Verifiable Credentials Working Group Telco — Minutes
Date: 2022-11-30
See also the Agenda and the IRC Log
Attendees
Present: Ivan Herman, Sten Reijers, Kristina Yasuda, Orie Steele, Brent Zundel, David Waite, Shigeya Suzuki, Oliver Terbu, Dave Longley, abranson, David Chadwick, Ted Thibodeau Jr., Drummond Reed, Sebastian Elfors, Manu Sporny, Kerri Lemoie, David Lehn, Joe Andrieu, Phillip Long, Juan Caballero, Michael Jones, Chris Abernethy, Dmitri Zagidulin, Shawn Butterfield, Steve Cole, Christopher Allen
Regrets:
Guests:
Chair: Kristina Yasuda
Scribe(s): Kerri Lemoie
Content:
Kristina Yasuda: agenda… work items, topic: evidence or holder binding?.
Manu Sporny: +1 to discuss holder binding :).
Kristina Yasuda: asks to indicate in IRC topic choice.
… introductions or reintroductions?.
1. Process issues.
Brent Zundel: process for adoption of work items guidelines suggestions.
… proposed work items should be in the scope of charter & W3C; work item needs to have socialization before proposed: 1 week before proposal should have discussion in mailing list with link to doc with proposal; work item should be supported by min 3 companies; based on those guidelines chairs will accept work item as rough consensus (sufficient because concerns about the work item can still be raised on that work item and issues can still be addressed..
Manu Sporny: does support for the proposal need to come in from just wg participants? Can implementors outside of the WG chime in?.
Kristina Yasuda: supporters defined as co-proposers. If list of implementors included, that will help with the decision..
Manu Sporny: what happens if there are many -1s on the proposal that outweigh +1s?.
Kristina Yasuda: case by case basis by chairs. Ideally rough consensus is no -1 or few -1..
… case by case decided by chairs.
Brent Zundel: agreed..
Michael Jones: how do we stop it if we really don’t think it should be a work item?.
Kristina Yasuda: timeline provides time to express opinions/interest and there will be a discussion. Time built in to support rough consensus..
Manu Sporny: concern about pitting specs against each other. Concerned that put the wg in situation where things the charter will get multiple -1s. Concern that changing interpretation of charter by not allowing enough incubation..
… speaking about concerns… potentially cut off work items too soon and cause conflict.
Kristina Yasuda: clarification - if there is no consensus that the work shouldn’t be included, then it won’t be and vice versa..
Dave Longley: notes: “The Working Group” includes the members that voted the way Manu mentioned..
Michael Jones: It’s healthy for a working group to make choices.
Manu Sporny: it’s healthy for a WG to make choices when everyone is on the same page with how the choices were made..
Dave Longley: It’s healthy as long as those choices are well understood / there is a shared understanding by those voting..
Manu Sporny: It’s clear that we were not on the same page when we voted..
Orie Steele: members have limited bandwidth and process to work together leads to velocity but focusing on contentious issues on special topics call causes issues for working together ongoing..
Michael Jones: I agree with Orie that it’s important to realize that just because something’s in the charter, it doesn’t mean that we’re going to do it.
Juan Caballero: +1 to the concept of “emotional debt” which really resonates with me.
Kristina Yasuda: process proposal for new topics not related to special topics calls..
2. work item status updated.
Manu Sporny: See https://github.com/w3c/vc-data-model/.
2.1. Add nonTransferable property to credentials vocab (pr vc-data-model#969)
See github pull request vc-data-model#969.
Manu Sporny: objections to PR for nonTransferable property; 969 - could use a special topics call.
Kristina Yasuda: was this filed as PR without discussion?.
Manu Sporny: yes but in the past we allowed for this.
Oliver Terbu: https://github.com/w3c/vc-data-model/issues/960 might be the issue.
2.2. Added presentationSchema (pr vc-data-model#987)
See github pull request vc-data-model#987.
Manu Sporny: 987 adds presentation schema - has a couple of reviews, oliver& manu have questions. Explore at special topic call? Please take a look and add your questions..
Kristina Yasuda: would be better to have an issue for the discussion.
Manu Sporny: See https://github.com/w3c/vc-data-integrity/.
Manu Sporny: no open PRs on data integrity.
Orie Steele: json web signature 2020 - open PR.
2.3. Add IANA to context (pr vc-jws-2020#24)
See github pull request vc-jws-2020#24.
Orie Steele: encourage wg members to review and add comments/questions/suggestions; what role does W3C have in relation to work items outside of W3C?.
Ivan Herman: reached out to W3C re the FPWD publication of JWS-2020.
2.4. Begin production rule definition (pr vc-jwt#11)
See github pull request vc-jwt#11.
Orie Steele: has only one approval – could indicate general lack of interest and focus on other issues - perhaps pause?.
Manu Sporny: +1 for pausing VC-JWT work item..
Manu Sporny: (given the recent discussion around how we’re going to process Work Items).
