00:42:52 RRSAgent has joined #did 00:42:56 logging to https://www.w3.org/2025/11/11-did-irc 00:42:56 Zakim has joined #did 00:43:03 Wip has changed the topic to: DID WG 2025-11-11 https://www.w3.org/events/meetings/5918a72d-0c77-4257-88c2-fa2ce51e382e/ 00:43:53 Chair: Wip 00:44:24 Meeting: Decentralized Identifier Working Group 00:47:50 agenda: https://www.w3.org/events/meetings/5918a72d-0c77-4257-88c2-fa2ce51e382e/ 00:50:25 JoeAndrieu has joined #did 00:51:11 present+ 00:51:14 present+ 00:51:18 manu_ has joined #did 00:51:41 dariusk has joined #did 00:51:41 jay has joined #did 00:51:42 present+ 00:51:42 present+ 00:51:44 present+ 00:51:50 present+ 00:52:02 Wip: Welcome to the W3C DID WG meeting at TPAC 00:52:05 regrets+ 00:52:06 scribe+ 00:52:16 (unless summoned from RDF&SPARQL) 00:52:39 Wip: We are going to go over logistics, room, wifi, link to slides, etc. 00:52:58 dezell has joined #did 00:53:07 present+ David_Ezell 00:53:10 https://docs.google.com/presentation/d/1-VO1DQlTLcC4a19wuMUOU9U1HMp0Dvs0th8uMF2uNHA/edit?slide=id.g2a8584cc70_0_0#slide=id.g2a8584cc70_0_0 00:53:18 Wip: Slides are above ^ 00:53:21 phila has joined #did 00:53:24 identitywoman has joined #did 00:53:31 elena has joined #did 00:53:31 present+ 00:53:42 Wip: We need to pick scribes 00:54:08 pchampin -- does DID meeting span midnight? (RRSAgent should be informed.) 00:55:03 rrsagent, this meeting spans midnight 00:57:11 present+ 00:57:46 kmoon has joined #did 00:58:36 scribe+ 00:58:44 scribe- 00:59:42 Wip: Formal meeting of WG, participants only, observers cannot make substantial contribution. 00:59:51 JennieM has joined #did 01:00:12 JoeAndrieu: How can people who show up but aren't members participate? 01:00:21 present+ 01:00:35 Wip: We welcome discussion but it's up to the WG to decide how to integrate the comments. 01:05:19 hsano2 has joined #did 01:06:29 JoeAndrieu has joined #did 01:07:25 markus_sabadello has joined #did 01:11:10 dmitriz has joined #did 01:11:34 Wip: Open invitation for dinner RSVPs 01:13:32 Wip: The agenda is kind of flexible and can be evolved if there are things that need discussing. My sense was we are coming towards the end of this WG, and DID resolution has outstanding issues I would like to see discussed. We'll see how the day evolves and if there are specific things that need discussion we can set time for it. At half past 11 01:13:32 we are discussing DID resolution vs DID URL dereferencing. 01:14:09 Wip: Someone from the AB will speak at some point today as well, which we'll fit in. 01:15:38 manu: Early history of DIDs. We've been doing DIDs for almost a decade at this point. Starting arround 2014 there was a Decentralized Hashtables for the Web published. 01:15:52 The timeline is here: https://w3c.github.io/did/diagrams/timeline.html 01:16:16 manu: This was during the blockchain boom and discussion at IIW followed by Rebooting the Web of Trust there was a lot of discussion around decentralized identity 01:17:06 manu: Around 2016 is when US DHS started awarding the first blockchain identity r&d contracts. W3C DID spec in 2017, incubated for several years 01:17:51 manu: Around 2019 we started thinking about the WG at W3C. Able to charter the first W3C DID WG and publish a first working draft in 2020. 01:18:34 manu: Candidate recommendation in 2021, proposed recommendations in July 2021, then 1 year to resolve Formal Objections. Eventually resolved (overridden), around us not defining a DID method 01:19:00 manu: At that time there were 120+ DID methods proposed and it was too difficult to pick one. 01:19:32 manu: In 2023 did:plc launched, and a number of other orgs were using other methods like did:key, did:web, did:jwk 01:20:13 manu: in 2024 Bluesky adoption grew and we are currently at 40M DIDs on Bluesky. CA DMV wallet has about 3M DIDs issued through the wallet itself 01:21:25 manu: 220 DID methods registered at this point. Both a blessing and a curse for this group. The criticism is there are too many and you can't focus the market. Part of the strategy in the beginning was we don't know what the right methods should be, so waiting has given us a view into the all the different types of DID methods that could exist 01:22:17 manu: DID as a term came from a spec originally around 2014, "Decentralized Hashtable for the Web" spec, and "decentralized identifier" was defined there with the DID acronym 01:22:47 manu: The idea is to have an identifier that was fully under control of an individual and a document associated with cryptographic keys etc also owned by the individual 01:24:34 q? 01:24:36 manu: First requirement for a DID is it is permanent and persistent identifier that never needs to change. An identifier could theoretically last decades. Second requirement is the DID needs to be resolvable so you can look it up and get metadata like cryptographic keys. Third the identifier itself needs to be cryptographically verifiable. As 01:24:36 opposed to a national ID number for example, where there is no proof you have your national ID number without checking with a registry. The fourth requirement is that it is decentralized with no central authority. 01:25:39 manu: There are many DIDs that have required centralized registries. There was much objection but eventually the group allowed them to register. To this day it is a controversial topic. There are proposals that did:web is not decentralized and so on. But those are the four things that drove the specification. 01:26:07 manu: A DID is a URN scheme, urn scheme identifier, a namespace, and a namespace specific string. 