DID WG Telco — Minutes

Date: 2020-08-18

See also the Agenda and the IRC Log


Present: Daniel Burnett, Amy Guy, Michael Jones, Ivan Herman, Chris Winczewski, Drummond Reed, James Qu, Justin Richer, Manu Sporny, Jonathan Holt, Dave Longley, Kaliya Young, Adrian Gropper, Dmitri Zagidulin, Orie Steele, Pamela Dingle, Joe Andrieu, Brent Zundel, Daniel Buchner, Wayne Chang

Regrets: David Ezell, Markus Sabadello


Chair: Daniel Burnett

Scribe(s): Amy Guy, Manu Sporny


1. Agenda Review, Introductions, Re-introductions

Daniel Burnett: we have a variety of things on the agenda for today
… we’re going to talk about security and privacy, the DID explainer - both important parts of horizontal review
… and a quick check on opinions about service endpoints
… anything else that needs to be included?
… Anyone joining us for the first time?
… Someone who would like to reintroduce themselves?
… Eg. if you have never reintroduced yourself you are a good candidate
… Finding someone to reintroduce themselves… Mike Jones, would you like to reintroduce yourself?

Michael Jones: Hi my name is Mike Jones with Microsoft, I’ve worked on JOSE, WebAuthn, FIDO2, and many other standards in the space, including DIDs. I like to keep things simple and ensure that standards stay simple and easy to build.

2. Next Topic Call

Daniel Burnett: Next topic call is on relational link types, scheduled for today.

Brent Zundel: Yes, this afternoon, 6pm ET

Daniel Burnett: Happening 7 hours from now.


Daniel Burnett: We had already confirmed that it’ll be week of Oct 19th, so we’re going to do 4 sequential days… 19th, 20th, 21st, and 22nd - alternating between 10am-1:30pm slot and noon to 3:30pm slot.
… We had two different time slots from before - one day one time slot, next day the next - we’ll sent it out via email.
… Just to be aware, the AC meeting is on Oct 20th, one of those days - before our meeting that day.

Manu Sporny: we’ve had a request from another WG, WoT, to have a joint meeting at tpac
… I forwarded this to brent and ivan

Daniel Burnett: Yes, saw the email… weird calling it TPAC and joint meeting times - groups are encouraged to schedule for themselves when they meet… we can separately arrange joint meeting at any time. Will look at that and provide a suggestion.
… This is time for our group to meet on our topics.

Brent Zundel: That meeting may happen the week before at times that are mutally acceptable.

Ivan Herman: For those of you that subscribe to my calendar, once we have agreed, we will have them - the regular meeting on 20th will also be taken out.

Daniel Burnett: Days will correspond mon-thu, unless you’re in NZ, then tue-fri.

Kaliya Young: IIW is Oct 20th-22nd.

Drummond Reed: Yup, that’s a problem.

Daniel Burnett: oh, good point.

Ivan Herman: gee willikers, that is a concern.

Daniel Burnett: We will look into that.

4. Security and Privacy questionnaire

Daniel Burnett: https://github.com/w3c/did-core/issues/291

Daniel Burnett: Can anyone report out on security/privacy document?

Jonathan Holt: We’re waiting for feedback… we can’t answer potential vulnerabilities until we get some feedback.
… It would be helpful to hear from you what your thoughts are.

Joe Andrieu: I could, but I need a meeting password

Jonathan Holt: https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit#heading=h.mc2736ve71dk

Jonathan Holt: We had a discussion about service endpoints, that was a big gap in what’s going to happen w/ service endpoints.

Daniel Burnett: Right, it’s an almost segue.

5. DID Explainer

Daniel Burnett: https://github.com/w3c/did-wg/blob/master/did-explainer.md

Daniel Burnett: Brent and I worked on the explainer - a document that the W3C Technical Architecutre Group requests that groups write.
… This is not just for us, it’s for everyone, but it’s usually focused on the W3C TAG.
… We have written it with that in mind, available for anyone that would like to make comments on it. We are looking at a short review period, in next week, so we can send off to W3C TAG.
… We are very close to CR a few months away, which is good, but that’s close in standards terms.
… We’re looking for feedback, minor suggestions/feedback would be good, anything we’ve missed?

Ivan Herman: I put comments in issue that referred to this document.

Ivan Herman: comments on the explainer

Daniel Burnett: We will look there, thank you.

6. service endpoints - POV share

Daniel Burnett: Before we start this, what the Chairs and Editors want is to ask for points of view on whether they like service endpoints or they do not like that.
… We are not trying to argue/discuss what we should be doing - we want individual opinions. We only have 10 minutes.

Manu Sporny: I would like to keep a restricted form of service endpoints in the spec
… I believe we have not discussed the security implications, the scary security implications, and we should do that
… keep it in, heavily restricted

Dmitri Zagidulin: question to manu: restricted how?

Drummond Reed: I agree with manu, I’ve read threads discussing this, feel like when people bring up security/privacy - we need service endpoints for public entities, advertise point at which their DID enabled endpoints for comms are available… if there is no other use case, that one is important from Evernym’s standpoint.

