DID Working Group Telco — Minutes

Date: 2020-03-31

See also the Agenda and the IRC Log

Attendees

Present: Daniel Burnett, Amy Guy, Brent Zundel, Yancy Ribbens, Ivan Herman, Manu Sporny, Kyle Den Hartog, Markus Sabadello, Tobias Looker, Phil Archer, Jonathan Holt

Regrets:

Guests:

Chair: Daniel Burnett

Scribe(s): Kyle Den Hartog, Amy Guy

Content:

Daniel Burnett: https://lists.w3.org/Archives/Member/member-did-wg/2020Mar/0004.html

1. Agenda Review, Introductions, Re-introductions

Daniel Burnett: the agenda for today is talk about next topic call
… had points about Formal objects but will leave for next call
… review issue 218 and majority of time is on status of registries
… finish up with normal status up on core issues
… any requests for changes to agenda
… reintroductions unnecessary because all parties know each other

2. Next Topic Call

Daniel Burnett: next topic call will be in 14 hours
… 6pm eastern time
… using current zoom link
… we’ll continue using this until we see other reason not to

Ivan Herman: this is officially the DID lounge :-)

Daniel Burnett: we have reduced attendance, but will be interesting to see results

3. straw poll - issue 218

Daniel Burnett: https://github.com/w3c/did-core/issues/218

Daniel Burnett: manu could you describe the options of this issue to make sure no recent consensus is missed

Manu Sporny: there’s 3 options please jump in and correct if I’m wrong
… we’re trying to decide what we call terminology (e.g. did-url did-locator did-uri etc)
… we need to call the thing where we tack on parameters something other than the uri

Ivan Herman: I raised the issue because while what we have in the document is correct the harsh reality is the term url has adopted more colloquial usage
… the term did-url may become a source of confusion because of this
… if we want to take seriously that dids could be used in the web I could see confusion coming up
… we may want to think of renaming this to avoid this issue
… on the issue I proposed a strawpoll it’s not a matter of formal objection

Manu Sporny: +1 to strawpoll to make a decision
… I looked at the WHAT-WG definition of a URL
… the one main advantage we may have is that we clarify URL by prefixing with “did”

Brent Zundel: +1 to manu

Manu Sporny: this assists with creating the distinction and is the reason that I don’t think we’re necessarily in trouble with the WHAT-WG definition of the URL
… I looked into if we could fit into the WHAT-WG definition as well

Tobias Looker: my point was similar to manu… I think we need to decide if the prefix is going to assist with association then it’s worth sticking with otherwise we should consider other names

Daniel Burnett: The idea that WHAT-WG gets to define what a URL is a bit crazy. If you were in IETF they would reject that and I think we should not go there.

Tobias Looker: +1 to burn’s point

Markus Sabadello: Yeah I agree with what others have said. metions about authority components and how they affect uris and urls
… our DID URLs don’t have a // double-slash, therefore the method-name and method-specific-id are parsed as the first segment of a path, rather than parsed as an “authority” component. (i’m not proposing to change that!)

Phil Archer: I agree with a lot of people are saying. I’ve come to the view that did-url is the best we’ll get. I wish it were otherwise but I accept the world as the way it is.
… if we are careful to always use did-url I think it’s ok

Daniel Burnett: Straw poll: DID URL or DID Locator

Manu Sporny: +1 to DID URL

Amy Guy: +1 DID URL

Brent Zundel: DID URL

Kyle Den Hartog: +1 DID URL

Daniel Burnett: +1 to DID URL

Phil Archer: +1 to DID URL

Ivan Herman: +1 to Locator

Markus Sabadello: +1 to DID URL

Tobias Looker: +1 to DID URL

Daniel Burnett: strawpoll is fairly clear, but I will ask again on larger group call

Ivan Herman: combining the minutes and the comments I think we can decide to go with did-url
… since I raised it I’m ok with closing the issue

Daniel Burnett: since you raised the issue, I think it’s fine to close this

Resolution #1: close issue 218

Phil Archer: phila: Would like to record that I stressed the importance of always saying ‘DID URL’ and never just URL

Ivan Herman: and if someone objects then we can reopen the issue

4. Registries’ issues status check

Daniel Burnett: https://github.com/w3c/did-core-registries/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/3

Daniel Burnett: orie is not here for this issue manu would you like to talk to this

Manu Sporny: this is in process to fix JSON-LD links
… orie has done a good job of getting these links fixed
… the redirects from w3.org are not redirecting properly so that the test suite works properly
… and these are under the control of the editors in the did-core registries
… tried to add comment, but faced issues because I don’t have my 2FA device

Ivan Herman: does this mean that v1 and v2 vocabularies are under our control from now on?

Manu Sporny: it depends what you mean by “our”
… we meaning between did-wg and ccg we now can update it
… security stuff under ccg still, but did stuff under did-wg
… DID-WG has control over the DID Context and the URL used in the DID Context are under the w3 urls
… what actually matters are the actual values?

Ivan Herman: on a practical level say the did work realizes there’s one or two terms in the security file that must be added or changed because it’s wrong
… and in some way dependent on that, but that means we as a group cannot change that. It’s up to the CCG?

Manu Sporny: yes
… to put a finer point on it the editors for the DID-WG are the same in the CCG security vocabulary
… and both can make edits to both of them
… the likelihood that we end up with a situation where a bug occurs it’s highly likely that we’d detect it
… we do not have a normative dependency on the JSON-LD context that are in the CCG
… because these registries are in flux, CCG is longer lived based on number so likely better place to keep it for now
… and they’re interested to keep those things up to date because they have other work items depending on it

Daniel Burnett: lets not discuss the issue if we can help it

Jonathan Holt: the concern is with great power comes great responsibility. Who audits the security context?