01:26:35 manu: The scheme is did:, the DID method is the next part, and the third is the DID method specific string 01:27:03 manu: DID primer here: https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/did-primer-extended.md 01:27:44 manu: Fundamentally we created DIDs because we wanted people to own their identifiers. A DID is a digital control point that asserts control over information. 01:28:17 manu: People use email addresses as a digital identifier. People lease their email from a provider like gmail, or for smaller providers there's domain names that can be taken away. 01:28:56 manu: You don't own your phone number. The provider does. That's another control point. It is problematic when you have your phone number or email taken away from you. 01:29:46 Yasu has joined #did 01:30:06 manu: DIDs change the control point. Instead of the DID being on some server owned by a service provider or network, a DID is on your device or ideally spread between your devices. In the most ideal case, you own the identifier, and that is nation-state-actor resistant cryptography 01:31:09 manu: The other important thing is that because people can lose keys and devices, we need to make sure you can rotate keys without the DID changing. The DID is a stable identifier, but if you lose your phone or your laptop breaks, and so on, there is a way to rotate those keys so you can continue to control the DID and just the keys change. 01:31:42 manu: We are trying to democratize cryptography so everyone can use it. Individuals won't be exposed to DIDs directly and most won't know they are there. But it's there and important to give you protection. 01:33:13 manu: Today DIDs are in production and have been for a long time, at least in internet time. Bluesky uses did:plc and is the biggest deployer of DIDs. The group was very sad how super centralized their DID was. did:plc started out meaning "placeholder" but they changed it to "public ledger of credentials" and they are spinning it out into a 01:33:13 decentralized nonprofit. 40M DIDs active. 01:34:14 manu: TruAge uses did:key, we use DIDs on TruAge in age verification credentials, ephemeral DIDs for now. Several million in TruAge, but potential for 50M+ age checks every day 01:35:21 manu: California DMV uses DIDs, went live 18 months ago, 3M people walking around with the CA DMV app, which uses did:jwk and did:web in the app. CA DMV has put verifiable credentials on the back of every single drivers license and ID card, rolling out to 34M people in CA over time 01:36:13 manu: Switchchord is an example of a smaller org. They create services for music publishers and song writers to route data into catalog management systems 01:37:42 manu: Taiwan is doing digital ID pilot testing, some movement from Bhutan National Digital Identity 01:38:14 q+ 01:38:28 https://www.bhutanndi.com/article/bhutan-adopts-ethereum-for-national-identity-a-new-chapter-in-digital-sovereignty_2d0c7ec2-5605-4c42-b258-bd9361ae8878 01:39:32 markus_sabadello: In South Korea there will be regulation that requires digital product passports (DPP) for certain types of products. Based on a set of UNTP DPP specifications and focused on interop between South Korea and EU etc 01:40:14 phila: There will be a breakout regarding UNTP and verifiable credentials on Thu 01:42:11 markus_sabadello: Spatial Web Foundation is an ambitious IEEE standard designed a number of building blocks including a data model called HSML and protocol HSTP as a generic universal data model, kind of like the semantic web for three dimensional space. Imagine linked data for 3D spatial information, working on use cases for supply chain, smart 01:42:11 cities, energy, etc. There's a POC involving a lunar lander collecting data and feeding into a spatial web concept. They are using DID methods to discover service endpoints 01:44:14 manu: It's great to see so much uptake on DID methods, but it's a struggle to see so many people creating their own DID methods instead of using existing ones. 01:44:39 https://github.com/microsoft/did-x509 01:45:16 phila has joined #did 01:45:18 Wip: I'm going to review where we are at as a WG in terms of getting to Candidate Recommendation and wrapping up. The mission is to maintain the DID Specification, and second and primary focus is to make a 1.0 specification for DID resolution and DID URL dereferencing 01:45:56 Wip: We have notes that we choose to work on. DID Specification Registries includes transitioning it from a WG Note to a W3C Registry 01:46:54 q? 01:46:55 Wip: There is the DID Method Rubric which we intend to transition to a Registry, and some other Notes that aren't working on actively but have worked on in the past 01:47:16 Wip: Class 4 level changes to the DID specification are out of scope fo rthe WG 01:47:23 q- markus_sabadello 01:48:41 q+ 01:48:43 Wip: We work on a spec, create a public working draft, then we move to Candidate Recommendation which involves horizontal review from TAG and others. CRD is a Candidate Recommendation Draft; CRS is a Candidate Recommendation Snapshot. Snapshots capture normative changes in Drafts 01:49:05 ack manu_ 01:49:07 Wip: Finally there's the approval/recommendation process 01:50:48 Wip: We are chartered as a WG until April 2026. Two recommendation-track specs are DID v1.1 and DID Resolution v1.0. Test suite and implementation report is a deliverable. And possibly W3C Registries for Rubric and Extensions 01:51:21 Wip: We can work on the registries but need to prioritize the specs. We can also recharter, and our staff contact will talk to us about charter extension possibility 01:52:01 q+ to ask about cr for registries 01:52:10 Wip: It's November now and we are not quite in Candidate Recommendation but we have completed horizontal review. We have a Candidate Rec document but not entered yet. Ten open issues on spec but only one that needs active discussion 01:53:07 elena has joined #did 01:53:34 ack JoeAndrieu 01:53:34 JoeAndrieu, you wanted to ask about cr for registries 01:53:35 Wip: DID resolution is further behind than DID v1.1. We are hoping for a CR1 in Feb 2026. We've asked for horizontal review and today we are hoping to address horizontal review comments, particularly from TAG. We are likely going to need an extension 01:54:05 JoeAndrieu: I know Notes don't go through a review process. Are Registries something that need AC approval? 