15:05:00 RRSAgent has joined #vcwg 15:05:04 logging to https://www.w3.org/2023/11/29-vcwg-irc 15:05:04 RRSAgent, make logs Public 15:05:05 please title this meeting ("meeting: ..."), ivan 15:05:29 Meeting: Verifiable Credentials Working Group Telco 15:05:29 Date: 2023-11-15 15:05:29 Agenda: https://www.w3.org/events/meetings/ae05a21b-c065-4e69-8d5e-352a0d391513/20231129T110000/ 15:05:29 chair: brent 15:05:30 ivan has changed the topic to: Meeting Agenda 2023-11-29: https://www.w3.org/events/meetings/ae05a21b-c065-4e69-8d5e-352a0d391513/20231129T110000/ 15:06:12 dmitriz has joined #vcwg 15:19:50 SintayewGashaw has joined #vcwg 15:20:16 gkellogg has joined #vcwg 15:47:20 gkellogg has joined #vcwg 15:57:29 present+ 15:58:26 present+ 15:58:26 RRSAgent, draft minutes 15:58:27 I have made the request to generate https://www.w3.org/2023/11/29-vcwg-minutes.html TallTed 15:58:35 RRSAgent, make logs public 15:59:30 present+ TallTed 15:59:47 GregB has joined #vcwg 15:59:58 present+ 16:00:04 brent has joined #vcwg 16:00:10 present+ 16:00:20 pdl-asu has joined #vcwg 16:00:25 present+ 16:00:33 present+ dmitriz 16:00:48 present+ 16:00:49 present+ pauld 16:01:07 present+ selfissued 16:01:24 present+ dlongley 16:02:12 andres has joined #vcwg 16:02:16 present+ 16:02:29 scribe + 16:02:48 present+ orie 16:02:49 pauld_gs1 has joined #vcwg 16:02:49 selfissued has joined #vcwg 16:02:52 present+ 16:02:53 Orie has joined #vcwg 16:02:53 present+ 16:02:54 scribe+ pdl-asu 16:02:58 present+ 16:03:18 will has joined #vcwg 16:03:19 present+ 16:03:23 ... brief agenda review (Brent) - work item status updates and PRs needing reviews. 16:03:43 ... bulk of time on item 1338 to address concerns raised by Google. 16:03:51 q+ 16:03:54 ... additions or changes? 16:03:57 ack manu 16:04:25 present+ JoeAndrieu 16:04:27 ... Manu - time to discuss Tony's questions to the mailing list to understand what things need to be in for CR? 16:04:32 present+ seabass 16:04:37 present+ bigbluehat 16:04:51 ... intros or re-intros? 16:05:11 Topic: CR proposal timing 16:05:51 ... brent - currently exists a draft of core data model as per CR, only changes anticipated are issues labelled before CR 16:06:09 s/cr/pr 16:06:11 Links to the current documents: https://lists.w3.org/Archives/Public/public-vc-wg/2023Nov/0020.html 16:06:29 JoeAndrieu has joined #vcwg 16:06:41 present+ 16:07:07 ... in a week or so submit proposal to the group saying going into CR with these pull requests. 16:07:28 q+ 16:07:30 ... an objection was raised saying a final version is ready for review before a proposal is made. What does the group think? 16:07:53 ack selfissued 16:07:57 ... go forward with all things done or with those in modulo and then CR? 16:08:39 q+ to talk about the repercussions of waiting. 16:08:47 q+ to talk timing benefits 16:08:51 ack manu 16:08:51 manu, you wanted to talk about the repercussions of waiting. 16:09:01 I think its fine to signal intended timeline, but I agree its better to formally approve CR after changes have landed. 16:09:01 ... selfissued no advantage saying going to CR with changes. Should get all the changes in before going to CR 16:09:57 ... Manu - in the past we've said what we'd go into CR with the remaining items to be resolved. If we await on final version this year we won't be done. 16:10:09 q+ 16:10:11 ack brent 16:10:11 brent, you wanted to talk timing benefits 16:10:12 q+ 16:10:40 ... brent - the sooner we have a resolution to go to CR that's when we get things rolling. 16:11:07 .... are timing benefits to craft the proposal with the timing benefits 16:11:14 ack ivan 16:11:39 What is W3M? 16:12:09 ivan - staff contact hat, we go to W3M with everything done. No one will look at the doc until things are finalized 16:12:30 ... how much time will it take to get to final resolution is the issue. Really no difference in the two approaches 16:12:35 ack selfissued 16:13:19 selfissued - Ivan said what needed to be said. Getting it right is more important. The schedule can be addressed later 16:13:21 +1 to what Mike said 16:13:42 Topic: Work Item status updates/PRs 16:13:44 q+ 16:13:44 q+ 16:13:50 brent - editors jump on the queue for status updates 16:13:57 ack manu 16:14:08 manu - will go through VCDM today 16:14:16 brent - only one todya 16:14:28 s/todya/today/ 16:14:44 manu - 1302 and 1320 and 1333 waiting for feedback 16:15:16 ... vc bitstring status list has been made. As soon as we go to CR things will go into the bitstring status list 16:15:35 * thanks Ivan 16:15:38 PRs that need reviews: 16:15:41 https://github.com/w3c/vc-data-model/pull/1302 16:15:45 https://github.com/w3c/vc-data-model/pull/1320 16:15:48 https://github.com/w3c/vc-data-model/pull/1333 16:15:49 ack selfissued 16:16:13 https://github.com/w3c/vc-jose-cose/pull/186 16:16:42 selfissued: issue 186 about removing uses of multiple suffixes which is more controversial than expected. 