Verifiable Credentials Working Group Telco — Minutes

Date: 2022-08-10

Attendees

Present: Kristina Yasuda, Brent Zundel, Ivan Herman, Michael Prorock, Markus Sabadello, Manu Sporny, Michael Jones, Juan Caballero, Phil Archer, Will Abramson, Ted Thibodeau Jr., Dave Longley, Orie Steele, Gabe Cohen, Sebastian Elfors, Andrew Whitehead, Mary Dwyer, Kevin Dean, Oliver Terbu, Joe Andrieu, David Chadwick, Gregory Natran, Samuel Smith

Regrets: Charles Lehner

Guests:

Chair: Kristina Yasuda

Scribe(s): Markus Sabadello

Content:

1. WG Work Mode.
2. TPAC.
3. A brief introduction to VC components.
4. VC Data Model Issues - A Question of Relevance.
5. issues with discuss tag.
- 5.1. Explicit reference should be added about binding the VC to the holder (issue vc-data-model#789)
6. AOB.

Kristina Yasuda: Anyone who wants to (re-)introduce themselves?.

Mary Dwyer: I’m a new member of the group. I work for Definity Foundation. I want to ensure the Internet Computer can operate with the relevant technologies. I worked on identity since 2016. I’ve been following this work and am happy to be in a role to contribute..

Kristina Yasuda: Welcome Mary.

1. WG Work Mode.

Kristina Yasuda: Editors talked about the work mode.
… We want to keep these main calls. We may have special calls to dig deeper..
… Those who participated in the WG before, the work will be happening async in the Github repos..
… If there are no objections of PRs and approval of 3 editors, then editors will go ahead and merge.
… Issues will be triaged. If labeled “pending close”, it will be closed in 7 days if no objections..
… So please participate in Github as well as calls..

Manu Sporny: +1 on the work mode.

2. TPAC.

Kristina Yasuda: I sent out agenda..

Kristina Yasuda: See Preliminary TPAC Agenda.

Kristina Yasuda: People can contribute in the spreadsheet what they would like to discuss as TPAC..
… We can spend the time on discussing bigger issues that will benefit from F2F discussion. We will have 2 full days..
… There is a list of possible topics. Please type the topic and estimate time..

Phil Archer: Markus and I started to make noise about RCH WG (RDF canonicalization and hashing)..
… Thanks to VC WG chairs for allowing time for our group..
… Our general plan is to use this slot on Wednesdays when VC WG is not using it, i.e. every other week..

Markus Sabadello: See my message about RCH WG today.

3. A brief introduction to VC components.

Kristina Yasuda: We wanted to talk about different components of VC WG.
… Not opening the floor for discussion yet, just flag to the people, then will discuss at TPAC..
… There is a data model, then there is a serialization (right now JSON, JSON-LD), and then there is the securing part (JWT, DAta Integrity).
… Later in WG we want to think about where the serialization part “sits”. Is that in the data model, or securing, etc? Just flagging that the chairs and editors believe we want to slowly tackle the “where sits what” question in components..

Manu Sporny: Wanted to reinforce what Orie said above. At some point the suggestion of an “abstract data model” may come up..

4. VC Data Model Issues - A Question of Relevance.

Kristina Yasuda: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Arelevant%3F+sort%3Aupdated-asc.

Kristina Yasuda: Question to the WG is, do we want to discuss these issues in the WG? Is this the right place?.

4.1. Define SHACL constraints (issue vc-data-model#76)

See github issue vc-data-model#76.

Kristina Yasuda: This is about SHACL constraints..
… Some conversation going on in that issue..

Manu Sporny: It was a suggestion that nobody really followed up on. Some people could write SHACL constraints. But until somebody actually puts in a PR, I don’t feel we need to keep this open. Maybe we close until someone comes up with a PR..

Ivan Herman: I did that for the DID model, which is simpler than this one. We can close it and I look at it later. I don’t know yet whether I will have the time..
… It would also be good to have JSON schema, but I’m less familiar with that..
… It’s good to keep but with low priority..

Orie Steele: We looked at the same issue with DIDs. We looked at JSON Schema, CDDL, SHACL. Machine-parsable structured format for the data model is helpful. Having 3 of them is maybe even more helpful. But takes a lot of WG contributions to make it high quality..
… I would like to have at least 1 of these types of languages. Each has their own trade off. I don’t think we should limit it to just one language..

Kristina Yasuda: Preference to keep issue open with low priority..

4.2. Authenticators for nodes (issue vc-data-model#760)

See github issue vc-data-model#760.

Kristina Yasuda: This is about authentication relationship. Looks like it has been idle for a while, I suggest closing. Anyone can speak up on it?.
… Will mark “pending close”.

4.3. credentials/v2 should allow additional proof purposes (issue vc-data-model#756)

See github issue vc-data-model#756.

Kristina Yasuda: In the last comment it looks like there is agreement to talk about it in CCG.

