15:40:32 RRSAgent has joined #did 15:40:32 logging to https://www.w3.org/2022/01/11-did-irc 15:40:34 RRSAgent, make logs Public 15:40:35 please title this meeting ("meeting: ..."), ivan 15:40:51 Meeting: DID WG Telco 15:40:51 Chair: brent 15:40:51 Date: 2022-01-11 15:40:51 Agenda: https://lists.w3.org/Archives/Public/public-did-wg/2022Jan/0001.html 15:40:51 ivan has changed the topic to: Meeting Agenda 2022-01-11: https://lists.w3.org/Archives/Public/public-did-wg/2022Jan/0001.html 15:48:09 TallTed has joined #did 15:58:40 pchampin has joined #did 15:58:52 present+ 15:58:56 mprorock has joined #did 15:59:03 brent_ has joined #did 15:59:06 present+ 15:59:40 present+ mprorock 16:00:26 present+ 16:00:26 burn has joined #did 16:00:33 present+ brentz 16:00:33 present+ shigeya 16:00:44 present+ markus 16:01:08 markus_sabadello has joined #did 16:01:22 present+ 16:01:23 present+ 16:01:32 Orie has joined #did 16:01:33 present+ 16:01:38 present+ 16:02:30 scribe+ 16:02:33 present+ dmitri 16:02:44 topic: Agenda Review 16:02:54 present+ TallTed 16:03:06 brentz: A few minutes to Ivan, then talk about meeting schedule, then a few minutes about the id method, then the bulk of the time for the keri method. 16:03:13 present+ manu 16:03:15 ... Anything to add/modify? 16:03:39 ivan: Some of you probably know that I have partially retired this year. 16:03:51 ... I am still active at W3C but on a reduced hour compared to before. 16:04:04 ... Other fact is that there are new activities with the VC WG, and with the canonicalization WG. 16:04:17 ... Bottom line is that I cannot be the staff contact for all these at once. 16:04:33 ... After discussing it with Brent, I decided I will stay active in the VC WG with Brent... 16:04:55 ... I am happy to introduce Pierre-Antoine Champin, "Pa", who will be the staff contact for this WG. 16:05:15 ... While the FOs are underway, I will also stay along, so there can be a smooth change. 16:05:41 ... Pierre-Antoine knows a lot about the web, and about JSON-LD, made an implementation of JSON-LD in Rust. 16:05:45 justin_r has joined #did 16:05:50 present+ 16:05:51 pchampin: Thank you for the kind introduction 16:05:58 present+ drummond 16:06:02 ... As Ivan told, I joined the W3C team a year ago, as a fellow. 16:06:11 ... Before that - I'm technically still an associate professor. 16:06:22 ... Involved in other groups... JSON-LD 1.1 16:06:35 present+ rgrant 16:06:35 ... I've followed at a distance this group's activity... 16:06:54 present+ agropper 16:07:01 drummond has joined #did 16:07:01 ... I didn't write a JSON-LD impl in Rust, but contributed to an impl 16:07:10 present+ 16:07:12 ... I think that will give me time enough to get into the swing (Ivan staying along) 16:07:13 Very excited to have PA involved! :) 16:07:17 ivan: But you mastered Rust 16:07:24 rgrant has joined #did 16:07:38 present+ 16:07:39 brentz: Reminder: Credentials Community Group (CCG) meeting after this meeting. Discussing chair election process as a chair has stepped down. 16:07:41 s/PA/Pierre-Antoine/ 16:07:44 Topic: Upcoming meeting schedule 16:08:09 topic: In recognition of the fact that we exist as a working group due to administrative extensions of our charter, in order to wait out the formal objection processs... 16:08:14 s/topic:/brentz:/ 16:08:38 brentz: ... and in recognition of the monumental work that has been done, the chairs will be curtailing meetings going forward 16:08:45 ... We will be keeping abreast of changes... 16:09:11 ... So we won't be discussing did registries, rubric, impl guide, etc. We've published them, and feel the work is primarily done, 16:09:22 ... and feel deserving of spending a little less time on DIDs. 16:09:45 ... We ask you keep this slot on your calendars, but unless you get an agenda announcement, don't come, since we won't be here. 16:09:53 q? 16:09:55 +1 on the proposed direction. 16:10:02 +1 to this transition 16:10:04 q+ 16:10:12 ack ivan 16:10:12 ... If nothing more to discuss, this may be our last meeting. 16:10:14 +1 on the proposed direction 16:10:33 ivan: Just to make it clear, we don't intend to close down the repositories. Any discussion on GitHub - which this group is very active on - is of course very possible and welcome. 