Verifiable Credentials Working Group Telco — Minutes
Date: 2023-01-18
See also the Agenda and the IRC Log
Attendees
Present: Gabe Cohen, Dave Longley, Dmitri Zagidulin, Joe Andrieu, Kristina Yasuda, Orie Steele, Kerri Lemoie, Will Abramson, Steve McCown, Kevin Dean, Przemek Praszczalek, Manu Sporny, Phillip Long, David Chadwick
Regrets:
Guests:
Chair: Kristina Yasuda
Scribe(s): Orie Steele, Manu Sporny
Content:
- 1. Face 2 Face.
- 2. Discussion.
- 2.1. Added presentationSchema (pr vc-data-model#987)
- 2.2. Add
@vocabto v2 context (pr vc-data-model#1001) - 2.3. Clarify appropriate usage of type information during validation. (pr vc-data-model#1005)
- 2.4. Change the reference URL in the vocabulary template file (pr vc-data-model#1011)
- 2.5. Attempt to synchronize the security vocabulary with the FPWD spec (pr vc-data-integrity#79)
- 3. email conversation on vc-jws-2020.
- 4. Issues.
- 4.1. What is the action associated with issuing/creating a Verifiable Presentation? (issue vc-data-model#887)
- 4.2. Define policies for VC Extension Registry (issue vc-data-model#909)
- 4.3. Add extension mechanism to allow different methods for VP-to-VC / holder binding to next version of standard to allow verification of rightfulness of presentation (issue vc-data-model#882)
- 4.4. add claims metadata (how the identity claims were assured and how they are maintained) (issue vc-data-model#893)
1. Face 2 Face.
Kristina Yasuda: https://docs.google.com/spreadsheets/d/1IguLcaIn8vAo-XDwYXbJTfY2c5SAjA9rgDjo057kKlc/edit?usp=sharing.
Kristina Yasuda: chairs will be at the face to face, same date as announced before in Miami..
… please fill in the google doc.
… we need to estimate attendance size.
Joe Andrieu: do we have an address for the F2F?.
Kristina Yasuda: chairs and editors are refining agenda for F2F, its in progress..
… main goal is to cover issues critical to CR that would benefit from face to face.
Shigeya Suzuki: https://www.w3.org/2017/vc/WG/Meetings/F2F/Miami.
Shigeya Suzuki: 1010 NE 2nd Avenue.
Shigeya Suzuki: Miami, FL, USA.
Shigeya Suzuki: 33132.
Kristina Yasuda: the “activity” column is related to the “social bounding event”.
… questions re face to face?.
… for the observers, feel free to invite observers, please notify the chairs, regarding attendees.
Shigeya Suzuki: when does it end last day?.
Kristina Yasuda: its 9-5 all three days..
… before we move to agenda, lets remind of the code of conduct.
… please remember to abide by the code of conduct in all interactions you have with working group members.
… please assume positive intent, and be respectful… chairs and staff are reviewing activity regularly..
2. Discussion.
Kristina Yasuda: PR #999.
… there will likely be a special topic call on this, related to ZKPs (zero knowledge proofs).
… . any updates or PRs?.
… we did merge PR #1000 on the vc-data-model.
… we also reviewed #40 on vc-jwt.
Manu Sporny: first PR up…..
2.1. Added presentationSchema (pr vc-data-model#987)
See github pull request vc-data-model#987.
Manu Sporny: action was to write an example, but there has yet to be responses to what david has provided..
… if you requested changes, please re-review.
2.2. Add @vocab to v2 context (pr vc-data-model#1001)
See github pull request vc-data-model#1001.
Manu Sporny: next item is remove zkp, we will address in special topic call later..
… next is PR 1001, it covers the @vocab URL, and provides terms for anything that are related to the issuer..
… we intend to provide better developer and user experience by for folks built on this feature.
… there are no objections, we intend to merge by end of day.
2.3. Clarify appropriate usage of type information during validation. (pr vc-data-model#1005)
See github pull request vc-data-model#1005.
Manu Sporny: this PR is related to the use of “type” information… david is asking for additional changes, I intend to make them.
2.4. Change the reference URL in the vocabulary template file (pr vc-data-model#1011)
See github pull request vc-data-model#1011.
Manu Sporny: this PR is related to vocabulary files…. we just need reviews.
… the other heads up to the group, Ivan and I have been working on automatic generation and publishing magic.
… we will be adding linting to critical files, and we will auto publish changes…. the automation is landing / here..
… thats it for VC Data Model.
2.5. Attempt to synchronize the security vocabulary with the FPWD spec (pr vc-data-integrity#79)
See github pull request vc-data-integrity#79.
Manu Sporny: there are open PRs for data integrity, but I have not had chance to process them.
… keep an eye on Data Integrity #79 … this relates to long standing issues with the security vocabulary.
… status list 2021 has new issues, but no PRs.
… see the new issues related to ordering of statuses, and caching.
Kristina Yasuda: are there any other updates?.
