Verifiable Credentials Working Group Telco — Minutes

Date: 2022-11-02

Attendees

Present: Brent Zundel, Ivan Herman, Shigeya Suzuki, Manu Sporny, Mahmoud Alkhraishi, Charles Lehner, Dave Longley, Drummond Reed, Michael Jones, Will Abramson, Steve McCown, David Chadwick, Michael Prorock, Chris Abernethy, Phillip Long, Oliver Terbu, Kerri Lemoie, Kristina Yasuda, Juan Caballero, David Lehn, David Waite, Marty Reed, Joe Andrieu, Orie Steele, Dmitri Zagidulin, Przemek Praszczalek, Gabe Cohen

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Manu Sporny, Oliver Terbu

Brent Zundel: agenda for today, we are looking at
… some announcements of the beginning, work item status updates, work item ins progress, sd-jwt and data integrity.
… following a convoluted issue on holder binding to get some updates.
… then finish off the meeting with discussion of issues.
… any comments? request for changes?.

Kristina Yasuda: postpone holder binding discussion to next week?

Brent Zundel: that is no problem, we can just do our issue discussion today then.
… some announcements, moving forward, we will have meeting next week, no special topic call next week.
… following week is IIW and we will not have our regular call nor we will have a special topic call.
… we are not cancelling meetings in the week of thanksgiving.
… pay attention to whatever time the meeting is.
… in your local time as best as we can.
… we are gonna send out a local time meeting.

Ivan Herman: on time changes, in practice, for next week on for Europeans it will be everything as normal.
… for the whole of winter no time change in Japan.

Brent Zundel: regardless what time this meeting is, it is an honor to have our colleagues from Japan.
… some concerns have been raised about feelings about lack of inclusion due to some comments about.
… like we shouldn’t talk about this because the past group talked about this.
… or we do not wanna rehash this conversation.
… this caused for some folks in the group to reach out to chairs to ask group to be a bit more inclusive.
… since there are folks in this group that didn’t participate in earlier conversations.
… chairs are operating under the assumptions that none of these comments were done maliciously or aggressive.
… but want to make folks aware of that and encourage everyone to be inclusive as possible.

Kristina Yasuda: well-said, thank you, Brent.

Brent Zundel: anyone who wants to intro on this call?.
… moving on.

1. Work Item status updates/PRs.

Brent Zundel: first topic, work item status updates and PRs.

Manu Sporny: See DM PR-s.

Manu Sporny: first up on vc data model PRs, we have 4 of them.
… we had a resolution on issuanceDate and expirationDate.
… we have a PR.

1.1. IssuanceDate and ExpirationDate (pr vc-data-model#964)

See github pull request vc-data-model#964.

Manu Sporny: simultaneously ivan raised a PR to update vocabularies.

See github pull request vc-data-model#968.

Manu Sporny: and they conflict with one another.
… Ivan and Mahmoud you have to talk to each other.
… that is the only thing that keeps those PRs from being merged.

Ivan Herman: my PR does two things. one yaml is now the language and the other thing it also includes the changes of property names.
… should have made that more clear.
… as far as i could understand it duplicates what Mahmoud has done.
… apologies for that.
… that is where we are.

Manu Sporny: that is great because we have more people doing PRs.

1.2. Add nonTransferable property to credentials vocab (pr vc-data-model#969)

See github pull request vc-data-model#969.

Manu Sporny: next item is 969.
… this one is controversial.
… one of them is that a non-WG member suggesting normative changes.
… may want to talk with mateo.
… other thing is to have a nonTransferable to property to core, which has not reached consensus.
… expecting PR to be blocked possibly.

Ivan Herman: every member of the WG has the right to create normative changes.

Manu Sporny: we are concerned about having non members doing normative changes due to IPR etc..

Shigeya Suzuki: I’m actually had plan to create PR to remove these complex structures. (wrt multilingual).

Shigeya Suzuki: (haven’t had time to realize it..).

Manu Sporny: chairs, staff, we should have a quick chat.
… but we want them to be engaging.

Ivan Herman: we should have a timing thing about it, if Mateo doesn’t react that by then, we are closing without any further steps.

1.3. Forbids credentialSubject objects represented as string values, also fixes #762 (pr vc-data-model#970)

See github pull request vc-data-model#970.

