18:52:19 <RRSAgent> RRSAgent has joined #vcwg
18:52:24 <RRSAgent> logging to https://www.w3.org/2023/06/21-vcwg-irc
18:56:13 <brent> brent has changed the topic to: VCWG Agenda 2023-06-24 https://www.w3.org/events/meetings/36ecd2da-2ec3-4012-b74a-72546ab352f4/20230621T150000/
18:56:21 <brent> zakim, start the meeting
18:56:21 <Zakim> RRSAgent, make logs Public
18:56:22 <Zakim> please title this meeting ("meeting: ..."), brent
18:56:44 <brent> meeting: Verifiable Credentials Working Group Weekly Teleconference
18:56:55 <brent> chair: Kristina Yasuda
18:57:01 <brent> present+
18:59:49 <PhilF> PhilF has joined #vcwg
18:59:55 <PhilF> present+
19:00:15 <TallTed> TallTed has joined #vcwg
19:01:38 <JoeAndrieu> JoeAndrieu has joined #vcwg
19:01:47 <cabernet> cabernet has joined #vcwg
19:02:17 <cabernet> present+
19:03:01 <TallTed> TallTed has changed the topic to: VCWG Agenda 2023-06-21 https://www.w3.org/events/meetings/36ecd2da-2ec3-4012-b74a-72546ab352f4/20230621T150000/
19:03:05 <TallTed> RRSAgent, draft minutes
19:03:07 <RRSAgent> I have made the request to generate https://www.w3.org/2023/06/21-vcwg-minutes.html TallTed
19:03:19 <andres> andres has joined #vcwg
19:03:22 <andres> present+
19:03:35 <TallTed> RRSAgent, make logs public
19:03:49 <TallTed> present+
19:04:16 <brent> regrets: Orie Steele, Mike Prorock
19:04:30 <kgriffin> kgriffin has joined #vcwg
19:04:43 <shigeya> present+
19:04:45 <kristina> kristina has joined #vcwg
19:05:02 <kristina> present+
19:05:09 <andres> scribe+
19:05:14 <brent> regrets: Mike Jones
19:05:18 <manu> present+
19:05:24 <kgriffin> present+
19:05:55 <GregB> GregB has joined #vcwg
19:06:04 <GregB> present+
19:06:16 <dmitriz> dmitriz has joined #vcwg
19:06:45 <andres> kristina:our agenda today has multiple updates. Hopefully we can achieve more than last week's call. Let's focus a bit more on blocked PRs that are blocked. On 1100, 1101, 1104, PR 88 for vc-jwt.
19:06:47 <JoeAndrieu> present+
19:07:05 <andres> ... Before diving in, please note that TPAC registrations are open.
19:07:31 <decentralgabe> decentralgabe has joined #vcwg
19:07:34 <decentralgabe> present+
19:07:37 <kristina> q?
19:07:41 <andres> ... Specific WG dates will be confirmed by the chairs.
19:07:50 <manu> q+
19:08:01 <decentralgabe> q+ for schema update
19:08:04 <andres> ... Let's jump into status update PRs. With a focus on the ones that need attention.
19:08:04 <kristina> ack manu
19:08:37 <andres> manu: The VCDM has 10 open PRs. Folks should post attention on 1140, which we'll discuss today. Subsequent PRs need more people to weigh in.
19:09:01 <andres> ... Since last week's resolutions, we've made a couple of PRs.
19:09:19 <andres> ... Another one for a VP being short lived. That's in good shape.
19:09:32 <andres> ... About 7 look like they will be ready to go, please review.
19:09:38 <kristina> subtopic: https://github.com/w3c/vc-data-model/pulls
19:09:55 <andres> ... There will be some design changes to the status list PR. Please mind those updates.
19:09:58 <kristina> q?
