Verifiable Credentials Working Group Telco — Minutes

Date: 2023-12-20

Attendees

Present: Brent Zundel, Chris Abernethy, Gabe Cohen, Michael Jones, Paul Dietrich, David Chadwick, Greg Bernstein, Manu Sporny, Dave Longley, David Lehn, Ted Thibodeau Jr., Andres Uribe

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Greg Bernstein, Manu Sporny

Brent Zundel: Last VC meeting of 2023.

bret: Goals for this meeting: insure coarse of action for each outstanding before CR issue.

Manu Sporny: two topics maintainers for did reg. TAG review status.

1. Maintainers.

Manu Sporny: seeking maintainers for DID/Spec registeries and VC spec directory: https://lists.w3.org/Archives/Public/public-credentials/2023Dec/0055.html.

2. TAG Review VCDM.

Manu Sporny: TAG review VC Data Model 2.0.

Manu Sporny: TAG Review VCDM v2.0: https://github.com/w3ctag/design-reviews/issues/860#issuecomment-1856254791.

Manu Sporny: TAG Review Response: https://github.com/w3ctag/design-reviews/issues/860#issuecomment-1865010224.

Manu Sporny: Nothing major in the TAG review.
… tried to address number of issues they brought up.
… was trying to be timely in response.

Brent Zundel: any comments?

3. Work Item status updates/PRs.

Brent Zundel: work item status/PRs.

Michael Jones: Only two PRs left for VC JOSE/COSE.
… would like to close one on this call…

Brent Zundel: continue in depth.

3.1. Add placeholder algorithms (pr vc-jose-cose#190)

See github pull request vc-jose-cose#190.

Michael Jones: PR190, verification algorithm effort, has been reviewed. TallTed made suggestions.
… Jeff A. “said this is what it was hoping for”.

Brent Zundel: Just want Ivan’s script to run first…

Michael Jones: Can the minutes show we want to merge 190.

David Chadwick: details on PR… Question: on key revocation, key status…

Michael Jones: Short answer no. You might want to file an issue on that. Seems orthogonal.

David Chadwick: PR refers to the key and trust. Important to say something…

Michael Jones: important to making progress. Do you want to propose text?

David Chadwick: will raise an issue.

Brent Zundel: no one opposed to merge.

3.2. Remove requests for multiple suffixes (pr vc-jose-cose#186)

See github pull request vc-jose-cose#186.

Michael Jones: PR 186. Objections from me and Manu. It wants to pull out media types. Chose these as a working group. Could they be changed in future.
… Would like to move this to post CR status.

Manu Sporny: +1 to what Mike said.

Michael Jones: two related issues from this PR. Will mark as post CR.

Brent Zundel: In light of those issues do we need to keep this PR open.
… Would it be best to just close this PR?

Michael Jones: Very good.

3.3. moving Jose-Cose to CR.

Michael Jones: observation, once merge/close PR. Have zero before CR. Should be in position to move to CR.
… Would like to move.

David Chadwick: would like to raise about the title of the document.
… there is an issue about selective disclosure. There is a IETF SD-JWT doc that doesn’t apply to VCs.
… Don’t have SD in the title.
… How would people know it supports SD.

Manu Sporny: Where are we on controller doc stuff?
… Are we waiting on controller document stuff to move into CR.
… Normative versus Non-normative, Who’s read the spec?

Michael Jones: See: https://github.com/w3c/vc-jose-cose/issues/191.

Michael Jones: Doc title–simple general titles better than longer titles, example VC DI. Similarly don’t want the title more complicated.
… Who’s read – I’ve done a full pass, I’m comfortable that the normative text is correct.
… controller doc: my understanding for DI weren’t going to do the Controller Doc work till after CR. Then work with Manu.

Gabe Cohen: I’ve read it too :).

David Chadwick: I’ve read various versions of the document at various times. Each time raised issues. I need to do a read now.
… Already have a issue that selective disclosure not well defined.

Manu Sporny: Have we responded to the PINGs review, same for TAG review.

Michael Jones: I don’t know. Worked on it at the time at TPAC.

Gabe Cohen: see https://github.com/w3c/vc-jose-cose/issues/192.

Gabe Cohen: PING review one issue. Mike responded. Doesn’t look like it has substantive changes.

Brent Zundel: might be premature to go into CR at this time.

