DID Special Topic Call (unofficial - no quorum) — Minutes

Date: 2021-04-08

See also the Agenda and the IRC Log

Attendees

Present: Manu Sporny, Jonathan Holt, Amy Guy, Charles Lehner, Justin Richer

Regrets:

Guests:

Chair: None

Scribe(s): Manu Sporny, Amy Guy

Content:

Jonathan Holt: I have a few questions…

Manu Sporny: Not many people here today, we might not have enough to have quorum.

Jonathan Holt: I’d like to know more about how to do the CBOR stuff… I work mostly in Rust these days, saw the Docker stuff in the test suite, how do we develop to call into the CBOR tests.

Manu Sporny: I refactored the test suite this weekend. I still don’t understand what the docker stuff is about and need orie to explain
… he wanted something self contained that you could run the entire test suite without having to install stuff on your local machine
… but the docker thing runs the tests suite in a server
… you till need to do the development as javascript nodejs
… all the tests are nodejs

Jonathan Holt: that’s the challenge
… we’re trying to convert cbor into json which is the entire point of the transformation, we’re relying on a library to make sure it’s all in js and all json as a default
… this idea of on demand in the test suite doc it’s incomplete as far as how to.. on demand conformacne results form a remote server.. that’s it

Jonathan Holt: https://w3c.github.io/did-test-suite/#on-demand-report-results

Manu Sporny: none of the tests do the remote server thing, it’s all local development right now
… the other challenge is because we doled sections out to different people, people deicded to test in different ways
… some of the refactoring was trying to realign that stuff
… markus has some opinions about how we should be testing the adm vs the serialisation
… orie has strong opinions there as well
… everyone is more or less on the same page there
… fundamentally the people representing the ADM in nodejs as a javascript object
… and then there’s a byte stream that’s a result of that
… when they produce they take the javascript data model and produce a byte stream and consumption is the opposite of that
… take a cbor byte stream in and produce a javascripty abstract data model
… that’st hew ay markus and charles have decided to go
… orie is working on cbor tests but it is going to use a library to take a cbor serialisation off the wire and put it into the ADM to do other tests
… I think we’ll get to the point where everything is testable
… we seem to be on a good trajectory
… Ie expect people to continue to disagree with the way a subset of other people have decided to test the thing
… that’s what we have right now
… it’s chaotic and not perfect
… I think will not result in objections of “you didn’t test x or y”
… markus has done that a couple of times, said it’s not acceptable thew ay we’re testing, so we’re going to more lengths to do that
… a lot is to do with consumption and production
… everything else is straightforward
… normative statements around consuming and producing and some of the did resolution stuff have required us to use different data structures to test the spec
… I feel like we’re using sledgehammer, we’re going way overboard to make sure everything is testable, but it’s good becuase we’re being super pedantic about it

Jonathan Holt: if you’re relying on a library, testing the library’s ability to perform those actions, not necessarily the specification
… interesting

Manu Sporny: my expectation is orie is going to choose a cbor library to convert the cbor stuff into a map which is what most cbor libraries do, then convert that into a javascript object ADM and feed that into the tests uite

Jonathan Holt: overlap, eg. with the regular expressions in js, I did in CDDL
… and the ABNF rules, which now the CDDL, carsten’s library supports
… I was looking to reduce some of this writing and in the ABNF rules, getting that succinct representation as a representation of the ADM
… markus point that its a syntax
… are we testing the syntax of the did document?
… logic in there you can’t represent as branching logic in CDDL, but you can do pretty good
… if it’s a string heres’ the syntax, if it’s an array hre’s the syntax
… most are covered in CDDL
… and ABNF for regular expressions is testable

Manu Sporny: they are quadrupled some of the tests, duplication of regexes
… every single suite.. there’s a suite for the major sections of the spec and in each suite its’ assigned to a different developer
… every developer created a utility library, which can be duplicated across suites
… people have noticed that
… be good to get this in a common library
… it would be good but I don’t think necessary for us to get out of .. meaning they’ve done what they had to do to test the things they had to test
… even with duplication of the regexes it’s probably okay
… it’s not great but it’s okay
… to get us through CR

Jonathan Holt: some of those are normative or referenced, here’s the regex in the RFC, that’s cool
… the ABNF would be ideal
… I don’t think the production and consumption I’m worried about, either its a map or an object or an array, those are easy in and outs
… where do you think the edge cases would be for the spec that we need thrown in in?

Manu Sporny: I don’t know if there’s really.. the edge cases are being discussed in issues on the test suite repo
… the editors need to go back through and makes use every test we have lines up with every normative statement, we haven’t done that yet
… but I believe we have close to 100% coverage
… there are 5 or 6 statements in question right now out of 100 and something
… we’re close
… I think there were less edge cases than we thought
… but we haven’t done the due diligence to make sure we have tests for everything yet
… I don’t know is the short answer
… I think we’re good but I won’t know until the editors go back through and nitpick
… you might want to work with orie on the cbor stuff
… I don’t think there are cbor production and consumption tests yet

Jonathan Holt: I see that, I see it’s in the javascript todo
… but it requires the library
… I imported one but I started realising we’re testing the library’s ability to transform it
… we can prove it, we can prove a library that’s open source that produces and consumes in and out from json to cbor
… okay..

Manu Sporny: two of those, but that’s picking up another library, two independent impementations

Jonathan Holt: the challenge is I need two two nodejs libraries to do?

