidna publishing resolution for VC Data Model.
- 4. Status Report: JWS 2020.
- 5. Status Report: VC-JWT.
- 5.1. nonce property (issue vc-data-model#823)
- 5.2. No normative statement wrt. JWT encoding of
verifiableCredential
as base64url (issue vc-data-model#832) - 5.3. clarify that
vc
vp
claims do not include entire VC/VPs (issue vc-data-model#845) - 5.4. Looser restrictions on the JOSE header
typ
(issue vc-data-model#853) - 5.5. Support for multiple signatures (issue vc-data-model#856)
- 5.6. Rename issuanceDate in v2 and reconsider a JWT claim counterpart (issue vc-data-model#844)
- 5.7. JWT Decoding: expirationDate (issue vc-data-model#874)
- 5.8. Normative definition of credentialSubject including legal types (issue vc-data-model#875)
- 5.9. [JWT encoding] JWT claim names
instead of
orin addition to
their verifiable credential counterparts (issue vc-data-model#878) - 5.10. Migrate Section 6.3.1 JSON Web Token to separate normative specification (issue vc-data-model#880)
- 6. Status Report: Data Integrity.
- 6.1. Is a verifiable credential in JSON-LD expand form valid? (issue vc-data-model#779)
- 6.2. URI dereferencing (issue vc-data-model#764)
- 6.3. More implementation issues (issue vc-data-model#712)
- 6.4. Bug in the credential vocabulary specification (issue vc-data-model#770)
- 6.5. Remove
@version
from v2 context (issue vc-data-model#843) - 6.6. Default vocab for credentials context v2 (issue vc-data-model#753)
- 6.7.
proof
in@context
and the use of@container
(issue vc-data-model#881) - 6.8. vc:proof scope (issue vc-data-model#888)
- 6.9. Base context v1 missing
sec:
mapping in RsaSignature2018 “@context” (issue vc-data-model#778) - 6.10. Add DataIntegritySignature to v2 context? (issue vc-data-model#901)
- 6.11. nonce property (issue vc-data-model#823)
- 7. Relevant Issues.
- 8. Resolutions
1. agenda review.
Brent Zundel: hoping to pass resolution about Echidna, get status report, and go through issues.
Manu Sporny: FSA announcement?.
Manu Sporny: If you haven’t already, please sign off on the Final Specification Agreement here: https://lists.w3.org/Archives/Public/public-vc-wg/2022Aug/0004.html.
Brent Zundel: OK. The sign-off of the final specification agreement.
… We resolved to bring in drafts from CCG; asking participants from those to sign-off.
… for it to be worked on in the WG..
… We have a new editor for the VC Data Model: Oliver Terbu..
… All the work items have co-owners. Thanks to everyone who stepped forward..
2. (Re-)introductions.
3. Echidna publishing resolution for VC Data Model.
Brent Zundel: We resolved to publish the first public working draft..
… What we forgot to add to the resolution/proposal was to use ECIDNA to automatically update things.
… Echidna is the tool on GitHub so that everything updates automatically; don’t have to keep making resolutions to update editors’ drafts..
… ^ The proposal. Please let know if missed anything..
Michael Prorock: Do we want to clarify to auto-publish editor drafts?.
Brent Zundel: We can; we probably should, maybe..
Michael Prorock: Publish updates to the vc-data-model 2.0 as changes merged?.
Michael Prorock: +1.
Brent Zundel: I don’t think necessary; In order to go to CR we have to have a resolution anyway.
Michael Prorock: OK, as long as that explanation is on the record..
Proposed resolution: We will use echidna to automatically publish updates to the VC Data Model 2.0 as PRs are merged. (Brent Zundel)
Manu Sporny: +1.
Kristina Yasuda: +1.
Dave Longley: +1.
Michael Prorock: +1.
Brent Zundel: +1.
Ted Thibodeau Jr.: +1.
Marty Reed: +1.
Michael Jones: +1.
Oliver Terbu: +1.
Shigeya Suzuki: +1.
Logan Porter: +1.
Joe Andrieu: +1.
Justin Richer: +1 it’s silly we need a proposal for this but ok.
Resolution #1: We will use echidna to automatically publish updates to the VC Data Model 2.0 as PRs are merged.
Brent Zundel: Thanks. Moving on….