Daniel Burnett: I’ll allow that question

Manu Sporny: the short answer is the W3C CCG

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/16

Manu Sporny: still working through this one and in process
… some things are checked and some not. Unsure how pedantic to be

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/7

Manu Sporny: “improving” on what other WGs have done
… I don’t think there’s been an update on this issue yet. We should leave it until Orie comes back

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/5

Manu Sporny: this was assigned to jonathan_holt
… we don’t quite know how we’ll do the equivalent at this point
… one thing we can do because of the lossless guarantee is to convert CBOR to JSON and run through JSON Schema, but now tooling has been built yet

Jonathan Holt: I’m still working on it and that’s in line with my plan

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/17

Manu Sporny: rhiaro made a proposal

Amy Guy: theres a lot in this issue and my proposal doesn’t cover it all, but overlaps quite a bit with it
… I made a proposal about some of the namespaces in issue 28

Manu Sporny: there’s a tried and true pattern of how to do content negotiation at w3c
… ivan and I are discussing what each file leads to
… that conversation is ongoing and rhiaro is correct that we have another open question “What do we do with the registry?”
… the machine and human readability is addressed by rhiaro proposal
… what we don’t have clarity on is how do we represent…
… we’re probably going to want to publish urls from time to time and it’s uncertain what the frequency of publishing will be
… we could version with minor major with it bound to time (e.g. year and month) similar to ubuntu releases
… if we feel that’s too frequent then we could go just by year
… if we use year we would start 2021 and it shouldn’t be considered stable until the end of year
… we need to pick something and go with it

Daniel Burnett: please include this details in the issue

Ivan Herman: there’s a slightly more general question: If everything is only JSON-LD then everything is fine and easy the problem is that the HTML5 is referred to for all, so if we have a redirection scheme then we should get something that’s useful for all formats
… that’s where I’m not sure where we’re heading
… because JSON-LD is a bit unstable currently

Daniel Burnett: want to keep it to updates because I want to get through all possible during this call

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/23

Daniel Burnett: status of this one is it’s still under discussion

Amy Guy: it’s not explicit about if there should be a URI Dave and Orie have said yes. I’m happy to make a PR if all agree

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/22

Daniel Burnett: status next steps are PR

Amy Guy: this one is still a bit under discussion

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/26

Amy Guy: still discussing if terms can be used in did-core
… still ongoing
… the next action is on CCG and I opened an issue for this

Daniel Burnett: so this is just a tracking issue

Amy Guy: yes this is just tracking until CCG takes action on their end

Daniel Burnett: we’ve sometime had issues with coordination because on the other end CCG doesn’t take it anywhere. Looks like this probably is not a concern this time.
… this should be fine for now

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/9

Daniel Burnett: looks like it’s still under discussion

Manu Sporny: yeah it’s under discussion. We’re trying to figure out what goes in the registry and what doesn’t and how do we reference things that are outside?
… seems like rhiaro may have proposed a way through this

Amy Guy: +1 what burn says

Daniel Burnett: in my mind I think of them like IANA registries. It only points to references, not to include details

Manu Sporny: +1 to what burn just said, agreed.

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/19

Manu Sporny: we want to define some stuff that sidetree uses and Mike Jones says don’t do that
… I think this is a perfect example of what the registry is for
… this is a test of how decentralized the registry is
… if it’s blocked because the did-wg doesn’t want it’s more centralized, but if the registry can ignore the wg decisions it’s a bit damaging to the consensus we’ve formed

Daniel Burnett: this is going to come down to a maintainer process

Manu Sporny: and in this case I’d expect the process to produce disagreement

Ivan Herman: what would help this?

Daniel Burnett: sometimes further discussion will help us to decide metalevel decisions

Kyle Den Hartog: slightly related, to highlight because I raised it in did-core - to what degree do we need to be specifying these things and to what degree does it fall into the maintaner process?
… keys coming in compressed or uncompressed formats can cause interop issues

Manu Sporny: the general answer is you have to specify it precisely enough to enable interoperability
… that depends on exactly what you’re defining
… in your case publicKeyHex will be paired if using ld security stuff
… unless you have publicKeyHex and publicKeyHexCompressed

Kyle Den Hartog: that makes sense, i disagree a bit but let’s take that offline

Jonathan Holt: it will be trivial to introduce a vulnerability

Manu Sporny: that’s the nature of decentralized development

Daniel Burnett: I suspect that this issue will generate the metadiscussion that needs to be discussed specifically
… and if this happens spawn the metadiscussion off

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/13

Manu Sporny: almost completed. Last three items are questionable at this point
… naming has gone off topic and rhiaro will cover it
… discussion ongoing

Daniel Burnett: https://github.com/w3c/did-core-registries/issues/28

Amy Guy: this is my proposal on how to solve all the problems
… discussion is ongoing and there’s already some objections
… would be nice to have some more people weigh in

5. editorial helpers

Manu Sporny: we want to report out that we want to add rhiaro and kdenhartog to assist with triaging
… both have been accepted but a note needs to be made that triaging is on behalf of group not on behalf of your org
… if you see objections to label please seek assistance from editors chairs and the disagreeing parties
… we have an action to document the labeling process
… we don’t know when we’ll write that doc

Kyle Den Hartog: assignment goes to the author of the issue unless otherwise stated?

Manu Sporny: yes

6. Resolutions