Verifiable Credentials Working Group Telco — Minutes
Date: 2024-03-06
See also the Agenda and the IRC Log
Attendees
Present: Ivan Herman, Brent Zundel, Ted Thibodeau Jr., Jennie Meier, Paul Dietrich, Benjamin Young, Dave Longley, Manu Sporny, Dmitri Zagidulin, Joe Andrieu, Michael Jones, Gabe Cohen, Przemek Praszczalek
Regrets:
Guests:
Chair: Brent Zundel
Scribe(s): Benjamin Young
Content:
- 1. Work Item Status Updates/PRs.
- 2. VCDM Issue Processing.
- 2.1. What does the hash values in §B.2 mean? (issue vc-data-model#1442)
- 2.2. Define
verification material
find replacepublic keys
(issue vc-data-model#1197) - 2.3. Authorized Presenters (issue vc-data-model#1359)
- 2.4. Section title and contents mismatch on “Complex Language Markup” (issue vc-data-model#1254)
- 2.5. first example contains an http url identifying a credential (issue vc-data-model#1432)
- 2.6.
expires
header for https://www.w3.org/2018/credentials/v1 is in the past (issue vc-data-model#1239) - 2.7. Define what a credential validity does mean (issue vc-data-model#1176)
- 2.8. Non-normative changes from Jeffrey Yasskin’s review (issue vc-data-model#1348)
- 2.9. Unnecessary direction attribute? (issue vc-data-model#1424)
- 2.10. Explain that natural language examples are illustrative (issue vc-data-model#1192)
- 2.11. Multiple Credential Status Lists (issue vc-data-model#1291)
- 2.12. Specify what kind of processing is safe on a returned document (issue vc-data-model#1388)
- 2.13. Tell a bit more about
verificationMethod
type schema (issue vc-data-model#1274) - 2.14. EnvelopedVerifiablePresentation missing in data model (issue vc-data-model#1431)
- 3. AOB.
Brent Zundel: Welcome. The agenda is straightforward. Status updates, pull requests, and then issues on the core data model.
… anyone have changes or additions?
Manu Sporny: just 2 announcements about upcoming maintenance deadlines.
… as folks know, we made a call for DID and VC registries.
Manu Sporny: Volunteer list is here: https://lists.w3.org/Archives/Public/public-vc-wg/2024Mar/0005.html.
Manu Sporny: we need volunteers, and did a training video, collected github handles, etc.
… these folks are all more than qualified to maintain the registries.
… and they’ve mostly signed up for both.
… we sent an email out to get confirmation from the group on the list of volunteers.
… next Tuesday is the deadline to object.
1. Work Item Status Updates/PRs.
Brent Zundel: any comments on volunteering?
… ok. status updates. Please queue up if you have updates.
Manu Sporny: for Data Integrity, all the specs are aligned with Jeffrey Yaskin’s cryptosuite interface proposal.
… it was a major change, so we need to go through another CR.
… no negative feedback from implementers.
… for BBS, we can go into CR by next week (in theory).
Manu Sporny: https://github.com/w3c/vc-di-bbs/.
Manu Sporny: Greg still has some pending PRs.
… once those are in we’ll cut a pre-CR and do a call for consensus.
… ivan, I don’t know what the timing would be. This is just a heads up that this is nearly ready for a vote.
Manu Sporny: https://github.com/w3c/vc-bitstring-status-list/issues?q=is%3Aissue+is%3Aopen+label%3Abefore-CR.
Manu Sporny: Bitstring Status List can be ready for a vote to got into CR early next month.
… we have asked PING to review prior to CR…still waiting on confirmation.
… we have had reviews done and other reviews will timeout in mid-April.
… the big thing we need is what the Traceability group is doing with status list.
… but we need more engagement specifically from Transmute and Mesure.io.
… we have a plan for what we can do with it, but we need implementer feedback from the Traceability cohort.
… the VCDM has a few changes related to requests from the Activity Pub folks.
… but the standing issues seem to be nearly resolved.
… there’s a normative change about “enveloped” Verifiable Presentations.
… just to be clear, the VCDM can now carry any payload of any media type.