16:10:47 brentz: Yes, continue to work offline. If anyone feels the group needs to meet and discuss something, that's possible. 16:10:59 ... I don't think it's necessary to do a proposal... We've fulfilled our charter. 16:11:10 ... But if someone wants to propose a proposal, we have time... 16:11:25 Agree with brent, we don't need a proposal to do what we are doing.... we would need proposals and resolutions to do something else, imo. 16:11:38 agropper: Where might we discuss biometrics as it relates to the current or future DID specifications? 16:11:46 q+ 16:11:51 brentz: the CCG probably would be the best place 16:11:55 ack ivan 16:12:00 ivan: At this moment, the CCG... 16:12:15 Biometrics should be discused here: https://github.com/fedidcg/ 16:12:17 ... What we don't know yet is what exactly we will put in the charter for a future version of the DID specification. 16:12:43 q+ on "maintenance WG". 16:12:55 ... Originally the idea was that the next version of the DID WG would be the maintenance WG, and so would not include something like that... but who knows, these days things are changing rapidly - maybe we will have a full-blown specication on our hands 16:12:55 ack manu 16:12:55 manu, you wanted to comment on "maintenance WG". 16:13:35 DIF would also be a good place to discuss. biometrics, there is a device binding work item in the wallet security group. 16:13:44 JoeAndrieu has joined #did 16:13:53 present+ 16:14:16 Topic: did:id Method 16:14:20 q+ 16:14:29 subtopic: https://github.com/w3c/did-spec-registries/pull/363 16:14:39 ack markus_sabadello 16:15:02 markus_sabadello: This is a new PR to add a DID method to the registry 16:15:10 ... I have reviewed it and requested changes. 16:15:25 agropper has joined #did 16:15:37 ... I think it's a pretty extreme example of a centralized DID method that has significant privacy issues... big potential for surveillance and censorship, and other problematic things. 16:15:46 present+ 16:15:56 q+ 16:16:01 ... I think this stands against everything DIDs stand for... But we decided centralized DID methods can be registered 16:16:15 ... But I think some of these issues should be mentioned in the method specification 16:16:25 i/DIF would also/Manu: I think a maintenance WG is fine, the community is doing DID Method interop in the CCG on did:key and did:web, and it's not clear if that work will make the three orgs that have raised FOs happy. So, +1 for maintenance WG for next DID WG./ 16:16:27 ... (did:id by Mastercard) 16:16:46 ... They have some of these considerations in there, but there are many others they should be mentioning... 16:17:12 ... tracking, etc. 16:17:19 q+ to agree with concerns that Markus has said, and how we might deal with this in the future. 16:17:36 present+ selfissued 16:17:52 ack ivan 16:18:09 Summary is that even though the method spec has a Privacy Considerations section, I think it is missing much that matters, and therefore the method spec is incomplete. 16:18:53 q+ 16:19:04 mprorock_ has joined #did 16:19:10 ack manu 16:19:10 manu, you wanted to agree with concerns that Markus has said, and how we might deal with this in the future. 16:19:33 ivan: ... 16:19:44 manu: I think we should discuss this after recharter 16:19:55 +1 manu, this is a charter conversation... that aligns with the FOs perspective as well, AFAIK. 16:20:43 mprorock_ has joined #did 16:20:43 agropper has joined #did 16:20:43 JoeAndrieu has joined #did 16:20:43 rgrant has joined #did 16:20:43 drummond has joined #did 16:20:43 justin_r has joined #did 16:20:43 Orie has joined #did 16:20:43 markus_sabadello has joined #did 16:20:43 burn has joined #did 16:20:43 brentz has joined #did 16:20:43 mprorock has joined #did 16:20:43 TallTed has joined #did 16:20:43 tzviya has joined #did 16:20:43 smoothsalt has joined #did 16:20:43 faceface has joined #did 16:20:43 dlehn has joined #did 16:20:43 asocrt has joined #did 16:20:43 juancaballero has joined #did 16:20:43 damian77 has joined #did 16:20:43 msim has joined #did 16:20:43 cel[m] has joined #did 16:20:43 dietrich has joined #did 16:20:43 bigbluehat has joined #did 16:20:43 dlongley has joined #did 16:20:43 manu has joined #did 16:20:43 etropea73101 has joined #did 16:20:43 cypherhippie has joined #did 16:20:43 shigeya has joined #did 16:20:43 Travis has joined #did 16:20:43 hadleybeeman has joined #did 16:20:43 jyasskin has joined #did 16:20:43 wayne has joined #did 16:20:43 cel has joined #did 16:20:54 q? 16:21:02 q+ dmitriz 16:21:04 selfissued has joined #did 16:21:06 q+ to say its inappropriate to change the rules because we don't like the method 16:21:13 present+ 16:21:14 ... Markus, I appreciate that you are trying to fight from a principled position, but we would be changing the rules.... compared to the ones that came before it. 16:21:17 q+ 16:22:03 ... We want to improve the registries, we can do that later... one thing would be to apply all the normative statements in the DID Methods section, make an announcement months in advance saying methods need to be updated or fall out of the registry 16:22:25 ... But I think even then Mastercard would be reregistered. 16:22:31 ack markus_sabadello 16:23:09 markus_sabadello: Completely agree we shouldn't change the rules of the process. I don't think we should allow centralized DID methods. Can't change that now. But the Privacy & Considerations section doesn't discuss the considerations. 16:23:22 ... Same as if the DID Syntax section didn't describe the syntax of the DID... 16:23:29 I am willing to offer to facilitate a dedicated discussion w/the Mastercard team about what changes would be necessary to accept their method if that would help. 16:23:34 These are different rules -- I want to be crystal clear about this. 16:23:46 We have not applied this level of scrutiny to any other DID Method. 16:23:53 ack dmitriz 16:23:54 ... Section doesn't describe the privacy considerations. We have requested changes from a lot of changes from other DID methods that were incomplete and missing significant parts, and that's also what we should do here. 16:24:17 huge +1 to everything Dmitri just said 16:24:22 dmitri: this group created the registry rules and can change tham. We're under no obligation to apply the same criteria, we can change the rules going forward. 16:24:44 ack JoeAndrieu 16:24:44 JoeAndrieu, you wanted to say its inappropriate to change the rules because we don't like the method 16:24:46 ... I understand we have limited charter status; I would propose we do not accept any more, or await discussion of this DID method until the next chartered group. 16:24:56 The charter should guide a change of rules... I hear a proposal to pause all new registrations... make a proposal please. 16:25:25 JoeAndrieu: I agree with what Manu and not with what Dmitri said. I think it's against our framework to change the rules. I agree don't like centralized methods... 16:25:35 +1 manu and JoeAndrieu 16:25:40 -1 to JoeAndrieu 16:25:45 ... But when we change rules because we don't like it, it's like abandoning free speech because we don't like what was said. 16:26:06 ack selfissued 16:26:17 ... We could have criteria that might remove methods... but I believe we meet the requirements as said, and would abandon our moral integrity to change it 16:26:25 justin_r thats not a generous interpretation, I am hearing that we can change the rules, and that we should use the charter to give use clearer powers regarding these changes. 16:26:33 This one isn't spec conformant. 16:26:40 selfissued: We decided we would not apply criteria to determine spec conformance... 16:26:55 +1 selfissued 16:26:57 ... Otherwise we have no grounds to run a registry if we're going to pick and choose what to register. 16:27:00 q? 16:27:02 There is no requirement to be spec conformant, Markus. 16:27:03 q+ 16:27:07 ack manu 16:27:08 ... We should stop that and register it right now. 16:27:53 q+ 16:28:01 manu: To respond to what Markus said, we have no such requirement to be spec conformant. We call out a couple things (have to do the CRUD stuff), but we don't require full spec compliance (we should in the future, when we've got our act together on all these things). Agreeing with Mike Jones 16:28:06 ack markus_sabadello 16:28:10 present+ 16:28:31 markus_sabadello: I think if it's not spec-compliant, we do have a rule in the spec registries that says that DID methods that don't meet the requirements in DID Core won't be accepted... 16:28:51 ... Even if we don't apply it, since in the past we haven't, even then I think this registration should not be accepted as-is, because it's incomplete. 