07:17:47 RRSAgent has joined #did 07:17:47 logging to https://www.w3.org/2020/01/30-did-irc 07:17:48 RRSAgent, make logs Public 07:17:49 please title this meeting ("meeting: ..."), ivan 07:17:56 Chair: brent, burn 07:19:27 gannan has joined #did 07:20:01 yoshiaki has joined #did 07:21:17 Meeting: DID Working Group F2F, 2nd day 07:21:41 Agenda: https://tinyurl.com/didwg-ams2020-agenda 07:21:53 Meeting slides: https://tinyurl.com/didwg-ams2020-slides 07:22:45 yofukami has joined #did 07:26:55 present+ 07:30:23 ivan has joined #did 07:30:46 tplooker has joined #did 07:31:41 yoshiaki has joined #did 07:31:54 brent has joined #did 07:32:07 present+ 07:32:16 scribe: markus_sabadello 07:32:39 present+ 07:33:59 Slides and Audio: https://zoom.us/j/5593214233 07:34:09 scribenick: markus_sabadello 07:35:37 ewelton has joined #did 07:37:21 ivan: (going over logistics of afternoon activity) 07:37:23 Eugeniu_Rusu has joined #did 07:38:37 charles has joined #did 07:39:08 dezell has joined #did 07:39:19 brent: Yesterday we got a lot done, we have more today; hopefully leading to some resolutions 07:39:51 brent: This morning we will talk about interoperability, what does it mean, and what levels; hopefully come to decision what kind of interoperability we want 07:39:53 present+ 07:39:56 present+ 07:40:04 brent: Then we talk about interplay between interoperability and extensibility 07:40:07 present 07:40:11 brent: After that we work on JSON PRs 07:40:15 present+ 07:40:25 brent: Then we talk about next steps for the spec 07:40:28 SamSmith has joined #did 07:40:31 Oskar has joined #did 07:40:43 brent: During lunch I will present on ZKPs 07:40:59 brent: After that we will have a boat tour on the canals 07:41:18 juan_caballero has joined #did 07:41:30 Oskar has joined #did 07:41:39 brent: (Going over dinner logistics) 07:41:57 Oskar has joined #did 07:41:58 present+ 07:41:58 zakim, who is here? 07:41:58 Present: markus_sabadello, brent, yoshiaki, ivan, ChristopherA, Eugeniu_Rusu, Oskar 07:42:00 On IRC I see Oskar, juan_caballero, SamSmith, dezell, charles, Eugeniu_Rusu, ewelton, brent, yoshiaki, tplooker, ivan, yofukami, gannan, RRSAgent, Zakim, markus_sabadello, 07:42:00 ... presenter, chaals, burn, llorllale, wayne, deiu, rhiaro, ChristopherA, bigbluehat, jfishback, Travis, hadleybeeman, dlehn, manu, dlongley, yancy 07:42:17 present+ 07:43:03 present+ Eugeniu_Rusu 07:43:41 Justin_R has joined #did 07:43:56 Joachim has joined #did 07:44:06 present+ 07:44:07 present+ 07:44:11 present+ 07:44:12 present+ 07:44:13 jpresent+ 07:44:14 ken has joined #did 07:44:19 present+ 07:44:21 present+ 07:44:28 drummond has joined #did 07:44:30 Carsten has joined #did 07:44:34 present+ 07:44:38 phila has joined #did 07:44:45 present+ 07:44:53 present+ 07:45:17 selfissued has joined #did 07:45:21 present+ 07:46:22 burn: Everyone type present+ if you're participating in the meeting; just being logged in to IRC is not enough 07:47:46 burn: Still looking for scribes for tomorrow afternoon sessions 07:48:52 brent: Mike and Manu will present 07:49:04 Topic: Levels of Interoperability 07:49:33 manu: Mike and I will run through some things to understand about interop; often we don't define what it means 07:49:49 manu: Will go over types of interop, then Mike will go over how you get to those levels of interop 07:49:49 q+ 07:50:18 manu: Kinds of interoperability: Not necessarily a layered thing, just different types of interop 07:50:38 manu: First option: No interop at all (we wouldn't be here if we wanted that) 07:51:11 burn: Making this statement is very important. 07:51:22 manu: As we discussed yesterday, this confuses the market and everybody suffers 07:51:46 manu: Next step: Interop at the data model layer, you got some abstract data model, people agree on types of things we want to write down in the spec. 07:52:18 manu: This is not ideal, there are different ways of implementing and deploying 07:52:21 q+ to Where does different cryptography (curves [eg. 25519/sec256k1], signature algorithm [eg rsa/ecdsa/Schnorr], cryptographic proofs, 07:52:26 manu: We'd like something better than that 07:52:40 manu: Next layer: You interop at the data model layer, and you interop on some basic syntax layer 07:52:52 manu: This is where discussions about JSON,JSON-LD, CBOR, etc. come in 07:52:57 nicole has joined #did 07:53:04 manu: In VC work, we achieved data model interop, and basic syntax interop 07:53:20 manu: Then there are different kinds of interop that you can mix in there, nice to have 07:54:02 manu: Interop on extension mechanism. One aspect of a good spec is to have ways for people to use it for their own use cases (via extension mechanisms). 07:54:25 manu: Interop on canonical form. Is there a canonical form of the data model, is there a stream of bytes? 07:54:45 manu: Abstract canonicalization and syntax-based canonicalization. Do you always serialize it in the same way 07:55:10 manu: Syntax-based canonicalization is interesting if you want to do digital signatures. 07:55:20 manu: You have a data model, and there is ONE way to serizalize it. 07:55:41 manu: Interop on behavior. Not just data model and syntax, but the spec also defines what you can do with it. 07:55:58 manu: People do something with the data, and you get the same result 07:56:10 manu: With the DID Core spec, we expect CRUD operations for all DID methods, we expect interop there. 07:56:16 ack ChristopherA 07:56:16 ChristopherA, you wanted to Where does different cryptography (curves [eg. 25519/sec256k1], signature algorithm [eg rsa/ecdsa/Schnorr], cryptographic proofs, 07:56:33 ChristopherA: I think there is a missing section: What are the forms of cryptography that is being used? 07:57:33 ChristopherA: When we did our Wyoming interop project, couldn't find a combination of curve, signature suite, canonical method, selective disclosure that worked consistently across different implementations. 07:57:38 q+ 07:57:40 manu: Any other kinds of interop? 07:58:23 kaliya: At IIW there was an SSI stack diagram of different layers and protocols at each layer 07:58:26 ack ivan 07:59:01 ivan: Interop at the user interface level, and the tools that are being used. 07:59:25 q? 07:59:26 is this oliver's stack diagram from IIW that Kaliya mentioned? https://medium.com/decentralized-identity/the-self-sovereign-identity-stack-8a2cc95f2d45 ? 07:59:27 q+ 07:59:35 ivan: We will have tools that implement DIDs, and there will have to be some conceptual interop between those tools 07:59:47 https://miro.medium.com/max/1227/1*4zUczSBaVH-8qilvK4nKwQ.png 07:59:53 ivan: Out of scope for this WG, but some other group may look at this 07:59:58 identity_woman has joined #did 08:00:00 ack phila 08:00:04 present+ 08:00:04 https://medium.com/decentralized-identity/the-self-sovereign-identity-stack-8a2cc95f2d45 08:00:14 q? 08:00:47 phila: One of the ways how you will share DIDs will be via optical QR code. How will people know what the QR code will do? You need some visual indication 08:01:21 ChristopherA: Related to that is the wire forms. Do you support QR codes, do you use UDP, what transports do you use. 08:01:32 selfissued: Interop on protocol messages 08:02:35 (showing SSI stack diagram) 08:02:53 manu: Mike will now talk about how to get to those levels of interop 08:03:14 selfissued: Will talk about experience how you can get implementations of specs to interoperate with each other 08:03:31 selfissued: This is informed by the process we used for OIDC, JWT, etc 08:04:02 selfissued: In the early beginning, you can get together at IIW, or virtually, etc., and you try to use your implementations together in the ways that the spec intends 08:04:27 selfissued: E.g. manu wrote a relying party, and I wrote an identity provider. Now we can try if they can communicate successfully at all. 08:04:42 q? 08:04:44 q+ 08:04:49 selfissued: As you do this, you will find some thing that work, and some things that don't work. Either you did things differently, or your implementations are incomplete 08:05:03 selfissued: This gives you data what works and what doesn't, and you can improve things. 