Orie Steele: I remember the context for this. In the 2 data model objects Credentials and Presentations, there is something people have been doing, which is related to the previous issues. Proof of possession. The current data model doesn’t support this..
… I wantet to discuss the relevance of capabilities related to delegation.
… I would love for VCs to be a solution for capability systems, but we need to agree on this issue..
… If we think of capability systems as subset of VCs, then we get a “for free” representation of capabilities..

Manu Sporny: +1 - we should discuss this, -1 for VCs being used as capabilities..

Orie Steele: Mostly related to what do we mean by “authentication”.

Kristina Yasuda: Will keep the issue open..

4.4. Defining a V2 context here will require an update to normative statements (issue vc-data-model#755)

See github issue vc-data-model#755.

Manu Sporny: +1 to keeping it open, it’s relevant..

Kristina Yasuda: I think the previous WG didn’t do this because it was a normative change.

Orie Steele: We definitely need to start a new version of the context file, so we can make changes to it..
… In favor of getting us capable of making changes to the context asap..

Kristina Yasuda: Is this the right issue to do that?.

Michael Prorock: +1 to new context file.

Orie Steele: I’m requesting we have a v2 context file. This issue asks the question if we have permission to do that..

Dave Longley: +1 to close the issue, we can now define a v2 context in this WG.

Ivan Herman: +1 to Manu, a v2 context will come up anyway.

Manu Sporny: Short answer is yes we can create a v2 context. We should close the issue since it’s misleading what it’s asking for. v2 context will happen naturally. If we need an issue for that, we should open a new issue dedicated to this..

See github issue vc-data-model#904.

4.5. Add display hints to data model, for example: information to use a Web Component (issue vc-data-model#42)

See github issue vc-data-model#42.

Kristina Yasuda: Looks like there is agreement to close this issue. Dave, any context?.

Dave Longley: We decided to defer this to 2.0, and I believe we should do this work. We should add name, description, etc. to the data model. There are further things about rendering hints, etc..
… I think there was agreement this would be addressed in v2.

Kevin Dean: +1.

Phil Archer: I think it’s relevant too. In GS1 issued VCs we want to include some human-readable information.
… I worry about internationalization and accessibility. This should be considered.

Brent Zundel: there is also this: https://github.com/decentralized-identity/wallet-rendering.

Kristina Yasuda: Will keep the issue open.

4.6. Avoiding confusion by renaming ‘credentialSubject’ (issue vc-data-model#480)

See github issue vc-data-model#480.

Kristina Yasuda: Issue raises issues about “credentialSubject”..

Kristina Yasuda: See Manu’s summary of the discussion.

Kristina Yasuda: There is a comment by Manu that summarizes the discussion. I suggest we close it, considering that the question has been answered..

Manu Sporny: +1 to close.

Kristina Yasuda: Anyone opposed to “pending close”?.

Orie Steele: +1 to close.

Dave Longley: +1 to close.

4.7. Issuers may express a Time to Live on the credential (issue vc-data-model#164)

See github issue vc-data-model#164.

Kristina Yasuda: Manu commented that this belongs not in the data model, but transport protocol or other places..

Orie Steele: +1 to keeping transport protocol concerns out of the data model, and closing.

Manu Sporny: +1 to close.

Kristina Yasuda: Marking as “pending close”.

4.8. Make images consistent (issue vc-data-model#865)

See github issue vc-data-model#865.

Kristina Yasuda: This is about images in the document text. chaals did great work. Can we close it?.

Manu Sporny: I thought it was done and I closed, then it was re-opened. My suggestion is we give David Lehn 30 days to address it, then close if it is not addressed..
… I will add a comment.

Ivan Herman: I understand we need chaals to do what he is referring to. His points about quality of diagrams, these things are good styling warning..
… I wouldn’t like to lose the bullet items chaals put into the issue. This is editorial styling, we need to be good about this..
… Now we will have multiple documents in parallel, we need some editorial consistency among the documents. This is part of it..

Kristina Yasuda: Can we leave it to the editors to make sure that this is addressed?.

Ivan Herman: Sounds good if the editors can make sure that this is not forgotten..

Brent Zundel: or we can leave it open with an editorial tag . . ..

Orie Steele: +1 to closing, i’m in favor of fixing all the diagrams as part of regular review… and addressing that in a case by case basis..

Manu Sporny: I went through and made a lot of the changes chaals suggested, I did this as far as I could. It’s more complex with some diagrams, this may confuse the diagram and be a step in the wrong direction..
… Understanding what exactly is remaining would be better. Perhaps we ask David and chaals what exactly the editors need to do..

Michael Jones: In favor of closing in 30 days.

Manu Sporny: Will add a comment.

4.9. Bootstrapping Simple WoT Verifiable Claims (issue vc-data-model#32)

See github issue vc-data-model#32.

Kristina Yasuda: This is about VCs for web of trust. How can one entity state that they know another entity. Manu has been answering questions in this issue..
… Do we still want to have a write-up on web of trust mechanisms, or can we close this? Any opinions?.

Manu Sporny: This has been out there for 5 years. The question is can we get a set of example credentials. The WG needs to determine if it wants to define these credentials. There are other places where example credentials can be defined..