16:28:57 Just about every DID Method is incomplete... not a good criteria. 16:28:59 q? 16:29:23 q+ to suggest a determination. 16:29:31 ack manu 16:29:31 manu, you wanted to suggest a determination. 16:29:35 brentz: We've heard arguments for an against merging it. The chairs leave it to the editors to make a determination here. We will note any objections. 16:29:38 PROPOSAL: we will merge did:id over the objection from markus. 16:29:44 +1 16:29:44 please run the proposal 16:29:45 manu: Editors, I suggest a determination to merge it as-is. 16:29:46 +1 16:29:48 q+ 16:29:49 +1 16:30:30 drummond: I wanted to suggest the editors should discuss it on the call on Thursday. 16:30:36 -1 to discussing, we have discussed this on the editors call for months. 16:30:39 manu: The ditors discussed it on the last week's call. 16:30:41 -1 16:30:48 ack drummond 16:31:06 drummond: I believe, Markus, we should have a conversation directly with the Mastercard people directly, and then have a vote. 16:31:17 s/people/team/ 16:31:21 -1 to yet another discussion 16:31:21 ... I think Markus's points have been well-made... 16:31:27 we are here to get this on record, so this is a helpful process. 16:31:39 ... I think they would make changes that are satisfactory 16:31:56 brentz: Thank you for this conversation 16:31:59 Topic: did:keri Method 16:32:17 subtopic: https://github.com/w3c/did-spec-registries/pull/395 16:32:42 brentz: Changing the source repository for this method 16:32:53 ... KERI was created and then brought into DIF. 16:33:01 for the record and the notes: I agree w/ drummond and markus_sabadello re: registries and think dmitri's got the best proposed approach 16:33:03 ... There was a split in the KERI community, and one of the pieces of that is did:keri. 16:33:23 ... This PR moves the source repository link to outside DIF 16:33:27 present+ burn 16:33:31 q+ 16:33:35 q+ to ask them to sort it out. :) 16:33:35 ... We've been essentially asked to arbitrate a decision that's not ours to make. 16:33:40 ack markus_sabadello 16:33:46 q+ 16:33:53 markus_sabadello: In contrast to the previous topic, I don't actually have a very strong opinion here. 16:33:55 q+ to suggest a formal proposal for pausing new registrations to the did spec registries methods section. 16:34:13 ... As a background, I believe this was worked on in DIF. Then there was a PR to change the location, and there has been a long discussion. 16:34:13 q+ to note that I am working with the DIF and KERI folks to resolve this issue 16:34:28 https://github.com/w3c/did-spec-registries/issues/399 16:34:29 q+ to note change controller issue 16:34:45 ... There was interesting discussion on something called a change controller - who would have the authority to make changes to a registration - Juan created an issue about that, #399, on how to set up privileges and governance for making changes. 16:35:03 ... I made a proposal that whoever is listed as a contact has the right to make changes, and is responsible for the consequences 16:35:13 q+ to suggest adding changeController section with support for email, github, and did properties 16:35:13 ... to attempt to keep controversy out of the WG. 16:35:21 ... Note that this may be a change of rules 16:35:39 ... In this particular case I'm not sure if we should handle it like that; maybe for future changes. 16:35:50 ... In this case I think we should wait until their community issues as a result 16:35:55 ack manu 16:35:55 manu, you wanted to ask them to sort it out. :) and to note change controller issue 16:36:02 s/issues as/issues/ 16:36:20 manu: +1, there has been conversation 16:37:05 q? 16:37:06 ... We've always put in things like contact email to mean something like change controller... Suggest we do a bulk search-and-replace to change "contact" to "change controlller" 16:37:09 ack agropper 16:37:14 +1 to Manu's proposal 16:37:37 agropper: It's probably not worth taking the group's time... but I have no idea what the controversy or substantive issue is that we're discussing. If that's my bad for not reading this very long thread, let's move on 16:37:50 ack Orie 16:37:50 Orie, you wanted to suggest a formal proposal for pausing new registrations to the did spec registries methods section. 