08:05:51 selfissued: The next level could be creation of a test suite that attempts to test some known parts of the protocol, and you run your implementation against the test suite. Again you learn what works and what doesn't. You also learn about bugs in the test suite. Then you iterate and fix things. 08:06:26 selfissued: Next level is you take a test suite, and you morph it into a formal certification tool, where a WG defines a set of tests. If you successfully test all of them, you get a certification mark. 08:06:54 selfissued: In our OIDC work, we got a lot of feedback, the end result is that certified implementations tend to work together much more seamlessly 08:07:26 selfissued: Difference: In the interop test suite, you can implement the parts you like and leave out the rest. OTOH to reach a certification level, you have to implement a minimum bar. 08:07:32 ack burn 08:08:06 burn: Regarding certification program: For most WGs I have been in, that has been out of scope of the WG, it better fits into an industry consortium. It is highly political. 08:08:19 q+ to note that DIF has noted they want to do certification, as a data point. 08:08:24 burn: It's one thing to say "the spec contains a list of features", it's another thing to say "your implementation has failed". 08:08:45 ack manu 08:08:45 manu, you wanted to note that DIF has noted they want to do certification, as a data point. 08:08:59 selfissued: Yes there are different certification models. 08:09:22 selfissued: One is third party certification. You pay a large amount of money to an independent organization to configure and run the code 08:09:24 q+ to say that W3C is not an enforcement body 08:09:42 selfissued: E.g. Microsoft got a SAML certification, product got better because we did that 08:10:06 selfissued: In OIDC we said that we wanted certification, but using a third party is a lot of work and costly 08:10:48 q? 08:10:54 q+ to comment about reliability of self certification with no enforcement 08:11:00 selfissued: Instead we tried another model: self-certification. You run the tests yourself and submit all logs for public inspection. It's kind of like the open-source model. Not everyone will read my logs, but the point is that everybody could read them 08:11:47 selfissued: Another aspect is making legal statements if a third party certifies 08:12:01 q 08:12:07 q+ 08:12:32 manu: Certificaiton is something that W3C has traditionally not done. DIF has more recently said that they are interested in running certification programs. W3C would produce specs, and a different body would do certification 08:12:33 q+ to talk about self-certification 08:12:48 q- 08:13:25 selfissued: Virtual cycle between testing and specification work. Interop testing can expose implementation bugs as well spec bugs. 08:13:47 q+ to emphasize the role of CR and also comment on certification 08:13:48 selfissued: Developers will get involved early and often, they can tell us what is good and what is bad 08:14:13 selfissued: Interop testing can expose all of that. You can interop, test, fix the code, fix the spec. 08:14:39 selfissued: Ideally you do several rounds of this. Do a snapshot of the spec, get developer feedback, change spec until it's interoperably implementable. 08:14:58 selfissued: What do we want to test to improve interop? 08:15:06 selfissued: Test the MUSTs and SHOULDs 08:15:39 selfissued: Test the positive cases (the paths that work), but also at least as important to test the negative cases (what does your implementation do if it encounters bad input) 08:15:52 q+ to comment on data format vs. protocol 08:16:23 selfissued: Example in the SAML work. More than 50% in a specific situation accepted a bad signature. All the positive cases worked, but the negative cases worked too 08:16:38 (laughter) 08:16:47 selfissued: Make sure your implementation errors and logs the error 08:17:20 q+ to talk about extensibility points, too 08:17:39 selfissued: You can to test uses of the extensibility points. Deployments will often specialize their implementations by using the extensibility points. You want your tests to check if nothing breaks if extensibility points are being used. 08:18:00 q+ to describe fallacy of strict issuance and liberal acceptance 08:18:21 selfissued: Example: In OAuth, any request value you don't understand must be ignored. This let's you do many extensions where you send extra request parameters. You need test cases that inject arbitrary additional values and check if implementions successfully ignore that. 08:19:11 selfissued: If there is a state machine in your specification where you can progress between states, you want to have tests that the succession of states implemented by the code is the expected succession. 08:19:25 gannan has joined #did 08:19:38 selfissued: E.g. if you do a write operation, then you do a read operation, test that you get the correct result. 08:19:51 q 08:20:36 selfissued: Regarding burn's point about political aspects of certification: You want test definitions to be public. They correspond very closely to the specification. There have to be objective reasons why the test exist (ideally pointing to a specific part of the spec). 08:21:33 selfissued: You keep everything in an entirely binary pass/fail basis. All have to run the same tests to get the same certifications. No exceptions are made for dominant player in the market. Even if you have something in production, you may not get certification. 08:22:26 ack burn 08:22:26 burn, you wanted to say that W3C is not an enforcement body and to comment about reliability of self certification with no enforcement and to comment on data format vs. protocol 08:22:27 mshea has joined #did 08:22:28 selfissued: If you do or do not include a test, that is the result of a working group consensus decision. The WG represents the industry, it serves as a check and balance that the tests are fair and complete. 08:22:29 ... and to describe fallacy of strict issuance and liberal acceptance 08:22:35 q? 08:23:26 burn: I worked for a company to make sure it was 100% compliant. 08:23:56 burn: W3C is not an enforcement body. It depends on what your industry wants and needs. A third party is better as an enforcement body. 08:24:34 burn: Reliability of self-certification is not always as good as it sounds, even if all results are public. 08:24:38 q+ 08:25:01 burn: We define a data format and not a protocol. We cannot stray too far into how our document formats are used. We had a similar situation in the VC WG. 08:25:12 burn: As we get further along, we have to keep this in mind. 08:26:06 burn: The IETF used to say be strict in what you issue, be liberal in what you accept. IETF doesn't say that anymore. It now says you also have to be strict in what you accept. Otherwise implementation get lazy, things don't work, and security issues follow. 08:26:15 q- 08:26:22 burn: Agree that it is important to test negetive cases. 08:26:53 q? 08:26:53 selfissued: In a data format, there are things you can test and things you can't test. Example: In DID document, some things have to be present, some things have to follow a certain format. You can test this. 08:27:01 q+ 08:27:04 q+ 08:27:39 selfissued: Lazy example: In JWK, key values are encoded as base64url strings. It turns out that Google used to publish their keys in base64 encoding, not base64url encoding. 08:28:06 selfissued: Some implementations that read the keys worked (they accepted the value even though the encoding was wrong), other implementation didn't work. 08:28:19 selfissued: Google eventually fixed their keys, this was a success of the certification program. 