3.4. BBS specification.

Greg Bernstein: on vc-di-bbs, we have put in review requests for horizontal review to a11y, i18n, security, privacy, and TAG. We have closed most of the “ancient” issues. We’ve incorporated a maintainer that hadn’t been there. Security and privacy sections have been updated. Privacy section is quite thorough on unlinkability properties… David Waite had one item that he wanted to have said, we’re trying to catch this up w/ the other suits.

3.5. Other specifications (VCDM, Bitstring, DI).

Manu Sporny: special topic call yesterday, processed all VC data model PRs. Please provide feedback ASAP. All pre CR issues.
… for DI spec have not pulled in all items. Will need to go through another CR.
… Bitstring status will try to drive to CR in Feb.

4. Issue Discussion.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Abefore-CR+sort%3Aupdated-asc.

4.1. Define algorithm for verification (issue vc-data-model#1337)

See github issue vc-data-model#1337.

Brent Zundel: 1337 Define Alg for Verify. Main PR has been merged. I will close after call today.

4.2. Clarify section on verifiable credential graph (issue vc-data-model#1365)

See github issue vc-data-model#1365.

Brent Zundel: 1365 Clarify section on VC graph. Has PR 1390. Status: wide array of approvals, some ed. Most likely to be merged soon. Then will close.

4.3. Allow extensions to ProblemDetails object (issue vc-data-model#1384)

See github issue vc-data-model#1384.

Brent Zundel: 1384 Ext to problems details object. PR 1391 addresses it. Wide array of approvals and a few eds. Expect to be merged soon, once merged will be closed.

4.4. Specify that it is important to validate the `issuer` value (issue vc-data-model#1386)

See github issue vc-data-model#1386.

Brent Zundel: 1386 Important to validate issuer, Oliver Terbu issuer validation; Open PR, not clearly on a path towards consensus.
… not clear that is isn’t going to happen.

Manu Sporny: Mike the change you want. Is that proof needs to be removed by the alg.
… The way DI works is that proof options are secured too.

Michael Jones: don’t want to return JWS parameters and proof?

Manu Sporny: any info that is secured gets returned back.
… might get us back into layer violation territory.

Dave Longley: We do have two different types of mechanisms (i) envelopes and (ii) embedded proofs. These do behave differently.

David Chadwick: Take a credential -> VC -> credential you don’t have the proof.

Michael Jones: Aligned with DavidC. More of a layer violation if you get different result.
… request to David a change to PR asking for this.

Manu Sporny: This PR is about issuer validation, the thing you are requesting is something else.
… Doesn’t have to do with proof being returned.

Dave Longley: Okay to return proof. Valuable to implementers. Considerations for multi-proof. And digital wallets.

Brent Zundel: encourage to the PR and what its trying to request.

David Chadwick: I have submitted issue #1399.

Dave Longley: proof is in the credential, that’s what embedding is though.

Michael Jones: it is not independent. See the text of the PR. This interface returns information in the credential.

4.5. Ensure `credentialStatus` `id` field is optional (issue vc-data-model#1398)

See github issue vc-data-model#1398.

Brent Zundel: Issue 1398 credential status id field is optional. Required id property not necessary.

Manu Sporny: I’ll raise the PR. Its fairly straightforward.

4.6. Specify what kind of processing is safe on a returned document (issue vc-data-model#1388)

See github issue vc-data-model#1388.

Brent Zundel: Issue 1388 Specify what kind of processing is safe on a returned document PR 1392 has been raised. PR has requested changes.

Manu Sporny: Mike is requesting changes since text is not actionable. Need to hear from Jeffry.

Michael Jones: Yeah, I kinda agree with Manu’s assessment. I’m fine if we develop concrete text.

Manu Sporny: One thing to note is this text is for specification authors. Guidance to specification authors on what is a acceptable cryptosuite.

4.7. Rewrite verification algorithm in a way that does not cause layer violations (issue vc-data-model#1377)

See github issue vc-data-model#1377.

Michael Jones: PR 1397 is also about this.

Brent Zundel: Issue 1377 a number of PRs 1393, 1394. 1394 has a number of approvals. Though some comments. 1393 not as clear. Already discussed.
… a number of PRs are in a good place likely to be merged soon. Some are not. PRs would be closed and issues closed or deferred.
… Expressing gratitude to all.

Manu Sporny: Yes, thank you to everyone for the work and passion they’ve put into the work! Happy Holidays! Happy New Year! :).

Phillip Long: +1 to Brent’s expression of thankfulness ;-).

David Chadwick: +1.