14:56:57 RRSAgent has joined #did 14:57:01 logging to https://www.w3.org/2025/07/17-did-irc 14:57:03 rrsagent, draft minutes 14:57:04 I have made the request to generate https://www.w3.org/2025/07/17-did-minutes.html Wip 14:57:11 rrsagent, make logs public 14:57:20 Meeting: Decentralized Identifier Working Group 14:57:24 Chair: Wip 14:57:30 Agenda: https://lists.w3.org/Archives/Public/public-did-wg/2025Jul/0006.html 14:57:36 present+ 14:57:44 present+ 14:58:47 previous meeting: https://www.w3.org/2025/07/10-did-minutes.html 14:58:47 next meeting: https://www.w3.org/2025/07/24-did-minutes.html 14:59:46 present+ 15:00:00 markus_sabadello has joined #did 15:00:05 present+ 15:00:27 JoeAndrieu has joined #did 15:02:37 scribe+ 15:02:49 present+ 15:03:37 present+ 15:04:19 Topic: Agenda Review 15:05:04 Wip: We will discuss a few topics today including ISO WG Liason, DID Resolution issues among others... 15:05:09 I have made the request to generate https://www.w3.org/2025/07/17-did-minutes.html TallTed 15:05:16 Topic: ISO/TC 307/JWG 4 Liason 15:06:22 pchampin: Yes to update everyone. I met with Julien Bringer in Geneva. We are figuring out if we have type C or type A liasion..... 15:06:47 pchampin: Type C is for WG only, type A is for comittee level liason.... 15:07:17 pchampin: We need to decide makes the most sense for W3C. Julien will circle back with me with his feedback on this. 15:07:30 KevinDean has joined #did 15:07:33 present+ 15:07:43 Wip: I know that Kevin Dean is intending in participating in this group.... 15:08:33 Kevin Dean: Yes, the focus of the ISO TC 307 is focused on Blockchain and DLT. The work item that is of interest is the security, privacy, and identity item.... 15:09:12 smccown has joined #did 15:09:31 KevinDean: There is no indication of any future work on that... 15:10:38 KevinDean: the other area of interest is "Smart Contracts and their application"... There has been a preliminary report issued on that item. 15:11:21 KevinDean: This group is set to reconvene on November in Australia. There has not been much recent activity on the group. 15:11:26 q+ to mention GDC 15:11:39 ack JoeAndrieu 15:11:39 JoeAndrieu, you wanted to mention GDC 15:12:11 q+ 15:12:13 JoeAndrieu: One of the sessions at GDC was run by this group, they were discussion on organizational identity on blockchain... 15:12:15 ack KevinDean 15:12:46 q+ 15:12:50 ack pchampin 15:13:45 Wip: Perhaps we should have Pierre reach out to Julien Bringer so he can briefly present us more details about this ISO TC 307 effort... 15:13:46 q+ 15:14:07 ack KevinDean 15:14:35 pchampin: The main liason we were aiming to link with was WG 4, related to identity 15:14:52 Topic: DID Test Suite Special Topic - 23rd July 15:15:05 https://github.com/w3c/did-resolution/issues/92 15:15:42 Wip: We will hold this special topic call focused on test suite, I have run the Digital Bazaar script to extract all the MUST statements from the spec... 15:16:07 q? 15:16:09 Wip: We will discuss what a test might look like.. if you are interested in this work please join the wg call next week 15:16:16 Topic: HTTP Post Binding for DID Resolution 15:16:25 https://github.com/w3c/did-resolution/issues/161 15:16:39 JennieM has joined #did 15:16:45 present+ 15:17:26 markus_sabadello: if a client calls a resolver over https right now this is done using GET, however the issue poster would like to also allow this to be done with PUT... 15:18:12 s/PUT/POST/ 15:18:34 markus_sabadello: There is a potential issue when resolution option parameters are too many this may cause issues with using GET... 15:19:07 q+ 15:19:25 ack Wip 15:19:36 markus_sabadello: These issues have to do with HTTPS binding... so the question is do we want replace the GET approach or allow both GET and POST 15:19:54 q+ 15:19:59 Wip: What are the good arguments to keep using GET? 15:20:01 ack markus_sabadello 15:20:36 markus_sabadello: GET is simpler and it works directly in the browser... Also there are some caching semantics that work better with GET than POST... 15:20:51 FWIW, The ISO blockahin discussion at GDC was about ISO 23042 (Reference architecture for blockchain-based decentralized identity systems) 15:20:51 From https://globaldigitalcollaboration.org/agenda?day=2025-07-02 15:20:51 --- 15:20:51 Security and Interoperability Standardization for Wallets 15:20:52 One-hour workshop at GDC 2025 uniting BGIN and ISO experts to present ISO 23042 (Reference architecture for blockchain-based decentralized identity systems) under development and forthcoming wallet-security related standards, showcase BGIN cybersecurity streams, and engage regulators, vendors, and researchers on implementing and managing secure, 15:20:52 interoperable digital wallets. 