08:29:22 selfissued: Example of OIDC Financial API. They require certification every 6 months. When that we run by OBEI, the gave certifications with footnotes, saying that bank X implemented most of it, but they got client authentication wrong. They were certified, even though something didn't work. 08:29:38 selfissued: Market interest said everybody passed, even though they were not interoperable 08:29:49 q 08:29:55 ack Justin_R 08:29:55 Justin_R, you wanted to talk about self-certification and to talk about extensibility points, too 08:29:57 selfissued: Later this was changed to not use footnotes; it either works or it doesn't. 08:30:18 Justin_R: You can run the test suite yourself without going through certification program. 08:30:19 zakim, close the queue 08:30:19 ok, brent, the speaker queue is closed 08:30:26 q+ 08:30:49 Justin_R: Newer versions of the test suites is more easily packaged, you can run it on a local dev environment. This is very important. All test suites must be open source and publicly available. 08:31:12 Justin_R: Regarding extension points, testing those will be very important to this group in particular, given lots of discussion about extensibility. 08:31:34 Justin_R: If you're a JSON-LD process and you see something in the doc you don't understand, you have to react correctly. 08:32:42 Justin_R: The Java test suite doesn't use an OIDC library, since you have to test bad things (bad signatures, etc.) to make sure that things are exercise fully. This is easier to do without a library. Just write custom tests for everything. 08:34:06 Justin_R: Regarding public availability of logs, this is very valuable. If you look at logs of Azure test suite, they pass, but only on single tenancy, therefore Microsoft passes. Other tenancies are different. 08:34:27 ack ivan 08:34:27 ivan, you wanted to emphasize the role of CR and also comment on certification 08:34:32 burn: A company may get certified for something they built, but the product they sell may be something different 08:34:45 q- 08:35:04 ivan: One points about certification: W3C has had several problems where it developed things that turned out to be in competition with what members wanted to do for money. 08:35:28 ivan: W3C long ago had a browser implementation. Members didn't like that because they wanted to have their own business around that. 08:36:02 q+ 08:36:32 ivan: How does the spec CR phase fit into this picture? In this testing phase, formally the emphasis is different: When we test, we need to submit a report to the management. Without that we cannot get to a recommendation. 08:36:43 ivan: The primary function of the CR phase is testing. 08:36:45 q 08:36:50 W3C CR goal is to test the spec, not the implementations 08:37:04 ivan: Make sure the spec is "implementable". Must have at least two independent implementations. 08:37:40 ivan: From W3C point of view: Brave, chrome, vivaldi don't count as separate browser implementations. 08:38:08 ivan: We have to report that every features must all be implementable, must be proven by concrete implementations. 08:39:07 mshea has joined #did 08:39:11 chaals has joined #did 08:39:18 ivan: Agree with Justin_R's point about self reporting. From W3C point of view, if someone comes in and produces tests, it helps them in the public image. But it's not about public image, it's about understanding that we did the right thing with the spec. 08:39:38 ack ChristopherA 08:40:22 ChristopherA: I have history here with SSL/TLS. Three intertwined problems: Early on you couldn't request a certificate unless the code had security reviews. 08:40:28 JoeAndrieu has joined #did 08:40:35 present+ 08:40:40 q 08:40:44 ChristopherA: We looked at code for max. 8 hours. If we didn't find any problems we let it pass. 08:40:56 q+ 08:40:57 ChristopherA: We usually found serious problems within an hour or two. 08:41:14 ChristopherA: We got feedback that we can't allow >50% of people to fail. 08:41:32 ChristopherA: Eventually, everybody ended up using only openssl. 08:41:43 ChristopherA: There were non-free implementations that came with support 08:42:10 ChristopherA: Tragedy of open source. Tragedy of the free. Security certification is harder than data certification. 08:42:47 ChristopherA: TLS 1.3 should have been done in 2003. Got done in 2018. 08:43:05 ChristopherA: Keep in mind that once we do DID 1.0, there may not be an opportunity to do DID 2.0 08:43:14 Topic: Discussion 08:43:27 q+ 08:43:27 q+ to ask about method interop 08:43:34 brent: Let's discuss do we want to have interop. How much? 08:43:40 q+ to ask about method interop 08:43:41 q+ 08:43:44 q+ to ask about method interop 08:43:46 q+ to ask about method interop 08:43:47 q+ 08:43:54 zakim, open the queue 08:43:54 ok, brent, the speaker queue is open 08:43:55 q+ to ask about method interop 08:43:55 q+ 08:43:57 gannan has joined #did 08:43:58 q+ 08:44:11 SamSmith has joined #did 08:44:17 q 08:44:47 selfissued: Regarding centralized vs. diversity. We intentionally made the barrier to certification low enough to make it available also to open source. 08:45:21 selfissued: In OIDC, over 100 certified implementations. 08:45:25 selfissued has joined #did 08:45:27 q+ 08:45:30 ack JoeAndrieu 08:45:30 JoeAndrieu, you wanted to ask about method interop 08:45:32 present+ 08:45:32 brent: Which of the kinds of interop do we want 08:45:50 JoeAndrieu: Missing topic is method interop, we should talk about whether we want that 08:45:53 q+ 08:45:54 tplooker: what do you mean by that 08:46:20 JoeAndrieu: We don't have any DID method specification under our control. So we can't test/certify compliance of DID methods 08:46:58 q+ 08:47:08 JoeAndrieu: Many conversations I've heard: We are going to use one DID method. This doesn't mean it will interoperate with another DID method. 08:47:39 burn: Let's go over the types of interop and get opinions on which ones we want 08:48:08 burn: Interop on data model? 08:48:14 (everybody raises hand) 08:48:26 burn: Interop on data model and basic syntax? 08:48:33 (everybody raises hands) 08:48:43 burn: Interop on extension mechanism? 08:49:01 (most people raises hands) 08:49:05 burn: Any concerns with that? 08:49:16 ChristopherA: Extension mechanisms, what parts? Maybe some yes, others not 08:49:44 burn: Interop on canonical form? 08:50:02 selfissued: If there is a canonical form, should we interop? 08:50:44 manu: In VC we defined JWTs and LD signature. So people interop'ed on different things. Is that interop or not? 08:51:15 burn: Interop on cryptography? 08:51:20 drummond: What does this mean? 08:52:16 brent: If two implementations agree on the signature type, one can produce it, the other can verify it 08:52:21 burn: Anyone disagrees? 08:52:26 (nobody disagrees) 08:52:41 tplooker: The data model needs to be able to express the type of signature 08:53:22 burn: Is there any other aspect of interop we need to ask about? 08:53:43 selfissued: Crytographic algorithms are extension points. New ones will get added, old ones will be removed. 08:54:00 burn: Anyone disagrees? 08:54:06 (nobody disagrees) 08:54:29 q 08:54:33 ChristopherA: How many people feel extension mechanisms are very orthogonal aspects. I feel that's the case 08:55:19 JoeAndrieu: TO the extent crypto is an extension point, we may have no interop except between implementations that support the same extensions. Are there any crypto suites that we will test for interop? Is there a subset of the extensible world that we want to test on? 08:55:38 tplooker: E.g. in JWT there is a subset of crypto suites that must be supported, but extensions are still possible. 08:55:41 q? 08:55:50 q- 08:55:57 q- 08:56:15 burn: Let's try to get some more high level comments about other items 08:56:39 manu: Interop on behavior, user experience, transport, protocol are out of scope. 08:57:20 manu: Test MUSTs and SHOULDs, the ones in the spec apply to data model, not behavior. But there is also a gray area. 08:57:31 brent: We also specify how methods get implemented. 08:58:09 burn: Because we specify how methods need to work, therefore there will be some behavioral statements that are testable 08:58:35 burn: Interop on user experience? 