15:03:58 <RRSAgent> RRSAgent has joined #vcwg
15:04:02 <RRSAgent> logging to https://www.w3.org/2024/11/20-vcwg-irc
15:04:02 <Zakim> RRSAgent, make logs Public
15:04:03 <Zakim> please title this meeting ("meeting: ..."), ivan
15:04:08 <ivan> Meeting: Verifiable Credentials Working Group Telco
15:04:08 <ivan> Date: 2024-11-20
15:04:08 <ivan> Agenda: https://www.w3.org/events/meetings/e133b24e-8245-4ee7-8550-ac14d0334974/20241120T110000/
15:04:08 <ivan> chair: brent
15:04:09 <ivan> ivan has changed the topic to: Meeting Agenda 2024-11-20: https://www.w3.org/events/meetings/e133b24e-8245-4ee7-8550-ac14d0334974/20241120T110000/
15:04:22 <bigbluehat> bigbluehat has joined #vcwg
15:06:50 <dmitriz> dmitriz has joined #vcwg
15:49:27 <brent> brent has joined #vcwg
15:57:44 <brent> brent has joined #vcwg
15:57:53 <brent> present+
15:58:43 <mandyv> mandyv has joined #vcwg
16:00:15 <ivan> present+
16:00:21 <ivan> present+ mandyv
16:00:34 <ivan> present+ manu
16:01:17 <ivan> present+ kevin
16:01:23 <ivan> present+ dlongley
16:01:34 <KevinDean> KevinDean has joined #vcwg
16:01:42 <KevinDean> present+
16:01:51 <wes-smith> wes-smith has joined #vcwg
16:01:52 <hsano> hsano has joined #vcwg
16:02:00 <ivan> present+ wesley
16:02:06 <ivan> present+ bigbluehat
16:02:11 <ivan> present+ will
16:02:22 <ivan> present+ TallTed
16:02:48 <Wip> Wip has joined #vcwg
16:02:59 <Wip> present+
16:03:09 <decentralgabe> present+
16:03:29 <ivan> present+ jennie
16:03:45 <JoeAndrieu> JoeAndrieu has joined #vcwg
16:03:59 <JennieM> JennieM has joined #vcwg
16:04:03 <KevinDean> scribe+
16:04:05 <JennieM> present+
16:04:08 <bigbluehat> present+
16:04:10 <ivan> present+ joe
16:04:50 <ivan> present+ dlehn
16:04:57 <ivan> present+ hsano
16:05:36 <KevinDean> Brent: Next week's meeting is cancelled.
16:05:47 <decentralgabe> q+
16:05:54 <brent> ack decentralgabe
16:06:12 <KevinDean> decentralgabe: Now here as invited expert.
16:06:14 <brent> Topic: Controller Document
16:06:26 <brent> https://github.com/w3c/controller-document/pulls?q=is%3Apr+is%3Aopen+sort%3Acreated-asc
16:06:41 <brent> subtopic: https://github.com/w3c/controller-document/pull/116
16:06:52 <KevinDean> Brent: Gratified to see recent activity.
16:06:59 <JoeAndrieu> q+
16:07:06 <ivan> present+ dmitriz
16:07:13 <brent> ack JoeAndrieu
16:07:32 <KevinDean> JoeAndrieu: I think it's going well. David Chadwick created another issue as there were edits he proposed that I didn't accept.
16:07:57 <KevinDean> ...There were a few suggestions from tallted that I accepted, some I didn't, but most were excellent.
16:08:14 <KevinDean> tallted: I can't say anything about this right now.
16:08:49 <KevinDean> JoeAndrieu: The other main thing that we did was move the discussion about identifier ambiguity to security considerations section. That had been in the terminology section but it was too wordy.
16:09:16 <KevinDean> ...Previous version mentioned the White House and Biden, which was shorthand for me to rewrite into something less political. Rewritten to use teacher.
16:09:52 <KevinDean> Brent: If you haven't looked in a while, look in PR 116. There have been quite a few changes. As time move forwards, if this PR gets to the point where it has nothing but approvals, it will get merged.