15:20:52 Speakers 15:20:52 Wip: I think then perhaps we should keep both of them 15:20:53 Julien Bringer (ISO/TC 307/JWG 4, BGIN) Mitchell Traves (BGIN) Carole House (BGIN) Paolo Campegiani (ISO 23042) Shin'ichiro Matsuo (Moderator) 15:20:53 --- 15:20:59 bengo has joined #did 15:21:03 q+ 15:21:04 q+ 15:21:09 ack markus_sabadello 15:21:33 markus_sabadello: I am interested to hear other opinions but I think we should indeed keep both.... 15:22:00 brent has joined #did 15:22:00 q+ 15:22:04 ack pchampin 15:22:19 https://httpwg.org/http-extensions/draft-ietf-httpbis-safe-method-w-body.html 15:22:20 markus_sabadello: perhaps GET can be used when you have fewer resolution options and use POST when want to have access to all functionality and not be restricted 15:22:50 Oh yes I have been planning to use QUERY for wallet.storage 15:22:51 pchampin: there is also some work on IETF that allows you to add payloads to a query... 15:23:05 pchampin: this could be interesting here 15:23:07 ack JoeAndrieu 15:24:17 JoeAndrieu: I am not in favor of keeping both because it could harm interoperability. However would like to ask about http and https? 15:24:25 q+ 15:24:40 q+ 15:24:45 ack pchampin 15:25:18 JoeAndrieu: The 4000 character limit is just a platform limitation, I would like to see more examples of GET actually breaking and not being sufficient... 15:25:47 ack markus_sabadello# 15:25:47 pchampin: I have seen some examples with SPARQL, but this is not a big issue really 15:26:00 q+ to talk about interoperability *of intermediate caching proxies* which is imho where GET/POST is not enough but is critical to scalability which is not something SPARQL endpoints are known for. 15:26:35 markus_sabadello: Yes in SPARQL, both are allowed however Joe might be right that the character limit is not a good argument 15:27:09 markus_sabadello: There could still be ways that we can do resolution without using POST 15:27:47 markus_sabadello: The DID resolution could also be encoded as JSON in the QUERY string 15:27:55 ack bengo 15:27:55 bengo, you wanted to talk about interoperability *of intermediate caching proxies* which is imho where GET/POST is not enough but is critical to scalability which is not something 15:27:58 ... SPARQL endpoints are known for. 15:28:52 bengo: Yes Cloudflare is one of the Authors in that QUERY ietf draft 15:29:25 bengo: You could also use the content-type header.... 15:29:31 ack markus_sabadello 15:29:57 Topic: DID Resolution PR Processing 15:30:10 subtopic: https://github.com/w3c/did-resolution/pull/157 15:30:36 Wip: This one has been open for a month... 15:32:29 q+ 15:32:50 smccown: Depending on how DID methods are implemented they can be somewhat centralized... I was talking to Stephen Curran that may not always be the case with did:webvh... You can still host your did-docs in a variety of locations... This also applies to did:keri because of the way they structured the infra.... This could be interesting to discuss and analyze.... 15:32:55 ack Wip 15:33:39 Wip: Yes I think you are then agreeing with the PR and we could discuss this other item in a separate issue... 15:33:50 q? 15:33:52 +1 to merge 15:33:56 subtopic: https://github.com/w3c/did-resolution/pull/164 15:34:01 q+ 15:34:07 ack markus_sabadello 15:34:28 markus_sabadello: yes this came out of a discussion of another issue related to the created metadata... 15:35:07 markus_sabadello: I realized that the metadata items needed to re-organized.... 15:35:22 markus_sabadello: They are mainly editorial and re-organization changes... 15:35:29 q? 15:35:35 subtopic: https://github.com/w3c/did-resolution/pull/165 15:35:48 Add OpenAPI definition as an informative resource.  15:36:23 markus_sabadello: Yes this PR indicates that the Open API reference is informative.... 15:36:49 q? 15:36:52 Wip: Yes please review folks 15:36:54 subtopic: https://github.com/w3c/did-resolution/pull/167 15:38:04 markus_sabadello: Yes it a simple one. We discuss that https binding can also be local... 