16:16:54 q+ 16:17:16 q+ to note that even if it goes through, our use of it could be questionable 16:17:25 q+ 16:17:27 gkellogg has joined #vcwg 16:17:30 q+ to agree with selfissued 16:17:31 selfissued: fine with waiting for IETF and flag it at risk for VCDM and VC Jose/Cose best to leave things alone. 16:17:45 https://github.com/w3c/vc-jose-cose/pull/186 16:17:49 ack GregB 16:17:56 q- 16:18:30 GregB: VC BBS - only a few mods needed. Things in good shape. PR put in for security considerations 16:19:07 GregB: working on privacy because it just got updated in IETF and want good advice about data linkage and unlinkability 16:19:25 Greg: a lot of this about state of things can make at higher layers 16:19:43 s/state of this/mistakes 16:20:02 s/Greg/GregB/ 16:20:04 ack manu 16:20:04 manu, you wanted to agree with selfissued 16:20:29 manu: agree with Mike, permature to remove multiple suffices. Or should discuss PR in more depth. 16:20:33 q+ 16:20:34 identitywoman has joined #vcwg 16:20:40 present+ 16:20:45 ack ivan 16:21:09 q+ to note it's not normative. 16:21:27 ivan: worth flagging is issue 1338 makes reference which is normative to spec document. If we go to CR that doc should be published as official doc 16:21:27 q+ to note reference isn't normative (or shouldn't be) 16:21:31 q- 16:21:46 q? 16:21:47 ivan: should start the procedure to get that published. 16:21:56 Topic: Addressing Google's concerns 16:22:03 q+ 16:22:11 https://github.com/w3c/vc-data-model/pull/1338 16:22:13 q+ to provide some background on this PR. 16:22:35 brent: have PR in place w/ sum review with some requested changes. Goal today is consensus to this PR 16:22:37 ack manu 16:22:37 manu, you wanted to provide some background on this PR. 16:23:20 manu: Jeffery A gave a comprehensive reivew. Pointed out things needed to be addressed 16:23:34 manu: if we don't define verification algorithm Google will formally object. 16:23:59 s/Jeffery A/Jeffery Yasskin/ 16:24:28 manu: this PR will define that algorithm and how you verify the securing mechanism,and how the doc should be secured to the securing specification 16:24:53 manu: at this point Jeffrey is happy with what's going in (no Google objection) 16:25:20 manu: some people felt some people we're defining an API, but here we're defining an algorithm 16:25:38 can we add the PR # to the minutes? 16:25:42 manu: should use different language so it's clear we're not defining an API 16:25:55 PR is here: https://github.com/w3c/vc-data-model/pull/1338 16:26:04 manu: should address Google's issue, and anyone saying we're going beyond our charter 16:26:07 q+ 16:26:18 ack selfissued 16:26:33 selfissued: part of this PR's problem is a layering violation. 16:26:50 selfissued: the data model should define the data model; the securing spec how to secure it. 16:27:10 selfissued: this PR should address this data model not the securing spec. 16:27:14 q? 16:27:21 q+ to request concrete changes 16:27:21 +1 it is a layering violation, but its possible to accept it, if the algorithm can be made a pure function of the vocabulary terms, and not refer to the securing specs. 16:27:26 ack manu 16:27:26 manu, you wanted to request concrete changes 16:27:45 DavidC has joined #vcwg 16:27:48 manu: not a layering violation. But you need to specify what you want to see changed 16:27:50 q+ 16:27:51 present+ 16:28:16 manu: if we move the verification algorithm to the securing spec it will likely deviate. 16:28:37 q+ to ask about status checks 16:28:39 manu: securing mechanism checks are properly layered to put the details of the securing mechanism are pushed off to the securing spec. 16:28:56 manu: if there are mistakes in the securing spec we should fix that. 16:29:00 ack selfissued 16:29:33 selfissued: in the midst to doing that. Data integrity references need to be excised. Within my rights to say this needs to be closed . 