08:58:42 (agreement this is out of scope) 08:59:31 q 08:59:40 q+ 08:59:47 q+ to talk about UX & interop 08:59:53 Justin_R: even if it's not in scope to specify and test, it's going to influence every decision we make. what's available to the user, how the user is presenting things. We all bring our personal biases what kinds of interactions are avialable. 08:59:59 q+ 09:00:09 Justin_R: We have assumptions based on what we're building 09:00:31 burn: There may not be testable interop on user experience, but we absolutely must consider user experience. 09:00:37 chaals has joined #did 09:00:48 burn: Reaching edge cases that require much discussion. 09:01:04 JoeAndrieu: Can we use the queue again 09:01:11 burn: Trying to get additional quick results 09:01:28 q- 09:01:34 q- 09:01:38 q- 09:01:50 Zakim, clear the queue 09:01:50 I don't understand 'clear the queue', Justin_R 09:02:08 q= 09:02:10 q= 09:02:25 queue= ... 09:02:35 ack ... 09:02:35 ack .. 09:03:44 ivan: Based on the experience of other groups, as soon as we have a spec, we need to start working on test suites. This takes more time than you think. 09:03:58 manu: A test suite exists. A framework is there, but tests are outdated. 09:04:22 burn: Much more to discuss, but we got some agreement on basic statements. 09:04:28 oliver has joined #did 09:04:34 present+ oliver 09:04:39 burn: Chairs believe we've had enough of this conversation to now move on to the big topic. 09:04:56 burn: JSON, JSON-LD, abstract data model come down to extensibility and interoperability. 09:05:17 burn: Now we can start a discussion on this key topic. That's why the next topic is "extensibility and interoperability" 09:05:38 burn: manu has some proposals that result from various conversations with WG members 09:05:57 burn: manu presenting this is an attempt to record something that the group might be able to agree to 09:06:00 Topic: Extensibility and Interoperability 09:06:10 burn: This is not what manu wants, but what manu thinks we can agree on. 09:06:36 burn: (short break now) 09:06:45 Topic: Extensibility and Interoperability 09:21:29 Justin_R has joined #did 09:21:41 drummond has joined #did 09:21:46 yofukami has joined #did 09:22:08 selfissued has joined #did 09:22:10 present+ 09:22:19 oliver has joined #did 09:22:19 burn: Resuming the meeting. Please everyone respect the queue. 09:22:23 present+ oliver 09:22:29 present_ 09:22:33 Topic: Extensibility and Interoperability 09:22:38 s/present_// 09:22:42 present+ 09:22:55 manu: We are going to attempt two proposals based on conversations on these topics 09:23:08 manu: The purpose is to try lower the tension 09:23:19 manu: Proposal #1 09:23:49 manu: I believe everyone was onboard to have an abstract data model that can be cleanly represented in JSON, JSON-LD, CBOR. there will some graphical depiction of the abstract data model. 09:23:54 q+ 09:23:58 q+ 09:24:06 q+ 09:24:21 q+ to comment on the assumptions this proposal makes (and make it clear) 09:24:25 manu: The extension mechanism in the spec will be a registry. People have been asking for it. The registry will have to be managed by the Working Group (or maintenance group). This means more process. 09:24:46 manu: Levels of interop we want to get to: We want to have interop between JSON and JSON-LD 09:25:15 manu: In order to add an entry to the registy, and extension author has to provide a spec AND a JSON-LD, in order to keep compatibility with the JSON-LD world. This does NOT mean you have to use @context 09:25:38 manu: With this proposal, you have the option to not use @context and be purely registry-driven 09:25:39 q? 09:25:44 Justin_R: what do you mean by "use @context" 09:25:57 q+ to understand what is the governance of the registry, who manages, maintains and executes the rules to reject registrations 09:26:17 burn: There is a JSON format and a JSON-LD format. The specification for the JSON-LD format has to provide context inforation 09:26:38 q+ 09:26:54 q+ 09:27:07 burn: If you do JSON-only there is no @context, there is nothing that looks like JSON-LD 09:27:28 burn: If you want something to the registry, if you want to add a field, you also have to add context information, just like the original specification has to add context information 09:27:46 burn: This means everything has a context, but no requirements are imposed on JSON-only 09:28:10 manu: We thought through the details, we're quite certain this can work. There may be details, but in general the shape looks okay. 09:28:13 ack tplooker 09:28:18 q 09:28:21 q+ 09:28:25 q+ 09:28:30 tplooker: Does this apply to extensions of the core? 09:28:42 manu: Applies to all extensions (properties; not DID methods) 09:28:50 ken has joined #did 09:29:10 tplooker: In JOSE, people can extend but not formally register. JSON developers can just add what they want and not register it. 09:29:17 q+ to ask about a poss req for a test suite 09:29:22 tplooker: Would that not be allowed in the DID document? 09:30:10 manu: I think we should make that decision later. It's important. 09:30:33 manu: One path: This is for all extensions. Other path: Be more loose about it. Either way, we can figure it out later 09:30:40 ack Justin_R 09:30:40 Justin_R, you wanted to comment on the assumptions this proposal makes (and make it clear) 09:31:00 ack selfissued 09:31:31 selfissued: I wanted to ask: 1. Does it matter if the abstract model is "graphical" or "textual"? 09:31:56 burn: It means there will ALSO be graphical representation, in additional to textual abstract model. 09:32:05 manu: This will be helpful to a group of people 09:32:52 selfissued: Main question: Mike Lodder's pull request proposes to add a method name to the top level. Does this break the JSON-LD model? 09:32:56 ack Oskar 09:32:56 Oskar, you wanted to understand what is the governance of the registry, who manages, maintains and executes the rules to reject registrations 09:32:57 manu: This model allows it. 09:33:14 Oskar: I'd like to understand governance of the proposed registry. Who will allow/reject registrations? 09:33:16 q- 09:33:19 q+ 09:33:40 ack drummond 09:33:52 drummond: There was really good discussion at W3C TPAC about registries 09:33:53 q+ 09:34:08 drummond: This looked encouraging 09:34:15 manu: This will take some time 09:35:01 drummond: Regarding yesterday's three-tier model. Does this mean there are only two layers (only registry-based extensions, no decentralized extensions)? 09:35:27 manu: In the JSON model, you have to use the registry. Future decision: Can JSON-LD people do extensions without using the registry? 09:35:43 drummond: I think there's a way to allow both. Registry-based and decentralized extensibility. 09:36:04 manu: This proposal attempts to achieve the three tiers (did core, registry, decentralized extensbility) 09:36:10 q+ to ask about version management 09:36:11 drummond: But the registry is not decentralized? 09:36:14 ack ivan 09:36:40 q+ 09:36:44 ivan: If I take the same DID information and put it into JSON and JSON-LD. Are the two equal except for the presence of @context ? 09:36:50 manu: Yes 09:37:22 ivan: When we define the shape of the JSON, it has to make sense in the JSON-LD as well, even though the user doesn't have to care 09:37:40 ack SamSmith 09:37:40 ivan: JSON schema could be used to define that 09:38:09 SamSmith: It seems there is an assymetry here; We have abstract data model, then we have three syntax, but then it says there has to be a context 09:38:12 Syncthing 09:38:31 charles has left #did 09:38:36 q+ 09:38:44 SamSmith: Instead of saying JSON, JSON-LD, CBOR, we should distinguish between semantic encodings and non-semantic encodings 09:39:00 drummond: JSON-LD would be one representation 09:39:28 SamSmith: You should talk about RDF as the data model, and JSON-LD as an encoding 09:39:33 ack phila 09:39:33 phila, you wanted to ask about a poss req for a test suite 09:39:41 q+ on abstract data models for RDF... 09:39:43 q+ to express concern about RDF model in registry not being specific enough 09:40:27 phila: Adding to a registry.. This proposal looks like an arbitrary starting point. to get an extension in the registry, what does it mean? Does it reserve the namespace or does it go further? What's the governance model, what's the test suite, what's the IPR, etc? 09:40:55 ack selfissued 09:41:37 selfissued: Respond to Oskar's question, what are the rules for adding something to the registry. The registry includes instructions to the experts with rules what should be added. 