DID WG Telco — Minutes
Date: 2020-07-21
See also the Agenda and the IRC Log
Attendees
Present: Justin Richer, Adrian Gropper, Chris Winczewski, Amy Guy, Wayne Chang, Dave Longley, Dmitri Zagidulin, Brent Zundel, Orie Steele, Manu Sporny, Drummond Reed, James Qu, Joe Andrieu, Yancy Ribbens, Jonathan Holt, David Ezell, Michael Jones, Kristina Yasda, Kaliya Young, Ganesh Annan
Regrets: Ivan Herman
Guests:
Chair: Brent Zundel
Scribe(s): Orie Steele, Brent Zundel, Manu Sporny
Content:
1. Agenda Review
Brent Zundel: agenda, metadata, core issue status check…
2. Introductions
James Qu: I’m james qu, working on DID an china ( sorry… missed that )
Chris Winczewski: Welcome James!
Dave Longley: Im with digital bazaar, we work on DIDs, VCs and blockchain… been working on standards for over a decade
Brent Zundel: next topic call is later today 6PM ET
… topic is JWK and key formats
… any questions?
Manu Sporny: question for justin_r, we had a meta data discussion during the special topic call… there seems to be support for PR #347
Manu Sporny: This is the metadata PR: https://github.com/w3c/did-core/pull/347
Manu Sporny: we were able to discuss your PR as well. 347 attempt to strike a compromise between the language in your PR and the other PR, primarily around the type of meta data (strings vs infra)
… we are still stuck on a comment about the right hand side, whether it should be strings or must be strings.
… we need justin_r to engage selfissued, and find a resolution on that
… can we get a general review of 347
Justin Richer: sorry, just seeing this… I agree the language is problematic…. avoiding details, i will try to take a look at this soon….
… wondering about infra values, and strings… need clarity on infra values.
Manu Sporny: sounds good, you may also want to review the call notes from last week.
Brent Zundel: please review PR 347
Adrian Gropper: Announcement: @ 1PM ET today, UMA Health Info Interop + User Control Webinar https://kantarainitiative.org/events/?event_id1=10763
Brent Zundel: moving on to core issue status check
Brent Zundel: we have tried to strip out things we already know we need deeper discussion on
… her we go!
3. issues
Brent Zundel: issue #198
Brent Zundel: https://github.com/w3c/did-core/issues/198
Brent Zundel: assigned to markus, not on the call today… phil, justin, other..
… can anyone give an update?
… markus’s last comment appears to be the current state.
Manu Sporny: Non-official minutes from metadata special topic call are here – https://www.w3.org/2020/07/16-did-topic-minutes.html
Brent Zundel: https://github.com/w3c/did-core/issues/202
Brent Zundel: next issue
Justin Richer: i’ve read through this section… the text that is in there says the context …. stuff is defined in the did registry
… seems like the language needs to be cleaned up
… need help writing the JSON-LD context language update
Brent Zundel: anyone on the call willing to help?
Kaliya Young: off topic but relevant to the life and health of the community - I’m working on collecting more well wishes for John Jordan this week - here is the Miro card - https://miro.com/app/board/o9J_kp34wZs=/
Brent Zundel: hopefully dave is ok with being assigned by manu
Justin Richer: 621 and 622
… need to account for production / consumption language
Brent Zundel: next issue
Brent Zundel: https://github.com/w3c/did-core/issues/249
Brent Zundel: how to mitigate trust issues with the universal resolver
… again markus is not currently on the call
… can anyone comment on the status?
Orie Steele: I recall this perhaps fitting better into the implementation guide
… I am in favor of moving this to the implementation guide
… there are some general privacy considerations around this topic that should be added.
Drummond Reed: i agree with orie… i think its a security consideration not a privacy consideration
… the balance of the discussion belongs in the implementation guide
… adding a comment
Brent Zundel: please leave comments
… next PR
Brent Zundel: https://github.com/w3c/did-core/issues/333
Brent Zundel: did syntax, assigned to markus…
… can anyone provide an update? drummond?
Drummond Reed: PR exists… this is waiting… related to an ABNF update….
Brent Zundel: PR referenced as been merged
Drummond Reed: we can close
Brent Zundel: lets do a 7 day close
… next issue
Brent Zundel: https://github.com/w3c/did-core/issues/185
Brent Zundel: assigned to tobias, not on the call today
Manu Sporny: we will cover this on the special topic call today
Brent Zundel: skipping!
