Meeting minutes
minutes review
<kaz> May-26
<kaz> approved
<Ege> https://
PRs
PR #1156
<kaz> PR 1156 - fix links, combo, date in the schema
PR #1156
Ege: subprotocol is an enum of the possible subprotocols
(reviewing problems in PR)
McCool: questions about use of "rel"
Ege: link validation is complicated due to the icon link type
Ege: it is correct
McCool: try to reduce lines where the brackets can be on one line
Koster: processors seem to always expand the brackets
McCool: (line by line review of the diff)
Mizushima: there is a problem on line 2
McCool: (fixed)
McCool: any objections to merging?
McCool: OK
McCool: review other PRs
PR #1151
<kaz> PR 1151 - WIP: TD Signatures
McCool: signatures, PR #1151
McCool: still some things yet to do
McCool: added support for XML signatures that have signatures for sub-sections of the document
McCool: it creates a digest and signs individual items in the digest
McCool: there needs to be a way to support keys in the TD
… or it could be a URL that points to the keys
McCool: there is a question of which curves to support beyond JWS
… testing could impose a practical limit on the number of curves we can support
McCool: there is an issue with including the digest as a mandatory element in TD
McCool: there could be 2-step validation, before and after
McCool: another question about expanding references
… we can't validate a TD with expanded references
McCool: we could build reference expansion into the processing
… the expanded form wouldn't be stored or validated
McCool: with PKI, the signatures aren't compared directly but decrypted and the hash compared
McCool: it introduces a dependency on signature type
Philipp: the curve selection is important; it's good to support a lot of curves, but maybe we don't need to test optional curves
McCool: we can't use a curve that we can't test, so we will need a small set
Philipp: we have the same situation in other areas, for example CBOR + JSON issue in the profiles
McCool: the testing doesn't need to include the mathematics of the curves
… we just use a library
kaz: the main consideration is 2 implementations
McCool: the TD feature we are testing is the signature wrapper
McCool: we should test the 3 reference types json pointer, json path, and xpath
Philipp: we should test the DID method
McCool: we have a general need to test URI methods
McCool: we get to a question of coverage vs. requirement
McCool: would like to merge this PR but it could be TD 2.0
McCool: any other PRs?
McCool: canonicalization wrt prefixes is still a question
McCool: any other topics?
… AOB?
… adjourn