Ivan Herman: +1 to the CCG.

Michael Prorock: +1 ccg.

Dave Longley: +1 to CCG.

Manu Sporny: E.g. the CCG is creating examples via the CHAPI playground. This may be better suited for CCG..

Orie Steele: +1 to any place other than a format WG (including DIF / CCG).

Kristina Yasuda: Marking “pending close” and adding a comment. Anyone interested can continue to work this in CCG..

4.10. Define one or more media types for VCs (issue vc-data-model#421)

See github issue vc-data-model#421.

Kristina Yasuda: Recent comments seem to make it clear we want to keep the issue open..
… This is about MIME types.

Manu Sporny: We kicked off an IETF work item to address this issue. This was kicked off by DID WG. There is active work here..
… This group should review if this meets this group’s requirements.

Ivan Herman: See the relevant IETF work item.

Kristina Yasuda: Let’s keep this issue scoped to the IETF discussion, then let’s create another issue to discuss what MIME types we need?.

Manu Sporny: Maybe this issue is “define a MIME type for VC syntaxes”, and the “media type conversation” is a separate issue. We could do this either way.
… Maybe we edit this issue to say “define 1 or more media types for VCs”. So we keep it as one issue and make this one concrete. The WG needs to define media type(s).

Orie Steele: +1 to defining media types..

Manu Sporny: And we link to the work happening in IETF.

Ivan Herman: When you have a W3C spec, then you can include the necessary MIME type document in the specification itself. It doesn’t need a separate work submitted to the usual channels..

Kristina Yasuda: Removing the relevant tag.

Ted Thibodeau Jr.: I’m concerned about the agreement. W3C will create a lot of media types and not list them on the definitive IANA page. That’s where you’re supposed to list them..
… If you create a VC, then you find it in the W3C spec. But it should also be on the IANA page, since if you don’t work with VCs per se, you want to look up the media type and learn about it. If it’s not listed in IANA, that’s problematic..

Ivan Herman: You misunderstood, it will be listed there..
… Normally you have to create a separate document with its own syntax and style, that is more work. Instead, that text has to be included in a specification. It still goes through the usual review and the list, but it’s a shortcut for editors..

Kristina Yasuda: Brent should we go through issues labeled “discuss”?.

Brent Zundel: Agree.

5. issues with discuss tag.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss+sort%3Aupdated-asc.

5.1. Explicit reference should be added about binding the VC to the holder (issue vc-data-model#789)

See github issue vc-data-model#789.

Kristina Yasuda: This is about explicit holder binding. This has been brought up a few times..

Manu Sporny: Stephen and I talked about it several times. I’m still a bit confused what the issue is about, other than figure out how to reference the holder in a way that is more compatible with how Aries does it. But I’m not certain..
… There have been multiple calls about referring to the holder in other ways..
… I’m not sure how intermixed the things are.

See github issue vc-data-model#882.

Manu Sporny: My suggestion is we involve Stephen.

Michael Prorock: +1 30day.

Kristina Yasuda: Should we do a 30 day period like in a previous issue?.

Manu Sporny: My concern is that this is a complex topic that will take longer, and we should give Stephen more time to have the discussion.

Ivan Herman: Perhaps we can get him to TPAC as a guest? For a longer discussion?.

Manu Sporny: markus_sabadello: Is this a duplicate of issue 882?.

See github issue vc-data-model#882.

Brent Zundel: I will reach out to see if Stephen is available to join us at TPAC.

Juan Caballero: it would allow for a CL/AnonCreds profile/type, non?.

Oliver Terbu: There was a long discussion, we haven’t resolve it, still ongoing..
… General idea is that in the current VC data model spec, it’s not possible how to tell the verifier how they can verify a binding of the presentation of the credential..
… Verifier wants to know if the holder is the actual entity the issuer made claims about. The “holder” property can be anything. The data model allows that any holder can present the VC..
… Verifier could look up a property in the presentation to check how to verify the binding between the presentation and the credential..
… A simple mechanism is to check the “id” property in the VC and the proof..
… Discussion hasn’t been resolved yet.

Manu Sporny: Oliver’s issue is valid and needs to be discussed. Not sure if this is the same as what Stephen raised..

Dave Longley: there seems to be a general desire to allow the issuer to say who the holder (really the presenter) should be when the VC is presented (which is separate from actually proving that to be the case).

Juan Caballero: right, no one mentions linked secrets or AnonCreds on that PR thread, so it would be good to get explicit buy-in from the AC folks that one entry in that registry would solve the open issue.

Michael Prorock: 50 or 55.

6. AOB.

Kristina Yasuda: We should end the call at 55..

Brent Zundel: That’s the goal, we can end here.

Kristina Yasuda: Thanks everyone, we made a lot of progress. Please go through issues and continue next week..

Michael Prorock: I’ve got a side conversation about a panel on TPAC, this might be interesting to Stephen..

Kristina Yasuda: Let’s coordinate.