19:10:03 <kristina> ack decentralgabe
19:10:03 <Zakim> decentralgabe, you wanted to discuss schema update
19:10:24 <manu> support for multiple status codes: https://github.com/w3c/vc-status-list-2021/pull/65
19:10:34 <andres> gabe: We kicked off horizontal review for vc-json-schema repo. We have 2 PRs open for text related to PII, and a11y and i18n concerns. Please take a look as you can.
19:10:45 <kristina> q?
19:10:51 <manu> (that needs attention 'cause we're redesigning some of status list)
19:11:09 <cabernet_> cabernet_ has joined #vcwg
19:11:12 <kristina> q?
19:11:22 <andres> kristina: That's it for work item updates. Last call.
19:11:42 <andres> ... going into 1140.
19:11:49 <kristina> subtopic: https://github.com/w3c/vc-data-model/pull/1140
19:12:13 <andres> brent: Mike won't be able to join, but the PR was updated. It's worth discussing today.
19:12:19 <manu> q+
19:12:21 <TallTed> RRSAgent, draft minutes
19:12:22 <RRSAgent> I have made the request to generate https://www.w3.org/2023/06/21-vcwg-minutes.html TallTed
19:12:28 <andres> kristina: Ok, let's time box it.
19:12:30 <kristina> ack manu
19:12:51 <andres> manu: What this PR does is enable us to attach a cryptographic hash to a resource that's inside a VC.
19:13:15 <andres> ... This can be applied to an image that's externally linked, or any resource that is linkable.
19:13:16 <pl_asu> pl_asu has joined #vcwg
19:13:21 <pl_asu> present+
19:13:23 <andres> ... There is broad agreement that it's a useful feature to have.
19:13:37 <dmitriz> present+
19:13:53 <andres> ... Mike's proposal has had a number of chnages suggested to it. My opinion is that there is a path towards merging it with consensus.
19:14:10 <andres> ... the discussion's right now are around naming.
19:14:27 <andres> ... The sticking point right now is whether we split the hash algorithm from the hash value.
19:14:46 <andres> ... If we're able to get that resolved, it's likely we're able to merge it in.
19:15:08 <GregB> are we talking about using multi-hash?
19:15:09 <manu> q+
19:15:18 <kristina> ack dmitriz
19:15:21 <andres> kristina: Where's the comment around which hashing algo?
19:15:35 <andres> dmitri: part of the question is which registry to draw the hashing algo from.
19:15:51 <andres> kristina: two things that need to be resolved, apart from bikeshedding terms. Is that accurate?
19:16:00 <kristina> ack manu
19:16:20 <andres> manu: Trouble finding windows. Off the top of my head it's either 2 or 3.
19:16:42 <andres> ... I think the biggest (?) is whether we separate.
19:17:16 <andres> ... There is an SRI spec that allows you to do this in HTML. Web Browsers will not load that file unless the hash matches.
19:17:33 <andres> ... But the SRI only allows you to use sha-2. Full stop. That's it.
19:17:49 <andres> ... Folks are concerned that using SRI directly is too confining.
19:18:09 <andres> ... Mike suggested to separate and we can use sha-2 and sha-3.
19:18:21 <andres> ... But that can introduce weird data models.
19:19:58 <andres> ... The proposal that would likely end up getting consensus is this group says which hash algos are allowed at the front part of the string (similar to what SRI spec does). The rest would be a hash value bas64 url encoded. . But that looks very close to multibase.
19:21:08 <kristina> q?
19:21:14 <andres> kristina: I don't think Mike would agree with those changes. Let's take this as a special topic call next week. There are 150 comments. Just like we did with yesterday, let's identify starting points (like Dmitri's last comments), so it's helpful for the next special topic call. Unless there is more, suggestion is to move on.
19:21:39 <kristina> subtopic https://github.com/w3c/vc-jwt/pull/88
19:21:45 <kristina> s/subtopic/subtopic:
19:22:23 <manu> q+
19:22:25 <andres> ... This PR 88 removes anything JSON from the vc-jwt spec. Me and Mike Jones are requesting changes.