Dave Longley: I think it’s useful to have data model for service endpoints, don’t think they need to be in DID Documents, even in Drummond’s use case, makes sense to put them somewhere else.

Joe Andrieu: Echo of Dave’s point - we can build directory services w/o going to DID Layer, we can’t have DIDs w/o what we have in the spec - we need to be more responsible wrt. privacy/security and service endpoints.

Orie Steele: Agree with Joe, data model with them needs to be in spec, guidance on whether they are present in VDR should be provided, depending on nature on VDR it may be acceptable to have them in DID Document, but we need more guidance on when you should do it and when you shouldn’t. Need more guidance in spec on that.

Jonathan Holt: What is a wallet, what is a DID Document, what is an Agent? I’m all about minimum viable Agentization.
… I see a lot of what we’re trying to do could be done via VCs instead of DID Docs.

Manu Sporny: it’ll naturally come about when we talk to the stuff Jonathan and Joe and Orie mentioned
… it is how much should you put in a DID document on a specific type of verifiable data registry
… there are options for you should never put anything on there except maybe a pseudonymous vc endpoint
… the other end, like with did web, put whatever you want to cos there are no GDPR concerns if you’re running it off your own domain
… we’re going to end up having a set of suggested restrictions based on the qualities of the verifiable data registry, the DID method effectively

Pamela Dingle: I’m ok with things going either way, concerned about complexity of performance here - we need to examine how many hops we expect people to make, how many layers of indirection to follow. There are advantages to simplicity, I’d like to see us discuss it.

Drummond Reed: +1

Adrian Gropper: The glossary project group met yesterday, ran a survey across service endpoint issue, we weren’t ready to present for another 2 weeks. When ther eis discussion, the results were interesting.
… Not time to go into them, wanted to ask chairs for time to respond.

Daniel Burnett: These are all good things to understand when scheduling the special topic call on this topic.

7. Core issue status check

Daniel Burnett: Now for everyone’s favorite item…

Daniel Burnett: https://github.com/w3c/did-core/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc

Daniel Burnett: The fuller review.
… We are looking for status check on these.

Daniel Burnett: https://github.com/w3c/did-core/issues/176

mike: I created a PR, Amy has approved, removes offending sentence, feel like we should merge it.
… I had about 4 other issues that I created, when I had my DID day - I looked through all of them, this is the only one I can resolve by myself… all the other ones need a special topic call. This one is easy, let’s get it done.

Daniel Burnett: https://github.com/w3c/did-core/issues/85

Michael Jones: We need to sort the metadata issue, that will address this one.

Daniel Burnett: https://github.com/w3c/did-core/issues/163

Daniel Burnett: This is going to be addressed before CR.

Michael Jones: Agreed

Drummond Reed: Yep

Daniel Burnett: https://github.com/w3c/did-core/issues/119

Daniel Burnett: Referred to this earlier, both PING survey and explainer - we need both of them for TAG review.
… We’re getting close, can finish up other two, can do TAG review after that.
… The nightmare scenario for chairs – the W3C TAG and other Horizontal Review folks hate having review right before CR. We had big issues that could change entire document and how to think about DIDs, those have largely been resolved, working through details… don’t think structure of document will change that much, this one falls into that one… couldn’t do it before now, had to do it before CR, we should get it in as soon as we can so they don’t feel pressed for time.
… Any questions about that?

Manu Sporny: crickets

Daniel Burnett: https://github.com/w3c/did-core/issues/23

Daniel Burnett: keeeeey formats….

Orie Steele: These are really public key bytes representations
… additional examples that use them in DID Core spec, this one could just be closed.

Manu Sporny: this one could be closed. I’m concerned we’re gonna lose… we should open a new issue that’s more specific about publicKeyPem
… maybe
… I’ll put this in the issue

Daniel Burnett: https://github.com/w3c/did-core/issues/171

Daniel Burnett: Ok, put something in the issue.

Michael Jones: I don’t know where the spec is wrt. this.

Manu Sporny: the decision on the special topic call was that a lot of these key representations, especially naming, the group didn’t want to take a position on that so now there’s another group dealing with the naming and will come back to the group with a suggestion on naming and key expression and that will be that
… we’re expecting 3 weeks of discussion
… and that will close this
… at the last special topic call people said they’re not interested in the discussion, so it’s orie, myself, tobias and dave longley, and what we come up with we’ll put forward for broader agreement
… they’re ad hoc calls
… there’s a repo that the discussion is happening in..

Orie Steele: work in progress: https://github.com/OR13/best-linked-data-suites-2020

Orie Steele: ^ summary, is there is not agreement over types vs interfaces and naming conventions

Daniel Burnett: https://github.com/w3c/did-core/issues/170

Orie Steele: The resolution is the spec is for key types other than JWK, so those properties are for non-JWK representations.

Michael Jones: That’s only a partial answer - what about for JWKs.

Orie Steele: I think we need a special topic call on this - will explain more in issue.

Daniel Burnett: Good, was looking for that, let’s get this in the issue before we schedule that call.

