DID WG Telco — Minutes

Date: 2020-07-21

See also the Agenda and the IRC Log


Present: Justin Richer, Adrian Gropper, Chris Winczewski, Amy Guy, Wayne Chang, Dave Longley, Dmitri Zagidulin, Brent Zundel, Orie Steele, Manu Sporny, Drummond Reed, James Qu, Joe Andrieu, Yancy Ribbens, Jonathan Holt, David Ezell, Michael Jones, Kristina Yasda, Kaliya Young, Ganesh Annan

Regrets: Ivan Herman


Chair: Brent Zundel

Scribe(s): Orie Steele, Brent Zundel, Manu Sporny


1. Agenda Review

Brent Zundel: agenda, metadata, core issue status check…

2. Introductions

James Qu: I’m james qu, working on DID an china ( sorry… missed that )

Chris Winczewski: Welcome James!

Dave Longley: Im with digital bazaar, we work on DIDs, VCs and blockchain… been working on standards for over a decade

Brent Zundel: next topic call is later today 6PM ET
… topic is JWK and key formats
… any questions?

Manu Sporny: question for justin_r, we had a meta data discussion during the special topic call… there seems to be support for PR #347

Manu Sporny: This is the metadata PR: https://github.com/w3c/did-core/pull/347

Manu Sporny: we were able to discuss your PR as well. 347 attempt to strike a compromise between the language in your PR and the other PR, primarily around the type of meta data (strings vs infra)
… we are still stuck on a comment about the right hand side, whether it should be strings or must be strings.
… we need justin_r to engage selfissued, and find a resolution on that
… can we get a general review of 347

Justin Richer: sorry, just seeing this… I agree the language is problematic…. avoiding details, i will try to take a look at this soon….
… wondering about infra values, and strings… need clarity on infra values.

Manu Sporny: sounds good, you may also want to review the call notes from last week.

Brent Zundel: please review PR 347

Adrian Gropper: Announcement: @ 1PM ET today, UMA Health Info Interop + User Control Webinar https://kantarainitiative.org/events/?event_id1=10763

Brent Zundel: moving on to core issue status check

Brent Zundel: https://github.com/w3c/did-core/issues?q=is%3Aopen+sort%3Aupdated-asc+-label%3Aeditorial+-label%3Adiscuss+-label%3Aneeds-special-call+-label%3A%22horizontal+review%22+-label%3Ametadata+-label%3Akeys

Brent Zundel: we have tried to strip out things we already know we need deeper discussion on
… her we go!

3. issues

Brent Zundel: issue #198

Brent Zundel: https://github.com/w3c/did-core/issues/198

Brent Zundel: assigned to markus, not on the call today… phil, justin, other..
… can anyone give an update?
… markus’s last comment appears to be the current state.

Manu Sporny: Non-official minutes from metadata special topic call are here – https://www.w3.org/2020/07/16-did-topic-minutes.html

Brent Zundel: https://github.com/w3c/did-core/issues/202

Brent Zundel: next issue

Justin Richer: i’ve read through this section… the text that is in there says the context …. stuff is defined in the did registry
… seems like the language needs to be cleaned up
… need help writing the JSON-LD context language update

Brent Zundel: anyone on the call willing to help?

Kaliya Young: off topic but relevant to the life and health of the community - I’m working on collecting more well wishes for John Jordan this week - here is the Miro card - https://miro.com/app/board/o9J_kp34wZs=/

Brent Zundel: hopefully dave is ok with being assigned by manu

Justin Richer: 621 and 622
… need to account for production / consumption language

Brent Zundel: next issue

Brent Zundel: https://github.com/w3c/did-core/issues/249

Brent Zundel: how to mitigate trust issues with the universal resolver
… again markus is not currently on the call
… can anyone comment on the status?

Orie Steele: I recall this perhaps fitting better into the implementation guide
… I am in favor of moving this to the implementation guide
… there are some general privacy considerations around this topic that should be added.

Drummond Reed: i agree with orie… i think its a security consideration not a privacy consideration
… the balance of the discussion belongs in the implementation guide
… adding a comment

Brent Zundel: please leave comments
… next PR

Brent Zundel: https://github.com/w3c/did-core/issues/333

Brent Zundel: did syntax, assigned to markus…
… can anyone provide an update? drummond?

Drummond Reed: PR exists… this is waiting… related to an ABNF update….