16:10:00 <manu> q+
16:10:02 <brent> subtopic: https://github.com/w3c/controller-document/pull/120
16:10:19 <brent> ack manu
16:10:22 <DavidC> DavidC has joined #vcwg
16:10:28 <DavidC> present+
16:10:55 <KevinDean> Manu: Issue was raised by Microsoft four years ago, asking us to settle on one key format. Discussed internally, said no, that's not the way it's implemented in the field.
16:11:17 <KevinDean> ...While it would be nice for there to be one, there are multiple key formats in the world and often in one system.
16:11:25 <ivan> q+
16:11:45 <KevinDean> ...I think it's got positive reviews, I think I addressed David Chadwick's concerns.
16:12:39 <KevinDean> ...One question I have for the group is that we mention key formats that are more broadly distributed but not mentioned in the document. Should we add SHA public keys and others in the context as something that people can express but not write into the spec?
16:12:55 <brent> ack ivan
16:13:04 <DavidC> q+
16:13:14 <PL-ASU> PL-ASU has joined #vcwg
16:13:19 <KevinDean> Ivan: Apologies if this is already in the document. The argument on why we have two key formats in the document... Is there any trace of that in the document itself?
16:13:29 <manu> q+ to note that that is /this/ text -- why we do that.
16:13:33 <KevinDean> ...I want to see something in the document that explains why we do that.
16:13:41 <PL-ASU> present+
16:13:45 <brent> ack DavidC
16:14:01 <KevinDean> DavidC: I was coming at this with a blank sheet and historical knowledge, but not about discussions.
16:14:25 <KevinDean> ...Back in the 1990s playing with X.509, there were multiple key formats, which was a pain, hence my comment.
16:14:30 <brent> ack manu
16:14:30 <Zakim> manu, you wanted to note that that is /this/ text -- why we do that.
16:14:33 <KevinDean> ...I accept the group's decision.
16:14:46 <KevinDean> Manu: To Ivan, the text you're asking for is in the specification.
16:15:01 <ivan> +1
16:15:55 <KevinDean> ...To DavidC's point, I don't think we should get into this discussion. We should just merge this and move on. We starting 10 years ago with public key PEM was enough but as people came in and out and as development happened, these were the two key formats we could get people to like.
16:16:04 <KevinDean> ...These formats don't do much beyond what PEM does.
16:16:21 <KevinDean> ...I think we should have stuck with PEM but this is the direction the group has gone.
16:16:44 <KevinDean> ...I don't think it's worth reopening at this point, but we may do so in the future or add an extension.
16:17:00 <KevinDean> ...It's very weird that we don't allow the two widely distributed key formats.
16:17:11 <KevinDean> s/widely/most widely/
16:17:30 <brent> subtopic: https://github.com/w3c/controller-document/pull/121
16:17:57 <KevinDean> Brent: To address issue #150. PR has nothing but approvals with only a minor proposed change from TallTed.
16:18:18 <KevinDean> manu: Mike Jones felt we should simplify it and proposed some text.
16:18:42 <KevinDean> Brent: Very simple and straightforward, please review, will likely be merged in three days.
16:18:48 <brent> subtopic: https://github.com/w3c/controller-document/pull/122
16:19:08 <KevinDean> Brent: A couple more comments and a few fewer approvals than last one.
16:19:33 <KevinDean> manu: Another from Mike Jones, he felt like the description wasn't adequate. I have tried to apply some of his language to this to clarify the definition.
16:19:52 <KevinDean> Brent: Please review and if you have comments, we can discuss, otherwise onto the next one.
16:20:02 <brent> subtopic: https://github.com/w3c/controller-document/pull/123
16:20:25 <KevinDean> Brent: Nothing but approvals.
16:20:34 <KevinDean> ...I expect this to be merged soon.
16:20:56 <brent> subtopic: https://github.com/w3c/controller-document/pull/124
16:21:18 <KevinDean> ...Again, nothing but approvals.
16:21:20 <manu> q+
16:21:30 <brent> ack manu
16:22:01 <KevinDean> manu: This was another request from Mike Jones. The current controller document says that if you don't want your document to be processed in a JSON-LD environment, you don't need to include context.
16:22:14 <KevinDean> ...Organizations that want to verify against JSON-LD can inject context.
16:22:32 <KevinDean> ...Mike suggested removing context from all other examples but there was resistance.
16:22:43 <KevinDean> ...Leaves the question of where we include them or not in the spec.
