Verifiable Credentials Working Group Telco — Minutes

Date: 2023-07-19

See also the Agenda and the IRC Log

Attendees

Present: Greg Bernstein, Sebastian Crane, Brent Zundel, Manu Sporny, Joe Andrieu, Dave Longley, Kevin Griffin, Dmitri Zagidulin, David Chadwick, David Lehn, David Waite, Orie Steele, Chris Abernethy, Ted Thibodeau Jr., Michael Jones, Kaliya Young

Regrets: Kristina Yasuda

Guests:

Chair: Brent Zundel

Scribe(s): Sebastian Crane, Manu Sporny

Content:

• 1. Work Item status updates/PRs.
  • 1.1. Add graph node identifiers for registered claims (pr vc-data-model#1149)
  • 1.2. Add interoperable way for holder-asserted claims in a VP (pr vc-data-model#1186)
  • 1.3. Add validation section regarding holder (pr vc-data-model#1199)
  • 1.4. Add section on Ecosystem Compatibility. (pr vc-data-model#1203)
  • 1.5. JOSE-COSE.
• 2. Issue Discussion.
  • 2.1. Consider removing Use Cases summary from core DM (issue vc-data-model#1169)
  • 2.2. Define what a credential validity does mean (issue vc-data-model#1176)
  • 2.3. Entities and Parties (issue vc-data-model#1173)
  • 2.4. Portions of data model spec should be considered for removal (issue vc-data-model#1188)
  • 2.5. Example could include @language (issue vc-data-model#1191)
  • 2.6. Explain that natural language examples are illustrative (issue vc-data-model#1192)
  • 2.7. Conformance requirements for normative context (issue vc-data-model#1185)

Sebastian Crane: Hello, I’m Sebastian Crane, I’ve participated in RDF Canonicalization and Hashing WG, Manu introduced me to this group, uses many of same concepts, looking forward to contributing as an Editor on the two new cryptosuites, in particular.

Brent Zundel: Looking for implementations of verifiable credentials. Let me know if you would like to demonstrate one at TPAC.

1. Work Item status updates/PRs.

Manu Sporny: I’ll only cover PRs that I think we might be able to cover on this call.

1.1. Add graph node identifiers for registered claims (pr vc-data-model#1149)

See github pull request vc-data-model#1149.

Manu Sporny: 1149 is waiting on TallTed to provide a review.
… The PR maps certain terms to a registry.

1.2. Add interoperable way for holder-asserted claims in a VP (pr vc-data-model#1186)

See github pull request vc-data-model#1186.

Manu Sporny: 1186 is about ‘Holder Asserted Claims’. Brent has been processing feedback about it; JoeAndrieu, TallTed are you OK with this PR?

Joe Andrieu: The language doesn’t address what I was referring to. I have some language which would fit, but the PR is rather tangential now.

Brent Zundel: I think I addressed it in a part of the PR you were not tagged for.

Ted Thibodeau Jr.: I’ll re-review 1186 and 1149 (and any others currently awaiting my input, if I can have a list of them) after this call.

1.3. Add validation section regarding holder (pr vc-data-model#1199)

See github pull request vc-data-model#1199.

Manu Sporny: We’ll wait for re-reviews but there doesn’t appear to be any objection.

1.4. Add section on Ecosystem Compatibility. (pr vc-data-model#1203)

See github pull request vc-data-model#1203.

Manu Sporny: The last one on vc-data-model is 1203 (we talked about it yesterday). I got feedback from Orie and others and have implemented changes.

Orie Steele: IMO the MUST regarding proof is making Manu’s job, near impossible.

Manu Sporny: I’ll try to tackle that in another PR, Orie, have some ideas on how to thread that needle.

Joe Andrieu: I would support the method of securing VCs if it originated in our WG. To the extent that others call things VC, I am concerned that they may not have the level of quality that what we define has.

1.5. JOSE-COSE.

Orie Steele: vc-jose-cose is in process of being renamed, and PRs are on hold until that is complete.

2. Issue Discussion.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Abefore-CR+-label%3A%22pending+close%22+sort%3Aupdated-asc+-label%3Apost-CR.

2.1. Consider removing Use Cases summary from core DM (issue vc-data-model#1169)

See github issue vc-data-model#1169.

Brent Zundel: 1169 - since the Use Cases say what we want to say, I suggest removing the Use Case summary from the data model.

Manu Sporny: I fully support removing it as long as we make sure we have accounted for everything.
… The list is important as we spent a lot of time making sure that it was complete.

Manu Sporny: +1 this is post CR.

Brent Zundel: This is purely editorial, so I will label it post-CR.

Joe Andrieu: if someone wants the granularity expressed in the list, they can go to the separate document. However, a few concrete use-case examples would be beneficial.

2.2. Define what a credential validity does mean (issue vc-data-model#1176)

See github issue vc-data-model#1176.

Brent Zundel: 1176 - ‘define what a credential validity means’. I believe that this issue is just a question. I think we should put a ‘discuss’ label on it.

Joe Andrieu: I think the original question is about the validity period. The issue went into what is validity in general, which I think is a separate concern.

Dave Longley: I think the data model is clear, but maybe we need better prose to explain it.

Brent Zundel: that matches my understanding.

Orie Steele: validity period applies to the id in the credential… credential does not require an id.

Dave Longley: Orie: disagree, it applies to the object in which it appears – and that object may or may not have a globally unambiguous ID.
so those are two separate things.