Brent Zundel: PR referenced as been merged

Drummond Reed: we can close

Brent Zundel: lets do a 7 day close
… next issue

Brent Zundel: https://github.com/w3c/did-core/issues/185

Brent Zundel: assigned to tobias, not on the call today

Manu Sporny: we will cover this on the special topic call today

Brent Zundel: skipping!

Brent Zundel: https://github.com/w3c/did-core/issues/337

Brent Zundel: when you did params be dropped

Orie Steele: this is an interesting issue. it is that DID parameters are appended to DIDs by parameters that seek to change the DID document
… the conclusion, that needs to be noted on the issue, the did document that is returned should have an id that is the DID, not the DID with the parameters.
… the parameters belong in the resolution metadata.

Dave Longley: +1 to Orie

Orie Steele: we need to add better language around that

Manu Sporny: +1 to adding better language around that

Brent Zundel: does anyone want to volunteer to add better language

Orie Steele: Orie: if its assigned to me, i can try

Brent Zundel: i will add a comment, about next steps
… next issue

Brent Zundel: https://github.com/w3c/did-core/issues/339

Orie Steele: CBOR issue is solid, and should not be marked at risk

Jonathan Holt: the issue is with the registries
… need to update the section to include better COSE / CBOR versions issue
… hard to get a 1:1 mapping
… will be a process of describing a vocabulary
… CBOR tags are their own registry…
… hard to get interop…

Orie Steele: https://github.com/transmute-industries/did-core/tree/master/packages/data-model

Orie Steele: https://github.com/transmute-industries/decentralized-cbor/blob/master/src/fixtures/outputs/table.csv

Orie Steele: I wanted to share some work I did with CBOR
… I made a package that transforms between CBOR JSON JSON-LD, etc.
… CBOR is complicated and there is a lot of work to be done.
… especially with the registries, we don’t want to duplicate work done elsewhere.

Jonathan Holt: thanks, CBOR is stable and well represented… but its gonna take some work…

Brent Zundel: next issue

Brent Zundel: https://github.com/w3c/did-core/issues/340

Brent Zundel: add COSE example into CBOR section

Jonathan Holt: related to the previous
… raw CBOR will support COSE, DAG CBOR supports

Brent Zundel: add comments to issue

Brent Zundel: https://github.com/w3c/did-core/pull/253

Orie Steele: ^ thats not an issue

Brent Zundel: forget that… moving on to 341

Brent Zundel: https://github.com/w3c/did-core/issues/341

Brent Zundel: getting iana registration for additional cbor tags

Orie Steele: there’s a couple of things here. I’m not sure if we’re the people who ask IANA to register CBOR tags.
… but if we want to do that, we need to record them all on the issue
… we also need to think about what the JSON representation of the CBOR property is and reserve those.

Michael Jones: I’m registering CBOR tags now in https://tools.ietf.org/html/draft-ietf-cbor-date-tag-05

Orie Steele: similar to what was done in WebAuthn.

Michael Jones: I’ll add a comment to the issue

Brent Zundel: selfissued is registering tags now

Michael Jones: as long as the tags make sense, the CBOR WG can do it.

Jonathan Holt: we need to iterate and find out which tags we need… if the mimetype is did+cbor… we need to reuse the existing registry… problem solved

Manu Sporny: i will put this in the issue… i have great concern about registering LOTs of tags….
… this group could easily flood all the remaining CBOR tag values… that would be a big problem.
… there are other community considerations…

Manu Sporny: We have a registry that could be construed as a specification, and we are a WG… we could ask for small tags

Michael Jones: to manu’s point… you want to use common sense, given the small tag is a limited resource… we should not consume those small tags without a really good reason…. where a good reason is lots of applications plan to use

Manu Sporny: and that would be an abuse of our position as a WG, IMHO. Agree with statements from Mike.

Brent Zundel: next up…

Orie Steele: privacy considerations for service endpoints…

Brent Zundel: https://github.com/w3c/did-core/issues/324

Adrian Gropper: basically 2 things on this… 1 is proposal from jonathan, wayne myself… as to how to answer the privacy questions… thats relevenat

Drummond Reed: @manu - should we add a github issue tag for “security considerations” and “privacy considerations” so we can mark issues that need to be covered in those sections?