Manu Sporny: next item up is PR 970.
… oliver raised a fix to forbid credentialSubjects being string values.

Oliver Terbu: I put in JSON-LD section because of specific reasons related to JSON-LD, representing an object that has id property as single string that’s specific to JSON-LD. Thought it was more appropriate to JSON-LD section, could also put it in credentialSubject section. Why is it needed there, though? One or more properties that are related to subject of credential..
… It felt a little bit redundant in data model section..

Orie Steele: It’s an improvement, but it is a core data model thing..
… In both representations we don’t want value part to be a string. I agree with comment on credential subject phrasing being weird, suggest we not conflate adding this requirement to cleaning up that section, but perhaps we can add an issue to revise that section in its entirety, that section is confusing to read. File issue to update credential subject and move to accept PR as is..

Orie Steele: I can implement “sets” with strings…..

Oliver Terbu: The spec currently says value of credential subject is defined as object that is related to subject of credential – that’s not normative text at the moment, but it could say MUST say, would that fix that issue?.

Manu Sporny: that’s it for 970, please provide feedback.
… moving on to data integrity.

1.4. (pr vc-data-integrity#67)

See github pull request vc-data-integrity#67.

Manu Sporny: for the last week there was a PR open.
… PR 67.
… that has been done.

Manu Sporny: The FPWD ready draft for Data Integrity is here: https://w3c.github.io/vc-data-integrity/FPWD/2022-11-10/.

Manu Sporny: ivan, chairs, that document is ready to be published by nov 10.
… contains diagrams etc. in the sub directory, please take note of that, when publishing other docs that with the spec.

Ivan Herman: +1.

Brent Zundel: VC-JWT and JWS2020.

1.5. Begin production rule definition (pr vc-jwt#11)

See github pull request vc-jwt#11.

Orie Steele: VC-JWT still has PR 11 open.
… mike jones request changes and i have responded.
… but there are still changes requested but i believe that those have been addressed.
… but i would like to accelerate the pace with improvements to that draft.
… additional reviews would help.
… that is it for VC-JWT.

Michael Jones: given that poll taken on previous call, there seems to be validFrom and validUntil.
… language needs to be updated in the PR.
… when to be merged in the vc data model.

Michael Prorock: +1 wait for upstream merge.

Orie Steele: intention was not make any changes, only document what was already required.

Michael Prorock: then correct / update.

Orie Steele: i don’t thing we should coming with those changes in the PR.

Michael Jones: ok, then i think i can approve.

1.6. Create a First Public Working Draft for Json Web Signature Data Integrity. (pr vc-jws-2020#26)

See github pull request vc-jws-2020#26.

Orie Steele: let’s move on to VC-JWS-2020.
… other PR that has been open for quite some time, some extra steps to do to be ready for FPWD.

Ivan Herman: i need advice on that, from orie and chairs.
… should i wait for public wg draft for data integrity?.
… (I could start process for data integrity today or tomorrow morning).
… question to chairs and editors.

Orie Steele: i would not wait and would proceed independently.

Ivan Herman: ok, agreed. understood.

Michael Prorock: +1 proceed along, then update separately.

1.7. Add IANA to context (pr vc-jws-2020#24)

See github pull request vc-jws-2020#24.

Orie Steele: other issue is PR 24.
… this one is regarding context.
… overtaken by massive amount of comments on @context discussion.
… please give comments on PR 24 but we have to wait for @context discussion.

Manu Sporny: comments on future work items.
… CCG has prepared VC API to be published as a note.
… in coming weeks.
… other final report published through CCG that built on top of data integrity.
… docs are currently prepared.
… ECDSA and Edwards curve signature suites.
… in coming weeks as well.

Michael Prorock: +1 manu - chairs at CCG will be on lookout.

Brent Zundel: moving to issue discussion.

2. Issue Discussion

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss+sort%3Aupdated-asc.

Brent Zundel: here is the ordered list of issues..

2.1. What is the action associated with issuing/creating a Verifiable Presentation? (issue vc-data-model#887)

See github issue vc-data-model#887.

Brent Zundel: We could spend a while on this, lets time box to 10 minutes..
… We have had a number of suggestions – present, assemble, derive, etc..
… What can we do to move this one forward?.