… which means it could hold other forms of credentials, mDoc, etc.
… there’s a clear story around how this can be done.
… I think this achieves the “big tent” approach we’ve been aiming at.
… the rest of everything seems to be editorial.
… what we’re targeting is a May timeframe for VCDM.
… and we may be able to push it up a bit.
Ivan Herman: do we want to talk about CR timing now?
Brent Zundel: now’s good.
Ivan Herman: for the March date, we have to take into consideration that the timing lines up with Good Friday, which means one of our reviewers will be on vacation.
… and the 5th of April is a publication moratorium due to the AC meeting in Japan.
… so if we can’t get this request in by next week or the beginning of the week of the 18th, then it won’t happen in March.
… additional difficulty is that from March 22-26 I will be out of town.
Manu Sporny: sounds like we should shoot for the 18th of March.
Ivan Herman: when would the WG get together? the 13th? next week?
Manu Sporny: I can check with Greg to see if he has anything else that needs to go in.
… otherwise, I think we can do it by next week.
… it’s all stuff that’s already in the spec, just some of it will become normative.
… most of it has been there for weeks or even months.
… we can set the publication for the 21st.
Ivan Herman: I admire your optimism. If we vote on the 13th, we’d need an approval by the 15th–2 days later–and that seems unlikely.
Manu Sporny: when’s the better day?
Ivan Herman: the 26th or the 28th.
Manu Sporny: 28th? would that work?
… that would be for BBS or JOSE/COSE? or both?
Ivan Herman: the difference between one or two is marginal, so having both together would be best.
Manu Sporny: I’ll work with Greg to prep for a vote on the 13th.
… we’ll target a publication date of the 28th.
Brent Zundel: Gabe or Mike Jones, any updates on JOSE/COSE.
Michael Jones: we have no open PRs.
… but we do have some issues.
1.1. Algorithms are poorly defined / unimplementable (issue vc-jose-cose#206)
See github issue vc-jose-cose#206.
Michael Jones: 206 is about the verification algorithm.
… but manu’s already mentioned that all the specs are doing the right thing in terms of algorithm.
Manu Sporny: I wasn’t referring to JOSE/COSE, just the Data Integrity specs.
… I think the editors of JOSE/COSE should figure out if the new interfaces apply for create and verify.
… I’m checking to see what Jeffrey wrote about this earlier.
Manu Sporny: https://w3c.github.io/vc-data-model/#securing-mechanism-specifications.
Manu Sporny: section 5.13 securing mechanism specifications.
… I don’t know if the VC JOSE/COSE spec does the things that section requires.
… it must provide a verification method that only contains the data in the document.
… there are a bunch of other requirements for embedded proofs.
… but no real requirements for enveloping proofs.
… it’s up to the editors to decide if they’ve hit that bar.
… and the group to agree or not.
Michael Jones: brent, this is assigned to you, do you want to keep it.
Brent Zundel: yes. I’ll keep it.
Gabe Cohen: we have a section on this, but the rendering is broken.
Brent Zundel: I’ll look at that as well.
Manu Sporny: there’s a bulleted list in the issue I made. I’ve not seen responses.
… I’ll not block this going into CR, but without these changes it’s likely to get formally rejected.
… so, going through the list and explaining how they’re addressed should help avoid the formal objection and close that issue.
Michael Jones: you mean the one from December?
Manu Sporny: yes.
Brent Zundel: I’ll tackle this.
… anything else about JOSE/COSE?
Michael Jones: decentralgabe has the other issues.
Gabe Cohen: I plan to do both this week.
Michael Jones: The three vc-jose-cose before-CR issues are https://github.com/w3c/vc-jose-cose/issues?q=is%3Aissue+is%3Aopen+label%3Abefore-CR.
Brent Zundel: if all three of these are addressed with PRs, it’s theoretically possible we could vote next week…but that seems really tight.
Michael Jones: no opinion on timing, ivan’s the expert.
2. VCDM Issue Processing.
Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Afuture+sort%3Aupdated-asc.
2.1. What does the hash values in §B.2 mean? (issue vc-data-model#1442)
See github issue vc-data-model#1442.
Michael Jones: oh, this is before PR, so we’ll skip it for now.
