Verifiable Credentials Working Group Telco — Minutes

Date: 2024-03-27

Attendees

Present: Brent Zundel, Ivan Herman, Ted Thibodeau Jr., Manu Sporny, Sebastian Elfors, Benjamin Young, David Chadwick, Hiroyuki Sano, Paul Dietrich, Dave Longley, Jennie Meier, Greg Bernstein, David Lehn, Dmitri Zagidulin, Phillip Long

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): David Chadwick, Dave Longley

Ivan Herman: still not received approval for the BBS CR.
… proposal for canonicalisation spec went out as a Proposed Rec on Monday.

1. Charter renewal proposal.

See github pull request vc-wg-charter#113.

Brent Zundel: instead of asking for 6 month extension we have been asked to recharter the WG.
… ivan has drawn up a draft in the above mentioned PR 113.

Manu Sporny: diff-marked copy: https://pr-preview.s3.amazonaws.com/w3c/vc-wg-charter/113/a5ac455…9e11451.html.

Ivan Herman: I made the least changes possible to the new charter.
… in maintenance mode WG does not have right to make significant changes to the text.
… except if it is a security issue.

Manu Sporny: Charter looks good to me.

Dave Longley: +1 to the direction.

Brent Zundel: we should make a resolution on this in week after next.

Manu Sporny: the new version looks pretty good.

2. Work Item Status Updates/PRs.

Manu Sporny: bitstring-status-list has 26 issues still open, https://github.com/w3c/vc-bitstring-status-list/issues.
… try to get them all resolved by mid April.
… there are two normative changes.
… first one is to more strongly assert that verifiers should cache status lists.
… and to use OHTTP to retrieve them.

2.1. Remove open ended status messages because it is a layer violation (issue vc-bitstring-status-list#151)

See github issue vc-bitstring-status-list#151.

Manu Sporny: PING have raised several privacy issues that we should address.
… several issues around I18N that need to be reviewed.
… strings may be human readable.

Manu Sporny: https://github.com/w3c/vc-data-model/pulls.

Manu Sporny: will be a massive PR to address Yaskin’s comments.
… mostly editorial apart from a few normative statements (but no new implementation requirements).

2.2. Revisit media types (issue vc-data-model#1462)

See github issue vc-data-model#1462.

Manu Sporny: mediaType for DM does not have a consensus yet.
… e.g. multiple suffixes is a bad idea.
… Can the WG members review this issue.

Brent Zundel: multiple suffixes draft means that the authors did not describe single suffix properly.

2.3. TAG comment on BBS: https://github.com/w3ctag/design-reviews/issues/922#issuecomment-2019124783.

Manu Sporny: BBS spec, TAG review was OK.
… Martin Thomson said we make unlinkability claims that are not supported by the crypto.
… we dont know what level of independent review will be good enough!

Brent Zundel: Martin told me that the way Data Integrity builds on BBS primitives may lead to untested situations.
… but the way we are liaising with W3C security folk may be sufficient.

Manu Sporny: I am concerned about statements such as “we feel uneasy about what you are doing”.
… so vague comments are not good enough for us to provide a rebuttal of.
… we need specific comments that can be addressed.

Greg Bernstein: I wrote the sections in the spec about unlinkability.
… I also studied publications on linkage attacks.
… its still a new area of standardisation.
… so needs to be handled with care.

3. VCDM Issue Processing.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Afuture+sort%3Aupdated-asc.

3.1. Should we use `Ed25519Signature2020` in the Examples? (issue vc-data-model#1457)

See github issue vc-data-model#1457.

Manu Sporny: we should update to the more modern signature suites.
… at least ECDSA.
… and a selective disclosure example.

Ivan Herman: +1 to manu on this.

3.2. Authorized Presenters (issue vc-data-model#1359)

See github issue vc-data-model#1359.

David Chadwick: The issuee property is one potential, at least semi-solution to this, it’s also a solution to this. It’s also a solution to some of the text in the status list PRs.
… Someone suggested we replace issuee as firstHolder but we should just call it issuee.

Manu Sporny: Here’s where it was injected: https://w3c.github.io/vc-data-model/#reserved-extension-points.

Manu Sporny: I dont disagree with what DavidC and TallTed said.
… but do we really want to define it.

Ted Thibodeau Jr.: I suggested that someone create a new issue for this along with appropriate PRs where it should be inserted.

Manu Sporny: +1 to TallTed’s suggestion, for those that want “issuee”.

David Chadwick: I dont think that adding a definition for issuee is a normative change for implementations.

3.3. Do we need sha3-512 in the vocabulary tables? (issue vc-data-model#1455)

See github issue vc-data-model#1455.

Brent Zundel: this issue can be closed.

3.4. Section title and contents mismatch on “Complex Language Markup” (issue vc-data-model#1254)

See github issue vc-data-model#1254.

See github pull request vc-data-model#1463.

Brent Zundel: this PR can be merged by the end of this week.

3.5. Revisit media types (issue vc-data-model#1462)

See github issue vc-data-model#1462.

Manu Sporny: can we highlight the options now please.
… and write your opinions into the issue.
… might not be able to use multiple + signs.

David Chadwick: 1) application/vc+ld+json.

Manu Sporny: 2) application/vc.
… with +json or +jwt added to this.
… 3) do not register anything, wait for IETF group to finish its RFC.

Ivan Herman: a variation of 2 or 3 is to put a statement into the new charter saying that we will do the mediaType after the IETF has finished.

Manu Sporny: I think that’s still Option C?

Manu Sporny: (but explicitly stating it in our Charter).

Ivan Herman: yes.