Brent Zundel: https://github.com/w3c/did-core/issues/337
Brent Zundel: when you did params be dropped
Orie Steele: this is an interesting issue. it is that DID parameters are appended to DIDs by parameters that seek to change the DID document
… the conclusion, that needs to be noted on the issue, the did document that is returned should have an id that is the DID, not the DID with the parameters.
… the parameters belong in the resolution metadata.
Dave Longley: +1 to Orie
Orie Steele: we need to add better language around that
Manu Sporny: +1 to adding better language around that
Brent Zundel: does anyone want to volunteer to add better language
Orie Steele: Orie: if its assigned to me, i can try
Brent Zundel: i will add a comment, about next steps
… next issue
Brent Zundel: https://github.com/w3c/did-core/issues/339
Orie Steele: CBOR issue is solid, and should not be marked at risk
Jonathan Holt: the issue is with the registries
… need to update the section to include better COSE / CBOR versions issue
… hard to get a 1:1 mapping
… will be a process of describing a vocabulary
… CBOR tags are their own registry…
… hard to get interop…
Orie Steele: https://github.com/transmute-industries/did-core/tree/master/packages/data-model
Orie Steele: https://github.com/transmute-industries/decentralized-cbor/blob/master/src/fixtures/outputs/table.csv
Orie Steele: I wanted to share some work I did with CBOR
… I made a package that transforms between CBOR JSON JSON-LD, etc.
… CBOR is complicated and there is a lot of work to be done.
… especially with the registries, we don’t want to duplicate work done elsewhere.
Jonathan Holt: thanks, CBOR is stable and well represented… but its gonna take some work…
Brent Zundel: next issue
Brent Zundel: https://github.com/w3c/did-core/issues/340
Brent Zundel: add COSE example into CBOR section
Jonathan Holt: related to the previous
… raw CBOR will support COSE, DAG CBOR supports
Brent Zundel: add comments to issue
Brent Zundel: https://github.com/w3c/did-core/pull/253
Orie Steele: ^ thats not an issue
Brent Zundel: forget that… moving on to 341
Brent Zundel: https://github.com/w3c/did-core/issues/341
Brent Zundel: getting iana registration for additional cbor tags
Orie Steele: there’s a couple of things here. I’m not sure if we’re the people who ask IANA to register CBOR tags.
… but if we want to do that, we need to record them all on the issue
… we also need to think about what the JSON representation of the CBOR property is and reserve those.
Michael Jones: I’m registering CBOR tags now in https://tools.ietf.org/html/draft-ietf-cbor-date-tag-05
Orie Steele: similar to what was done in WebAuthn.
Michael Jones: I’ll add a comment to the issue
Brent Zundel: selfissued is registering tags now
Michael Jones: as long as the tags make sense, the CBOR WG can do it.
Jonathan Holt: we need to iterate and find out which tags we need… if the mimetype is did+cbor… we need to reuse the existing registry… problem solved
Manu Sporny: i will put this in the issue… i have great concern about registering LOTs of tags….
… this group could easily flood all the remaining CBOR tag values… that would be a big problem.
… there are other community considerations…
Manu Sporny: We have a registry that could be construed as a specification, and we are a WG… we could ask for small tags
Michael Jones: to manu’s point… you want to use common sense, given the small tag is a limited resource… we should not consume those small tags without a really good reason…. where a good reason is lots of applications plan to use
Manu Sporny: and that would be an abuse of our position as a WG, IMHO. Agree with statements from Mike.
Brent Zundel: next up…
Orie Steele: privacy considerations for service endpoints…
Brent Zundel: https://github.com/w3c/did-core/issues/324
Adrian Gropper: basically 2 things on this… 1 is proposal from jonathan, wayne myself… as to how to answer the privacy questions… thats relevenat
Drummond Reed: @manu - should we add a github issue tag for “security considerations” and “privacy considerations” so we can mark issues that need to be covered in those sections?
Adrian Gropper: 2nd a group of us involved in the glossary project, has a list of 5 types which we might want to define for service endpoints…. we’ll share that work soon
… 2 things ready for consideration by the group
Kaliya Young: lets get the link into chat
Drummond Reed: i suggest we add labels for the sections … sounds like we have a lot of questions to address… we want to have short descriptions in those sections, and then link to implementation guide.