… reminder, there is a conversation on the mailing list regarding vc-jws-2020.
… see the comments on the list.
3. email conversation on vc-jws-2020.
Orie Steele: Thanks for reminding us of that email. I wanted to introduce the topic on the call today to introduce to the group..
… The potential impact that it might have, message to email (coming soon).
… There are two items 1) a request from IETF to clarify specification name, saying “JSON Web Signature” is confusing, WG members agree, proposed new name for spec is provided.
… 2) Conversation around jws-2020 not strong, regarding use of media type in PR 1000, as you know I sent two other proposals to the list regarding making use of media type, now that we’ve merge 1000, we’re able to use that media type, PR1000 links to proposals and updated test vectors that use media type. Key issue for WG to consider is whether JWS-2020 provides sufficient value in its current form, or whether proposals that went to list are superior long-term solutions. Refactor work item to not use URDNA2015 but use new registered media type, complexity in term of implementers, change nature of what that item is about (a way to secure data model), but way to do it more closely to resemble VC-JWT than data integrity proof..
… I’ve asked the question on the list, providing notice here, if you’re interested in having a discussion around this, happen to engage in list, happy to talk here about it..
Manu Sporny: responding to the second item… I think its problematic, to change the spec, and make a new deliverable under the same title.
… we might be able to get to what you want, without the approach you are taking.
… its not clear what the future of the work items might be.
… +1 to having a discussion around it.
… we should treat this as adopting a new work item.
… sounds like a special topic call item.
Dave Longley: +1 to manu.
Kristina Yasuda: recommend discussing on the mailing lists, or raise issues on the work item..
… on vc-jwt, there has been conversation on issues and PRs.
… please remember to review the active work items.
… lets go to issue review.
4. Issues.
Kristina Yasuda: we’ve done some grooming of issues, between calls..
Kristina Yasuda: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss+sort%3Aupdated-asc.
Kristina Yasuda: we’re reviewing issue #887.
… again.
4.1. What is the action associated with issuing/creating a Verifiable Presentation? (issue vc-data-model#887)
See github issue vc-data-model#887.
Manu Sporny: what we have is a lot of suggestions, we can run a poll….
… lets have the editors run a poll.
… we need to create a definition for the word we will pick.
… usually a poll helps us pick, action is on the editors.
Kristina Yasuda: we’re removing discuss, we will run a poll per the suggestion from Manu..
Manu Sporny: lets mark it as ready for PR and assign me..
4.2. Define policies for VC Extension Registry (issue vc-data-model#909)
See github issue vc-data-model#909.
Kristina Yasuda: we’re discussing the extension registries.
… suggest removing discuss, not sure how to process this.
Manu Sporny: we could run orie’s proposal… for what would go into it.
Kristina Yasuda: ok, i see the proposal.
… we can discuss now.
Orie Steele: I am looking at the proposal, we have a DID Spec Registry that looks something like this..
… We could have a NOTE that has this in there, we could refer elsewhere, I don’t know how to proceed. I know how to maintain a registry, I don’t know how this WG wants to handle a registry and potential extensions..
… I do think we should decide on this soon since we’re seeing extensions pop up..
Kristina Yasuda: well, I might be remembering wrong, but there seemed to agreement on using IANA to manage registries, instead of W3C.
Manu Sporny: there was a suggestion to that effect, but there were objections.
… at the face to face, i proposed a lightweight approach like what we did for did spec registries… which i hesitate to suggest, but it has worked well for terms / extensions.
… we could propose an empty registry.
… and establish a process for updating it.
… and then let it grow from there.
… I like the structure orie proposed, more than what we did in did core.
… proposal would be to create a blank document with a process, and use a note to maintain it.
Joe Andrieu: we only need to define terms in a spec… because we have @context, any community can extend without a registry.
… if we create our own registry, we will elevate certain terms above others… and it can create problems where people think they need to register things to use them… it undermines our entire model….
… it prevents decentralization, and disables the promise of this work.
Steve McCown: +1 for JoeAndrieu’s comments about registries.
Dave Longley: +1 to joe – doesn’t seem like we necessarily need a registry (nor want to maintain them) and it can be harmful in the ways he says.
Joe Andrieu: we also have a horrible track record, wrt registries… if we do this again, its going to make things worse..
Gabe Cohen: I don’t think we’re undermining decentralization.
… we would be undermining the JSON-LD data model though.
Joe Andrieu: +1 for other options.
Gabe Cohen: adding more options for extension helps.
Joe Andrieu: -1 for this work centralizing a de facto registry.
Manu Sporny: joe would you be ok with a list of “known” specs?.
… just a list of items, not a “namespace” for terms… just a “list of specs” with their change controllers.
Joe Andrieu: agree up until the point of “change controllers”..
… as soon as we add change controllers, it violates the consensus model, and creates problems.
Kristina Yasuda: manu proposes a blank document and a process, that seems like a path forward..
Gabe Cohen: @manu mispoke. yes, we are json-ld data model, even if json-ld is not the only mechanism for extension.
