DID WG Telco — Minutes

Date: 2021-04-27

See also the Agenda and the IRC Log


Present: Daniel Burnett, Shigeya Suzuki, Charles Lehner, Brent Zundel, Dmitri Zagidulin, Manu Sporny, Orie Steele, Daniel Buchner, Ted Thibodeau Jr., Kristina Yasuda, Justin Richer

Regrets: Drummond Reed, Markus Sabadello


Chair: Daniel Burnett

Scribe(s): Charles Lehner


1. Agenda Review, Introductions, Re-introductions

2. Special Topic Call

Daniel Burnett: request for additions or modifications to agenda
… … Special Topic Call will focus on DID Test suite
… End of this month: target chairs set for tests.
… Need to have tests in by end of April
… manu, Orie_ any comment of status of test suite?

Manu Sporny: Sure, I can provide some input.
… The test suite is testing all the major parts of the spec except for the cbor section and the json section.

Orie Steele: There is a PR for the JSON section

Orie Steele: https://github.com/w3c/did-test-suite/pull/71

Manu Sporny: We still need to go and doe an audit of tall the tests the test suite test and all the … in the spec.
… More or less we are are in good shape, except for the json and cbor sections

Orie Steele: Two open PRs need review for test suite. One for JSON representation section. Please get your reviews in for the tests.

Daniel Burnett: Down the wire. Chairs and editors will make a decision at end of month
… and impact on the specification.

3. DID Core PRs

Daniel Burnett: https://github.com/w3c/did-core/pulls

3.1. Clarify that equivalentId and canonicalId are optional.

See github pull request #720.

Daniel Burnett: Essentially editorial but need status update… ^

Manu Sporny: Heads up: I went through all PRs and all issues and categories everything as editorial or substantive.
… It would be good to pull these PRs in. I would appreciate multiple reviews on the ones that are editorial
… 720 we have discussed on previous call as nonsubstantive.
… Markus found a strangeness in the spec where we didn’t explicitly say that equivalentId and canonicalId are optional.
… What the PR does is explicitly state that. We don’t think any implementations would have to change as a result.
… If anyone disagrees, they should express that.
… It changes a normative statement but in a way the group meant and we don’t think implementations would have to change based on the update.

Daniel Burnett: Can you give a target when to expect it to be merged?

Manu Sporny: Ideally anything older than 7 days would be merged.
… Because editorial, and not substantive, suggestion is to merge anything.
… We haven’t merged anything since entering CR. First time merging.
… Does anyone have any issues with merging things that have been out there, editorial/nonsubstantive?
… If not, will merge after this call or latest by Sunday.

Ted Thibodeau Jr.: re #720 – No implementation that included either/both would have to change to drop it/them. No implementation that didn’t include either/both would have to change to add it/them. Inclusion and omission are all OK. So, no implementation impact.

Daniel Burnett: I’m not hearing any objections. People will have opportunity to read the minutes.
… You are correct on our ability to move forward based on implementations and agreement on clarification.
… Falls into uncommon category, “clarification”.
… No disagreement or dissent about it.
… Giving much more time than usual, to make absolutely sure.

Ted Thibodeau Jr.: throwing a flag on 720
… Just removed the issues that are deferred
… Our interpretation works fine for generators, but it didn’t matter whether they included or didn’t include those properties. But consumers who read what we wrote will not be flummoxed by leaving them out.

Manu Sporny: A previous implementor reading that … It’s not clear whether it always had to be there or not.

Ted Thibodeau Jr.: Correct

Ted Thibodeau Jr.: The previously ambiguous language could have led someone to believe that was required…

Manu Sporny:

Ted Thibodeau Jr.: It’s a … justification. Just want to make sure we are all on the same page …

Daniel Buchner: note: before that text it says obviously not putting these in if not using these features.

Ted Thibodeau Jr.: Not saying it’s likely… but the sort of thing that has bitten WGs in the past

Daniel Buchner: Makes sense

Manu Sporny: You’re okay with that justification?

Ted Thibodeau Jr.: Yes

Manu Sporny: (earlier missed comment) A consumer software that was implementing this normative statement previously would have read that the value of equivalentId must be a string. It wasn’t clear at all whether that was optional or mandatory, so making a decision one way or the other wouldn’t have been supported by the text. What we are doing now is going back and clarifying that we always meant it to

Charles Lehner: be optional. That is the justification for allowing it to be a nonsubstantive change to the spec.

Daniel Buchner: @orie: about the PR on JSON production: I wasn’t sure what exactly to do on the value tests - am I supposed to invoke JS typeof or something to prove it’s a number, for example?

4. DID Core issues

Daniel Burnett: https://github.com/w3c/did-core/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc+-label%3Adefer-v2

Manu Sporny: I went through all the issues and now marking them as cr-comment, to make easier for chairs/editors to round up all comments for transitioning to next phase.
… One has been closed by the original issue submitter.
… We are trying to highlight whether we believe they are editorial changes, whether they are ready for a PR or whether a PR exists.
… once closed we will ask whether issuer submitter is happy with it. Once they give feedback, will tag if they are okay (agree to close) or did not respond (agreed implicitly), or disagree (keep talking).
… First one up: 583

Manu Sporny: https://github.com/w3c/did-core/issues/583

Manu Sporny: Editorial fix, needs PR

Manu Sporny: https://github.com/w3c/did-core/issues/717

Daniel Buchner: Like typeof didDoc.foo === ‘string’ ?

Manu Sporny: About equivalentId and canonicalId … Markus raised issue, opened PR, we just talked about it and agreed to merge it, with rationale

Manu Sporny: https://github.com/w3c/did-core/issues/625

Manu Sporny: Diagrams … editorial … Expectation is Markus will.