… and potentially other documents
Adrian Gropper: Service endpoint type survey: https://docs.google.com/forms/d/e/1FAIpQLSc8Z8FklORke1iPRoyo90GNWqqXkmdbgQLNvHvU-v4XvLxO0A/viewform?usp=sf_link
Manu Sporny: drummond, yes, we should totally have that, I’ll add the tags now.
Brent Zundel: apologies to wayne, jonathan and adrian, we will try and get it into the agenda next week
… next issue
Drummond Reed: @manu, thanks
Brent Zundel: https://github.com/w3c/did-core/issues/266
Orie Steele: should DID support self signed certificates
Brent Zundel: assigned to manu
Manu Sporny: we…
… selfissued: jwks have fingerprints?
… if we are doing JWK…. its defined?
Michael Jones: there is an RFC which defines how to compute a thumbprint
… not typically put in a JWK…
Brent Zundel: please add comments to issue
Brent Zundel: https://github.com/w3c/did-core/issues/208
Brent Zundel: ietf did+ld+json media type registration…
Manu Sporny: discussion continues… moving slowly
… if we don’t get a resolution from IANA.. we have options
Brent Zundel: please get that comment onto the issue
Brent Zundel: https://github.com/w3c/did-core/issues/328
Brent Zundel: update data model parts of the spec to refer to infra
… there is a PR that does this #347
… review it!
Amy Guy: brent, that’s what I was gonna say, thanks
Brent Zundel: next issue
Brent Zundel: https://github.com/w3c/did-core/issues/122
Amy Guy: brent, also just updated it, I’ll make a new PR for this too
Brent Zundel: when is a did subject not a did controller, if ever?
… lots of conversation
… amy says she will try a PR
… highly recommend people read this issue, lots of value in the comments.
Drummond Reed: we will need to reference the appendix… we may need a second appendix for controller
… I will add a note.
Brent Zundel: next issue
Brent Zundel: https://github.com/w3c/did-core/issues/332
Brent Zundel: 332 rename master branch… assigned to me.
… status is this is blocked by github.io
… we are awaiting tooling from github
… status is no change
Brent Zundel: https://github.com/w3c/did-core/issues/344
Brent Zundel: 334 impossible did url abnf using eager evaluation…
Wayne Chang: the issue here is we are more ambitious than URI spec is with token parsing… survey of web servers, seems like we are seeing differences between servers / tokens….
… back tracking parser needed… now in academic world of parsers… i recommend some changes that would work without backtracking
Jonathan Holt: the CCDL may also be overlapping of ABNF rules… not sure of the differences… anyone know?
Brent Zundel: ask on the issue
Brent Zundel: https://github.com/w3c/did-core/issues/349
Brent Zundel: 349 add relativeRef did URL parameters
Orie Steele: I think we have the service section registered in the registries, but not the relativeRef, so we need to register it there.
… this was formerly done with matrix params
Manu Sporny: we also need to specify how that works in did core as well
Brent Zundel: https://github.com/w3c/did-core/issues/248
Brent Zundel: 248 need term for Relying Party
… joe?
Joe Andrieu: there is a PR for this
Brent Zundel: checkout PR 350
Brent Zundel: https://github.com/w3c/did-core/issues/353
Brent Zundel: 353 confusing example in section 3.2.1 … did params are URI query strings
… this issue is 5 hours old
… looks like spec language needs to be cleaned
… moving on…
Brent Zundel: https://github.com/w3c/did-core/issues/198
Brent Zundel: 198 raised by markus, we talked about this already!
… not update, we have gone around the horn…
… we have covered the whole list… to me this means… we now need your PRs
… we need those changes, we need those submissions
… please get your PRs in
… the less call time we spend on issues moving forward, the more time we spend on special topics
… any additional comments?
Brent Zundel: https://github.com/w3c/did-core/issues/205
Jonathan Holt: i recall that service endpoints were going to be moved
Wayne Chang: we sent out security questionnaire initial responses
… lots of the questions depend on which did methods and the use of service endpoints…
… DNA goes to the mooon?… ?
Brent Zundel: please give feedback on that survey
Orie Steele: trying to answer jonathan. the definition of what the services section is, is in the did spec registries, but services as a category of things is still in the did core spec, and is intended to still be there.
… and there are are numerous security issues with that.
Brent Zundel: thats the meeting, thanks to people who helped get through issues, promised PRs and submitted PRs
… don’t forget our special topic call is in 6 hours