16:23:07 <KevinDean> ...I would like to include @context in other examples. Right now, it's sporadic throughout the document.
16:23:28 <KevinDean> ...Except for the ones that explicitly state that it's possible to work without a context.
16:23:45 <KevinDean> ...There are also examples in the appendix that should be updated.
16:23:49 <brent> q+
16:23:56 <brent> ack brent
16:24:20 <KevinDean> Brent: I don't find the lack of consistency to be confusing.
16:24:44 <ivan> +1 to Brent
16:24:46 <KevinDean> ...Folks reading the entire spec will figure it out. My proposal is to do nothing, asking folks to consider that as a path forward.
16:25:02 <KevinDean> q+
16:25:13 <KevinDean> scribe-
16:25:15 <brent> ack KevinDean
16:25:16 <manu> scri+
16:25:18 <manu> scribe+
16:25:21 <manu> s/scri+//
16:25:47 <manu> KevinDean: The challenge with examples is that as you move through a specification, you are building up capabilities until by the end of the document you have a complete specification.
16:26:31 <manu> KevinDean: The natural flow for a specification for a feature in this section to be using features in prior sections. There are seldom forward references, having examples follow that pattern, making examples consistent -- you can rely on examples, is useful as a way of understanding the specification.
16:27:06 <manu> KevinDean: The absence of a context line in an example, when it's closely related to example in previous section, could be confusing for neophyte readers, left out because it is an example of how to do this without a context.
16:27:08 <manu> q+
16:27:23 <ivan> scribe+ KevinDean
16:27:43 <manu> scribe-
16:27:59 <KevinDean> scribe+
16:28:04 <brent> ack manu
16:28:06 <KevinDean> manu: +1 to what Kevin said.
16:28:36 <KevinDean> ...What we have in the spec right now are examples created by people who wanted JSON Web Key stuff.
16:28:43 <brent> q+
16:28:56 <KevinDean> ...We have examples with context, then without context, then with context. It can be confusing.
16:29:16 <dlongley> -1 as that would imply that JsonWebKey won't work with contexts which is not accurate
16:29:48 <KevinDean> ...I can put together a PR for it. The key here is that we provide examples that are what we believe best practice to be, which can launch another debate I don't want to get into.
16:30:00 <brent> ack brent
16:30:11 <KevinDean> ...Can we please get examples that are best practice that don't get into the JSON/JSON-LD debate.
16:30:35 <KevinDean> Brent: I don't think we can. Past discussions of best practices have gone long and not reached a resolution.
16:31:06 <KevinDean> ...Happy to see PR that structures examples aligned with how the specification develops. I would love to see someone restructure the document.
16:31:27 <KevinDean> ...I haven't encountered people who are confused by the spec. If there are folks who are, I would like to hear from them.
16:31:40 <KevinDean> ...Let's see PR to modify things if folks want to do that.
16:31:54 <KevinDean> ...As far as this PR goes, I'm not hearing anyone to say not to merge this one.
16:32:13 <KevinDean> ...Happy to take more comments, or move on to next PR.
16:32:31 <brent> subtopic: https://github.com/w3c/controller-document/pull/126
16:32:59 <KevinDean> ...This is a bigger PR than the others in terms of its scope, not size.
16:33:09 <KevinDean> ...There has been some discussion, but no approvals.
16:33:19 <manu> q+
16:33:26 <brent> ack manu
16:33:48 <KevinDean> manu: Two things. I want to also queue up an issue on the controller that came up on the DID special topic call after this.
16:34:14 <KevinDean> ...This has to do with the definition of controller. There is confusion around the controller of a document and controller of verification.
16:34:34 <KevinDean> ...It would have been a class 4 change, which would have prevented the DID WG from using this.
16:34:56 <KevinDean> ...Let's just use the definition of controller to say that you have control over a thing.
16:35:14 <ivan> q+
16:35:21 <brent> ack ivan
16:35:21 <JoeAndrieu> q+ to say aren't we are allowed class 4 changes to the controller document
16:35:27 <KevinDean> ...Copy verification method binding text over to here. Trying to find the right words to say that a  controller controls a thing, be it a controller document or a verification method.
