Meeting minutes
ottomorac: We have an agenda today (listed in the meeting invite)
pchampin: Just a brief announcement - very sad to note that Gregg Kellogg has passed away. He was known to many in this group, a great loss. He contributed to a lot of work at W3C, and a lot of work that this WG is built upon.
TPAC Preparation
Wip: TPAC is coming up in two months and we have a single day scheduled, Tuesday the 11th. We need to figure out the agenda for that day. Call to the group, similar spreadsheet that we used in LA, just need to decide, what to talk about -- intros to DIDs and DID Resolution to those dropping by -- also interested in topics from folks.
Wip: Need help from group to take on topics. Content to steer group. Manu hopes that we have most technical aspects complete -- how do we get those over the line? Open floor to those coming to TPAC.
manu: We can usually on the Agenda we have a page to track TPAC attendance, we should be ok as long as we have 8 people min....
… it would be good do an intro to DIDs and DID Resolution (30 min each). And then fill up the time with issue processing...
… get commitment on what we can get resolved. We could also make time for Horizontal Review in person, particularly for DID Resolution. I will volunteer to intro to DIDs.
Wip: Like setting aside time for horizontal reviews.
<Wip> https://
pchampin: Related to W3C TPAC -- call for demos and videos on TPAC website -- sent to all WGs -- sent to Chairs. Idea is that if you have any idea of demos/video on what we have/do, can be promoted there.
pchampin: proposals by end of September, video by end of October.
Wip: Do we have energy to take this on? Would be useful to do it -- 2 minute video to walk through our work -- anyone keen to do that work?
No takers yet
DID Core Updates
We have a clean issues queue for the DID spec: https://
Manu: first update is we have a mostly clean issues queue, I also moved Joes last issue and moved it to the CID repo... this means we have 0 issues in DID Core and we might go for Candidate Rec
manu: I could do this in time for TPAC...
… if we are doing this then it is a good idea to have a test suite ready as well.
Here is the PR for the test suite: w3c/
manu: The theory was that we should be able to use the 1.0 test suite since there is backwards compatibility with 1.1. I re-wrote some of the tests and duplicated the tests so that they use the 1.1 context....
… so far this seems to have worked. Just need to finish the JSON-LD processing aspect.
manu: This is good news, and means we could go for Candidate Rec. So need to figure out if the WG is in agreement to do this.
Wip: That sounds good, what are the steps -- we need to pass a resolution at some point. Today? Or should we get minutae together first?
ivan: Don't we have to go through HR before we go to CR?
manu: Yes that is a good question, we can also say that we asked for the Horizontal Review and has been partially progressed....
ivan: yes that should be fine
manu: I think the next step would be is if we agree, then the editors need to prepare candidate rec version and then we can then a formal wg resolution
pchampin: I didn't realize we requested HR so long ago. For charter proposals, I've seen some timeout in horizontal review... don't know about CR -- works same way, I guess. I have two concerns, first is that we don't have HR for security and privacy, which are probably the more important ones, second is that issues opened in respective repos -- before November response -- bit tricky to declare timeout.
manu: That is fair, if we have to wait we can do that. I know that Kyle is doing the Privacy review right now....
pchampin: We could still try....
<TallTed> "The work we had remaining went faster than expected."
manu: We can say the changes are really minimal
^ which almost never happens :P
manu: I would rather not wait, and just proceed.
Wip: Any objections?
Wip: Any objections with moving forward toward CR for DID spec?
No objections.
Prepare for DID Resolution v1.0 TAG Review #177
<ottomorac> w3c/
Wip: we need to prepare for the TAG review
Wip: We have subissues to split the work up.
Wip: DID Resolution is significantly behind on requesting review on DID Resolution - we need to get through horizontal review before going to CR -- HR can take up to six months -- this issue has become critical, would like to assign people.
Wip: We do have to point to sections in spec that address each concern. I don't think we are talking about any of this stuff in the spec, so we need to add content.