01:54:36 (?): Registries might be more like a Note but I have to check 01:55:47 Wip: For DID Resolution v1.0 we have 50 open issues. 8 need PR review; 8 are ready for PR and should be looked at and the work assigned. 30+ need processing/triage. We are also awaiting privacy&security review, and accessibility review 01:56:28 q+ 01:56:34 Wip: Pierre-Antoine will discuss the process for extending the WG charter so we can have time to meet our goals. 01:56:43 ack phila 01:56:45 There are only 5 Draft Registries, and no Candidate Registries or Registries yet https://www.w3.org/TR/?filter-tr-name=&status%5B%5D=dry&status%5B%5D=cry&status%5B%5D=ry 01:57:05 phila: Your charter extension is a lot easier if you're in CR than if you're not. 01:57:51 Brent: setting up a registry and getting documents in place is similar to the Rec track, but then updating after that is much simpler. Registry track is a lot like regular approval just without IPR review 01:58:06 JoeAndrieu: I would like to submit we start work on the Registry process 01:58:20 Brent: I would like to hear how it goes because not many people have done the Registry process 01:59:34 scribe- 02:08:15 JoeAndrieu has joined #did 02:17:13 JoeAndrieu has joined #did 02:23:08 Wip has joined #did 02:28:04 JoeAndrieu has joined #did 02:30:57 JoeAndrieu has joined #did 02:31:38 IdentityWoman has joined #did 02:31:49 scribe+ 02:33:17 wip: discussion DID resolution URL deferencing - do we need this? 02:33:25 https://github.com/w3c/did-resolution/issues/228 02:33:26 ... Issue 228 02:33:33 q+ to speak after intro with a proposal 02:33:34 dariusk has joined #did 02:33:54 ... currently language is we resolve DIDs - my understsanding everything else is dereferenced 02:34:19 ... issue was raised by jeffery - we say "resolve" but this is wrong because it is applying to the resolution process. 02:34:34 ... raised by JoeAndrieu and @ someone 02:34:52 ... this is a URL with a version time parameter - where does it apply? 02:35:00 I have made the request to generate https://www.w3.org/2025/11/11-did-minutes.html TallTed 02:35:09 q+ 02:35:10 ack JoeAndrieu 02:35:10 JoeAndrieu, you wanted to speak after intro with a proposal 02:35:16 ... should be the version time of the resource? 02:35:23 q+ 02:35:38 JoeAndrieu error thinking resolution only needs a DID - so we don't have a quiry parameters in the DID URL. 02:35:53 PZ has joined #did 02:35:53 ... if you are dereferencing you are resolving DID URL 02:36:23 ... it clarifies you do need to handle these parameters - it is about resolution and not the resources. 02:36:37 s/decentralized nonprofit. 40M/... decentralized nonprofit. 40M/ 02:36:48 ack manu_ 02:36:52 s/opposed to a national ID number/... opposed to a national ID number/ 02:36:55 phila has joined #did 02:36:58 ... we set this up because we wanted parameters. 02:37:09 q+ 02:37:16 s/we are discussing DID resolution vs DID URL dereferencing/... we are discussing DID resolution vs DID URL dereferencing/ 02:37:19 @manu: not that different - lets just make the fix. 02:37:37 ack markus_sabadello 02:37:39 s/cities, energy, etc. There's/... cities, energy, etc. There's/ 02:37:49 q+ scurran 02:37:54 manu: we have to make right did resolution if are going to get right DID URL. 02:37:54 swcurran has joined #did 02:38:02 present+ 02:38:05 I have made the request to generate https://www.w3.org/2025/11/11-did-minutes.html TallTed 02:38:24 q+ 02:38:33 markus_sabadello: I agree with Joe these parameters - version time apply to did resolution. 02:38:38 ack JoeAndrieu 02:38:46 q 02:38:52 q+ 02:39:27 q+ 02:39:28 q+ 02:39:28 ack swcurran] 02:39:32 q- scurran 02:39:35 JoeAndrieu: at first I was going to point out one of the differences with URL do not to did resolution - URL Does send paramters based on the sceheme - (mailto vs. URL). query parameters don't get passed through DNS the way this is working. 02:39:54 swcurran: confusing that there are two terms and two algorythms. 02:39:57 q+ to note that "going to DNS" is different from "going to web server" -- "what's doing the resolution?" 02:40:29 csarven has joined #did 02:40:52 ... we have certain query parameters - version time and version ID other parameters that might also affect returnign of DID doc. Why make separation and make two different algorithms. 02:40:58 present+ 02:41:10 present+ 02:41:21 ... the way I termed in that PR - use the parameters that impact the return of that DID document 02:41:45 ... i think it is confusing that there are two terms that mean two different things when they are resolved. 02:41:46 ack Wip 02:42:05 dezell has joined #did 02:42:25 Wip: Put self on que to talk about what is in the document. I think the distinction is about 02:42:38 swcurran: there are four different things that can be returned. 