15:38:16 Topic: DID Resolution Issue Processing 15:38:18 https://github.com/w3c/did-resolution/issues?q=is%3Aissue%20state%3Aopen%20sort%3Aupdated-asc 15:38:34 subtopic: https://github.com/w3c/did-resolution/issues/13 15:38:46 Validate signatures/proofs of DID Document #13 15:39:40 I have made the request to generate https://www.w3.org/2025/07/17-did-minutes.html TallTed 15:40:15 markus_sabadello: This is related to trust in the resolution process and architectures.... I am planning to address this with an upcoming PR... 15:40:18 q+ isn't it the resolver result that should be signed? VDR proofs might be in metadata 15:40:25 q+ to ask isn't it the resolver result that should be signed? VDR proofs might be in metadata 15:40:39 Wip: Could you please link this to ther other issues that it is related to? 15:40:52 ack JoeAndrieu 15:40:52 JoeAndrieu, you wanted to ask isn't it the resolver result that should be signed? VDR proofs might be in metadata 15:41:11 JoeAndrieu: I think proofs are not ended documents.... 15:41:13 q+ to ask markus: why would this be in did-resolution vs a did method or trait specification? 15:41:34 q+ to ask: are did documents non conformant if they have properties other than what is in DID-Core spec? 15:41:36 JoeAndrieu: This seems to be looking for a proof where there isn't one... 15:41:57 ack bengo 15:41:57 bengo, you wanted to ask markus: why would this be in did-resolution vs a did method or trait specification? and to ask: are did documents non conformant if they have properties 15:42:00 ... other than what is in DID-Core spec? 15:42:13 q+ 15:42:28 Wip: No... 15:42:49 ack markus_sabadello 15:42:53 bengo: Why does this need to be did-resolution instead of did-traits? 15:43:42 q+ to mention non-standardized properties are ok, just not standardized 15:43:46 markus_sabadello: Yes the did-document is extensible. Also like Joe said proofs can be added by the resolver.... 15:44:11 markus_sabadello: In the did-core spec we have a note about signature of did documents... 15:44:28 q+ 15:44:49 ack JoeAndrieu 15:44:49 JoeAndrieu, you wanted to mention non-standardized properties are ok, just not standardized 15:44:52 markus_sabadello: So perhaps yes related to did-core, but still there is some relationship with did-resolution architecture... 15:45:13 ack Wip 15:45:29 q+ 15:45:29 It does seem like some value a resolver could add is, optionally, detect proofs in did doc or resolution result and be like: "some proofs were detected the resolver thinks it knows how to verify them and it tried and was not able to verify the proof" 15:45:55 Wip: Yes I no there are not standardized properties, we should speak informatively to some of these properties.... 15:46:25 I have made the request to generate https://www.w3.org/2025/07/17-did-minutes.html TallTed 15:46:31 ack KevinDean 15:46:46 Wip: We cannot be prescriptive of what did-methods should do... but we still have some informative guidance... 15:47:00 q? 15:47:12 subtopic: https://github.com/w3c/did-resolution/issues/131 15:47:23 Add examples to illustrate different DID Resolution Architectures #131 15:47:50 q+ to take that on 15:48:03 Wip: Would someone be interested in taking this one on? 15:48:12 ack JoeAndrieu 15:48:12 JoeAndrieu, you wanted to take that on 15:49:02 JoeAndrieu: I am happy to take this one. But would like to have some collaborators... 15:49:34 Wip: Yes this could be interesting, and also have some conversations around resolvers... 15:49:40 https://github.com/w3c/did-resolution/issues/132 15:49:52 Complete threat modelling analysis for different DID Resolution architectures #132 15:50:10 q+ 15:50:14 ack JoeAndrieu 15:50:19 Wip: Where should the threat modelling analysis live? 15:51:14 JoeAndrieu: The security group is looking to get all W3C specs to have a threat model analysis.... This could still be a separate document depending on how long it is... 15:51:20 q? 15:51:27 subtopic: https://github.com/w3c/did-resolution/issues/149 15:51:37 Add Security Consideration about turning caching off #149 15:52:11 q? 15:52:54 Wip: Perhaps Ben you can take a shot at this? 15:53:28 bengo: If it just adding a security consideration then I can take this on... 15:53:54 Topic: Next week 15:53:55 RRSAgent, make minutes 15:53:56 I have made the request to generate https://www.w3.org/2025/07/17-did-minutes.html pchampin 15:55:57 ottomorac has left #did 18:02:49 Zakim has left #did