16:35:47 <KevinDean> Ivan: There is a PR on the DID spec that proposes additions to the vocabulary.
16:35:54 <KevinDean> ...I think it's the only PR over there.
16:36:23 <KevinDean> ...There was another issue that came up in the discussion. If I have the URL for the verification method, how do I find where is the controller document for that verification method?
16:36:31 <dlongley> "controller" dereferences to controller document
16:36:34 <KevinDean> ...What we have right now in the specification is very much JSON dependent.
16:36:43 <KevinDean> ...Or VC dependent structure.
16:36:53 <DavidC> q+
16:37:02 <brent> ack JoeAndrieu
16:37:02 <Zakim> JoeAndrieu, you wanted to say aren't we are allowed class 4 changes to the controller document
16:37:02 <KevinDean> ...I'm fine merging this PR but the issue discussion should continue.
16:37:26 <ivan> q+
16:37:35 <KevinDean> JoeAndrieu: It may not be well documented, but I believe it's in the verification method itself, it's the URL you dereference to get the controller document.
16:38:10 <KevinDean> ...I want to support Manu's point that it's too big of a lift at this point. We don't mean that the controller can update the verification method, we do mean it for the document.
16:38:10 <brent> ack DavidC
16:38:40 <JoeAndrieu> q+ to make my previous point
16:38:43 <KevinDean> DavidC: I don't like the definition as it stands. I have proposed a change that makes the definition of controller symmetrical, that has the same meaning as to what it applies to.
16:38:54 <manu> q+
16:38:58 <KevinDean> ...It's the same thing on two different objects that have a controller property.
16:38:58 <brent> ack ivan
16:39:03 <manu> q+ to comment on "the same thing"
16:39:10 <KevinDean> Ivan: Here is an example where the confusion comes.
16:39:41 <dlongley> -1 to what Ivan is saying ...
16:39:43 <JoeAndrieu> q+ to disagree. ;)
16:39:55 <dlongley> controller does refer to the controller document that defines the VM.
16:39:55 <KevinDean> ...My understanding, Joe, is that the controller property in the verification method refers to a person, you or me, that has the ability to change to whatever is there. It does not refer to the controller document that refers to the verification method.
16:40:02 <KevinDean> ...We have to document that properly.
16:40:04 <brent> ack JoeAndrieu
16:40:04 <Zakim> JoeAndrieu, you wanted to make my previous point and to disagree. ;)
16:40:41 <KevinDean> JoeAndrieu: The previous response I wanted to make was a modest one. The class 4 restrictions are on the DID spec, not on the controller document spec.
16:40:52 <KevinDean> Ivan: It's an unusual situation, but I see Manu's point.
16:40:59 <brent> q?
16:41:10 <brent> ack manu
16:41:11 <Zakim> manu, you wanted to comment on "the same thing"
16:41:35 <dlongley> q+ to say that the controller on a VM does refer to the controller document that defines the VM
16:41:58 <KevinDean> manu: On the class 4 changes, it is possible for us to make a pretty drastic change to the controller document, but then there's a discussion around if DID Core is dependent on the controller document, is it a class 4 change for DID Core?
16:42:23 <KevinDean> ...Some would argue that it is. Changing something that drastic at this point in time, even if it's the right thing to do, would cause ecosystem problems.
16:42:25 <JoeAndrieu> q+ to say I don't believe the identifier in the controller property defines a subject, but rather it specifies the identifier which is in control
16:42:41 <KevinDean> ...To go back to DavidC, I think we open a can of worms if we do it.
16:42:57 <KevinDean> ...I think the way that "controller" is used right now, is fairly hand-wavy, high-level way.
16:43:15 <KevinDean> ...It can mean multiple different things. The concern about ambiguity is valid. We could have used more specific terms.
16:43:30 <KevinDean> ...We don't want to change it at the property level right now as it's a class 4 change.
16:43:50 <KevinDean> ...It is possible to interpret "controller" in the way that you're interpreting it. There are other interpretations as well.
16:44:19 <KevinDean> ...We should be specific. When talking about a controller of a controller document, we're talking about an entity that can change it.
16:44:42 <DavidC> q+
16:44:53 <ivan> q+
16:44:56 <KevinDean> ...When talking about a controller of a verification method, we're talking about an entity that change update a value in certain case and that they have access to private key material to generate a signature.