16:37:55 brentz: For now we'll move forward but if others want more detail, we can provide some 16:38:11 Orie: There have been a couple proposals made. We should try our best to run the proposals to record consensus on the call. 16:38:33 ... Specifically I think I heard Ivan, Dmitri, Justin... There might be interest in pausing new DID methods until the new charter is accepted 16:38:45 ... (reading between the lines) 16:38:46 dmitriz has joined #did 16:38:56 q+ 16:38:57 ... I q'd to run that proposal 16:39:12 ack JoeAndrieu 16:39:12 JoeAndrieu, you wanted to suggest adding changeController section with support for email, github, and did properties 16:39:25 JoeAndrieu: I agree, best resolution is if DIF and Sam can figure it out 16:39:35 ... But if they don't, existing email contact is best 16:39:54 ... But need to push back that we always had this. In fact Veres One didn't have one until this week 16:40:07 ... When we reached out to method authors, we had a hard time getting contact info. 16:40:08 +1 to Joe 16:40:25 ... I think an auto change would be unfortunate... The party to contact might not be the party with authority to make changes. 16:40:31 ... +1 to freezing registrations 16:40:43 -1 to freezing registrations 16:40:49 ... We should have a controller change property - DID, email, GitHub - multiple mechanisms 16:40:53 ack selfissued 16:41:00 Agree with Mike Jones, again! :) 16:41:04 MikeJones: Should we pause, we are abdicating our responsibility to operate the registry. 16:41:11 ... How would people feel if IANA stopped accepting registrations? 16:41:15 +1 MikeJones 16:41:19 that's a good point @selfissued 16:41:22 ... If we're claiming authority to operate it, we should not pause it. 16:41:22 +1 to Mike 16:41:23 if IANA was about to be rechartered? 16:41:26 +1 selfissued 16:41:28 ack drummond 16:41:28 drummond, you wanted to note that I am working with the DIF and KERI folks to resolve this issue 16:41:31 This is about pausing method registrations, not all registrations, right? 16:41:31 -1 to selfissued, pausing is :being: responsible and not reckless, in my opinion 16:41:32 it would absolutely make sense for them to pause until rechartering 16:41:40 drummond: I just want to assure folks that we are working to resolve the conflicts in the DIF+KERI communities around this 16:41:52 ... Completely different question than what to do about the registries. 16:42:03 q+ 16:42:08 ... In fact there's another call right after this one. Separate from proposals being made now. 16:42:17 q+ 16:42:19 ack manu 16:42:19 brentz: Two proposals to run. Manu? 16:42:40 manu: +1 to what Mike Jones said. It would be an abdication of our responsibilities. The world goes on, people will create new DID methods. 16:42:43 q- 16:42:49 +1 manu 16:42:51 note: registration is not required 16:43:07 I agree with Manu about not "abdicating" our responsibility for the registry 16:43:09 ... Just because we pause registrations, people are still making DID methods. Then there would be no up-to-date place for people to look for specs. -1 to pausing 16:43:10 also, registration is not normatively referenced from did core 16:43:50 ... about change controller, concerned... the points are good, but I never saw this like that... It was a change controller field. I think we can at least change contact email to change controller email, because that's how we've been using that field to date. 16:44:07 brentz: Queue is empty. Running the proposal Orie mentioned. ^ 16:44:17 -1 to registry pause 16:44:20 -1 16:44:31 ... Not voting yet... draft proposal 16:44:33 -1 16:44:33 PROPOSAL: We will stop accepting changes to the DID Method Registry until the DID WG is re-chartered 16:44:37 -1 (with pitch forks and torches) 16:44:38 -1 16:44:39 -1 16:44:39 +1 16:44:39 -1 16:44:40 -1 16:44:40 -1 16:44:41 +1 16:44:42 -1 16:44:42 0 16:44:42 -1 to registry pause 16:44:44 -1 16:44:44 +0 16:44:50 +0.5 16:44:52 -1 16:44:58 -1 16:44:59 -1 16:45:01 -0.1 16:45:21 brentz: Not passing. Manu put draft language above... repeating as a draft - don't vote yet ^ 16:45:30 manu: modify to changeControllerEmail? 