Adrian Gropper: 2nd a group of us involved in the glossary project, has a list of 5 types which we might want to define for service endpoints…. we’ll share that work soon
… 2 things ready for consideration by the group

Kaliya Young: lets get the link into chat

Drummond Reed: i suggest we add labels for the sections … sounds like we have a lot of questions to address… we want to have short descriptions in those sections, and then link to implementation guide.
… and potentially other documents

Adrian Gropper: Service endpoint type survey: https://docs.google.com/forms/d/e/1FAIpQLSc8Z8FklORke1iPRoyo90GNWqqXkmdbgQLNvHvU-v4XvLxO0A/viewform?usp=sf_link

Manu Sporny: drummond, yes, we should totally have that, I’ll add the tags now.

Brent Zundel: apologies to wayne, jonathan and adrian, we will try and get it into the agenda next week
… next issue

Drummond Reed: @manu, thanks

Brent Zundel: https://github.com/w3c/did-core/issues/266

Orie Steele: should DID support self signed certificates

Brent Zundel: assigned to manu

Manu Sporny: we…
… selfissued: jwks have fingerprints?
… if we are doing JWK…. its defined?

Michael Jones: there is an RFC which defines how to compute a thumbprint
… not typically put in a JWK…

Brent Zundel: please add comments to issue

Brent Zundel: https://github.com/w3c/did-core/issues/208

Brent Zundel: ietf did+ld+json media type registration…

Manu Sporny: discussion continues… moving slowly
… if we don’t get a resolution from IANA.. we have options

Brent Zundel: please get that comment onto the issue

Brent Zundel: https://github.com/w3c/did-core/issues/328

Brent Zundel: update data model parts of the spec to refer to infra
… there is a PR that does this #347
… review it!

Amy Guy: brent, that’s what I was gonna say, thanks

Brent Zundel: next issue

Brent Zundel: https://github.com/w3c/did-core/issues/122

Amy Guy: brent, also just updated it, I’ll make a new PR for this too

Brent Zundel: when is a did subject not a did controller, if ever?
… lots of conversation
… amy says she will try a PR
… highly recommend people read this issue, lots of value in the comments.

Drummond Reed: we will need to reference the appendix… we may need a second appendix for controller
… I will add a note.

Brent Zundel: next issue

Brent Zundel: https://github.com/w3c/did-core/issues/332

Brent Zundel: 332 rename master branch… assigned to me.
… status is this is blocked by github.io
… we are awaiting tooling from github
… status is no change

Brent Zundel: https://github.com/w3c/did-core/issues/344

Brent Zundel: 334 impossible did url abnf using eager evaluation…

Wayne Chang: the issue here is we are more ambitious than URI spec is with token parsing… survey of web servers, seems like we are seeing differences between servers / tokens….
… back tracking parser needed… now in academic world of parsers… i recommend some changes that would work without backtracking

Jonathan Holt: the CCDL may also be overlapping of ABNF rules… not sure of the differences… anyone know?

Brent Zundel: ask on the issue

Brent Zundel: https://github.com/w3c/did-core/issues/349

Brent Zundel: 349 add relativeRef did URL parameters

Orie Steele: I think we have the service section registered in the registries, but not the relativeRef, so we need to register it there.
… this was formerly done with matrix params

Manu Sporny: we also need to specify how that works in did core as well

Brent Zundel: https://github.com/w3c/did-core/issues/248

Brent Zundel: 248 need term for Relying Party
… joe?

Joe Andrieu: there is a PR for this

Brent Zundel: checkout PR 350

Brent Zundel: https://github.com/w3c/did-core/issues/353

Brent Zundel: 353 confusing example in section 3.2.1 … did params are URI query strings
… this issue is 5 hours old
… looks like spec language needs to be cleaned
… moving on…

Brent Zundel: https://github.com/w3c/did-core/issues/198

Brent Zundel: 198 raised by markus, we talked about this already!
… not update, we have gone around the horn…
… we have covered the whole list… to me this means… we now need your PRs
… we need those changes, we need those submissions
… please get your PRs in
… the less call time we spend on issues moving forward, the more time we spend on special topics
… any additional comments?

Brent Zundel: https://github.com/w3c/did-core/issues/205

Jonathan Holt: i recall that service endpoints were going to be moved

Wayne Chang: we sent out security questionnaire initial responses
… lots of the questions depend on which did methods and the use of service endpoints…
… DNA goes to the mooon?… ?

Brent Zundel: please give feedback on that survey

Orie Steele: trying to answer jonathan. the definition of what the services section is, is in the did spec registries, but services as a category of things is still in the did core spec, and is intended to still be there.
… and there are are numerous security issues with that.

Brent Zundel: thats the meeting, thanks to people who helped get through issues, promised PRs and submitted PRs
… don’t forget our special topic call is in 6 hours