Manu Sporny: what we can do in these situations?.

Orie Steele: I am coming around to the idea of using “issue” for both “VC” and “VP”..

Manu Sporny: we collect all the options and make a poll.

Phillip Long: Has compose been offered yet?.

Manu Sporny: if you had other suggestions then please put it into the issue.

Michael Prorock: definitely second range choice poll.
… One thing to note… I’ll 2nd rank choice poll, as we work through scopes and other contexts, trace, interop.

Michael Prorock: https://w3c-ccg.github.io/traceability-interop/draft/#scopes.

Michael Prorock: Something that plays nicely w/ common usage, in case of credentials issue credentials – VC API is doing something similar, we should pick naming that would make sense to new developers… new developer onboarding, make sense to them, consider what is used in similar scenarios out in industry..

Joe Andrieu: In interest in minimizing logistical overhead, no oppositions to derive – maybe we can propose that and request people to push back – and then see if people like it..

Orie Steele: One comment on derive, it has additional conflicts w/ selective disclosure schemes where there is a transformation scheme on original credential which is then presented..

Manu Sporny: Yes, I’m a -0.5 for derive – for the reasons Orie said..

Michael Prorock: +1 orie - derive makes sense in some ways, but will cause conflicts later with actual “derived” key materials, credentials, subsets, etc.

Orie Steele: There might be ambiguity on that side… that would apply for SD-JWT, BBS JWP and BBS DI.

Orie Steele: I’m also a -.5 to derive..

Michael Jones: -1 to “derive”, as it’s not intuitive usage of the word in context..

Joe Andrieu: Happy to go to a poll, derive doesn’t seem like an easy win. Orie, derive is middle step, not the presentation, this question isn’t about act of presenting, doing the thing before presenting..

Orie Steele: ahh, we are talking about 2 different things then : ).

Orie Steele: both need names :).

Brent Zundel: Ok, we’ll see poll coming around..

Steve McCown: Explaining to non-identity industry people, we often say “create/submit a verifiable credential proof”. It may not be perfect, but it gets the point across..

2.2. Define policies for VC Extension Registry (issue vc-data-model#909)

See github issue vc-data-model#909.

Manu Sporny: a bunch of proposals … we can try to run proposals one by one and see how far we can get.
… there are some concrete proposals and we can see how people react to that.

Brent Zundel: fine with that.
… I’m fine w/ running proposals….

Kristina Yasuda: Discussion at TPAC we need proposals for registries we want, let’s come back on what registries we want – passing how we manage registries wouldn’t be actionalble..

Brent Zundel: This is part of vc-extension registry discussion..

Manu Sporny: this is specific to VC extension registry. we have an extension registry today..

Michael Prorock: +1 manu.

Manu Sporny: working group created one and handed it to the CCG.

Michael Prorock: and the CCG is not the right home for that.

Manu Sporny: it is a concrete thing that is out of date but exists today.

Joe: I don’t think we have a registry –.

Manu Sporny: It exists, the VC 1.0 created it..

Orie Steele: We should take a inventory of things that need to be in a registry and the things that CCG might want to manage. When W3C looks at CCG and WG, they might not recognize that these are two separate processes… they might thing CCG isn’t decision maker. Looking at things like status list and things of that nature. Have the conversation around how to communicate items delegated to CCG for control and what that means..
… What is means today and what it means tomorrow. That will be helpful to elaborate upon..

Phillip Long: This sounds like a good topic for the CCG, that is, who controls a registry and what are the processes by which the operate..

Michael Jones: I believe in past discussions in this WG, including at TPAC, there was consensus to extend that we have registries that we should control them. I agree with Joe that a registry that shares name at CCG has no standing and we should decide which registries we’re going to have and operate them or delegate to IANA to operate them..

Drummond Reed: +1 to having a registry controlled by this WG..

Phillip Long: +1 to an inventory to the registry.

Michael Prorock: CCG Chair Hat on, I believe based on everything I’ve seen to date, that Manu is correct. VCWG 1.0 created this and transferred management to CCG. I don’t think Community Group or Business Group is a place to have normative ramifications. Orie is on to something good, CCG Chairs can have a full dedicated meeting about this – point by point items that are at CCG that should be controlled as part of VCWG, pointing to IANA and other items – any motions required at CCG so items can transition appropriately to normative body..

