Meeting minutes
<KevinDean> https://
<KevinDean> Scribe instructions: https://
Wip: explains how to scribe. try to capture what is being said.
… you can use ellipses to indicated continuation
… Anytime if you need to interupt to slow down, that's fine
… If you just put a couple ??? other people can often fix what you miss
… Let's get started
… Agenda: chair announcement, then core, then resolution issues
… Anyone for introductions?
Chair Update
Wip: Ok. Into the first topic.
… Gabe, unfortunately has to step down. I want to thank him for his effort. He's been great to work with. He'll be missed.
… We are looking for another chair. Might take a few weeks.
… I wanted to take time for questions and concerns.
… I'm confident I can keep things moving. Dan is helping as back up, but hopefully we can get a new chair in quickly.
… Ok. Next.
DID Core
<Wip> https://
Wip: Manu reports its in good shape.
… We went over all the PRs next week.
… If anyone has a specific topic, I'm tempted to skip and spend the rest of the time on did resolution.
… Normally I give Manu 5 min to update and he's not here.
<markus_sabadello> w3c/
markus_sabadello: I agree. We'd need Manu to talk about some of these in detail, but he'd probably want to mention PR 877
… which adds the reference to the controlled identifier specification
… so that instead of defining our own, we are using that as our base.
… I've started reviewing it, but will need more time.
… Others are encouraged to take a look and review it.
wip: the other three open PRs were raised by me, they are all minor.
DID Resolution
wip: Markus do you want to start us with the two open PRs
<markus_sabadello> w3c/
markus_sabadello: sounds good. I merged a couple since last week, mostly related to dereferencing
<markus_sabadello> w3c/
markus_sabadello: I think that one is good, but more reviews would be better
… 108 adds additional considerations to https binding
… #108 for some reason hasn't yet passed validation. Some html mistake I think
… Open for reviews. If you are interested or have thoughts on https binding.
<Wip> https://
So we are going to go over 4 issues labeled discuss.
w3c/did-resolution#93
wip: I'm going to go through these in order starting with Issue 93
… Issue 93 - should we be making https binding necessary
markus_sabadello: interesting question, came up in comment earlier in working group related to different issue
… to explain, https binding how client can invoke function over http endpoint
… don't always need it, when you resolve did, no need to ?? can be done locally
… therefore this question came up who would have to implement it, something every DID method would have to provide or something a resolver would have to support as a client to talk to ? resolver, what this topic is about. any thoughts?
Wip: I think to me, I know Joe cares about this, if everyobody is exposing http url way to have interoperability
<Zakim> JoeAndrieu, you wanted to say I think its methods, not the resolver that has the requirement
Wip: challenge when I'm devoting resolvers locally that don't have to be ??
JoeAndrieu: I do think the best route for an ecosystem is for every method to have at least one http resolver so that if you run into such a DID there is a way your software already has the interfaces if there is already a resolver. don't think we need every one to have a binding, but there must be one that has that binding.
markus_sabadello: agree with Joe that this is a conversation that happens around interoperability, if you have the https biding you do increase interop
. . . where this feels strange is did: key and did:? Very weird to call a remote https endpoint to resolve did:key, who would host and be in charge of deploying a resolver
Wip: I think it sounds like a good requirement to ask DID methods to maintain https, not sure where it should go. DID: Core Spec? DID: Resolver?
pchampin: point to Markus about did:key, think it would make sense to include a https endpoint, if you don't know the DID method you can rely on ? but you can generate the did document from the DID itself. Not absolutely stupid in my opinion to have this service but suboptimal
<Zakim> JoeAndrieu, you wanted to say software not service
. . . not sure if we made it a requirement to have an http endpoint, but kind of thing that should be available in DID Method Registry / List, maybe criteria in Rubric, is it usable in one or several?
JoeAndrieu: interesting disconnect in the way we're talking about this. I would be very opposed to this, could have a local, didn't realize that if you had to do https locally, that would be annoying. If you had to do did:key, not so much that someone would run a resolver for did:key, but a piece of software, note app or apache app
Wip: next steps to move this from discuss to action
<Zakim> JoeAndrieu, you wanted to say I don't think a URL for a resolver is the right solution. this, IMO, is a DID method requirement, hence part of did core
markus_sabadello: not something that would be part of Method Spec. Think what Joe said was also interesting. Add to Extension Registry where ? Link in Registry to public resolver
JoeAndrieu: very opposed to putting live URLs in registry to use for a resolver. Methods themselves, if we want this form of inter, goes into DID:Core - any DID method that wants to be conformant should have one resolver that you can access of HTTP
<Wip> https://
Wip: would also feel uncomfortable putting it in Registry, would think it should go into did-core. But, can we make that change as a group?
markus_sabadello: so requirement would be there has to be one piece of software or one implementation
<Zakim> bigbluehat, you wanted to ask if we are talking about referencing HTTP software then? or some sort of protocol mapping?
Wip: i was thinking more did methods SHOULD
bigbluehat: I just want to clarify what we're talking about. When Joe talks about it t sounds like a piece of software, open source did protocol wrapper, which ? easy route would be for me to get that software and communicate over http, never implement more of the value of the DID method. If implementation is one for each method, raises questions
… about who is maintaining, proprietary did methods, how does this work?