4. Status Report: JWS 2020.
Brent Zundel: Editors of this, please let us know how it’s going, what next steps are..
Michael Prorock: I think we got everything fully released, final draft cut from CCG.
… Repo spinning up as well. Orie?.
Orie Steele: My understanding is that CCG is finished with it; my company has done CCG acknowledgment regarding the item..
… I don’t know how long we have to wait for other people to make that announcement… we are seeing those on the list..
… I’d like us to be able to copy over the history of the item, and start making revisions..
… I’ve only done some basic editorial setup on that repo to-date..
… Laid the groundwork for the history merging - but not doing so until the WG directs to do so..
Michael Prorock: +1 orie - bc once that merging is done we can start making some obvious improvements to editor draft.
Orie Steele: Given the CCG stuff is finished, I’d love to do that; but if we have to wait for the FCGS acks, I’m waiting for the WG..
Manu Sporny: We covered the wait last time. I think Ivan agreed we can move on as soon as we want to..
… Typically it takes a few weeks or months for all the commitments to come in..
See github pull request vc-jws-2020#7.
Manu Sporny: That doesn’t affect us. Only when doing a FPWD - that’s multiple months off..
Orie Steele: after this is merged, I will start merging history..
Brent Zundel: +1, no need to wait on the CCG commitments.
Manu Sporny: My suggestion is we can start moving/copying the repos immediately for all the items listed. (#345).
Michael Jones: +1 to starting the copying now.
Brent Zundel: Orie, anything else we should pay attention to? PR 7?.
Orie Steele: One other PR: https://github.com/w3c/vc-jwt/pull/1.
… Those are the only PRs I’m tracking for the items I’m editor of that are not the main spec.
5. Status Report: VC-JWT.
See github pull request vc-jwt#1.
Orie Steele: As noted by that PR, there was an agreement last time to copy over the VC-JWT section..
… I think I’ve seen PRs on the vc-data-model already to remove that content..
Manu Sporny: Migrate VC-JWT section to dedicated specification – https://github.com/w3c/vc-data-model/pull/899 https://github.com/w3c/vc-jwt/pull/1.
Orie Steele: My preference for VC-JWT is that we merge this PR; VC-JWT starts to have content under an ED.
… and we keep pulling off content and issues into that repo..
… This PR is the first implementing that process..
Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc+label%3vc-jwt%3F.
Brent Zundel: Additional piece of business for this topic, broadly: go through issues here to transfer..
Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+label%3Avc-jwt%3F+sort%3Aupdated-asc.
Brent Zundel: This is all the issues in the VC Data Model repository that the chairs felt were probably VC-JWT related..
… We’re not processing except to see if should go to VC-JWT or not..
… Going through one at a time….
5.1. nonce property (issue vc-data-model#823)
See github issue vc-data-model#823.
Brent Zundel: nonce property… data-integrity and vc-jwt. Whoever wants it more can have it… We can open another one… Applicable to both?.
Orie Steele: Disagree; I think this is relevant to BBS+ Data Integrity spec, or Data Integrity spec but not VC-JWT..
Brent Zundel: Sounds good; removing vc-jwt tag..
Kristina Yasuda: I disagree, but I can add an issue in jwt-vc repo.
5.2. No normative statement wrt. JWT encoding of verifiableCredential
as base64url (issue vc-data-model#832)
See github issue vc-data-model#832.
Orie Steele: this one belongs in JWT..
Manu Sporny: +1.
Kristina Yasuda: +1.
Brent Zundel: Anyone feel should not move to VC-JWT?.
… Excellent, keeping that tag. Removed from previous one….
5.3. clarify that vc
vp
claims do not include entire VC/VPs (issue vc-data-model#845)
See github issue vc-data-model#845.
Orie Steele: This one belongs in VC-JWT..
Michael Jones: I agree with this one..
Manu Sporny: +1.
5.4. Looser restrictions on the JOSE header typ
(issue vc-data-model#853)
See github issue vc-data-model#853.
Orie Steele: This one belongs in VC-JWT..
Manu Sporny: +1.
Michael Jones: +1.
Brent Zundel: Seems VC-JWT related.
5.5. Support for multiple signatures (issue vc-data-model#856)
See github issue vc-data-model#856.