19:22:30 <kristina> ack manu
19:22:43 <andres> ... I would approve, but Mike isn't here.
19:23:04 <andres> manu: I think the title isn't representing what the PR is doing, which is confusing.
19:23:11 <kristina> q+
19:23:33 <andres> ... What the removal here is doing is the whole mapping thing?
19:23:45 <andres> ... If you reviewed the PR, please take a look again.
19:23:49 <kristina> ack kristina
19:24:01 <andres> ... I'm curious why kristina -1'd it in the past.
19:24:08 <andres> kristina: I don't agree with that interpretation.
19:24:25 <andres> ... After speaking with Orie and Mike, what's being removed isn't the mapping.
19:24:49 <andres> ... Instead it's removing how you vanilla JSON payloads.
19:26:15 <andres> ... The reason I originally -1'd was not because of the direction. It was because there is a certain group of implementers that wants to know how to sign vanilla json payloads.
19:26:27 <manu> q+ to ask for an example of what that "JSON related payload" looks like?
19:26:31 <kristina> q?
19:26:34 <kristina> ack manu
19:26:34 <Zakim> manu, you wanted to ask for an example of what that "JSON related payload" looks like?
19:26:37 <andres> ... I'm OK with the decision to move the home of those implementers to somewhere else.
19:26:44 <kristina> q+
19:26:47 <andres> manu: Do we have an example of what this JSON payload looks like?
19:27:04 <brent> q+
19:27:05 <kristina> ack kristina
19:27:06 <andres> ... Is it the same as a VCDM sans the context field?
19:27:21 <andres> kristina: I think the difference isn't only that.
19:27:48 <andres> ... In the VCDM v1.1 we define how to map to JWT claims, including "vc" and "vp" claims.
19:28:17 <andres> ... In the JWT/JSON world, it's natural to reuse those JWT claims.
19:28:38 <andres> ... So it's not only missing context, but also the mapping and interpretation of many of those claims.
19:28:44 <kgriffin> q+
19:28:51 <kristina> q?
19:28:55 <kristina> ack brent
19:28:56 <andres> ... You aren't relying on the vocabulary only, but also on semantices defined outside.
19:29:33 <andres> brent: The way I understand this PR is currently the vc-jwt spec describes how to secure vc+ld+json, vp+ld+json, and json.
19:29:48 <andres> ... The piece that's being removed is the `json` piece only.
19:29:54 <kristina> that matches my understanding, Brent.
19:29:58 <kristina> ack kgriffin
19:30:01 <andres> ... So the spec only describes how to secure the first two.
19:30:03 <manu> ok, I think I understand...
19:30:28 <kristina> q+
19:30:34 <andres> kgriffin: Is there any room to map what's being removed to another home? Just a thought.
19:31:19 <manu> q+ to note that this is about transformations... mapping... which are still legitimate, but this group isn't going to do that work?
19:31:23 <andres> ... Is the VC specs dir going to be the home?
19:31:33 <kristina> ack kristina
19:31:34 <kristina> ack manu
19:31:34 <Zakim> manu, you wanted to note that this is about transformations... mapping... which are still legitimate, but this group isn't going to do that work?
19:31:34 <andres> kristina: AFAIK there are no plans, but that's uncertain.
19:32:05 <andres> manu: Following up on what kevin said. This is related to transformations so it might shed some light on 1100 and 1101.
19:32:21 <andres> ... Seems like the group won't say anything related to transformations.
19:32:32 <andres> ... But the group seems to think it's important.
19:32:44 <andres> ... But we can't come to consensus on what adequately specified means.
19:33:28 <andres> ... I haven't heard anyone say that transformations from the VCDM are ok to operate on as long as they aren't "abused".
19:33:52 <andres> ... This PR seems like a side effect of not being able to define transformations in a legitimate way.