16:44:57 <dlongley> q+ to also say you never know who is holding the private key or can use it, you just know that that VM can be used "on behalf of whatever entity the ID refers to"
16:45:06 <KevinDean> ...I don't think we have to make them consistent.
16:45:17 <KevinDean> ...They mean slightly different things in slightly different contexts.
16:45:26 <brent> ack dlongley
16:45:26 <Zakim> dlongley, you wanted to say that the controller on a VM does refer to the controller document that defines the VM and to also say you never know who is holding the private key or
16:45:29 <Zakim> ... can use it, you just know that that VM can be used "on behalf of whatever entity the ID refers to"
16:45:59 <KevinDean> dlongley: My first response is to Ivan. I want to say that the controller on a verification method does refer to a controller document that defines who controls the verification method.
16:46:13 <KevinDean> ...Second, you can't know definitively who the controller is.
16:46:25 <brent> ack JoeAndrieu
16:46:25 <Zakim> JoeAndrieu, you wanted to say I don't believe the identifier in the controller property defines a subject, but rather it specifies the identifier which is in control
16:46:28 <KevinDean> ...You can follow the controller to determine if you can use the verification method.
16:46:33 <manu> q+ to move on to issue 127.
16:46:43 <KevinDean> JoeAndrieu: +1 to Dave's comment.
16:46:49 <DavidC> +1 dlongley
16:46:57 <manu> +1 to JoeAndrieu
16:46:58 <brent> ack DavidC
16:47:18 <KevinDean> ...In this case, we're saying "Go get this controller document so you can determine the validity of the verification method."
16:47:49 <KevinDean> DavidC: We are offering the contents of the associated resource.
16:47:52 <dlongley> +1 i actually do agree with what DavidC just said
16:48:02 <KevinDean> ...My change is trying to say that we're saying the same thing about each.
16:48:06 <brent> ack ivan
16:48:34 <KevinDean> Ivan: I look at the controller document itself and it defines the controller for a verification method. It doesn't say anything about the controller property.
16:48:44 <JoeAndrieu> that's the new PR
16:49:01 <dlongley> +1 agree that it needs to be said explicitly
16:49:02 <KevinDean> ...I haven't found anywhere in the document that specifies that the controller property of the verification method refers to the controller document.
16:49:06 <JoeAndrieu> +1 to doing better and being explicit
16:49:24 <JoeAndrieu> (because only part of it is in the new PR)
16:49:32 <KevinDean> ...It's a very different kind of definition. I was one of those that raised the possibility of separating those two terms. I accept that it's too late to do that.
16:49:36 <manu> yes, +1 to that ^
16:49:50 <KevinDean> ...At least the semantic definition should be clear, and it's not.
16:50:01 <manu> I can try to update the PRs to do what Ivan is asking for, and review what David has written (as long as others agree w/ that update)
16:50:15 <KevinDean> Brent: We agree that we can't make clarifications or normative changes that affect the downstream DID document.
16:50:33 <brent> ack manu
16:50:33 <Zakim> manu, you wanted to move on to issue 127.
16:50:36 <KevinDean> ...The feeling I'm getting is that we're closer than not to language that is satisfactory. Last word to Manu.
16:50:52 <KevinDean> manu: Ivan is right, the spec doesn't have that language.
16:51:07 <ivan> thx
16:51:24 <KevinDean> ...I don't have a strong opinion as long as others can agree on whatever the revised text it.
16:51:37 <brent> subtopic: https://github.com/w3c/controller-document/issues/127
16:51:44 <manu> q+
16:52:06 <brent> ack manu
16:52:06 <KevinDean> Brent: I do not see any conflicts with media type application/controller.
16:52:07 <ivan> q+
16:52:16 <DavidC> q+
16:52:36 <JoeAndrieu> q+
16:52:36 <KevinDean> manu: This is just a request to the group. What do you think about application/controller? I can raise a PR with IANA to register it.
16:52:40 <brent> ack ivan
16:52:53 <KevinDean> Ivan: I have no problem with application/controller. I don't really understand how these things work.
16:53:05 <manu> q+ the DID Document will define its own media type (because it has extra features) :)
16:53:09 <manu> q+ to note the DID Document will define its own media type (because it has extra features) :)
16:53:19 <KevinDean> ...The DID document is essentially a controller document. We define it as application/did.