16:29:52 q+ 16:29:54 brent: are you asking for it to be closed? 16:30:17 q+ to clarify what's happening in the PR. 16:30:31 ack JoeAndrieu 16:30:31 JoeAndrieu, you wanted to ask about status checks 16:30:34 selfissued: no, I'm asking for some things be excised. How to verify securing should be in the secruing specs, not here. 16:30:42 q+ to clarify what Mike's asking for is exactly what the PR does -- how to verify securing is in the securing specifications. 16:30:54 joeAndreiu: confused about where status checks should be placed. 16:31:00 status checks are validation, that happens after verification. 16:31:10 what Orie said ^ 16:31:17 Status checks are validation, not verification. 16:31:27 selfissued: don't know what you mean by status check 16:31:31 status checking is part of verification, not validation 16:31:39 `credentialStatus` is the property in the data model. 16:31:54 ^^ 16:31:57 JoeAndreiue: we check the authenticity and currency (revocation). That should come back so you know what that is. 16:32:00 ack Orie 16:32:24 Orie: part of the problem, if you're getting a true/false from the verify algorithm. 16:32:48 Orie: a version of this text could make it through but layering pieces need to be adjusted. 16:33:15 Orie: trying to summarize abstract activity after the verification has succeeded 16:34:00 q+ to say I think the disconnect is that "verify" is not just checking the securing mechanism. it's also checking status. The semantics are "this issuer said this thing *and still stands by it*" 16:34:10 Orie: you might check a number of attributes of statuses, but describing all of that as a verification result we need to restate the terminology to insure the terms are used in the same way. 16:35:15 Orie: e.g., the concept of the validity of the credential is ambiguous. The data integrity proof or JWT? Could be both or one or the other but not both. 16:35:20 q+ 16:35:53 q+ 16:35:53 q- 16:35:54 s/JoeAndreiue/JoeAndrieu 16:35:55 Orie: what's a verifiable credential vs just a credential but we didn't resolve that. Likely have to reopen that to clarify it 16:36:17 ... or you just say which securing mechanism you accept before you run the verification check. 16:36:23 ack manu 16:36:23 manu, you wanted to clarify what's happening in the PR. and to clarify what Mike's asking for is exactly what the PR does -- how to verify securing is in the securing 16:36:26 ... specifications. 16:37:05 manu: don't think it's that complicated. Mike asked defer the detail about the securing mechanism. The PR is doing that. 16:37:13 is the algorithm to check the status concrete? 16:37:30 is the algorithm to check the schema concrete? 16:37:41 manu: the only thing where other specs are referenced is that the securing spec properly protects the payloads, and defer to the securing mechanisms for details. 16:37:53 is the algorithm to check the validity period concrete? 16:38:22 q+ 16:38:34 manu: JoeAndreiu's point about status list checking, there are two things we could do. Say that's validation. Status checking is validation 16:38:35 +1 status checking is validation, not verification. 16:38:36 checking for "conforming documents" is validation.... 16:38:47 that is the problem. 16:38:47 manu: verification is the integrity of the data, the digital signature check. 16:39:19 manu: other options make the verification more complex. 16:39:25 ack JoeAndrieu 16:39:25 JoeAndrieu, you wanted to say I think the disconnect is that "verify" is not just checking the securing mechanism. it's also checking status. The semantics are "this issuer said 16:39:26 data integrity DOES validation during verification... thats part of its design. 16:39:28 ... this thing *and still stands by it*" 16:39:43 +1 joeandrieu 16:39:49 +1 to joeandrieu 16:40:10 JoeAnrieu: securing mechanism has become verification. Revocation is about the issuer no longer stands by the statement for many reasons 16:40:11 q+ 16:40:35 ack selfissued 16:40:42 agree that _Revocation_ specifically is part of verification. But not expiry -- that part should be in validation. (since it's verifier-specific) 16:40:48 JoeAndrieu: is this thing what the issuer intended it to be 16:41:07 q- 16:41:11 selfissued: failing to distinguish between credential and verified credential is causing us problem. 