02:43:28 wip: Example I show of de-referencing - in slides on slide 58 02:43:43 JoeAndrieu: we also have to talk about to resolve. 02:43:45 q+ 02:44:03 q- 02:44:27 kmoon has joined #did 02:44:33 Wip: with DID URL you go to de-referencing aldogrithm and then passes through to resolution algorithm. 02:44:37 ack manu_ 02:44:37 manu_, you wanted to note that "going to DNS" is different from "going to web server" -- "what's doing the resolution?" 02:44:46 Wip: don't know what we do if we do want to make a change. 02:45:15 q+ to speak to clarity 02:47:30 q+ 02:47:30 manu: I'm confused about what we are talking about - stephen you see there are 4 differnet outcomes - what are we trying to solve right now. 02:47:30 ... not hill worth dying on - nothing wrong with spec and not hill worth dying on. 02:47:30 q+ 02:47:44 ack swcurran 02:47:44 swcurran: seems to be objection the fact that I pulled in parameters into dereferencing - didn't make sense until difference between "resolution" and "dereferencing" - I found I was breaking things. 02:54:48 ack markus_sabadello 02:54:48 ... when we talk about dereferencing as a separate thing - parameters happen at dereferencing and at other times. 02:54:48 q+ 02:54:52 markus_sabadello: you pointed out an important step in the algorythm. - resolution to the resolve function. 02:54:52 ...i wrote most of this so I don't think anything is broken 02:54:52 ack JoeAndrieu 02:54:52 JoeAndrieu, you wanted to speak to clarity 02:54:52 Wip: we have 10 min left. swcurran what is the fix? 02:54:52 JoeAndrieu: I think the solution is the editorial explaination 02:54:52 ... spec has failed to communicate - we need to talk about the step before resolution 02:54:52 ack phila 02:54:52 ... editorial change we could explain better 02:54:52 phila: look up and - can mean dereference, or resolution 02:54:52 q? 02:54:52 ack swcurran 02:54:52 ... two Japanese TPACs ago we were in Saporo spacial data on the web - is this data about the mountain.. They don't care get over it. 02:54:52 swcurran: I apprecaite that comment I think you are probably right. 02:54:52 ... I think it causes confusion to have two terms and two algorythms. There should be space for extensions that allow for other did resolution parameters. We had one at DIDWEBVH and we needed it and for it to be done correctly it had to go in to that Did resolution section. 02:54:52 q+ 02:54:52 ack JoeAndrieu 02:54:52 @wip: thanks Stephen - hearing editorial work to make this clearer in the spec. I think jeffery in a number of issues raised - also raised that maybe we just use one term - could use some clarification. 02:54:52 JoeAndrieu: I could make some headway - but I have to get through the threat model for this document. 02:54:52 ... could get something simpler and easier to understand. 02:54:52 Wip: I think we should rais an issue and track that. 02:54:52 ... editorial clarification 02:54:52 q+ 02:54:58 ...markus do we have a way for did resolution to be processed with this algorythm. 02:54:58 q+ to say "did-method-specific" 02:54:58 ack 02:54:58 markus_sabadello: there are some resolution options that have some issues for resolution. 03:05:18 RRSAgent has joined #did 03:05:23 logging to https://www.w3.org/2025/11/11-did-irc 03:05:23 ack JoeAndrieu 03:05:23 Wip: it is in the resolution options. i have raised this before with markus we do have muliple format. 03:05:41 JoeAndrieu: i think it is must or "error" I think this is content negotiation HTTP. 03:06:00 JoeAndrieu: I think if it can't use this representation then it should say error 03:06:51 @wip: I think the change that joe is proposing is the did resolution accept is Must use this value or through an error. 03:07:00 q? 03:07:13 JoeAndrieu: Grammar should be Must/either 03:07:20 Wip: Markus? 03:07:38 markus_sabadello: I think there is another open issue on this DID resolution behavior - http header. 03:07:52 q+ 03:08:07 @wip: can we label this ready for PR 03:08:10 ack csarven 03:08:20 multiple people: yes. 03:09:34 csarven: the issue with me is it is unclear if there is an accept header and the response there is a content type - the way this reasons they must use this value. if I send a request header with X and it comes back with Y - why am I required to process Y. 03:09:42 q+ to ask about multiple options in parameter 03:09:58 wip: either we are going to require they match or we through an error. 03:10:11 ack JoeAndrieu 03:10:11 JoeAndrieu, you wanted to ask about multiple options in parameter 03:10:14 I have made the request to generate https://www.w3.org/2025/11/11-did-minutes.html TallTed 03:10:15 csarven: I don't agree with that. 03:10:24 q+ 03:10:31 csarven: they respond with something - it is their option to process or not. 03:10:36 ack manu_ 03:10:49 JoeAndrieu: the caller should be the decider 03:10:53 csarven: I Think HTTP works this way. 03:11:06 csarven: it says if you request X you have to process Y. 03:11:11 JoeAndrieu: I don't get 03:11:30 csarven: it is up to the requestor to decided if they process or not. 03:12:23 manu: scarven is right it is not as clear as we thought 03:12:26 q+ 03:12:33 See https://github.com/w3c/did-resolution/issues/116 03:12:38 q+ 03:12:46 s/scarven/csarven 03:12:48 ... you can say your preferences - what you want. 03:13:13 manu: we are not clear if we are following HTTP accept header semantics are really complicated 03:14:23 ... are we accepting a really concrete media type - because there is only one concrete media type - but then we are basically saying someone is going to get confused this works like an http accept header. WE need to clarify if ware using htTP accept header semantics - if we are not doign that it becames easier to zero out. if we do that we are 03:14:23 breaking compatability with HTTP and how it works. 