19:34:01 <kristina> q?
19:34:04 <JoeAndrieu> q+ to ask how are we testing the mapping of vc-ld-jwt to vc-ld-json?
19:34:06 <andres> ... Don't know if that's a legitimate read. Curious what others think.
19:34:09 <kgriffin> +1 manu
19:34:12 <andres> kristina: I think that's accurate.
19:34:13 <kristina> ack JoeAndrieu
19:34:13 <Zakim> JoeAndrieu, you wanted to ask how are we testing the mapping of vc-ld-jwt to vc-ld-json?
19:34:39 <andres> JoeAndrieu: mute dance issues haha. I'm confused by the language that we won't specify transformations
19:34:53 <brent> q+
19:35:03 <andres> ... How are we going to test vc+jwt to vc+ld+json if there aren't testable transformations?
19:35:09 <brent> q-
19:35:26 <andres> kristina: There will be no mapping to test.
19:35:40 <kristina> q?
19:35:42 <TallTed> q+
19:35:54 <kristina> ack TallTed
19:36:08 <kristina> q+
19:37:07 <andres> TallTed: I'm still concerned that we are misusing media types with the vc+ld+jwt.
19:37:11 <kristina> ack kristina
19:37:12 <brent> Ted has a point, but that is a separate issue from the one we're discussing
19:37:24 <manu> agree
19:37:25 <andres> ... That is a JWT, it's not multipart.
19:37:43 <andres> kristina: I agree. Maybe using media type is not the correct term for this.
19:37:59 <andres> ... maybe putting this in the header of a JWT is not common.
19:38:15 <andres> ... But, right now, it's a pretty established mechanism.
19:38:33 <andres> ... Yes, it's the same type that you would be putting in the header as in the HTTP header.
19:38:55 <andres> TallTed: It simplifies some things, but it's a misuse of the tool.
19:38:56 <kristina> q?
19:39:03 <andres> kristina: Agree to disagree.
19:39:34 <andres> kristina: I'm going to unblock for now.
19:39:41 <kristina> q?
19:39:48 <andres> ... Mike Jones will need to chime in next.
19:39:57 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc
19:40:05 <andres> ... Let's move to another discussion issue.
19:40:29 <kristina> s/subtopic:/topic:
19:40:31 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/995
19:41:12 <andres> ... 995 questions the definition of "claim"
19:41:16 <kristina> q?
19:41:20 <andres> ... Do we want to redefine it?
19:41:33 <andres> ... If no, I'm ok marking pending close and keeping as is.
19:41:40 <manu> q+
19:41:45 <kristina> ack manu
19:41:59 <andres> manu: Ok to mark is as pending close.
19:42:17 <andres> ... Unfortunately, we don't have the time to take this right now.
19:42:32 <andres> ... That said, the author is making a really good point.
19:42:45 <pl_asu> +1 pending close
19:42:53 <andres> ... Some would say the current definitions aren't harming us that much.
19:42:53 <shigeya> https://csrc.nist.gov/glossary/term/credential
19:43:13 <andres> kristina: Any objections?
19:43:28 <andres> ... Marking
19:43:33 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/1077
19:44:13 <andres> ... We don't have ivan on this call. Do we mark as before CR?
19:44:21 <brent> +1
19:44:39 <manu> q+
19:44:46 <kristina> ack manu
19:45:05 <brent> q+
19:45:29 <andres> manu: Could we mark it as pending close instead? 1080 is already saying that Ivan wants to anchor the things in the vocab to the specification. If we do 1080, then 1077 gets closed.
19:45:30 <kristina> ack brent
19:45:35 <andres> ... Could we mark as duplicate?
19:46:31 <andres> brent: My understanding is that they are different. One talks about adding statements to the vocab. 1077 mentions what to do with the ones that are already normative.
19:47:13 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/984
19:47:33 <manu> I wonder if Ivan could check if 1080 and 1077 are dupes of one another and they can be closed?