16:53:28 <brent> ack DavidC
16:53:58 <KevinDean> DavidC: I made a comment on another issue. Manu said that there was no clear consensus on changing the name, I pointed out that there was on the last meeting.
16:54:30 <KevinDean> Brent: It was my call, as chair, that while there was consensus that we didn't like controller document, there was no consensus on an alternative.
16:54:46 <brent> ack JoeAndrieu
16:55:13 <KevinDean> JoeAndrieu: I agree with DavidC. I do have a sustained objection to an incorrect call about consensus and I will be filing a formal objection.
16:55:34 <KevinDean> Brent: It sounds like we're reopening the renaming conversation.
16:55:36 <TallTed> q+
16:55:41 <brent> ack manu
16:55:41 <Zakim> manu, you wanted to note the DID Document will define its own media type (because it has extra features) :)
16:55:49 <DavidC> +1 JoeAndrieu
16:55:51 <KevinDean> JoeAndrieu: Not one person voted against renaming to Identifier Document.
16:56:16 <JoeAndrieu> +1 to getting the PR proposed
16:56:29 <KevinDean> Manu: I'm going to raise a PR, put application/controller in it. People can comment and we can change to application/identifier or something else in the PR.
16:56:30 <TallTed> q-
16:56:37 <brent> Proposal: rename the Controller document to Identifier document
16:57:02 <DavidC> I also said that application/identifier would be more appropriate than application/controller and it would better align with application/did
16:57:15 <KevinDean> Brent: I don't care.
16:57:17 <decentralgabe> +0
16:57:20 <brent> +0
16:57:21 <KevinDean> JoeAndrieu: Apparently you do.
16:57:28 <KevinDean> Brent: Show me the consensus.
16:57:29 <DavidC> Look at the minutes of the last meeting and the voting
16:57:55 <TallTed> q+
16:57:56 <KevinDean> JoeAndrieu: I don't think this is a valid proposal. This is my objection to you as chair, you shut down conversation.
16:58:26 <KevinDean> Brent: I'm allowed to say I don't want to talk about something. Yet, we have. On the calls, on the issues, in the PRs. I have not seen any suggestion made that had universal agreement.
16:58:59 <KevinDean> ...I said we shouldn't discuss it any further because we can't come to agreement. I am doing so in my duty as chair to say that we don't have consensus and we have to move on.
16:59:11 <KevinDean> ...Making a resolution today doesn't shut anything down.
16:59:20 <KevinDean> ...There's a proposal on the table to change the name.
16:59:32 <DavidC> Brent look at the voting from last week
16:59:35 <KevinDean> ...If I didn't see the consensus before, show it to me now.
16:59:42 <manu> +0 (due to something Longley said last week that was of concern to me -- would like to discuss why "Identifier Document" isn't the right word)
16:59:44 <KevinDean> ...The proposal is on the table.
16:59:51 <dlongley> +0 (will not block) would prefer Controlled/Controllable in there because Identifier Document is lacking to me
16:59:51 <JoeAndrieu> +1
16:59:55 <DavidC> +1
16:59:56 <brent> ack TallTed
16:59:56 <KevinDean> ...I see three zeros. I don't see any plus ones.
17:00:09 <KevinDean> TallTed: We're at time. We'll be past it if we go further.
17:00:28 <PL-ASU> As I understand Manu's suggestion the discussion about this was to take place in the PR
17:00:46 <JoeAndrieu> Let the record show that no one objected
17:00:47 <KevinDean> Brent: I see four zeros and two plus ones. We'll come back after Thanksgiving and set an entire meeting to this topic if that's what's necessary.
17:01:03 <KevinDean> ...Tell me what you want and I'll make it happen.
17:01:16 <KevinDean> JoeAndrieu: There is no objection to this poll.
17:01:39 <manu> manu has joined #vcwg
17:01:43 <ivan> rrsagent, draft minutes
17:01:44 <RRSAgent> I have made the request to generate https://www.w3.org/2024/11/20-vcwg-minutes.html ivan
17:02:35 <ivan> rrsagent, bye
17:02:35 <RRSAgent> I see no action items