03:15:01 s/breaking compatibility/... breaking compatibility 03:15:10 ack JoeAndrieu 03:15:11 ... we are going to do our best job to return - they are going to return did-doc or not. You must use this value to determine content type. Right now we say if such a representation is supported or avaliabiiltly 03:15:13 q+ 03:16:06 q+ 03:16:06 q+ preference vs. 'accepting' the 'accept' field 03:16:07 ack markus_sabadello 03:16:08 JoeAndrieu: we just have one normative representaiton we will have other representations that resolvers will ant to produce - I wanted to put my self on teh que can I specify multiple media types - jSON, CBOR - do we have ability to say comma something else or a * . 03:16:35 q+ csarven 03:16:39 q- preference 03:16:40 q- vs. 03:16:42 q? 03:16:44 q- 'accepting' 03:16:45 q- the 03:16:48 q- 'accept' 03:16:51 q- field 03:17:42 markus_sabadello: at the moment the accept option it works the way manu described it - expressing a media typee. it is about accepting header - resolution option accept header. For me personally either way would be fine. I am leaning more changing to be aligned with http header. 03:17:46 ack Wip 03:18:34 q+ 03:18:39 q- 03:18:50 Wip: speaking ot this issue in particular. I think this conversation has helped me understand - it is fine as it is now. must return as a conformat document. You should be able to convert. 03:19:23 ack manu_ 03:19:28 ... is it returning a serialized document. it addresses normative statement - the issue of if we want to use HTTP header is wider then this issue. 03:19:39 how would you return something that isn't serialized? 03:19:59 ack csarven 03:20:05 @manu: I agree with what markus said use HTTP serialization - if we follow HTTP semantics for waht is sent and reciveed we should do that. 03:20:57 csarven: looking at spec and comment - it is making more sense. It make disciction of accepting header. saying accept field is "optional" then why 03:21:09 ... rules out errroring around accept field. 03:21:40 ... if you are capable of providing this the server will provide this and go along with it - if you can't it will give you back something and say I don't have a representation and return an error. 03:22:18 Wip: ok great - to summarize before we move on. We are able to ready this to PR - I think changes want we want to model on accept headers on HTTP - 03:22:22 JoeAndrieu: so reference that in this issue to connect the.m 03:23:03 Wip: if we are going to reply to jeffery we think this language is translatable to application / did. 03:23:15 Wip: does everyone agree we don't need changes to the spec 03:23:32 JoeAndrieu: I think it might be nul - we need this get out of jail free card 03:23:43 q+ 03:23:44 ack Wip 03:23:50 JoeAndrieu: this can not turn into a did document - 03:24:05 Wip: if the did document is NUL then it must be an error 03:24:55 JoeAndrieu: they have to error out if they can provide a transformable DIDdoc 03:25:29 JoeAndrieu: Resolver should return something. 03:25:43 JoeAndrieu: Request and accept 03:26:26 csarven: if you are capable of providing a response - is to express a preference. within HTTP both routes are valid - if there are errors there are coresponding error codes. You can. 03:26:53 JoeAndrieu: if the server can't find the resource I'm asking for - it returns a 404. I think that is the use-case I am talking about. 03:27:02 csarven: that works 03:27:25 subtopic: https://github.com/w3c/did-resolution/issues/116 03:27:25 @wip: we talk model accept headers we take that on we are ready for model accept headers. 03:27:39 markus_sabadello: I already assigned 03:27:49 subtopic: https://github.com/w3c/did-resolution/issues/235 03:28:23 q+ 03:28:37 ack manu_ 03:28:42 Wip: issue 235 this is about confusing proof property in metadata returned by DID resolver. 03:28:58 manu: I think markus' langauge is fine 03:29:04 Wip: can we assign to anyone. 03:29:12 wip: I can do this 03:29:17 ... moving on 03:29:30 subtopic: https://github.com/w3c/did-resolution/issues/236 03:29:50 q+ 03:29:55 ack manu_ 03:29:57 wip: jeffery is saying we don't need this text - we don't say how to define did data registry. 03:30:02 Manu: + 1 03:30:11 wip: anyone willing to take this one 03:30:15 @manu: I can do it 03:30:33 manu: I can do it 03:30:41 subtopic: https://github.com/w3c/did-resolution/issues/238 03:30:59 Wip: number 238 - currently there is no clear way to handle did resolution in the spec 03:31:18 markus_sabadello: yes I can take this on 03:31:31 s/that works/that works for 406 as no representation that would be acceptable to the UA, whereas 404 no representation found 03:32:00 JoeAndrieu: I don't know what they mean - properties defined in extensions registry. Nothing in did document called .. we should add did method specific properties. 03:32:25 manu: can we say iterate over all properties in the DID document 03:32:42 manu: then we don't have to talk about extensions - then just going through everything in DID Document. 03:33:22 q+ 03:33:29 ack JoeAndrieu 03:33:52 JoeAndrieu: where in the spec is that you have to process all these things. Seems weird that did document resolution have to do things. 