Manu Sporny: https://github.com/w3c/did-core/issues/708

Manu Sporny: verification IDs must contain fragment. Long discussion. He presumed that all keys have fragment identifiers.
… Not clear if George is happy with it or need changes.

Manu Sporny: https://github.com/w3c/did-core/issues/719

Manu Sporny: https://github.com/w3c/did-core/issues/718

Manu Sporny: 719, 718: both assigned to Drummond. Both have to do with the appendix.
… Drummond has volunteered to write appendix.

Manu Sporny: https://github.com/w3c/did-core/issues/721

Manu Sporny: 721: asked Charles if okay writing PR

Charles Lehner: I’m not sure what to do at all with this.

Manu Sporny: Do you feel like an explanation of what a storage attack is … would be useful?
… I’ll suggest… will assign myself

Daniel Buchner: It could be more broadly described as a malicious resource consumption attack

Daniel Buchner: or class of attacks

Daniel Buchner: similar to smart contracts constructed to cause feedback loops that consume excessive CPU

Daniel Buchner: more broadly, malicious resource consumption… can happen with CPUs of smart contracts.

Manu Sporny: https://github.com/w3c/did-core/issues/723

Manu Sporny: 723: example 1 in the specification is not minimal.

Manu Sporny: https://github.com/w3c/did-core/issues/707

Manu Sporny: There is a PR in for this, where we change word minimal to simple. We think this will address commenter’s concern.
… 707: Big one. Talks about replacing examples with multibase examples. It is substantive. Some are arguing it is not.
… We put a statement before CR to say we may update it…
… There is an at-risk statement talking about base58 to make this change, so we would not need to go through CR.
… There seems to be quite a bit of support for publicKeyMultibase.

Manu Sporny: https://github.com/w3c/did-core/issues/707#issuecomment-826382717

Manu Sporny: There have been some concerns raised.
… I proposed steps forward and request feedback ^
… After 7 days we will execute on these steps.
… Change to multibase, update to 2020 suite
… We will not have to go through another CR to make these changes
… Concerns, objections, comments?

Justin Richer: Do changes to these examples constitute a normative dependency … 2. What is the standards-track status of the multibase specification that would be referenced here?

Manu Sporny: All examples in W3C are non-normative.
… Specifically in publicKeyMultibase we went out of our way to say non-normative.
… The multibase spec is an ID (I’m the author) at IETF.
… Probably nowhere near being adopted into a WG. But more-or-less done.
… Multibase hit some stability with multiple implementations.
… The table has been stable the same amount of time.
… We would be referring to the ID in a non-normative way.

Justin Richer: I am uncomfortable referring to a non-standards-track ID even in examples.
… it’s important signaling for the W3C to do. It’s not an IETF document.
… I would be more comfortable if it were hosted on a web page somewhere rather than an ID.
… Thank you for the clarification about removing the property names from Core.
… Because it’s informative, I think it’s okay, but we should be careful of how we do it and how to refer to it.

Manu Sporny: +1. If you have a couple spare cycles and want to review what we have in spec today, would appreciate it, to make sure it aligns with your expectations.
… We’re trying to walk a fine line.

Justin Richer: I am not an official IETF Liaison but having worked in IETF, there is a lot drilled into our heads about referencing IDs in various states of development from other specs, internally or externally. If W3C has an IETF liaison, this would be a good question to ask, if group is intending to reference an untracked, non-working-group ID, what the appropriate way would be to do that. The

Charles Lehner: appropriate way may be just to refer to a web page, to show it is not part of the IETF as an organization.

Justin Richer: Wendy is a good contact to help straighten this out.

Manu Sporny: https://github.com/w3c/did-core/issues/724

Manu Sporny: 724: someone got confused about a DID and DID URL. Said a particular diagram threw them off; would have liked to see examples in the diagram.
… shigeya made one.
… ssstolk said strike the parenthesis
… If you have an opinion on how to address, please weigh in.
… Final one: a question that Oliver raised around the definition of a verification suite and a verification suite definition.
… I think we got to the point where Oliver feels he can write a PR; has volunteered to do that; we are waiting for it to come in.
… Those are the issues. Pretty good. No one has raised anything horrible or terrible yet.
… We may find … when more implementers engage.

5. AOB

Daniel Burnett: At end of agenda. Anything else anyone wants to cover?

Manu Sporny: General question for the group, aligning expectations. Next: close door on tests being written.
… given Daniel put in JSON just need CBOR…
… Amy is preparing … checklist to match every single test to the spec.
… Once we do that, we may have a delta where we are missing tests. Expectation is editors will write them.
… Worse thing is fine something put in that was not testable. Need to decide whether human-testable or machine-testable.
… At that point, will have test suite, audited. Then get more implementations, tally features against implementations, make sure at least 2 independent implementations of each feature in spec. Then “Done” - major work of working group.
… Editors still need to go through entire appendix and do non-normative changes. Editorial stuff.
… That’s the full list. Other editors, did I miss anything?

Daniel Buchner: My PR… There is a giant section I commented out.. All the types… confused, do I use typeof? … Make sure === string? Need help.

Manu Sporny: More or less. Special Topic call this week on test suite stuff.

Daniel Buchner: Will try!

Manu Sporny: 12pm Eastern
… We can go through that. We may have to do thinking about exactly how to test for ordered sequence, set, boolean value…
… Not supposed to be difficult to write.
… But yes, that this the general thing (checking if string, etc.)

Daniel Burnett: Questions?

Daniel Buchner: So easy that I was feeling dumb thinking of just typeof and Array.isArray testing lol

Daniel Burnett: Please join on Thursday or directly communicate with Orie or Manu. They need to get done now.
… Please continue on implementations. Thanks to scribe. Thank you everyone.