Daniel Burnett: https://github.com/w3c/did-core/issues/199

Brent Zundel: This is something we started resolving – the appendices that Drummond is working on, also related to representation and sameAs properties.

Daniel Burnett: Could you link to those items in issue?

Drummond Reed: We’ll talk about link relations today in special topic call.

Daniel Burnett: Make sure to mention that in the issue.

Daniel Burnett: https://github.com/w3c/did-core/issues/318

Daniel Burnett: Assigned to Kyle…

Orie Steele: https://github.com/w3c/did-core/issues/318#issuecomment-648469714

Dave Longley: This issue is bikeshedding name that appears in spec itself, do we want to give this thing a different name - people need to register opinions, doesn’t impact implementations. Really about understability in the spec.

Daniel Burnett: Can you add comment saying that call would be helpful.

Daniel Burnett: https://github.com/w3c/did-core/issues/151

Daniel Burnett: Looks like a lot of agreement, but no work.

Daniel Burnett: https://github.com/w3c/did-core/issues/281

Daniel Burnett: I’ll leave this to editors to decide on when to mark as pending close.

Daniel Burnett: https://github.com/w3c/did-core/issues/8

Michael Jones: all part of the same ball of wax.

Orie Steele: it’s not all a part of the same ball of wax - for methods using other key representation, other registries, they specify which relationships to use, we don’t need to specifically rely on RFC7518 anywhere in the DID spec.

Daniel Burnett: Can you put that in the issue.
… Please put careful explanation of where portion of group is coming from.

Michael Jones: Your answer confuses me, we have publicKeyJwk, we have algorithm identifiers in it, so people know what algorithms to use.

Daniel Burnett: Let’s resume on issue, we may need another call. I’d like to see how Orie’s point and Mike’s point turn into a discussion or not.

Dave Longley: the value of the publicKeyJwk property is a JWK – so the JWA stuff will be in there.

Manu Sporny: … and that’s up to the cryptosuite to link to JWK spec… not the DID spec’s job.
… the discussion we had in the special topic call about jose and about naming around linked data suites, effectively had the group saying it’s somebody else’s job
… based on that,w e’re having a discussion - orie, tobais, dave longely, myself - on naming and what those cryptosuite specs say
… the group has decided that is outside of the scope of this group
… that’s what has changed
… it is up to the cryptosuites to link to jwk, and we are doing that elsewhere
… but the group has come to a position, a decision seems to have been made where the group says this is not in our purview, other peopl eneed to figure it out
… I think it will result in what you want mike, the cryptosuites that use jwk will refer to the jose registry
… but it won’t appear in the DID core spec
… it will appear in the linked data suites specs

Michael Jones: that’s not a normative reference of tihs spec
… one of the most important meta issues is we should not be depending on stuff in community groups for the interoperable portions of our data structures
… if that’s happening in a CG it’s unstable

Orie Steele: selfissued… you should have not punted the naming discussion from this wg then

Michael Jones: I disagree with manu’s characterization of the situation
… we’ve not resolved the issue in such a way that all of our data structures are in finished specs rather than moving targets

Daniel Burnett: Clearly we need more discussion.
… This one, I think there is a rationalizatoin of statements/decisions that have been made before we make a decision on this one.

Daniel Burnett: https://github.com/w3c/did-core/issues/104

Ivan Herman: I18N review has been done, we passed, keeping it open until we get to CR.

Michael Jones: Orie, I’m not aware that I punted a naming discussion. Which names are you referring to?

Daniel Burnett: https://github.com/w3c/did-core/issues/36

Drummond Reed: Markus is making an update - a PR to finally close this, we left this open to make sure he makes that PR. I’ll make a comment to that effect.

Daniel Burnett: https://github.com/w3c/did-core/issues/294

Daniel Burnett: It looks like there is still conversation happening, but needs something to kick it forward.

Michael Jones: But publicKeyJwk is within purview of our working group, and so we should fully define how to use it

Dave Longley: Last I looked, there seemed to be consensus that we wouldn’t be making any changes. I think Kyle thinks we should put some text around this…

Daniel Burnett: normally, I’d like to close - but let’s document - Kyle should propose closing or create new PR for his thing, let’s get this documented.
… Issue 105, going to skip that one

Daniel Burnett: https://github.com/w3c/did-core/issues/105

Ivan Herman: A11y review has been done, we passed, keeping it open until we get to CR.

Daniel Burnett: https://github.com/w3c/did-core/issues/260

Drummond Reed: This is the appendices issue, 373

Ivan Herman: Can we close this as a duplicate?

Daniel Burnett: Is there something captured here that isn’t in the other issue?
… This is a pretty short thread - I’m fine w/ that, if you’d like to pending close this one, you can suggest it as one of the Editor’s
… Thanks everyone
… Mike, looks like ther eis IRC discussion happening, you might want to have a discussion w/ Manu/Orie about this - would be good for you guys to come to an understanding and present that to the group – thanks all, talk w/ you later today.

Manu Sporny: (in 6 hours)