Brent Zundel: 1442 is assigned to ivan.
Manu Sporny: just to provide some input.
… ivan asked about posting the canonical hash.
… what we want is for people to retrieve something from the Web, and pass it through a library to get the hash.
… telling people to have something special on hand to tell if the doc is valid is not what we want.
… using a format they can read, SHA it, and compare would be better.
… we could add hashes for every serialization, but that feels like a bit much.
… we do want to update our ReSpec extension to generate these hashes at publication time.
Ivan Herman: it was already clear back then that the hash is the representation of the JSON-LD of the vocabulary.
Manu Sporny: yes.
Ivan Herman: depending on conneg, you may get other formats.
… it’s not clear enough that the hash is specifically for the application/ld+json
representation.
Manu Sporny: I thought we had examples of how to recreate the hashes.
Ivan Herman: it’s there, but it’s still not clear.
… make it clear. should only be a few words.
Brent Zundel: currently this is assigned to you, ivan.
Ivan Herman: I can make a PR.
2.2. Define verification material
find replace public keys
(issue vc-data-model#1197)
See github issue vc-data-model#1197.
Manu Sporny: thank you ivan!
Brent Zundel: moving on to 1197.
… Nick Steele agreed to do the work, but he’s not been on the calls.
Manu Sporny: I can take this one.
Brent Zundel: need any clarity from the group?
Manu Sporny: nope. pretty straightforward.
2.3. Authorized Presenters (issue vc-data-model#1359)
See github issue vc-data-model#1359.
Brent Zundel: 1359.
… decentralgabe this is assigned to you.
Gabe Cohen: I still think it’d be helpful for this to be described in the spec.
… when you’re going to make a VP, how can you be sure that the entity presenting it is authorized to present it.
… so we avoid anyone presenting it to anyone.
Manu Sporny: +1. I do think we can point to the confidence method spec.
… the only concern I have is that the spec hasn’t been touched in awhile.
… I do think we plan to revisit it in a future WG, but not sure we want to talk about it before then.
Ted Thibodeau Jr.: having a VC property for “authorized presenters” seems a fine extension, but what to do with it feels like business logic.
Manu Sporny: we could talk about matching DIDs and comparing crypto related to those at each layer.
… it’s really when you want to connect it to a additional binding mechanisms that you’d want confidence method to come in.
Brent Zundel: a full treatment of this seems too much to handle right now.
Manu Sporny: I agree with Brent’s overall analysis. What can we do editorially for this?
Brent Zundel: what aspect of this would fit right now, is my question to decentralgabe.
… we’ve got general interest in closing this, but we should narrow in on a specific recommendation.
Gabe Cohen: I’d like to see non-normative text about it that could later be made normative.
… it would at least help nudge people toward the future.
Brent Zundel: is this something you can do?
Gabe Cohen: yes, but it’s lower priority.
Brent Zundel: I will note you assigned it to yourself in December, and it’s still yours to do.
Ted Thibodeau Jr.: I’m still very unclear how confidence method applies to who’s presenting.
… it does feel reasonable to say “these are my authorized presenters”, but how to enforce that feels like business logic to me.
Manu Sporny: I agree with Ted’s analysis.
Gabe Cohen: will attempt some language, looking forward to it being torn apart :).
Michael Jones: how do you see this list interacting with proof of possession binding?
Gabe Cohen: that’s one option, but there be situations where that’s not present.
Michael Jones: just wanted to note they were related.
2.4. Section title and contents mismatch on “Complex Language Markup” (issue vc-data-model#1254)
See github issue vc-data-model#1254.
Brent Zundel: 1254 is about complex language markup.
… this was pending close.
… we got a comment that if the title is adjusted, that would better apply or reflect the content.
… sounds like a simple change.
Manu Sporny: I’ll take it.
… and just try to work with title, since Sebastian’s no longer with us.
… I’ll provide a PR and we can talk about it there.
2.5. first example contains an http url identifying a credential (issue vc-data-model#1432)
See github issue vc-data-model#1432.
Brent Zundel: 1432.
… this is assigned to decentralgabe. Do you need input?