Kevin Dean: good to publish, but not as a normative specification.
Joe Andrieu: I agree with gabe, we deserve additional mechanism for extensibility, i just don’t think the W3C should manage it..
Phillip Long: Phil-ASU has joined #vcwg.
Joe Andrieu: I’ve not seen an proposals other than have the W3C run it.
Manu Sporny: not hearing an objection to creating a blank document, that has a process that does not favor anything, and just points to other stuff….
… should I do that?.
Joe Andrieu: don’t call it a registry, call it a directory of related work.
Kristina Yasuda: where would this be?.
Gabe Cohen: https://w3c-ccg.github.io/vc-extension-registry/.
Manu Sporny: we have a thing… we either create a new repo.
Orie Steele: I suggest creating a new repo so we don’t pull in political baggage..
… +1 to create new blank repo and basic process, named as Joe has requested, send it to list for review. I would not take anything as input to the work..
Manu Sporny: +1 Orie.
Gabe Cohen: we do have an extension registry… I have an issue to move it over, sounds like we don’t want to do that..
Manu Sporny: This thing sounds like it’s controversial now: https://w3c-ccg.github.io/vc-extension-registry/.
Gabe Cohen: we should do something to the existing registry.
Manu Sporny: +1 to deprecate/rename CCG registry..
Kristina Yasuda: any objections to editors creating a blank document and process for the group to review.
… ok, lets start with that.
… adding ready for PR… gabe, can you open an issue… are there objections to deprecating the ccg registry.
Dave Longley: no objection, just seems like it might be unnecessary work… seems like it might cause headaches in the future – maybe depends on what the process says in the PR..
Kristina Yasuda: can you document we need to do something to the existing registry.
Manu Sporny: we don’t have authority over ccg, lets do things one at a time.
Gabe Cohen: issue opened: https://github.com/w3c-ccg/vc-extension-registry/issues/14.
4.3. Add extension mechanism to allow different methods for VP-to-VC / holder binding to next version of standard to allow verification of rightfulness of presentation (issue vc-data-model#882)
See github issue vc-data-model#882.
Kristina Yasuda: next issue, extension methods for holder binding….
Orie Steele: We have a series of holder binding related issues….
… We had previously agreed to have a special topic call to discuss them, I’m in favor of grouping them together and discussing them. I also feel that it’s possible that there isn’t anything underneath them. I have yet to hear/see something concrete on this front. I’ve heard people say they’re working on it..
Dave Longley: +1 to Orie… seems like we need external incubation based on specific use cases..
Orie Steele: Given it has substantial security/privacy implications, so if this comes up as we’re transitioning to the next stage, I will most likely to be opposed to it. Because of the security implications of it, it’s dangerous to allow this to loom around..
… I don’t think we should allow this to float around in our backlog, we need to address it..
Manu Sporny: +1 to what orie says above..
Kristina Yasuda: the next steps were specific use cases, we have yet to receive them.
… we should group them, and action on them as a whole.
… we are parking this issue until use case or special topic call..
4.4. add claims metadata (how the identity claims were assured and how they are maintained) (issue vc-data-model#893)
See github issue vc-data-model#893.
Kristina Yasuda: this is regarding evidence and assurance.
… there as not been much movement on this.
… chair hat off, I would be ok closing this, if we had better detail on the use of evidence property.
Manu Sporny: +1 for special topic call on Evidence..
Kristina Yasuda: there are several issues labeled evidence, it seems like a potential special topic call.
David Chadwick: W3C CCG is attempting to define a standard evidence property type.
… this new work item would create a standard evidence type for OIDC.
… the data structure would be controlled by OIDF.
… its a proposed item, it was very recently introduced.
… its written with arcaine.
Kristina Yasuda: please link to the issue.
David Chadwick: https://docs.google.com/document/d/1htujrb-_1kh8tkV4MXYRmZ44m_D7yFrY09aFJkAz7io/edit.
Kristina Yasuda: seems the CCG item could resolve the issue.
Manu Sporny: we should discuss here.
David Chadwick: we didn’t think it was in scope for this WG, happy to move it here, if thats preferred.
… what I pointed out to the CCG, there were 2 features that were interesting….
… people change their names, and that can impact evidence….
… evidence can disagree with credentials.
… another issue was wrt selective disclosure….
… you can accidentally leak information through use of evidence.
Orie Steele: If we refer to this evidence type from our document, I don’t believe we can point directly at a W3C CCG work item. We are compelled to provide testable solutions for the property or remove it from our specification, this feels further along, but we can adopt the work item as the WG, use the work item as one of the registered types, then we are protected by downref. I’m concerned about pointing to something that’s not within the group and a different timeline. I’m excited about the work. I’m concerned about potential objections, there’s process issues here that we might want to consider. There are potential objections that could come if we don’t have a strong evidence type in our next spec..
Kristina Yasuda: please review the document that was been shared.
… lets end here today.
David Chadwick: @Orie arcaine to Mark Haine.