09:41:40 +1 phila we should be abstract in the semantic model as well to enable other encodings besides json-ld 09:41:58 selfissued: E.g. in JWT registry, one rule is a new claim must not duplicate functionality that's already covered by another claim 09:42:20 selfissued: Regarding manu's question we decide later whether JSON-LD extensions will go into a registry. Absolutely. 09:42:20 Drummond reminds himself that his queue turn is to suggest that the registry should also handle DID method names. 09:42:29 ack markus_sabadello 09:42:32 scribe+ 09:42:32 selfissued: The registry is documentation, not just reserving names 09:42:37 This allows a true semantic overlay that is a semantic model not merely a json-ld encoding of that abstract model 09:42:42 markus_sabadello: I had a similar question as drummond 09:43:32 Drummond also reminds himself about the point that JSON and JSON-LD and CBOR are not the only potential representations. 09:43:32 ... does the open world extensibility need to go in the registry? If not, does that mean only the JSON-LD would be able to function with that extension? 09:43:43 q? 09:44:14 burn: As chair, I have mixed opinions. The next proposal will be more controversial. I want to get to agreement on something. 09:44:34 ack JoeAndrieu 09:44:34 JoeAndrieu, you wanted to ask about version management 09:44:36 burn: manu it's up to you, should people see the second proposal? 09:44:43 q? 09:44:45 Drummond also reminds himself that his third point is to add support for decentralized extension to this proposal. 09:44:50 q+ to talk about registry re: interop, JSON-LD 09:45:00 JoeAndrieu: How does versioning happen? Does the JSON-LD context update to a new version? 09:45:09 q+ 09:45:29 manu: JSON-LD contexts will work the same way as they work today. 09:45:53 ack drummond 09:46:29 q+ to react on Sam's comment 09:46:44 drummond: I think the proposal is a good starting point. Some of us will think there is a clear enough path to the third tier toward decentralized extensions. There may be evolutionary pressure to support that. 09:47:18 drummond: Even though we call out three representations, we are committed to an abstract data model. Every extensibility model should be expressible in all concrete formats. 09:47:41 q+ 09:47:47 ack tplooker 09:47:49 drummond: Governance of the registry is important. I think we should explore if we also want to apply this same mechanis to method names. 09:47:49 +1 method names 09:47:57 q+ method names 09:48:17 q+ 09:48:40 tplooker: The way you use URIs, how DID documents reference each other, I want that to be consistent. I don't want to use differnet URI formats depending ont he DID document format (e.g. have JSON pointers in a DID URL) 09:48:43 q+ 09:48:44 q+ 09:48:58 tplooker: I want to be able to consistently be able to link to keys, e.g. 09:49:08 ack manu 09:49:08 manu, you wanted to comment on abstract data models for RDF... 09:49:13 chaals has joined #did 09:49:28 Drummond reminds himself to talk about lossless conversion between representations 09:49:34 manu: Agree with tplooker, that should be a goal, would be surprised if anyone argued otherwise 09:50:02 q? 09:50:20 manu: SamSmith Regarding your point to have an abstract data model for syntax, and an abstract data model for semantics. I think this will add complexity to the specification that we probably dont need to be successful. 09:51:22 manu: E.g. with JSON-LD, anyone who uses it is aware that the underlying semantic model is RDF, so whoever works with RDF already can also express it in Turtle and other RDF serializations. We could go into details in the DID Core spec, but let's be pragmatic 09:51:41 scribe+ Oscar 09:51:52 oskar: taking over scribing 09:51:52 ack burn 09:51:52 burn, you wanted to express concern about RDF model in registry not being specific enough and to talk about registry re: interop, JSON-LD 09:51:56 q+ to see if we can get agreement on proposal #1 09:52:16 burn: Concern with RDF + Registry - is not specific enoigh 09:52:24 .... need specific JSSON LD 09:52:27 scribe+ Oskar 09:52:39 ... Registry replicates what we are already doing in the spec 09:52:54 ... Registry gives us interop 09:52:56 s/enoigh/enough 09:53:03 q+ 09:53:20 ... anyone can privately extend anyway, one cannot stop that 09:53:33 ... however, one is not interoperable if not in registry 09:53:46 ... We could also be more strict 09:53:56 ack selfissued 09:54:03 selfissued: Versioning question 09:54:18 ... increasing set of version numbers is antipattern 09:54:22 q 09:54:27 ... one wants to mix and match 09:54:45 ... Cf Dan's comment about interop 09:55:09 ... want same language in PRs, oAUTH, "a field that you don't understand you must ignore" 09:55:12 charles has joined #did 09:55:27 ... this maintains interoper in case of private extensions 09:55:39 ack ivan 09:55:39 ivan, you wanted to react on Sam's comment 09:56:05 ivan: "Sam is right, but ..." 09:56:28 ... if you want to do it right, one also should use also e.g. OWL or the like 09:56:59 ... don't undersestimate the anti-semanticweb forces and anti RDF forces 09:56:59 Reminder, audio and slide presentation link: https://zoom.us/j/5593214233 09:57:15 ack method 09:57:19 ack names 09:57:32 ... would be interested in separate note on semantic web, on which they can build 09:58:32 ack gannan 09:58:33 burn: Agenda - THIS IS OUR MAIN TOPIC, we'll continue to lunch 09:58:48 q? 09:58:53 @@@ Proposal is incomple and not feasible 09:59:06 ... Can we agree on something this incomplete? 09:59:13 s/@@@/this/ 09:59:37 q+ 09:59:40 s/feasible/feasible to fill in the holes/ 09:59:47 ack SamSmith 09:59:51 mshea has joined #did 10:00:08 SamSmith: Semanticweb not for us 10:00:25 ... We should add method names to the registry 10:00:27 s/this/gannan: / 10:00:39 ... this should resolve namespace collisions 10:00:46 s/@@@/gannan:/ 10:00:48 I would agree with "a registry" not "the registry" but that's a detail 10:00:56 Maybe add methods to a registry, but not the same one that we are currently discussing for extensions 10:01:09 ... do similar this for interop with methods 10:01:12 q? 10:01:15 ack drummond 10:01:52 drummond: test - if we have this [registr] what would be the constraints? 10:02:08 ... talked with folks who made PRs 10:02:23 q? 10:02:25 ... start from requirements, and puts these into core spec 10:02:37 q+ to talk about proposal 1 10:02:45 ... could you define/require lossless conversion between representations? 10:03:11 +1 to lossless conversion between formats 10:03:15 ... that would make things a lot easier for DID Controllers (authors) to produce DIDdocuments in multiple representations 10:03:35 drummond: Lossless conversion would be the test 10:03:39 ack markus_sabadello 10:03:43 ... this could be done even decentralised 10:03:47 +1 to lossless conversion, I think it's required (modulo signature verification) 10:04:05 markus_sabadello: Decentralised non-registry solution, can that also allow interoperability 10:04:18 q? 10:04:18 ack manu 10:04:19 ... or can the JSON-LD @context achieve the same? 10:04:19 manu, you wanted to see if we can get agreement on proposal #1 10:04:36 manu: Group should look down the list and identify objections 10:04:42 ... Let's drive to agreement 10:04:44 ack ken 10:05:12 ken: Are ALL extensions done via JASON-LD context, or also other 10:05:36 manu: That is the fall-back position, requiring EVERYONE to go via the registry? 