16:41:34 selfissued: all the language about proof should be in data integrity not in the data model. 16:41:39 q+ to note the PR to clarify what makes a "verifiable credential" went in. 16:41:47 ack DavidC 16:42:40 DavidC: if someone steals a signing key it can't be considered verifiable. It's got to be a part of verification. That has to include status and revocation checking. After that you can check the dates and do validation. 16:42:44 ack manu 16:42:44 manu, you wanted to note the PR to clarify what makes a "verifiable credential" went in. 16:42:47 q+ 16:43:11 +1 manu, it seems orthogonal. 16:43:12 q+ 16:43:24 manu: if someone steals a key they can forge the revocation list. Doesn't address the problem. We have what a verifiable credential is is defined in the document. 16:43:24 q- 16:43:25 -1 to saying we addressed `proof` fully... we did merge 1 PR. 16:43:32 q+ 16:43:52 the key for the revocation list should not be the same as the key for the verifiable credential 16:43:55 q+ to separate securing algorithm from verification algorithm 16:43:58 manu: two things to discuss. Is status checking a part of the algorithnm, but manu is -1 to it but won't formally object. 16:44:06 ack DavidC 16:44:06 I am also -1 to doing mixing validation and verification... and I am -1000 to doing expensive validation before verification. 16:44:12 manu: the other issue is getting concrete changes adjusted. 16:44:39 if someone steals the revocation list signing key (if it's different) and revokes VCs that the issuer wouldn't have revoked 16:44:41 q+ to note that revocation lists are often issued by the issuer and use the same key. 16:44:46 q+ 16:44:48 DavidC: doesn't agree with manu. The key for signing the credential and the revocation list should be separate. 16:44:58 ack seabass 16:45:18 seabass: there are multiple use cases. You want to confirm something is a true statement. 16:45:41 expired - yes. revoked - no 16:45:47 seabass: plenty of cases where people want to use old expired credentials as they still have value. 16:45:51 ack JoeAndrieu 16:45:51 JoeAndrieu, you wanted to separate securing algorithm from verification algorithm 16:46:03 q+ to ask next steps 16:46:11 gkellogg has joined #vcwg 16:46:19 q+ to note that securing algorithm /is/ separated from verification algorithm. 16:46:22 JoeAndrieu: seabass's point can be addressed by making the verification is not just binary. 16:46:44 JoeAndrieu: need to define the securing algorithm separately from the verification algorithm. 16:47:06 q+ 16:47:08 ack manu 16:47:08 manu, you wanted to note that revocation lists are often issued by the issuer and use the same key. and to note that securing algorithm /is/ separated from verification algorithm. 16:47:49 manu: Revocation lists typically use the same key as the revocation lists but it's orthogonal to this discussion. 16:48:53 q+ to say yes, that precludes checking the credentialStatus 16:49:14 manu: the algorithm is broken up as JoeAndreiu has asked. The algorith has a top level verificaiton, to sublevel algorithm to check the securing mechanism and one that checks the conformance of the document 16:49:27 ack pauld_gs1 16:49:27 s/to/two/ 16:49:30 ack pauld_gs 16:49:36 maybe the verification algorithm should just say, after checking conformance and integrity ... that credential status checks and other checks can be run thereafter. 16:49:55 q+ 16:49:57 ack brent 16:49:57 brent, you wanted to ask next steps 16:50:01 q+ to suggest next steps 16:50:11 credential status lists are verifiable credentials, they are constrained by this proposed text. 16:50:13 pauld_gsu: credential status has to live in the verification spec 16:50:36 ack seabass 16:50:43 brent: moving in the right direction, but what's beyond concrete change suggestions are the next step 16:50:57 I meant that credential status verification has to be handled by the specification that defines the credential status, NOT the core data mode. 16:51:10 seabass: consider an airline flight. You have a ticket that's a VC issued by the airline. 16:51:45 that's mixing "one time use" with revocation mechanism 16:51:49 those are separate 16:52:10 and again, we're talking about revocation, not expiry 16:52:11 seabass: the airline has a lounge you can use at the airline. You use the ticket and the destination airport lounge wants to see that you had a valid ticket, but it's no longer valid. 