19:47:46 <andres> kristina: Ok I think this is pending close.
19:47:54 <andres> ... Any objections?
19:48:05 <manu> +1 to pending close
19:48:48 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/902
19:49:35 <andres> kristina: Orie says we can close. I'm putting pending close.
19:50:28 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/821
19:50:45 <brent> q+
19:50:51 <kristina> ack brent
19:51:20 <andres> brent: The data model only uses the word binding within token binding. So I don't think this currently calls for any action to be taken.
19:51:32 <andres> kristina: I think this was originally raised related to the zkp section.
19:52:20 <andres> TallTed: Yes I think we can mark this as pending close. My concern is with the use of the term holderBinding.
19:52:33 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/942
19:53:14 <manu> Agree that we won't get to consensus on this.
19:53:17 <andres> kristina: I don't think there is consensus in the WG to introduce a new term "issuee"
19:53:22 <andres> ... Can we mark as pending close?
19:53:35 <andres> ... We assigned Oliver. Don't think an action has been taken.
19:53:47 <andres> ... <kristina auctions and marks as pending close>
19:54:14 <manu> q+
19:54:23 <andres> ... Where are we with regex for XML datetime?
19:54:32 <andres> manu: I will do it. At some point. But I will
19:54:51 <andres> ... Before CR
19:55:12 <kristina> subtopic: https://github.com/w3c/vc-data-model/issues/1031
19:55:21 <andres> kristina: Last one of this call.
19:56:03 <manu> q+
19:56:04 <andres> ... Orie is assigned. Why is `id` optional?
19:56:06 <kristina> ack manu
19:56:15 <kristina> asked why it is optional rn
19:56:26 <andres> manu: Because you can have objects that you have no idea what their `id` is.
19:56:40 <andres> ... There are many example of statement where the object doesn't have a known `id`.
19:56:55 <andres> ... There are even credential subjects where you don't want to give it an id.
19:57:19 <andres> ... We're not going to get consensus here. There are significant privacy issues if you do make it mandatory.
19:57:29 <andres> kristina: Marking as pending close.
19:57:30 <brent> zakim, who is here?
19:57:30 <Zakim> Present: brent, PhilF, cabernet, andres, TallTed, shigeya, kristina, manu, kgriffin, GregB, JoeAndrieu, decentralgabe, pl_asu, dmitriz
19:57:33 <Zakim> On IRC I see pl_asu, cabernet_, decentralgabe, dmitriz, kristina, kgriffin, andres, JoeAndrieu, TallTed, RRSAgent, Zakim, brent, gkellogg_, tzviya, manu, dlehn, cel[h], MojGraph,
19:57:33 <Zakim> ... w3c_modbot, Github, saysaywhat, cel[m], bumblefudge, bumblefudge1, ounfacdo, npd, dlongley, shigeya, rhiaro, stonematt, cel, bigbluehat, hadleybeeman, Dongwoo, stenr, csarven
19:58:01 <andres> kristina: Thanks for joining. Please review PR issues. Thanks all.
19:58:07 <brent> present+ dlehn
19:58:23 <brent> zakim, end the meeting
19:58:23 <Zakim> As of this point the attendees have been brent, PhilF, cabernet, andres, TallTed, shigeya, kristina, manu, kgriffin, GregB, JoeAndrieu, decentralgabe, pl_asu, dmitriz, dlehn
19:58:26 <Zakim> RRSAgent, please draft minutes
19:58:27 <RRSAgent> I have made the request to generate https://www.w3.org/2023/06/21-vcwg-minutes.html Zakim
19:58:33 <Zakim> I am happy to have been of service, brent; please remember to excuse RRSAgent.  Goodbye
19:58:33 <brent> rrsagent, bye
19:58:33 <RRSAgent> I see no action items
19:58:33 <Zakim> Zakim has left #vcwg