10:05:42 s/JASON-LD/JSON-LD/ 10:06:00 manu: Would this take away the JSON-LD extensibility mechanism? 10:06:08 ChristopherA: Not part of this proposal 10:06:16 Here's a counterproposal: any extension designed for lossless conversion MUST use the registry mechanism, but decentralized extensions are still allowed. 10:06:18 brent: Let's focus on proposal. 10:06:29 ... Disagreement on point 1)? 10:06:48 ivan: With my porosed modification 10:06:52 q? 10:07:06 burn: Five hands up for worries 10:07:21 ivan: Then slides needs to get included shape constraint 10:07:50 tplooker: URI, different serialisation should not cause different but equivalent ... 10:08:24 drummond: Text is changed. Lossless conversion covers every constraint. AT LEAST JSON-LD and CBOR 10:08:53 selfissued: I don't understand what shape constraint means, so please delete that sentence from the slide? 10:08:57 q+ to talk about lossless conversion 10:09:15 manu: Shape constraint = "there must be loss-less conversion" 10:09:24 jonathan_holt has joined #did 10:09:26 q- 10:09:31 selfissued: Can you then sign the data? 10:10:11 selfissued: Then please write "lossless", not "shape" 10:10:23 burn: OK, changed, new formulation of 1) 10:10:48 ... any further concerns, no? Consensus, hurray!!! 10:10:59 q? 10:11:17 ack Justin_R 10:11:17 Justin_R, you wanted to talk about proposal 1 10:11:23 Justin_R: VC document has sentence "process of serialisation has to be lossless and bidirectional" 10:11:42 ... This limits stuff from JSON-LD and CBOR 10:11:53 SamSmith: xxxx 10:12:09 From VC core spec: The process of serialization and/or de-serialization has to be deterministic, bi-directional, and lossless. 10:12:12 q+ 10:12:15 burn: Lot of headnodding on Justin_R remark 10:12:25 ... any concerns? 10:12:45 burn: Alternative formulation on screen 10:13:18 SamSmith: Can't depend on semantic, or constraints on @context of JSON-LD? 10:13:31 burn: Sorry, too detailed, wanted to pursue headnods 10:13:43 q- 10:13:58 ack selfissued 10:14:12 selfissued: Process point, agreement on 1), not further wordsmithing 10:14:21 gannan has joined #did 10:14:36 burn: Procedural ... 10:14:51 ... concerns about 2)? 10:15:03 jonathan just virtually nodding his head 10:15:03 selfissued: Set of .. 10:15:15 markus_sabadello: Not the ONLY extension mechanism 10:15:41 tplooker: Extension of the CORE SPEC will be administered by the reigistry 10:16:01 ... all the CORE attributes go to the single registry 10:16:20 ... versus decentralised extension mechanism 10:16:31 burn: Not too many nods 10:16:57 burn: Let ONLY manu do text editing in the slide, please 10:17:12 ... who has concerns on 2) 10:17:32 @@@ How are multiple registries linked to each other? 10:17:47 s/@@@/phila/ 10:17:48 selfissued: One per type, they are disjunctive 10:17:59 drummond: But that is not what the wording says 10:18:14 phila: "Typed registry"? 10:18:36 burn: Registry mechanism is used for extensions (no singular/plural) 10:19:09 drummond: Want that, but don't want to exclude others for doing decentralezed extensions 10:19:29 burn: Anyone can provide additional proposal, anyone can make a PR 10:19:39 drummond: Does this exclude PR mech? 10:20:00 ooo 10:20:16 will do 10:20:28 scribe+ brent 10:20:45 Justin_R has joined #did 10:20:46 q? 10:20:48 s/ooo// 10:20:51 Oskar has joined #did 10:20:53 self_issued: add the word interoperable 10:20:56 present+ 10:20:59 selfissued: THe registry mechanism is the one that will be used for ^interoperable extensions 10:21:03 selfissued has joined #did 10:21:07 present+ 10:21:17 JoeAndrieu: can we clarify and say properties? so we know we're not talking about other things? 10:21:19 JoeAndrieu: Matrix paramaters 10:21:29 and DID methods? 10:21:37 markus_sabadello: same concern, it sounds like you NEED to use the registry 10:21:59 markus_sabadello: Same concern as previous 10:22:07 JoeAndrieu: Wording is incorrect 10:22:14 JoeAndrieu: this is about extensibility for everything, that isn't the proposal 10:22:52 tplooker: Same as Markus, use a registry mechanism, proper documentation for JSON-only developers 10:23:07 ... We can agree about CORE extensions 10:23:22 ... We can also include other extension mechanisms 10:23:29 burn: lots of hands up 10:23:37 method to model the "expressivity" of deterministic extensibility 10:23:46 q+ 10:23:48 ... start with Joe's point 10:23:50 q+ 10:23:59 q+ 10:24:15 JoeAndrieu: Presents 10:24:19 q+ to say that this is a hold your nose proposal, not a perfect proposal. Concerns, fine... but could you live with it. 10:24:27 q+ 10:24:27 subtopic: property extensibility 10:24:32 ... Essence is properties, want they mean, and their extension 10:24:50 ack Justin_R 10:24:51 ... Make clear that we are talking about properties, not matrix parameters 10:25:05 Justin_R: I interpret this as core properties 10:25:14 ... Method extension is a different issue 10:25:37 ... we should be specific about properties, but let's look also at other things 10:25:55 ... pairwise agreement is not spec interoperability 10:26:06 ... former is DIF universal resolver 10:26:16 ... need ways for the latter 10:26:49 ack manu 10:26:49 manu, you wanted to say that this is a hold your nose proposal, not a perfect proposal. Concerns, fine... but could you live with it. 10:26:54 ... There should be rules on how to handle unrecognized field: ignore, allow, error, ... 10:26:58 q+ 10:27:21 burn: Queue is not moving well, please be brief 10:27:28 .. one minute each 10:27:59 manu: Remind that this is a hold-your-nose proposal, no perfection needed, just general agreement about direction 10:28:10 ack drummond 10:28:20 brent: Focus is joe's topic, properties 10:28:33 drummond: This is about extensions of the DATA MODEL 10:28:53 ack selfissued 10:28:58 ... Extensions to the core? Core=core, as defined by spec. Extensions != core 10:29:26 selfissued: Unless we delete "properties", I don't hold my nose. Other extensions, other than properties. 10:29:34 ack ivan 10:29:43 ... please delete "properties" 10:29:51 q+ 10:29:53 ivan: Properties AND possible values 10:29:56 q+ 10:30:00 q+ 10:30:02 ack markus_sabadello 10:30:05 q+ 10:30:36 markus_sabadello: Type of extensibility relates to purpose of document as a whole. Is it minimalistic DNS-like? 10:31:02 ... Or is it like a web-ID profile? WE.g. extensions for publishing list of fiends 10:31:03 ack selfissued 10:31:30 selfissued: If you qualify the kind of extensions, then there could be extensions that don't need registry. 10:31:46 ... ONLY registry for interoperable extensions 10:31:57 ack jonathan_holt 10:32:04 manu: Delete "Properties" 10:32:15 burn: Objections? Yes ... 10:32:29 @@@ DID methods ... 10:32:30 ack JoeAndrieu 10:32:31 q+ 10:32:42 q+ 10:32:49 JoeAndrieu: OK with getting rid of "property" 10:33:08 ... But then how to address Markus' and Drummond's points? 10:33:18 burn: Opening scope? 10:33:32 manu: No, focus is issue 2) on the slide 10:33:58 JoeAndrieu: Markus wants (also) decentralised extension mech 10:34:06 subtopic: registry extension mechanism 10:34:09 q? 10:34:13 ack drummond 10:34:30 q+ to suggest publish 10:34:32 q+ 10:34:56 drummond: Agree with ..., but should not exclude decentralized extensions (i.e. not-registered ones) 10:35:06 ack Justin_R 10:35:12 q+ 10:35:19 ... Disagree if 2) disallows decentralized extensions 10:35:52 ack JoeAndrieu 10:35:52 JoeAndrieu, you wanted to suggest publish 10:35:54 Justin_R: Issue with universality without/with the word "property" 10:36:18 JoeAndrieu: Registry mechanism is how we publish interoperable extensions 10:36:27 q? 10:36:33 q+ 10:36:40 ack markus_sabadello 10:36:47 ... Use that for those, does not exclude non-ublished solurions for extensions 10:37:18 +q to Global interoperable, but I might want to be more locally interoperable (say just two methods) 10:37:20 ack selfissued 10:37:23 markus_sabadello: What goes into my DIDdocument is controlled by ME. However others seem to see this differently. Interoper issue 10:37:48 q+ to ask maybe globally interoperable extensions 10:37:51 q+ 10:37:53 selfissued: Key word is INTEROPERABLE extension. Private agreements can always happen. However, register is for global interop 10:37:58 q+ 10:38:21 ack ChristopherA 10:38:21 ChristopherA, you wanted to Global interoperable, but I might want to be more locally interoperable (say just two methods) 10:38:24 selfissued: Interop between .. out of time 10:38:50 ack brent 10:38:50 brent, you wanted to ask maybe globally interoperable extensions 10:38:55 ChristopherA: Global interoperable via registry, but smaller commnunities should not be impeded to extend 10:38:59 q- 10:39:05 ack markus_sabadello 10:39:07 brent: Add "globally" interoperable 10:39:10 q+ 10:39:18 markus_sabadello: +1, add "globally" 10:39:38 q? 10:39:41 ... not sure whether that is good enough? "mandatory"? 