Orie Steele: Once it becomes rdf, there will be an id… it just won’t be unique.. we are saying the same thing.
+1 dlongley, the data model is RDF, the properties go on the RDF graph node, or an RDF blank node, if not id exists.

Manu Sporny: One question is whether we want validFrom and validUntil to apply to presentations as well.
… I think it’s fine to apply to either presentations or credentials.

David Chadwick: +1 to applying to VPs as well.

Joe Andrieu: +1 to validity on presentations as well.

Dave Longley: +1 those are different things – put validFrom / validUntil on that other thing if you want to use it there.

Sebastian Crane: My question is about entering CR, how long do we have in terms of doing what we want to do until it moves onto next stage. We have a number of post CR issues.

David Chadwick: Because the validity period applies to the VC, it should be part of the proof property and not part of the data model.

Brent Zundel: We don’t have to wait to enter CR before working on issues… we have budgeted at least 2 60 day CR periods.
… We have other options as well, if we need more time.

Dmitri Zagidulin: -1 to moving validFrom etc to ‘proof’.

Brent Zundel: also -1 to moving them to proof.

Joe Andrieu: +1 to applying valid* to the object of which it is a property.

Sebastian Crane: without general context of this issue, +1 dlongley.

Brent Zundel: +1 dlongley.

Orie Steele: I tell the bar tender how long they can use my drivers license all the time.

Dmitri Zagidulin: What is the semantic meaning of a validity period on a presentation?

Manu Sporny: It’s about the length of time the presentation itself should be considered valid.

Ted Thibodeau Jr.: it’s an unenforceable, voluntary limitation.

Orie Steele: He means this predicate: https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L84.

Sebastian Crane: It’s not just whether the semantics can be defined, but also whether there is a use case for this.

Joe Andrieu: I think this introduces additional potential for confusion.

2.3. Entities and Parties (issue vc-data-model#1173)

See github issue vc-data-model#1173.

Manu Sporny: post-CR.

Brent Zundel: 1173 - I’ll label it as post-CR if there aren’t any objections.

Orie Steele: https://www.w3.org/TR/prov-o/.

Sebastian Crane: I have been in extensive discussions in another WG about this, and my opinion is that PROV-O provides the clearest representation of this.

Joe Andrieu: I think this may require normative changes, and so should not be labelled as post-CR.

2.4. Portions of data model spec should be considered for removal (issue vc-data-model#1188)

See github issue vc-data-model#1188.

Manu Sporny: I think we need to make other PR and issues for other informative sections for removal.
… For this specific issue, I would suggest closing it as it is not actionable itself.

David Chadwick: +1 manu.

Orie Steele: I agree with Manu. However, I find that it is difficult to deal with others not taking interest in informative statements.

Manu Sporny: +1 to use less words to communicate the same concepts.

Orie Steele: Therefore, I would suggest reducing the word-count to make the important parts count more.

Manu Sporny: +1 to improving current text.

Dave Longley: +1 to make things easier to understand in fewer words as possible.

Manu Sporny: +1 to close, but raise issues/PRs on specific sections to rework/remove.

Ted Thibodeau Jr.: comment already added.

Sebastian Crane: Opinion not exactly contrary to Orie, before we remove, we might want to have things in less formal but easily accessible place.

Orie Steele: +1, we have use cases, imp guid as notes…

Brent Zundel: so move to use cases, or implementation guide?

Sebastian Crane: Yes, exactly. You can have a pithy definition, but can only understand it after having engaged in years of discussion.

Orie Steele: I prefer references to informative stuff, not inlining large amounts of informative text.

Sebastian Crane: I don’t even think referencing it within the spec is necessary, just making it accessible on a website.

2.5. Example could include @language (issue vc-data-model#1191)

See github issue vc-data-model#1191.

Orie Steele: I think we talked about the subject of #1191 at the last TPAC.
… I thought we had concluded that the JSON-LD @language feature had some issue with it and so wasn’t recommended?

Manu Sporny: The issue is that people aren’t using the feature.

Orie Steele: its the JSON syntax for RDF lang tags.

Sebastian Crane: Is this related to the RDF language tags?

Manu Sporny: Yes, this is just an additional example of that.

Sebastian Crane: I can try to handle this issue.

2.6. Explain that natural language examples are illustrative (issue vc-data-model#1192)

See github issue vc-data-model#1192.

Manu Sporny: I’ll address 1192.

2.7. Conformance requirements for normative context (issue vc-data-model#1185)

See github issue vc-data-model#1185.

Orie Steele: It is unclear to me whether implementors are ever required to process the context document directly.

Dave Longley: not sure what Orie wants… but this PR might be related to it or might resolve it?: https://github.com/w3c/vc-data-model/pull/1202.

Orie Steele: It would be good to have an explanation of what implementors can rely on now that the context document is required.

Manu Sporny: 1202 was an attempt to explain non-RDF processing.

Orie Steele: exactly.

Orie Steele: yes! talk about expansion and framing! show the value of JSON-LD… we all the see value of JSON I think.

Joe Andrieu: +1 to explaining the value of JSON-LD.

Orie Steele: +1 need to clarify if the verifier needs to understand normative context.

Brent Zundel: +1 Joe.

Manu Sporny: +1 to JoeAndrieu, agree.

Orie Steele: I think we are on our way to saying that directly… in https://github.com/w3c/vc-data-model/pull/1202.

Joe Andrieu: I think that if a party receives a VC, they can assume that their interpretation of the local names is the same.