Orie Steele: +1 MikeP we should create clarity and remove uncertainty on this, but we can’t ignore previous resolutions from W3C WGs regarding W3C CCG..

Manu Sporny: +1 mikep.

Brent Zundel: We have had good conversation, what is concrete next step to move forward?.

Manu Sporny: I’m hearing two things – JoeA’s objection, and inventory of things that go into the registry….

Michael Prorock: We just need a list of repos to get everything handled..
… From CCG standpoint, I recommend that we also classify items in inventory, we might have non-registry items planned for FCGS so would be helpful if we have that list, some of that work is in VCWG charter, but there are items like this that are not. We shouldn’t limit ourselves when taking that inventory of things to move over from CCG.

2.3. Evidence as a Related Credential (issue vc-data-model#919)

See github issue vc-data-model#919.

Brent Zundel: Can you walk us through status of this issue, Gabe?.

Kristina Yasuda: Gabe’s not here..

Orie Steele: There are a lot of credentials where you go to an Issuer where you present credential as evidence to receive a new credential. Evidence property supports some of these use cases, optional property of core data model. I believe this question is about making it clear what relationship should be about evidence property where evidence is itself another VC..
… You can’t refer to evidence using ID if original evidence didn’t have ID, how can you refer to first VC when issuing second VC?.
… With version 1.1 we have flexible informative language, but not a lot of concrete guidance to implementers wrt. additional clarity..

Michael Prorock: There are a few use cases we see in practice, two areas – verification of information on open web and traceability across borders and regulatory compliance across borders. In agriculture case, cross border trade some is digitized, some on paper..
… Things where you can point to an image and a signature on that, common use case, also external regulatory standards E-Phyto – exploring putting in evidence or putting in evidence block, types of import credentials. There are things that are outside of JSON/JSON-LD that exist ..
… This comes up, be mindful about normative statements around evidence..

Orie Steele: There are a lot of use cases for evidence… I once tried to kill it, and I was shocked by how many people are using it, despite how weekly it was defined in 1.1…. We should invest in providing more clarity regarding the evidence property..

Dmitri Zagidulin: agree, +1 Orie. I was surprised by that, too (by how many people are using ‘evidence’ despite vague spec).

Manu Sporny: There is overlap w/ work that Dmitri and Phil has been doing in this area..

Dmitri Zagidulin: the related issue Manu mentioned is https://github.com/w3c/vc-data-model/issues/952.

Kerri Lemoie: We had evidence in open badges for a while, could be a test score, transcript, file, video, some kind of media, demonstrate proof of achievement. Part of openbadges 3.0, we decided to reuse evidence field for this purpose. That is being used like that right now, not that commonly, but it’s how its been implemented in the open badges standard.

Phillip Long: As Manu pointed out and Kerri noted, frequent use of evidence field, why a particular achievement was made, in context of hashlink approach that Dmitri propsoed and used in related development of credential – linked claims, evidence using hashlink you’re providing proof of pathway and object itself, then that is a useful mechanism to maintain or present something w/ same authority as original credential..
… That is a viable mechanism for pointers to these mechanisms, as long as that location is not dynamically generating things so it breaks hash, supplement claim about an issue that’s being asserted..

Brent Zundel: Good discussion, concrete next steps for this issue?.
… We had people point out that linking to credential is one way to do it, where do we go from here.

Manu Sporny: We could suggest raising a PR for the extension spec..

Phillip Long: Myself and Kerri and Dmitri can work on that. Manu’s right, there are qualifiers, journalism and journalistic reports – first person vs. second person to help contextualize the link. We’re happy to do that..

Kerri Lemoie: +1 to working on examples with Phil & Dmitri.

Shigeya Suzuki: I’m late to file issue/PR for multilingual discussion, I was talking about how I can externalize some of translation maps to external object. I think there is common structure between what we’re discussing now and what I’m going to discuss w/ multilingual objects.

Manu Sporny: Totally agree, shigeya.

Shigeya Suzuki: Trying to create PR for this, will try to rely on part of spec that talks about this external object. This is a good way to use external object..

Brent Zundel: With that we’re at time. Thank you to Oliver and Manu for scribing. Always a pleasure to work with each of you. See you next week. Thank you..