10:39:42 q+ to request "publishing" global interoperable extensions 10:39:48 ack selfissued 10:40:14 selfissued: Please delete "property and possible values", let us that at provisional consensus 10:40:31 manu: Updated the statement 10:40:38 burn: Any objections? 10:40:50 q? 10:40:56 ack JoeAndrieu 10:40:56 JoeAndrieu, you wanted to request "publishing" global interoperable extensions 10:41:04 JoeAndrieu: Want to have the word "published" 10:41:14 ... withdrawn 10:41:26 brent: Why "in general" 10:41:32 manu: Wiggle room 10:41:32 q? 10:41:52 markus_sabadello: Add "allow other extension mech"? 10:42:05 ... lossless conversion? 10:42:17 Consensus about number 2), hurray! 10:42:35 burn: Consensus, hurray, thank you! 10:43:00 ... lunch at 12:30, but continue on 3) and 4) till then. Any objection 10:43:00 subtopic: proposal 3 10:43:09 q+ 10:43:17 burn: Number 3), any objection? 10:43:24 ... several objections 10:43:24 q+ 10:43:25 ack selfissued 10:43:25 q+ 10:43:32 q+ 10:43:32 q+ 10:43:38 selfissued: Objecting to singular "registry" 10:43:50 manu: change to "registry mechanism" 10:43:51 q- 10:43:55 ack Justin_R 10:44:08 q+ 10:44:15 Justin_R: Clarifying, "managed" means what goes in or out? 10:44:21 manu: "governed"? 10:44:27 q? 10:44:30 ack ivan 10:44:30 Justin_R: Don't want to redo IANA 10:44:45 q? 10:44:49 ivan: Replace W3C... by just "governed by W3C" 10:44:54 burn: Not accepted 10:44:54 ack SamSmith 10:44:58 ack selfissued 10:44:58 q+ 10:45:13 q+ 10:45:36 selfissued: Clarification, WG should govern registry, and delegate day-to-day operations to designated experts of W3C staff 10:45:53 burn: Seems agreement about that notion 10:46:02 ack drummond 10:46:04 q+ 10:46:21 q? 10:46:28 drummond: WE define the governance, that defines who/what/... 10:46:31 ack JoeAndrieu 10:46:48 q+ 10:46:55 JoeAndrieu: In response to ivan --> want "DID WG" governs ... 10:46:59 ack tplooker 10:47:03 manu: updated ... 10:47:19 tplooker: Process carried out by ... 10:47:30 q+ 10:47:40 ... DID WG reserves the right to manage the registry 10:47:50 ack ivan 10:47:53 burn: Not agreed 10:48:13 q+ 10:48:21 q+ 10:48:26 q+ 10:48:26 ack drummond 10:48:26 +1 to Ivan 10:48:30 ivan: DID WG ceases to exist, cannot mandate maintenance WG, cannot load work on that. ONLY W3C can do this long term 10:48:32 q 10:48:59 drummond: Registry mechanism governance will be defined by the DID WG 10:49:04 +1 drummonds suggestions 10:49:08 burn: Agreed 10:49:21 manu: Includes Drummond's text 10:49:24 q? 10:49:29 q+ 10:49:41 ack SamSmith 10:49:45 JoeAndrieu: Thanks, addresses my point and ivan's 10:49:45 ack JoeAndrieu 10:49:50 ack selfissued 10:49:54 ack phila 10:49:55 selfissued: Like this, simpler 10:50:07 phila: Separate document or in this spec 10:50:13 q? 10:50:21 burn: That is detail, not now 10:50:32 drummond: Will follow from W3C policy 10:50:49 brent: Any objections to 3)? 10:51:14 burn: Hurray, consensus! 10:51:24 subtopic: proposal 1.4 10:51:28 q? 10:51:29 q+ 10:51:31 q+ 10:51:34 q+ 10:51:35 burn: Start discussing item 4) 10:51:43 q+ 10:51:44 q+ 10:51:45 ... any objections? 10:51:46 q+ 10:51:47 ack Justin_R 10:51:55 q+ abstract data model 10:51:55 ... many objections 10:52:04 q+ 10:52:12 Justin_R: Provide "a" specification is way one-to-one 10:52:24 ... how about JSON-LD reachability of @context 10:52:57 q- 10:53:05 ... compatibility between producers and consumers, not just about types, who is writing and rwsafing 10:53:09 ack tplooker 10:53:11 q+ 10:53:13 ack phila 10:53:31 phila: Governance defined by group, delete 4) 10:53:40 manu: Is technical interop 10:53:49 ack gannan 10:54:22 gannan: No wording, nothing is enforcing JSON-LD context is correct or valid, so what does that mean? Valid for what? 10:54:31 ack selfissued 10:54:35 burn: add "valid" --> agreed 10:55:01 selfissued: Second justin's first point, "must provides references to specs for each new attribute" 10:55:10 burn: Agreed! 10:55:11 ack markus_sabadello 10:55:38 markus_sabadello: Is about "entries" in general 10:55:40 ack SamSmith 10:56:08 ack drummond 10:56:12 SamSmith: We are mixing between specs. DIDcore is abstract data model, is other than semantic model as exptressed by JSON-LD 10:56:39 q+ to suggest "to ensure compatibility between formats" 10:56:45 drummond: Getting semantic AND syntactic interop, no proposal 10:56:45 q+ 10:56:54 ack brent 10:56:54 brent, you wanted to suggest "to ensure compatibility between formats" 10:56:56 brent: Compatibility between formats? 10:57:03 burn: I see objections 10:57:05 ack selfissued 10:57:22 selfissued: "Producers or consumers" --> AND 10:57:37 brent: Any further objections to 4) 10:57:46 q+ 10:57:49 q+ 10:57:50 ack JoeAndrieu 10:57:56 q+ 10:58:09 q+ 10:58:16 ack markus_sabadello 10:58:25 q+ 10:58:26 JoeAndrieu: Producers and consumers, language does not flow here. Is is about compatibilityb about serialisations, not consumers and producers 10:58:31 ack drummond 10:58:44 q+ 10:58:49 markus_sabadello: Same point, "entry"? 10:59:07 ack gannan 10:59:11 drummond: To add an entry to the registry, wording could be better 10:59:17 q+ 10:59:23 gannan: entry versus entries, plural? 10:59:26 manu: fixed 10:59:29 q? 10:59:32 burn: editorial 10:59:33 ack selfissued 10:59:35 selfissued: 10:59:38 ack SamSmith 10:59:38 q+ 10:59:57 q+ 10:59:57 q+ 11:00:24 SamSmith: Compatibility between JSON and JSON-LD is not our goal, but semantic interoperability. There should be an @Context 11:00:50 burn: problem with presentation mode, use Google Docs correctly, please 11:00:56 ack dezell 11:01:03 SamSmith: page is now refreshing, thanks 11:01:14 q? 11:01:31 @@@ In general, if you give too many reasons then it is harder to get consensus (so remove reasons) 11:01:48 q? 11:02:06 ack drummond 11:02:18 burn: ... slight confusion about numbering on screen .. 11:02:34 q+ 11:02:38 @@@ Lot of "reasons", focus on pure wording 11:02:42 q+ 11:03:12 s/@@@/dezell 11:03:18 ack Justin_R 11:03:31 q+ 11:03:37 Justin_R: Confused about "for example". changes rest of sentence 11:03:48 .. more than ONLY semantic interop 11:04:05 manu: changed 11:04:09 ack selfissued 11:04:11 burn: change agreed 11:04:20 ack JoeAndrieu 11:04:23 selfissued: Delete ALL the reasons, only what, not why 11:04:39 q? 11:04:42 ack drummond 11:04:44 JoeAndrieu: replare JSON-LD @context with lower-case contexrt 11:04:51 burn: Not agreed 11:05:06 q? 11:05:11 drummond: Let's use terminology consistently, "representation" 11:05:29 burn: No agreement on last line? 11:05:40 burn: Any further objections on 4)? 11:06:04 q+ 11:06:10 JoeAndrieu: Serialisation and producers/consumers are not siblings, remove producers/consumers 11:06:11 q+ 11:06:12 ack markus_sabadello 11:06:35 q+ to support Joe 11:06:44 markus_sabadello: We want lossless conversion, can we repeat THAT language as explanation of compatibility? 11:07:06 q- 11:07:09 JoeAndrieu: Delete producers/consumers 11:07:15 burn: Not agreed 11:07:22 ack Justin_R 11:07:47 Justin_R: Important that producer and consumer considerations are different. Proposes "lossless conversion ..." 