03:34:43 manu: this is part of the expand URLs algorithm you want to go into every object in the did document and expand the URLs 03:34:56 subtopic: https://github.com/w3c/did-resolution/issues/232 03:35:18 q+ 03:35:26 wip: can we avoid term difinition duplication across DID specs - we can just point to DID core terminology 03:35:32 ack manu_ 03:36:04 Wip: if we can to this easily 03:36:17 error that was manu talking 03:36:27 manu: yes we can to this easily 03:36:56 wip: to address this we need to clean up all the terms duplicated - 03:37:08 manu: its very easy to do...explained how 03:37:32 manu: will share link to how to do. 03:37:45 Yasu has joined #DID 03:37:53 Wip: goal is to cover all the issues today and discuss them. 03:37:58 subtopic: https://github.com/w3c/did-resolution/issues/233 03:38:24 ... moving on - we have a yellow flag - we use term "match" and what does this term mean? 03:39:23 Wip: I linked to wrong thing section 4 - must match...what does it mean? we should be more clear. I think we state string equivalent. 03:39:43 Wip: I will take this... 03:39:47 q+ 03:40:07 ack csarven 03:40:39 q+ 03:40:53 csarven: question of whatever spec you are already covering this - is there a place URI comparisions are described - to get to the point of determining base. for example upper-case = lower case equivalent? 03:40:57 ack manu_ 03:41:02 csarven: need to refer to place. 03:41:25 q+ 03:41:33 ack JoeAndrieu 03:41:36 manu: we have ABNF for did syntax - we do not have normalization rules for url if quiry parameters on in different orders - is this the same URL 03:41:57 JoeAndrieu: query about DID not DID URL (has parameters) 03:42:11 JoeAndrieu: method could create this problem for us 03:42:37 JoeAndrieu: Did method specific component can have upper and lower case. 03:42:59 manu: after we get into identifier - it is up to did method 03:43:28 subtopic: https://github.com/w3c/did-resolution/issues/224 03:43:51 wip: we should be referencing DID 1.1 throughout. 03:44:05 q+ 03:44:10 ack manu_ 03:44:10 JoeAndrieu: I don't know what that means. What do I need to be practical to be backwards compatable with 1.o 03:44:22 manu: in theory we don't need to do anything. 03:44:43 q+ 03:45:00 manu: didn't remove anything - just added. now we have full test stuite for 1.1 - 74 did methods the are all backwards compatable with 1.0 - I don't think anyone needs to think about it. 03:45:27 JoeAndrieu: no requirement to be conformat to 1.0 03:46:01 We <3 easy issues 03:48:03 subtopic: https://github.com/w3c/did-resolution/issues/225 03:48:32 Wip: would prefer did resolution is more grounded an technical. 03:48:44 wip: did resolution is just a way to resolve dids and did documents 03:49:08 it was agreed it should be toned down 03:49:18 wip: anyone want to volunteer? 03:49:20 moving on 03:49:26 subtopic: https://github.com/w3c/did-resolution/issues/226 03:49:39 JoeAndrieu: can we tie that to the other issue that I'm doing... 03:50:08 wip: yes 03:50:26 wip: but isn't about issue we haven't created yet 03:50:30 JoeAndrieu: yes. 03:51:38 wip: one more... 03:51:53 subtopic: https://github.com/w3c/did-resolution/issues/229 03:52:30 q+ 03:52:32 q+ 03:52:38 wip: we have discussed this - I want to clarify this is about hash link when we discuss this before we caviat this the base parameter is non-normative. Every single did parameter is optional in the spec 03:52:54 ack JoeAndrieu 03:53:07 wip: we explicitly this is a non-normative parameter so what do we say 03:53:39 ack manu_ 03:53:42 JoeAndrieu: this is more about culture and style of W3C I don't have a problem referencing standards not by formal standards organization - so we can't reference bitcoin primatives - I don't know how we deal with this 03:54:04 q+ 03:54:15 q+ 03:54:21 ack TallTed 03:54:25 manu: I should drop the parameter - I don't think we have the time to figure out hashlink... - I don't think any one is using it. 03:54:50 q+ 03:55:02 ack Wip 03:55:15 TallTed: I believe there is a way to cite and RFC draft from a rec but I would have to dig a lot to find it. I'm pretty sure a group I am involved with did it - given it was an optional parameter and no one was fighting to use it - no reason folks can't use it without in the spec. 03:55:23 q+ 03:55:32 manu: not fully baked - not implementations - not tests - lets cut it. 03:55:33 ack markus_sabadello 03:55:41 My original point was that "This parameter is non-normative" is nonsensical. 03:56:09 ack phila 03:56:11 markus_sabadello: agree with feature found useful in conversations - this topic comes up - sometimes. Yes this exists as possibility. in practice it is not implemented 03:56:44 ack JoeAndrieu 03:56:48 phila: you can refer to whatever you like - just don't make it "normative" "one way to do this might be to look at this document over here" just can't make it normative. 03:57:20 JoeAndrieu: As currently implemented our extensions registry gets around this - we have extensions not referenced anywhere 03:57:29 q+ 03:57:30 q+ 03:57:40 JoeAndrieu: move into extensions registry - optional - is it normative. 03:58:08 wip: this is good because there is another issue 03:58:25 q- 03:58:50 wip: who wants to do this 03:58:54 manu: I will do this 03:58:56 q- 03:59:04 wip: thank you everyone. 04:07:37 JoeAndrieu has joined #did 04:18:25 JoeAndrieu has joined #did 04:31:10 JoeAndrieu has joined #did 04:42:56 manu_ has joined #did 05:00:45 JoeAndrieu has joined #did 05:07:45 JoeAndrieu has joined #did 05:12:37 manu_ has joined #did 05:18:47 Wip has joined #did 05:19:47 Topic: W3C Process Discussion 05:19:58 markus_sabadello has joined #did 05:20:14 JoeAndrieu has joined #did 05:20:26 scribe+ 05:20:29 present+ 05:20:35 wip: Welcome back. 05:20:45 ... Staring with W3C process with Elena 05:21:14 elena has joined #did 05:21:21 elena: Thanks for having us. 05:21:39 ... one of the things we are prioritizing this year is remapping the process and clarifying where it needs clarifying 05:21:51 ... So we are going around WGs and collecting feedback 05:22:03 ... To take it back to process CG, which is chaired by Brent 05:22:20 ... I do have a list of questions, but that might not be the best use to go through each and every one. 05:22:42 ... First of all, how much do you know about process 05:23:01 ... Are there any sort of ... how you would express your experience 05:23:08 manu: it's getting better 05:23:16 ... it used to be much harder to do things 05:23:21 ... Removal of proposed rec is good. 05:23:34 ... The document has gotten clearer over the years. 