Gabe Cohen: could I state that public URLs for credentials is a Bad Thing, and suggest we recommend URNs would be better.
Dave Longley: it might be a bad idea for “personal credentials” (credentials about people).
Manu Sporny: I think we should not do that, but state that it’s nuanced.
… there are all sorts of credentials that should use the ID.
… and many that should not state an ID–when they’re for private individuals, etc.
… we may want to put this in the Privacy section–and it may already be covered.
Dave Longley: +1 to what the credential is about should be a strong consideration on what ID/what kinds of IDs you might use.
Gabe Cohen: +1 Manu, understood.
Paul Dietrich: we do use resolvable URIs for public credentials.
… if it’s PII, then there are reasons not o.
… but there are certainly reasons to use public URIs.
… and I do think it’s already in the Privacy section.
Michael Jones: there are cases where we use these, and without them key discovery breaks.
Brent Zundel: did that help?
Gabe Cohen: yes. I’ll incorporate it into a PR.
2.6. expires
header for https://www.w3.org/2018/credentials/v1 is in the past (issue vc-data-model#1239)
See github issue vc-data-model#1239.
Brent Zundel: 1239…did we decide about this one? ivan ?
Ivan Herman: I proposed we delay this one.
… the transcript of the meeting is inconclusive.
Brent Zundel: I think this one’s OK to ignore for now.
… anyone object?
2.7. Define what a credential validity does mean (issue vc-data-model#1176)
See github issue vc-data-model#1176.
Brent Zundel: 1176 define what credential validity means?
… JoeAndrieu ?
Joe Andrieu: …still need to get to it, sorry.
Brent Zundel: if there still isn’t a PR in the next few weeks, we will need to close it.
2.8. Non-normative changes from Jeffrey Yasskin’s review (issue vc-data-model#1348)
See github issue vc-data-model#1348.
Joe Andrieu: understood.
Brent Zundel: 1348.
Manu Sporny: this ones mine. It’ll take a few days, but I should be able to do it.
2.9. Unnecessary direction attribute? (issue vc-data-model#1424)
See github issue vc-data-model#1424.
Brent Zundel: 1424 unnecessary direction attribute.
Ivan Herman: there’s a PR for that one.
… and it’s been merged. So lets close it.
2.10. Explain that natural language examples are illustrative (issue vc-data-model#1192)
See github issue vc-data-model#1192.
See github pull request vc-data-model#1449.
Brent Zundel: excellent!
… 1192.
… has a PR, 1449…still open.
Manu Sporny: the rest of the list have PRs.
Brent Zundel: we’ll go through them one by one.
… PR1449 looks ready for merging this week.
2.11. Multiple Credential Status Lists (issue vc-data-model#1291)
See github issue vc-data-model#1291.
Brent Zundel: 1291.
See github pull request vc-data-model#1450.
Brent Zundel: PR1450 covers this one. several approvals.
… can be merged this week.
… please take a look at it.
2.12. Specify what kind of processing is safe on a returned document (issue vc-data-model#1388)
See github issue vc-data-model#1388.
Brent Zundel: 1388.
See github pull request vc-data-model#1451.
Brent Zundel: PR1451 covers this one. Has lots of conversation and approvals.
… please review.
2.13. Tell a bit more about verificationMethod
type schema (issue vc-data-model#1274)
See github issue vc-data-model#1274.
See github pull request vc-data-model#1452.
Brent Zundel: 1274, PR1452 - large number of approvals, ready to be merged.
2.14. EnvelopedVerifiablePresentation missing in data model (issue vc-data-model#1431)
See github issue vc-data-model#1431.
See github pull request vc-data-model#1453.
Brent Zundel: 1431, PR1453 which has approvals and on track to be merged.
… we’re headed toward wrapping this up.
… so expect to be bothered by us to get the work done…probably weekly.
3. AOB.
Brent Zundel: many folks will be at IETF soon.
… 2 weeks from now.
Ivan Herman: one warning, day light savings time 3 week nightmare starts next week.
… it’ll always be a mess, because there’s no way the US and EU will agree about this one…
Ted Thibodeau Jr.: let your calendar tell you the relevant local time that matters!