11:07:53 q? 11:07:55 manu: correcting 11:08:13 burn: Any objections? 11:08:14 q+ 11:08:31 burn: Hurray, we have consensus on item 40!! 11:08:44 s/40/4/ 11:08:55 ivan: We need put this at the IRC level 11:09:07 q? 11:09:18 Here's the proposal we've all seemed to agree to 11:09:20 The DID Core specification will define an abstract data model that can be cleanly represented in at least JSON, JSON-LD, and CBOR. There will also be a graphical depiction of the abstract data model. There must be lossless conversion between multiple syntaxes (modulo signatures and verification). 11:09:20 In general, the registry mechanism is the one that will be used for globally interoperable extensions. 11:09:20 The governance of the registry mechanism will be defined by the W3C DID Working Group. 11:09:20 Extension authors must provide references to specifications for new entries and a valid JSON-LD Context to be associated with each entry to ensure lossless conversion between serializations for both producers and consumers. This is partly being done to ensure semantic interoperability. 11:09:22 ack JoeAndrieu 11:09:24 manu: Copying to the IR 11:09:33 JoeAndrieu: Compliments to manu 11:09:41 All: applause 11:10:03 q+ 11:10:08 That is proposal #1. 11:10:16 burn: Voting on IRC 11:10:51 markus_sabadello: Is this agreed for the spec? 11:11:07 burn: No this is not yet spec text, but it was agreed at DID WG 11:11:09 gannan has joined #did 11:11:27 JoeAndrieu: It shall be noted that this is a hold-your-nose 11:11:47 burn: We shall accept the proposal 11:12:31 s/shall accept/are saying, by agreeing here, that the working group accepts this proposal at this time/ 11:12:35 burn: Correcting Oskar's text :-) 11:12:57 manu: I have a proposed text 11:13:09 oliver has joined #did 11:13:15 present+ 11:13:18 burn: Voting via IRC, observers don't vote 11:13:19 q+ 11:14:32 burn: any suggestions for changes to manu's PROPOSAL wordings? 11:14:39 markus_sabadello: 11:14:39 q- 11:14:40 q- 11:14:42 selfissued: 11:14:43 ACK markus_sabadello 11:15:02 JoeAndrieu: "#1" 11:15:14 PROPOSAL: Proposal #1 above is agreed to by the Working Group. Further proposals may modify the baseline proposal above. 11:15:14 +1 11:15:15 +1 11:15:16 +1 11:15:16 +1 11:15:16 +1 11:15:17 +1 11:15:17 +1 11:15:18 +1 11:15:18 +1 11:15:18 +1 11:15:18 +1 11:15:18 ivan: will take care of miutes 11:15:18 +1 11:15:19 + 11:15:19 +1 11:15:21 +1 11:15:22 +1 11:15:28 +1 11:15:29 +1 11:15:45 +1 11:16:01 RESOLVED: Proposal #1 above is agreed to by the Working Group. Further proposals may modify the baseline proposal above. 11:16:05 +1 11:16:07 burn: No objections --> RESOLVED, hurray! 11:16:17 SamSmith: Strong consensus! 11:16:43 burn: No discussion now, let's gongratulate ourselves first 11:16:50 All: Applause!! 11:16:58 SamSmith: Compliments to burn 11:17:03 All: Applease 11:17:19 JoeAndrieu: Plus thanks for whole days! 11:17:26 All: Again applause 11:17:28 -- 11:17:29 -- 11:17:30 -- 11:17:57 burn: Have many present proposal #2, so all can have at least seen it 11:18:00 Carsten has joined #did 11:18:18 burn: Any objections to that approach? 11:18:37 ChristopherA: Manu may need time to incorporate #1 into #2 11:18:42 manu: already done 11:19:07 manu: Proposal #2 is parallel/additional to 3! 11:19:12 #1 11:19:30 manu: Line 1 is same 11:19:55 burn: manu, please read all out 11:20:11 manu: Reading proposal #2 11:20:38 manu: No need for registry and maintenance of registry 11:20:47 q+ to discuss what this means for the model 11:20:51 q+ 11:20:51 q+ 11:20:52 burn: manu, please clarify rationale 11:22:01 manu: proposal #1 has weak technical argument. Benefit of #2 is decentralised extensibility, no need for governance, addresses many's requirements for extensibility, without registry processes overhead 11:22:05 q+ 11:22:06 ack Justin_R 11:22:07 Justin_R, you wanted to discuss what this means for the model 11:22:22 Justin_R: This feels heavily biased to JSON-LD 11:22:33 q+ 11:22:41 .. this direction feels OK, but then spec becomes JSON-LD spec 11:22:51 ack phila 11:22:52 ... that should be made explicit 11:22:55 +1 Justin 11:23:10 phila: This contradicts previous proposal? 11:23:18 Not technically equivalent 11:23:21 ivan: indeed, is alternate proposal 11:23:32 phila: feels strange 11:23:33 ack selfissued 11:23:56 q+ 11:23:58 q+ 11:24:03 selfissued: making things easier for WG? Does not what matters. Ease to developers is more important. 11:24:08 q+ 11:24:11 Broad Industry Adoption is hurt by a Json-ld specificaiton 11:24:18 q- 11:24:19 ... This would hurt implementation, is not developer friendly 11:24:35 burn: manu proposed #2 to replace #1 11:24:35 ack drummond 11:24:49 q+ 11:24:53 Proposal number two would impose a substantial unnecessary burden on developers 11:25:01 drummond: I understand what this is about, purely political thing, JSON-only PRs 11:25:12 q+ to point out that this means JSON-only developers have no vehicle for extending the spec 11:25:20 ack markus_sabadello 11:25:23 ... want to see abstract data model in multiple representations may be too JSON-LD centric 11:25:55 q? 11:25:58 q+ 11:25:59 markus_sabadello: Biggest extension is in the wording itself, "in general", "could be", language 11:26:00 ack ChristopherA 11:26:00 q+ 11:26:11 q+ 11:26:19 ChristopherA: I believe that #2 is equivalent, but politically unsound 11:26:33 ... We can remedy that by reframing some words 11:26:53 q? 11:26:58 ack jonathan_holt 11:27:02 ... We just don't mention JSON-LD by name, but only wording pointing the registry into that direction 11:27:03 ipld://bafyreiauq2tulhnkrktu6brs4jfe472cvgbf2gvvmd6gjjzxy2lyedrmyq 11:27:14 @@@ item in array, IANA 11:27:21 q? 11:27:27 ack SamSmith 11:27:37 s/@@@/jonathan)holt 11:27:38 q+ 11:27:46 q+ 11:27:48 ack JoeAndrieu 11:27:49 JoeAndrieu, you wanted to point out that this means JSON-only developers have no vehicle for extending the spec 11:27:56 SamSmith: JSON-LD centric serves one community well, and others poorly 11:28:07 JoeAndrieu: I don't like registries 11:28:10 q+ 11:28:22 ... Don't see how JSON-only developer can extend this 11:28:27 q- 11:28:29 ack selfissued 11:28:59 selfissued: Registries per #1 are for global interoperability, #2 makes it dead in the water 11:29:29 burn: This is START of conversation, we have limited time to discuss. Please talk about it offline with each other please! 11:29:38 Per #1, the registries are there to enable global interoperability. Without the registries, you don't have that. Therefore, #2 is dead in the water. 11:29:48 ... and please seek common ground, or at least something for common agrteement 11:30:00 q 11:30:02 Registries are not the only way to get global interop 11:30:08 ... after break other items on the agenda 11:30:27 q= 11:30:32 But registries are a proven, developer-friendly means of achieving interoperability 11:30:32 burn: Any other issues? 11:30:39 q= brent 11:30:47 q= 11:30:48 burn: Dinner? 11:30:51 queue= brent 11:30:55 ack brent 11:31:13 @@@ booked dinner in restaurant 11:31:44 ... Dinner after boat tour 11:32:01 ivan: there is time to walk, distances are limited 11:33:13 ChristopherA: Rain expected around 17:00, byu, bring your umbrella 11:33:37 @@@ Confirmation of dinner location after 13:00 11:34:32 burn: 20 eaters for dinner 11:35:13 Boat is at 15:30 11:35:45 Oskar: Oskar out 11:36:27 zakim, end meeting 11:36:27 As of this point the attendees have been markus_sabadello, brent, yoshiaki, ivan, ChristopherA, Eugeniu_Rusu, Oskar, tplooker, Justin_R, dezell, gannan, juan_caballero, charles, 11:36:30 ... ken, drummond, manu, phila, selfissued, identity_woman, JoeAndrieu, oliver 11:36:30 RRSAgent, please draft minutes 11:36:30 I have made the request to generate https://www.w3.org/2020/01/30-did-minutes.html Zakim 11:36:32 I am happy to have been of service, ivan; please remember to excuse RRSAgent. Goodbye 11:36:36 Zakim has left #did 11:37:17 rrsagent, bye 11:37:17 I see no action items