Brent Zundel: 856. Both data-integrity and vc-jwt?.
Manu Sporny: VC-JWT can take it … DI already supports it..
Orie Steele: This could become contentious. If it does, I think it belongs in VC-JWT..
… My understanding is that JWT as a format does not support verifiable credentials; therefore this issue is not relevant to VC-JWT.
Brent Zundel: OK. But you agree VC-JWT is the place for this conversation to happen?.
Orie Steele: Only if people want to argue about what JWTs support.
Orie Steele: This one belongs in VC-JWT…. if it can go anywhere..
Kristina Yasuda: I am ok with this starting in data integrity.
Brent Zundel: OK. Reminder we are not discussing the issues, only trying to decide where it goes.
David Chadwick: Should keep the label.
Orie Steele: +1 Mike.
Dave Longley: +1 to Mike.
Michael Jones: should go to VC-JWT section, even if the resolution by the WG is to definitively close it..
Justin Richer: As stated, the issue is definitely JWT-related..
… There is of course a wider question of multiple signatures supported, in VCs as a data model in general..
… As the issue is stated, definitely belongs in VC-JWT.
… But don’t want to shut down conversations about VC-JWT..
5.6. Rename issuanceDate in v2 and reconsider a JWT claim counterpart (issue vc-data-model#844)
See github issue vc-data-model#844.
Brent Zundel: Seems VC-JWT related.
Manu Sporny: I know that in the previous VC Data Model spec, we have warnings in there.
Orie Steele: This belongs in VC-JWT.
Manu Sporny: saying we would deprecate issuanceDate or something like that and replace it with validUntil.
… Feels like has some overlap with the main data model, as well as potentially VC-JWT..
… The JWT claim counterpart is definitely a JWT thing. But the rename issuanceDate
is a VC Data Model thing..
Oliver Terbu: +1 manu.
Dave Longley: +1 to manu.
Manu Sporny: My suggestion is to not move it, but rename… and discuss in the Securing mechanisms.
Kristina Yasuda: Change description to focus on issuanceDate
. Can open another issue….
Michael Jones: What my colleague said; open another issue..
Manu Sporny: +1 to Kristina and MikeJ.
Dave Longley: +1.
Orie Steele: +1.
Brent Zundel: Going ahead with removing the VC-JWT label. Moving forward.
5.7. JWT Decoding: expirationDate (issue vc-data-model#874)
See github issue vc-data-model#874.
Brent Zundel: There is an attempt to fix, but also VC-JWT related….
Michael Jones: Relevant.
Brent Zundel: Keeping that label.
5.8. Normative definition of credentialSubject including legal types (issue vc-data-model#875)
See github issue vc-data-model#875.
Brent Zundel: credentialSubject
array prevents mapping to VC-JWT.
Manu Sporny: This is primarily a data model thing that then impacts the way JWTs could potentially work..
… My suggestion is to decide in the data model, and then go from there..
Oliver Terbu: +1 manu.
Orie Steele: +1 resolve the data model question first..
Brent Zundel: Anyone opposed to keeping this in the data model?.
Kristina Yasuda: Are we allowed to rename this issue to make it clear?.
Brent Zundel: Yes, however you think it would be helpful..
5.9. [JWT encoding] JWT claim names instead of
or in addition to
their verifiable credential counterparts (issue vc-data-model#878)
See github issue vc-data-model#878.
Brent Zundel: Issue 878. “JWT claim names”….
… Any opposition to moving this to VC-JWT?.
Manu Sporny: Definitely a VC-JWT thing.
Michael Jones: +1.
Brent Zundel: Excellent.
Orie Steele: This looks like the issue you would have opened on the vc-jwt repo to track the other one… so if you move this one, might not need to create a new one..
Brent Zundel: OK. I’ll leave that up to kristina.
Kristina Yasuda: is that in relation to 874/issuanceDate?.
Orie Steele: Yes, I would move this one and link it to that one which could stay.
Kristina Yasuda: OK, I’ll think about that.
5.10. Migrate Section 6.3.1 JSON Web Token to separate normative specification (issue vc-data-model#880)
See github issue vc-data-model#880.
Kristina Yasuda: Not sure if it’s done already.
… or if PR is there but not merged..
… This is less a move-it and rather a close-it, right?.