Manu Sporny: that would be the easiest way
… you could actually call out to a c r rust program to the test suite, it adds complexity to the test suite, it would have to be two separate people to do it
… I would talk with orie, I know he’s got a plan
… I don’t think me getting involved is going to help

Jonathan Holt: I can write a docker container as a server, you push cbor as a server, transform it to json and send it back, whatever json report you need to show, can be multiple different libraries, go, rust, nodejs
… carsten’s cbor cddl transformation

Manu Sporny: check with orie, I don’t think that’s his mental model on the docker stuff

Jonathan Holt: that would be the easiest way
… otherwise we’re limiting to one programming language

Manu Sporny: I believe that’s true right now.. the inputs and outputs to the test suite could be generated by anything, that’s the key thing here
… you can use anything to generate those things, and the tests are run against the inputs and the outputs
… you could use a native rust program to generate some did document
… you take it and feed it into the test suite and the test suite tells you if its’ a conformant did document

Jonathan Holt: the test suite is in json, there’s no consumption of cbor

Manu Sporny: the input is bytes
… for some the input is json
… in the cbor case the way markus approached it is he hex encoded a string
… you pull in a stream of bytes that you start with and do something with that byte buffer to convert to the adm

Jonathan Holt: so if I hav a docker container that does it in Go, produces the cbor hexadecimal, pushes to the test suite server which uses the cbor nodejs library to transform the hexadecimal representation and test it?

Manu Sporny: that last part I don’t think .. where it pushes it to the server and does something, that’s not how the test suite takes input
… you literally shove it into a json file, but one of the entries is a cbor byte stream in the json document
… let me try and find one of the tests

Manu Sporny: https://github.com/w3c/did-test-suite/tree/main/packages/did-core-test-server/suites/implementations

Manu Sporny: that directory has example did docs and a resolver example and a dereferencing example
… your input for a cbor input for a did method thats encoded in cbor would look likethe did example one
… but for the did document instead of being an object we’re thinking changing it just to a text string, would be cbor bytes encoded as hex
… it would be a bunch of hex bytes
… make sense?

Jonathan Holt: yep

Manu Sporny: I think that’s the plan

Jonathan Holt: so in the json it’d be application/did+cbor and instead of an object it’d be a string and the string would be a hex representation of cbor?

Manu Sporny: yes

Jonathan Holt: rather than the object being a did document
… right now its an object with the first key did document.. so its one level down.. it would be a string
… all right

Manu Sporny: that’s my guess, chat with orie

Jonathan Holt: easy enough

Manu Sporny: any other questions?

Jonathan Holt: not to put to waste any of the 1200 lines of CDDL..
… orie was interested
… how to incorporate that? there is a nodejs library that does cddl
… out of date
… again the challenge is are we testing the library or our spec?
… whether we have good coverage of the library to have assurance that it’s sufficient

Manu Sporny: to me.. yes if you want to try to employ that for cbor.. everything else already has regexes and tests
… it’s up to you.. chat with orie
… everybody else has just used pure regex where they needed to
… not as many as you’d expect there to be
… I don’t think anyone is doing a full blown json schem aor cddl against the entire did doc because all of the normative statements require you to break the did doc down into pieces

Jonathan Holt: cddl is modular like that
… I did create one for the entire did doc, all the regexes for the did url syntax, but you can test individual pieces

Manu Sporny: https://github.com/w3c/did-test-suite/tree/main/packages/did-core-test-server/suites

Manu Sporny: if you wanted to you could take a look at all the suites
… each one of those is a different suite and in each one of those there’s like a utils

Manu Sporny: https://github.com/w3c/did-test-suite/blob/main/packages/did-core-test-server/suites/utils.js#L14

Manu Sporny: that checks to see if something is valid base58 and its a regex
… fi you wanted to replace that with cddl statements that would be fine
… if you look at

Manu Sporny: https://github.com/w3c/did-test-suite/blob/main/packages/did-core-test-server/suites/did-resolution/utils.js#L30

Manu Sporny: is ascii string.. match against a regex
… that stuff is written and working
… you’d have to talk with each person involved in each one of those suites and see if they’re okay with converting it over

Jonathan Holt: we have multiple different ways.. they all work in parallel and give green checkmarks.. more tests better

Manu Sporny: yep
… anything else?

Jonathan Holt: I’m good

Charles Lehner: I’m unsure of what I should be focussing on right now

Manu Sporny: if you’ve got your tests in then that’s it
… the next thing we need to do is I still need to.. markus wanted me to rewrite the production tests, so I need to do that
… once I do that that’s everything
… we will need to go through every single test to see if it lines up with the spec
… fi you have your tests in cel you’re done for the time being
… other than if you have a did method to submit now is a good time to do that
… noting that if I change the production tests it might change those implementation inputs
… but shouldn’t be hard to refactor it if you’re just doing one or two did methods
… if you’re going to do ten i’d hold off..

Jonathan Holt: i’m curious if you’ve seen hpass being submitted as a did method?
… the state of new york’s covid pass
… it’s in production
… their liberty pass is being deployed, the did method they used is hpass
… it’s IBM
… not surprised
… not a conformant did method

Manu Sporny: https://github.com/IBM/hpass/blob/main/doc/did-spec.md

Manu Sporny: it’s in the registry and talking about digital health pass

Jonathan Holt: I don’t see it in the did spec registries

Manu Sporny: https://w3c.github.io/did-spec-registries/

Manu Sporny: it is
… registries is not up to date on /TR/
… anything else?
… thanks all! bye