05:23:47 ... I do think the formal objection process has gotten overly complicated and time consuming 05:24:09 ... So people are trying really hard to avoid formal objections, drawing out what might have been resolved quickly 05:24:28 ... Downsides with current process. There is some cruft that might not get used as much. 05:25:01 ... We ended up publishing FPWDs for things that maybe we wouldn't have 05:25:19 ... Seems like parts of the process I think we should not go through that. Delete it from process. 05:25:59 ... Revising a Recommendation is one of those things I think we might remove 05:26:16 ... Another part that is a little more difficult is where the responsibile of staff ends and AC picks up. 05:26:25 ... This is particularly true for chartering. 05:26:39 ... It's only once you get to know staff that you learn how you might start a group or charter. 05:26:55 q+ to mention charter authority 05:27:25 scribe+ 05:27:41 JoeAndrieu: You had a question -- 05:27:49 elena: What has been the biggest issue so far? 05:27:54 JoeAndrieu: Creating a registry 05:28:26 JoeAndrieu: We are guessing to what the next steps for a registry. We just found out today that it needs to go through CR and AC approval. We are pretty significant bottleneck there. 05:28:31 elena: think of last 12 months, what has been the biggest process blocker. 05:29:05 ack JoeAndrieu 05:29:05 JoeAndrieu, you wanted to mention charter authority 05:29:09 JoeAndrieu: I've been working with Simone on Threat Modelling -- coming down pipe, requirements to have threat model -- people don't know how to do that, writing guide to threat modelling, but it is a bottleneck. 05:29:46 JoeAndrieu: Wanted to echo Manu's concern, framing differently -- challenging that it's not AC members that write charters, it's usually elected representatives -- unless staff blesses charter, feel like thats an inappropriate responsibility. 05:30:16 JoeAndrieu: First issue of new process was replace Tim w/ Staff -- logo issue, same thing -- is the AC in charge or not, is it the staff in charge or not? 05:30:24 elena: What's the ideal solution? 05:31:16 JoeAndrieu: Any AC member should be able to propose a charter, with input from Staff, AC Members should be able to propose a charter. 05:31:26 elena: Might be out of scope for Process CG. 05:31:56 JoeAndrieu has joined #did 05:32:01 JoeAndrieu: I don't know where else it might get fixed -- AC needs to look at this, get it in front of them to hear if they agree/disagree. 05:32:25 elena: To the text and documentation itself? How do you feel about clarity? 05:32:50 JoeAndrieu: I tend to look at process only when needed. 05:33:09 JoeAndrieu: Working w/ W3C Process is transactional... 05:33:15 elena: Is that how most use the process? 05:33:25 JoeAndrieu: I don't know which section to look at... 05:33:42 manu: I think I've read the process top-to-bottom maybe 4 times inlast 10 years 05:33:58 ... one of the problems with those who have been working with it over the last 10 years is that it changes rapidly 05:34:17 ... So people in the group think the process is XYX, but things have changed 05:34:35 ... Usually when we go and try and read it, but I don't think we come away not understanding what the process is. 05:34:46 q+ about objection ambiguity 05:34:51 q+ to about objection ambiguity 05:35:08 manu: The result is I have to reread the document because of changes 05:35:28 elena: Interesting. How is it usually surface "oh, something has changed". 05:35:37 ... Who brings that wisdom to the group 05:35:54 manu: it's usually members who are in other groups who have experienced the change 05:36:12 ... I don't think that's a bad thing, but the great thing about the new process document is much more is written down. 05:36:20 ack JoeAndrieu 05:36:20 JoeAndrieu, you wanted to about objection ambiguity 05:36:27 ... The tribal knowledge is just much more about changes than about the details. 05:38:01 JoeAndrieu: One thing I ran into wrt. formal objection -- ambiguity about when to object and what you can object to -- this was under old process.. Ambiguous on how I should deal with issues Chairs were making. Others on staff had interpretation that was different. 05:38:10 elena: What about formal objections? 05:38:39 JoeAndrieu: I've had objections that we've been able to work through. For new DID Methods WG, I'm probably going to object. We have right social processes in place to discuss. 05:38:41 q+ 05:38:45 ack manu_ 05:39:17 manu: To add to that... +1 to Joe. There are the right social processes to work through objections. But because the new objection process goes to council and all that stuff 05:39:41 ... We are trying REALLY REALLY hard to avoid formal objections. Because we know its going to take it forever. 05:40:03 ... The DID Rec formal objections took a year to get through, and that led to people leaving the work. 05:40:22 ... So we go out of our way to avoid objections of any kind. 05:40:36 ... Formal objections are very asymmetric. Easy to raise. Hard to address. 