Manu Sporny: +1 to that. I think Kristina suggested as much in the last comment on the issue.
Michael Jones: I think this is being accomplished by VC-JWT PR 1.
Brent Zundel: I will take off the vc-jwt? label.
Michael Jones: Maybe reference VC-JWT pull-request 1.
See github pull request vc-jwt#1.
Brent Zundel: looks like that’s in the comment from Orie.
… Thank you all for going through these.
Michael Jones: +1.
Brent Zundel: After the meeting, anything still labeled “vc-jwt?” will be moved to the vc-jwt repo..
6. Status Report: Data Integrity.
Manu Sporny: All the documents are set up in the CCG. The FSA commitment is up; covered on the meeting already..
… I’m ready to move that over to the working group whenever..
… I’m hearing to do that immediately… My plan was to migrate, not copy; and set up redirects. Any objections to that? Otherwise I’ll do it later this week.
Manu Sporny: Streamlining Data Integrity Cryptosuites: https://lists.w3.org/Archives/Public/public-vc-wg/2022Jul/0044.html.
Manu Sporny: Another discussion needing to be had, I sent an email ^.
… Proposal and slide deck there.
… I suspect we may need to discuss that; as a heads up..
… That’s the status. If everyone is cool with that, can go to issue tracking..
Brent Zundel: Anyone wanting to discuss those items, please add yourself to queue.
Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc+label%3Adata-integrity%3F.
6.1. Is a verifiable credential in JSON-LD expand form valid? (issue vc-data-model#779)
See github issue vc-data-model#779.
Brent Zundel: First one we are looking at is #779. I anticipate some of these may be a little less clear, because of the way the original data model was written..
Manu Sporny: The answer is no, an expanded document is not valid..
… But this has more to do with vc-data-model than data-integrity; would suggest leave it.
Brent Zundel: OK, anyone disagree?.
… Removing the “data-integrity?” label..
6.2. URI dereferencing (issue vc-data-model#764)
See github issue vc-data-model#764.
Orie Steele: This is core data model thing..
Manu Sporny: My understanding is that this is about the base credentials context; dereferencing that feels like a data model thing, not a data integrity thing..
Brent Zundel: Anyone have any comments or concerns with keeping it as a data model issue rather than data integrity issue?.
6.3. More implementation issues (issue vc-data-model#712)
See github issue vc-data-model#712.
Brent Zundel: concerns about issuing JSON-LD stuff.
… At first thought would be data-integrity….
Orie Steele: This seems like a core spec issue..
Manu Sporny: I think because it covers things in the core spec, we need to deal with it in the core spec first.
Brent Zundel: Deal with in core spec first?.
Manu Sporny: Rather not debate, but it is a data model issue.
Michael Prorock: I fully agree, it’s a core spec item; there may be issues in data-integrity, depending on what happens..
David Chadwick: Potentially also an issue for the JWT work… because there there is no context requirement..
Orie Steele: +1 David… its a core spec issue, that will impact all the “securing the core data model” specs..
Brent Zundel: OK, taking the label off..
6.4. Bug in the credential vocabulary specification (issue vc-data-model#770)
See github issue vc-data-model#770.
Manu Sporny: I think this is a core data model question. It’s the core context for the data model..
Orie Steele: +1 its a core data model issue..
Manu Sporny: and so should probably stay in the VC Data Model. And it has implications….
Brent Zundel: Anyone feel differently? Otherwise will remove the label..
… Removing label; moving forward..
6.5. Remove @version
from v2 context (issue vc-data-model#843)
See github issue vc-data-model#843.
Manu Sporny: Core data model thing..
… There was “supports multiple signatures” also….
Brent Zundel: We discussed that during VC-JWT, and determined should move it to VC JWT.
Manu Sporny: OK.
Brent Zundel: Anyone opposed to keeping this in core data model?.
6.6. Default vocab for credentials context v2 (issue vc-data-model#753)
See github issue vc-data-model#753.
Michael Jones: 843 is one of a set of issues we’re going to have about support specifically for JSON-LD in the core data model..
… I don’t disagree with where the issue landed..
… There’s fundamental factors and discussions to have about if/when the core data model requires JSON-LD and when it doesn’t..
… This is one instance of that larger discussion. But don’t want to discuss it now..