16:52:14 ack JoeAndrieu 16:52:14 JoeAndrieu, you wanted to say yes, that precludes checking the credentialStatus 16:52:19 +1 dmitriz 16:52:36 I meant that the TR track item this WG is developing is VCs, agree joe 16:52:37 the airline ticket case is that the ticket is no longer verifiable, but validation by the lounge overrules this and accepts the expired credential 16:52:54 JoeAndreiu: status lists need not be VCs. Appreciate manu's clarificaiton wasn't a part of checking the status list as a part of this algorithm. 16:53:02 Agree that we should add checking status list in the algorithm. Where the definition is external to the spec. 16:53:04 ack DavidC 16:53:09 (I would not expect airlines, concert venues, etc., to revoke tickets upon use/redemption.) 16:53:10 @DavidC -- not quite. the ticket is STILL verifiable. but not reusable 16:53:17 s/JoeAndreiu/JoeAndrieu 16:53:20 JoeAndrieu: should have how you check status list as a part of this algorithm 16:53:43 q+ to note revocation lists can be provided out of band. :) 16:53:48 ack manu 16:53:48 manu, you wanted to suggest next steps and to note revocation lists can be provided out of band. :) 16:53:49 So verification is external, and status checks are external.... so this "verification algorithm" just combines external calls? seems like it might be possible to land this, if we can clarify how proof is handled. 16:53:52 DavidC: The issuer can still issue a revocation list to say everything is revoked from now on. 16:53:54 q+ 16:54:13 q- 16:54:20 manu: can be provided out of band, again it's orthogonal. Re: next steps. Create a PR as a status check mechanism 16:54:32 +1 to a separate PR for separate discussion 16:54:35 manu: if that goes well it can be merge into the verification PR. 16:54:35 -1 to seperate PRs, this is hard enough to understand as is 16:54:42 lets address `proof` first 16:54:45 manu: waiting for concrete suggestions, as well. 16:55:09 q+ 16:55:13 It's not clear what you're asking for, Orie ^ 16:55:21 brent: hopefully the feedback from today is helpful. 16:55:22 ack ivan 16:55:36 q_+ 16:55:40 q+ 16:55:44 ivan: see's Orie's comment that proof should be addressed first. 16:56:20 Orie: early days of the working group credential was without a proof and a verifiable credential has a proof 16:57:03 q+ 16:57:06 Orie: the verification algorithm is taking an abstract credential and in the case of data integrity it does not contain a proof. Yes in the case of JOSE/COSE. 16:57:21 ack Orie 16:58:07 Orie: is the verification done in the spec or not? If it was only data integrity. If we have other securing spec, the current term defs regarding proofs are problematic, and after this PR worse. 16:58:41 s/data integrity/date integrity, yes/ 16:58:41 ack ivan 16:58:52 It's not clear what Orie wants to have changed w/ `proof` in the spec... I don't have enough to write a PR. 16:59:12 I can guess, but I don't want to do that. 16:59:52 Manu, a PR that removed `proof` from the core data model, and left it defined in data integrity, and referred to it would be acceptable. 16:59:54 Ivan: the proof property defines the proof in the data integrity spec and referred to from the DM spec. It's not defined in both places. 16:59:57 +1 ivan 17:00:03 We should add a status sub process to the verification algorithm 17:00:29 rrsagent, draft minutes 17:00:31 I have made the request to generate https://www.w3.org/2023/11/29-vcwg-minutes.html ivan 17:00:37 gkellogg has joined #vcwg 17:00:37 Ok, that's clear, thanks Orie -- -1 to raising a PR that does that.. I can try another PR that makes it clear that proof is an extension mechanism. 17:00:39 brent: trying to get to candidate rec by mid-Dec 17:00:43 and that DI uses that extension mechanism in a specific way. 17:00:57 rrsagent, draft minutes 17:00:58 I have made the request to generate https://www.w3.org/2023/11/29-vcwg-minutes.html ivan 17:01:05 Anything else you need from me (the note taker today)? 17:01:20 no, pdl-asu , the rest is my job 17:01:22 thanks 17:01:32 you're welcome. 17:02:10 rrsagent, bye 17:02:10 I see no action items 17:02:10 zakim, bye 17:02:10 leaving. As of this point the attendees have been ivan, TallTed, GregB, brent, pdl-asu, dmitriz, manu, pauld, selfissued, dlongley, andres, orie, pauld_gs, will, JoeAndrieu, 17:02:10 Zakim has left #vcwg 17:02:11 ... seabass, bigbluehat, identitywoman, DavidC