Dmitri Zagidulin: I am somewhat surprised at the lack of engagement on that item..
Kerri Lemoie: what is ivan’s comment in reference to?.
Manu Sporny: and seeing how VC-JWT duplicates work done in JsonWebSignature2020.
Orie Steele: There has not been an FPWD for vc-jwt, and I don’t recommend we seek one at this time..
Dave Longley: it is true that VC-JWT is duplicative of JsonWebSignature2020.
Manu Sporny: I would expect multiple -1s for VC-JWT based on engagement and how we’re planning to adopt work items now..
David Chadwick: lots of interest in JWT- like at JFF plugfest. Lack of time but also implementors are getting it to work ok without so many errors as thought..
Manu Sporny: There were 17 different organizations implementing the DI approaches… vs. 6 for VC-JWT – useful information on each cryptosuite..
David Chadwick: what is the difference between a credential and a verifiable credential- add topic to future agenda please?.
Kristina Yasuda: chairs will discuss how to resolve that.
Joe Andrieu: +1 to discuss David’s question. It’s a good one for the group to clear up..
Michael Jones: agree with DavidC that there’s a lot of interest in vc-jwt but doesn’t indicate that there aren’t any problems.
Orie Steele: issues that remains: 1) mappings to the core data model, 2) concrete documentation on how to define how to obtain a public key to verify a credential..
David Chadwick: Orie: did:jwk solves the public key problem.
Orie Steele: should tackle core-data model issues first.
… gain wg consensus about core-data model first..
Sten Reijers: +1 to Orie comment that VC-JWT is in a bad shape.
David Chadwick: orie: the issue that Joe and I are discussing about credential vs verifiable credential is pertinent to jwt-vc.
Orie Steele: its not that JWS/JWT or JOSE is in bad shape… its just W3C “versions” of it..
Manu Sporny: agree in pursuing consensus on JWT but new process could negatively affect this work. Implementors could indicate what they support..
… agree to hit pause until the wg can focus on fixing the core data model concerns then comeback to vc-jwt.
Orie Steele: This is an “unofficial” draft for a vc-jws… which is massively simpler than vc-jwt: https://transmute-industries.github.io/vc-jws/.
Sten Reijers: Is there a link to VC-JOSE issue?.
Orie Steele: Here is the original draft pre IETF 114: https://or13.github.io/draft-osteele-vc-jose/.
Orie Steele: Here is the issue regarding vc-jose proposal: https://github.com/w3c/vc-data-model/issues/971.
Kristina Yasuda: This work can happen within the process. Thank you for raising this topic. Chairs will discuss..
3. holder binding.
Kristina Yasuda: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+label%3Aholder-binding.
See github issue vc-data-model#789.
Oliver Terbu: There’s a lot of interest in this binding type so verifier can run checks easier..
… we have two options: 1) include some info in the VC or in the VP or both; VC: biometrics, identifiers, etc. VP: additional proofs or other property.
See github issue vc-data-model#923.
Kerri Lemoie: Options described here: https://github.com/w3c/vc-data-model/issues/789#issuecomment-1332318257.
Oliver Terbu: listing issues.
… the question is should holder binding be added to the VC, VP or both?.
Kristina Yasuda: suggest poll.
Manu Sporny: db is supportive of discussing holder binding; evidence was suggested prior but it doesn’t entirely address concerns in the issue..
… maybe a special topic call?.
Kristina Yasuda: https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/draft-documents/verfiable-credentials-holder-binding.md.
Manu Sporny: (to oliver) do you have enough info to put together a PR or do you need guidance from the WG?.
Ted Thibodeau Jr.: +1 the stuff referred to as “holder binding” is an application of business logic.
Joe Andrieu: there’s nothing in the charter or spec that discuss control of VCs- use is out of scope. Control handling is a business decision to check..
… to add certainty to holder verification - define a claims vocab to describe privileges. Need a concrete way for a user to make a claim to claims..
… against adding any of this to the core data model..
David Chadwick: issuer can state facts: I am saying
<this>
about<subject>
to<issuee>
.
Joe Andrieu: +1 to fleshing out evidence types.
Orie Steele: in relation to evidence to holder binding – opportunity to have evidence that describes holder and binding while also defending use of evidence property..
Manu Sporny: +1 to Oliver to create a PR – understanding that it’s probably going to get some push back for trying to do it via
evidence
– but we do need to discuss this, so supportive of it..
Oliver Terbu: (to manu) needs more info but can create a PR based on discussions in issues and then take it from there..
Kristina Yasuda: yes - creating a pr is a good idea.
Christopher Allen: potential issues with privacy & correlation for parties to lock in people if this is in the core data model. would like to see some privacy considerations be clearly articulated. More comfortable with it in the VP than VC..
Orie Steele: ChristopherA why is this an issue for this WG? W3C already defined WebAuthN and platform authenticators use it..
Kristina Yasuda: please add those comments in oliver’s pr..