… or are we saying with your did method, provide some protocol mapping, here is how it should map into your did method, work you would have to do if you want to stay at http layer. maybe I've missed the driver behind this, apologize if this seems out of synch
Wip: first I will say is I want to move on from the discussion, didn't get to Actions, but appreciate if people can add their next steps to Issue. Could this be a pathway to interoperability to resolve it without having to implement ? kind of a fallback. Unless any final comments, would like to move on
<pchampin> +1 to consider those as fallbacks
w3c/did-resolution#102
proofs of inclusion at a particular state in time
… If a resolve executes resolution for a particular time, to include some sort of proof that the did document is legit and accurate
… There's two parts: 1. we should allow that people can provide these proofs. There is an extensible mechanism for that. The did document metadata.
… 2. but not all did methods have that available
… What next steps?
markus_sabadello: this has to do with questions around trust in the resolution process, and the client being able to verify something about the process.
… some are doing this already. did:indy returns state proofs.
… did:webvh also returns some proofs about the did document
… I think it would be out of scope to standardize the format or data model, since those could be very different depending on the DID method, but we may be able to assign a property in the did document meta data where this is reported.
wip: I agree. Next step could be to define a property that is just a placeholder. If you're going to do it, put it here. If you're a resolver, you can check it if it exists.
… Also, maybe we could clarify about running resolution infrastructure locally. The best way to have confidence is to run your own resolver.
wip: anyone opposed to that?
markus_sabadello: I will add there are some other open issues about other types of proofs related to DIDs and DID documents
… There could also be proofs in a DID Document about links / bindings between DIDs and other types of identifiers.
… How to verify a link between a DID and a domain name, which could also provide proofs either in the DID Doc or metadata.
… In this issue we are talking specifically of proofs of the DID method itself, to verify the DID doc is the correct doc for the DID
joeandrieu: do we have a parameter for toggling these extra proofs?
markus_sabadello: we have the did resolution function, which is abstract, returns three documents
… on that level, we don't have a resolution option or parameter that controls whether or not metadata is returned,
… but we do have it in the https binding (see the open PR). there's a content negotiation to request from a remote http endpoint, either just the DID Doc or DID DOc with metadata.
<markus_sabadello> s/context negotiation/content negotiation/
wip: maybe there's a new property. I'll create an issue in the resolution repo so we can discuss it.
w3c/did-resolution#8
wip: next is discovery of DIDs from other identifiers
markus_sabadello: some of this exists already.
… ietf has a draft for DIDs from domain name.
… how much might we want to say about that in DID resolution
<Zakim> JoeAndrieu, you wanted to say seems wildly out of scope, but I could see a how to prove a DID reference
JoeAndrieu: This feels out of scope. How you get to a DID from the outside world
… Maybe we should say something about if a DID is refered to somewhere there is a proof mechanism about how you can verify the control of a DID
… You could sign a statement to say this DID is related to that domain name
… this could be a legitimate way to verify proof of control
markus_sabadello: I wonder if those are two different things. One is discovering a DID, which is maybe simple and out of scope. The second might be making that verifiable.
… so that might be a way to prove bidirectional control
… lot of work in that area. Might be worth talking about in our specs.
… This could also involve existing properties like alsoKnownAs
… so two topics might help us resolve the issue
wip: proof of control that some identifier is part of another. doesn't seem like resolution
joeandrieu: not sure its resolution either
wip: so maybe we could raise an issue in DID core
w3c/did-resolution#5
wip: Next discussion is about deactivation.
wip: Ankur has a nice proposal.
markus_sabadello: this is about being able to tell if a DID is deactivated or was never created
… the current spec says that no did document is return and metadata stays deactivated = true
markus_sabadello: this was once considered an error, but it's really a metadata factor
wip: I like your proposal, markus_sabadello
… ankur wanted to still return the DID document
… but that could be confusing, so maybe have a flag to include the did document even if it is deactivated
<Zakim> JoeAndrieu, you wanted to ask about https binding without metadata
JoeAndrieu: If its deactivated, is there a legitimate DID document if it is not bounded in time
… I dont think there should be a DID document coming back
… I had a separate question to do with HTTPS binding. If I use a binding to just get a DID document, do I get the metadata that says deactivated
markus_sabadello: yes, has been proposed that a did resolution option could override behavior, even if deactivated
… and about https binding does talk about that. If you request only the DID document without metadata, you don't get the did document.
… in the https binding, we also have a bunch of error codes. If the did is deactivated with an http code 410, which is also something that could be discussed.
… because in http that is an "error" but for us it isn't (the server could be operating correctly)
smccown: when we are using the term deactivated, does that encompass the idea of deleting
wip: I think that is a difference in DID methods, you can remove the fact that the DID ever existed.
… with did:web f you take down that server, you can't tell.
… I don't know what we do with it.
markus_sabadello: a lot of early methods were based on ledgers, so it's unfeasible to delete
… but steve is correct, some did web methods like did:web you can delete and can't detect it.
<markus_sabadello> Note that update and deactivate are optional for DID methods to support.
joeandrieu: unfortunately, the difference between deactivate and and never existing is a conformance requirement, so methods that cannot distinguish between these two are, in fact, non-comformant
wip: so the question is do we need any changes
<smccown> The did methods's return value could have both a "deactivated" (and return the did doc) or it could also have a "did not found"
wip: thanks all