Wip: It's a bit tedious, but we need to do this.
ivan: This is the first time I've seen the list.
manu: Yes recall that the TAG had originally done this for web browsers. Feature is referring to the whole spec.
manu: They just want an intro.
ivan: But his comes back to what Will is asking. Some of these things need to taken with a grain of salt.
manu: I can help clarify some of these aspects...
TAG Review: Add a description of the problems that end-users were facing before this proposal #185
manu: This is just use cases and requirements. We should be focus on 3 to 4 core use cases. It should be around a paragraph for each...
manu: It should describe the problem and how the spec solves it.
manu: At the topic mark a section and call it "Use cases"
Wip: I will take this one.
TAG Review: List alternatives to DID resolution considered #186
manu: I can take this one, they want to make sure we are not re-inventing the wheel
Here's an example of what we could do here: w3c-ccg/
manu: its an appendix that can talk about how this relates to other specs
manu: we just need to clarify why there was a need for this
Tag Review: Add examples of how to use DID resolution to solve the end-users' problems #187
manu: This one is thinking how the browser looks before and after, but for us we can just point to examples in the spec and also to the test suite....
manu: if not we can just provide an example of a resolution request and a resolution response (sample with HTTP GET, HTTP response via command line)
manu: In this context our end user is not browser users but software developers instead
TAG Review: What do the end-users experience with DID resolution #188
manu: I think I can put some language for this
ivan: I wonder if these questions are really applicable to us?
manu: we do need to have a response to them unfortunately
<swcurran> I have to leave the meeting early. I have 192 and have been on vacation, but will get to it this weekend. I asked a question on the issue about whether this "cycle" issue is for a DID Resolver (who only resolves a DID to a DIDDoc or resource), or for clients of resolvers that would get back a DIDoc and request resolution of DIDs within the DIDDoc.
<swcurran> A cycle only occurs for a Client of a Resolver, not a Resoliver per se. Happy to get an answer on this here, or will pursue with experts after.
TAG Review: User research you did to validate the problem and/or design, if any #189
manu: a pagraph or two on before and after
Wip: would anyone be willing to help us prepare for the Security and Privacy review?
DID Resolution Issue Processing
Restricted access/Authentication/Authorization #38
Related to concern raised by JoeA, that if you cannot get to the DID document itself, then whomever is preventing that access becomes the new gate-keeping authority. There has been some discussion regarding whether we should include language to discourage gate keepers. Will also added a link to the Threat Modelling issue after Joe indicated that this fits within the scope of the "Resolution architecture and thread modelling" stream.
manu: I thought we decided that Authentication was allowed but it was out of scope.
JoeAndrieu: Agree with Manu, I think we had a consensus to do that.
JoeAndrieu: In part because of the way that btcr2 approached privatizing the DID Document, provided its own mechanism to provide obfuscation -- we should say "you can do this" and we point to threat model... don't know if threat model speaks to conformance.
JoeAndrieu: Assign to me, please. This should be simple and I understand it -- have a lot on my queue.
ottomorac: tempted to leave it here, only a few minutes left, anything else we should cover?
Other items
manu: Where are we on DID Methods charter?
<pchampin> w3c/
pchampin: Things are moving -- we did get some review from horizontal reviews. One suggestion from security, two suggestions from TAG. I am applying suggestions from security -- quickly discuss 2nd comment from Sarven.
"We'd like to see this group coordinate with the Federated Identity WG and Web Authentication WG. For example, it might be helpful if one of the standardized methods allowed claiming a particular federated identity or could be proven with a security key. The decision might also be to not do that, but the various groups at the W3C that work on identity should at least keep talking to each other."
pchampin: What do we want to do about this?
pchampin: I did respond, said DID WG might be a better place. Makes more sense at generic DID level.
manu: I responded and I agree with the suggestions.
JoeAndrieu: Confused by need to update the language -- thought three were specifically selected, as opposed to categories.
<pchampin> +1 manu, that's also how I read the charter proposal
m2gbot, link issues with transcript
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/
<m2gbot> comment created: w3c/