Brent Zundel: Thank you Mike, I agree that is a conversation the working group will be having - not today..
Manu Sporny: yep, vc-data-model.
Brent Zundel: 753… Keeping in the core data model?.
… Label off..
6.7. proof
in @context
and the use of @container
(issue vc-data-model#881)
See github issue vc-data-model#881.
Manu Sporny: I think this is in the core data model - or at least in the core context..
… We could move it out in the future, but for now should stay..
Brent Zundel: Anyone opposed to that…?.
… Taking label off..
6.8. vc:proof scope (issue vc-data-model#888)
See github issue vc-data-model#888.
Brent Zundel: Not a lot of activity on this. Suggest moving it to Data Integrity repo..
Manu Sporny: +1 to move to data-integrity :).
Michael Prorock: +1.
Orie Steele: +1.
Brent Zundel: OK, keeping label on 888. Moving forward.
6.9. Base context v1 missing sec:
mapping in RsaSignature2018 “@context” (issue vc-data-model#778)
See github issue vc-data-model#778.
Brent Zundel: Not sure what this means.
Manu Sporny: This deals with the base context… let’s keep it in the data model since that’s where the context is..
Orie Steele: +1 to keeping it, and then removing it..
Brent Zundel: Any opposition to keeping it in the core data model?.
Oliver Terbu: Is this about the data integrity suite - RSA in particular?.
… If so maybe would fit in Data Integrity.
Orie Steele: I think there is a series of context-specific changes, like Mike Jones mentioned earlier..
… Since that file is currently in the core data model repo, I think it’s fine to leave issues in the core repo to say will keep or leave items from the core data model context..
… This particular one I think we are definitely removing, and probably need to find in the data integrity repo at some point..
… But I’m just guessing….
… I suggest we leave issues that are requesting changes to the v1 context in the VC data repo until the change can be addressed by the WG..
6.10. Add DataIntegritySignature to v2 context? (issue vc-data-model#901)
See github issue vc-data-model#901.
Brent Zundel: 901, also got this one wrong?.
Manu Sporny: You may be eventually correct though! There is a question about where the context lives… That’s in the core repo for now..
Brent Zundel: Removing that link… Last one.
Manu Sporny: +1 to move nonce to data-integrity :).
6.11. nonce property (issue vc-data-model#823)
See github issue vc-data-model#823.
Dave Longley: +1 :).
Manu Sporny: +1 to move this (823) to data integrity.
Michael Prorock: +1.
Manu Sporny: I note our charter says protocols are in-scope.
… For now we can move to data-integrity, but we may want to discuss nonces again….
Michael Jones: At beginning of issues list for vc-jwt, there was a nonce issue; I think we had weak support for leaving it where it was, Kristina was going to file a VC-JWT-specific issue about nonces. How does this relate to that?.
Orie Steele: can we compare the issues?.
Brent Zundel: Good question.
Kristina Yasuda: I think it’s the same one.
Manu Sporny: I thought we said this started out as VC-JWT, but JWTs already have a nonce mechanism, so this is in data-integrity….
Brent Zundel: [reading minutes].
… so I had removed the vc-jwt? tag….
… I believe it was the multiple signatures issue that we decided should stay in the core data model, not this issue..
Orie Steele: I think that’s right; the reason I suggested the BBS+-related nonce issue belonged in data-integrity is because it’s specific to the proof construction.
… I agree with the comment that things like nonces need to be discussed in Core, then need to be discussed in Securing….
Manu Sporny: +1 to what Orie said.
Orie Steele: Need to leave room in the core spec to discuss nonces, but will also need to discuss elsewhere..
Michael Jones: I agree with Orie.
7. Relevant Issues.
Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Arelevant%3F+sort%3Aupdated-asc.
Brent Zundel: Don’t have time to process these today.
… Please take this link and add your comments, if you think the issues are still relevant or should close..
… Please take that action, to ease future issue processing..
… Thank you everyone for coming..
… I will move the vc-jwt? and vc-data-integrity? items to the appropriate repos..
… Thanks Charles for scribing.
… See you all next week!.
Charles Lehner: Have a good one!.
Michael Prorock: Nice the meeting ended on time.
8. Resolutions
- Resolution #1: We will use echidna to automatically publish updates to the VC Data Model 2.0 as PRs are merged.