16:45:39 q+ to comment 16:45:47 ack rgrant 16:45:47 rgrant, you wanted to comment 16:45:52 change controller did? 16:46:10 Agree w/ 16:46:12 q+ 16:46:16 rgrant: The idea of change controller rename might be more acceptable if it is paired with a decision to in the future add another contact field, which may be a DID or other variable for contact 16:46:18 ack JoeAndrieu 16:46:37 JoeAndrieu: I think that treating the contact email as change controller is entirely in scope and I would support that. But changing the semantics of conformance... 16:46:48 ... To rewrite that without their involvement I think is inappropriate 16:46:49 PROPOSAL: For DID Spec Registries registration, change "contactEmail" to "changeControllerEmail" (with a definition of change controller) to be more clear about the purpose of the field. 16:46:53 +1, but only apply to future cases 16:46:54 -1 16:46:57 0 16:46:58 +1 16:46:59 +1 16:46:59 0 16:47:00 +0 16:47:05 +1 16:47:06 +1, the registries do not run at the whim of those who register within 16:47:07 +0 16:47:11 +1 16:47:14 +0.5 16:47:15 +1 16:47:16 +1 16:47:18 -0 16:47:19 +1 16:47:21 +1 16:47:23 0 16:47:50 q+ 16:47:55 ack markus_sabadello 16:47:58 brentz: Joe, and Markus, is there language that either of you would approve? 16:48:06 @markus any changes would only apply to future entries. Retroactive application is ... weird. 16:48:14 markus_sabadello: My assumption is that this would be applied to future cases anyway. Then we would just not change the rules for current cases. 16:48:14 at least with any registry I've ever seen 16:48:25 hmm, good point @markus_sabadello 16:49:03 JoeAndrieu: Justin, you seem to support it, but you suggest retroactive application is weird. That's my reason not supporting this - it's a retroactive application to those methods in ways they may not be aware of. 16:49:08 In the whole did:id discussion, we consistently said that we woudn't change rules for current cases.. 16:49:41 justin_r: Yeah, I get where you're coming from. If the worry is that changing the name of the field changes the semantics - people could either update it, or ignore it. 16:49:46 q+ to note it's not changing the semantics of how the registry editors have been treating the field. 16:49:57 ... If we want to be extraordinarily cautious, we could drop the field and add a new column 16:50:25 q+ 16:50:30 ... The spectre that keeps getting raised here is that if we change the rules... it's absurd. The editors do not agree with me, I think that is to this group's detriment... 16:50:48 ... I think changing the name is fine. The registry decides what the info in it means. 16:50:58 present+ juancaballero 16:51:00 q+ to disagree 16:51:02 ack manu 16:51:02 manu, you wanted to note it's not changing the semantics of how the registry editors have been treating the field. 16:51:03 ... If the registry decides it's a reasonable interpretation that this field now has this meaning, then we apply that. 16:51:32 manu: I think the thing that makes this different is that the editors have been treating all the contact fields as the change controller. We have no other signal as to who should be able to change that thing. 16:51:48 qq+ 16:51:50 ... We're not changing the semantics of the field, we're updating the name of the field to be clear to what we are using it for. 16:51:52 how about adding a changeController field with an email property that we set to the current contactEmail value as default 16:52:02 ... We're not changing process, we're making it more clear about what that field is meant to assert. 16:52:11 ack brentz 16:52:11 brentz, you wanted to react to manu 16:52:18 ... That's why we think it's okay to make it "retroactively" - we're just making documentation more clear. 16:52:48 brentz: Please be respectful of one another and make sure we are cognizant of the hard work people have been making. People have been operating with the best interests of the group and the ecosystem at heart. 16:52:53 ack markus_sabadello 16:53:32 I'm fine w/ holding on did:keri 16:53:43 markus_sabadello: Just to clarify what I meant "only for future cases" I think this change should be made both for current and existing DID method registrations, I agree with Manu that we should update it, but for existing changes in process (did:keri) we may want to wait 16:53:45 (until that community sorts its stuff out) 16:53:57 ... but I think it's fine for existing and future ones. 16:54:06