05:40:57 ... not sure what the solution is other than streamline the council creation, but that's not ideal either 05:41:16 ... We lose people. I'm certain with this objection, we're going to lose contributors. 05:41:29 elena: that sounds like a real and serious pain point 05:41:49 elena: we're wearing purple badges, so please engage and we'll be bringing all of this input back to the process CG. 05:41:56 ... thanks for the input 05:42:09 manu: Thanks so much for the AB being proactive. 05:42:32 wip: lets look at rest of day 05:43:02 ... There are maybe 10-12 issues I'd like to get discussion on. A couple PRs that don't need a lot of input. 05:43:24 ... Then there are some test suite issues about normative statements that I don't think are testable or we should just remove. 05:43:44 ... That's all I have. Joe had mentioned rubric? We can maybe talk about that at the end of the day 05:44:04 manu: I'd like to make sure we get through all of the issues and get the all to ready for PR or defer them to future. 05:44:09 PZ has joined #DID 05:44:12 wip: so lets start with issue processing 05:44:21 Topic: DID Resolution Issue Processing 05:44:50 joeandrieu: I think we may have already handled the Rubric update 05:45:01 wip: There are two issues from TAG review. 05:45:09 subtopic: https://github.com/w3c/did-resolution/issues/237 05:45:47 ... This is similar to the "accept" discussion, but it is slightly different 05:46:11 this looks like a duplicate 05:47:18 pchampin: they do look the same, maybe we can combine 05:47:38 wip: this is saying it's a must. 05:47:49 joe: are you saying we're inconsistent? 05:48:02 wip: yep, 05:48:47 ... the placement with MUST (DID REsolution algorithm 3.1) is a conflict with a SHOULD elsewhere (DID Resolution options) 05:49:02 wip: I agree with Manu, let's just remove this extra bit. 05:49:19 manu: maybe we can just stay silent since it's covered elsewhere 05:49:29 wip: ok 05:49:38 JoeAndrieu: +1 to deleting 05:49:47 wip: Anyone want to take it on? 05:49:57 [crickets] 05:50:03 wip: Ok. moving on. 05:50:06 subtopic: https://github.com/w3c/did-resolution/issues/230 05:50:24 ... We discussed this. We don't define the read resolution anywhere. 05:50:44 ... I think Joe commented that we don't have a concrete interface 05:50:45 q+ 05:50:59 ... We also discussed changing this from Read to Resolve 05:51:21 ... The argument to change it to resolve is that we don't define "Read" we define "Resolve" 05:51:33 ... There is no read. It's either an old term. 05:51:39 ack JoeAndrieu 05:52:27 JoeAndrieu: Its just an unfortunate and editorial change, the "Read" is in quotes as the CRUD read... it's not meant to be normative. We are talking about just resolution. 05:52:59 wip: Jeffrey is saying that there is no signature for this operation 05:53:03 q+ 05:53:25 ack JoeAndrieu 05:53:31 q+ 05:54:23 JoeAndrieu: I don't think his point isn't that there is a formal signature on the endpoint, he proposes did resolution options as the interface. We had RESOLVE as a function that was defined... I think he does have a signature. DID Methods must support these contracts. 05:54:34 q- 05:54:36 wip: Ok. Let's just update this from read to resolve. 05:54:37 q+ just adding READ operation to Method Operations 05:54:54 ack denkeni 05:55:28 denken: I just think it would be just easier to add in 8.2 operations, we just mention that the that Resolution is "Read" 05:56:47 Dingwei has joined #did 05:56:47 wip: there are two ways to do this. Either change did core or change did-resolution 05:57:16 ... seems we are more aligned with Resolve, although I note that Markus thinks of it as the DID Method defining "read" which is executed by the resolver 05:57:27 manu: I'm looking at the DID 1.1 spec and we use the resolve language 05:58:10 JoeAndrieu: Markus noted that the resolver is doing resolution, the DID Method spec is the thing that provides the read operation for the resolver. 05:58:17 wip: let's check in with Markus 05:58:27 ... Great. That was all of Jeffrey's TAG issues 05:58:41 ... Next, we'll work through the issues labelled "discuss" 05:59:06 subtopic: https://github.com/w3c/did-resolution/issues/244 06:01:29 s/8.2 operations/7.2 method operations in DID v1.1/ 06:01:45 https://w3c.github.io/did-resolution/#dereferencing-algorithm 06:02:54 q+ 06:02:57 ack JoeAndrieu 06:03:30 JoeAndrieu: I think what he's talking about is that there is an option in the APi to have the resolver dereference for you -- that's the "client" -- it's not the resolution client... it's the local client. 06:03:47 JoeAndrieu: The caller to the resolver isn't returning an error to anyone. 06:05:33 wip: in step 9 we have a bunch of ways to dereference, 10 is what happens when those fail 06:05:55 manu: this should be rewritten to say if you make it this far, return an error 06:06:30 wip: I think we all agree something needs to change 06:06:50 manu: yeah, we should just rewrite that step 10. Maybe we can think of something now. [thinking... thinking...] 06:07:07 ... Otherwise, the algorithm has resulted in an error 06:07:13 ... And we can ask Markus to make the language better 06:07:45 [manu updates the issue] 06:07:48 subtopic: https://github.com/w3c/did-resolution/issues/240 06:07:50 wip: moving on 06:08:11 wip: I raised this. There's confusing language how we state the errors should be raised in the spec today. 06:08:29 ... I misinterpreted how errors should happen (in my own work) 06:08:50 ... Spec text states and error object should have "type set to invalidDID" 06:09:09 ... We start with DID object set to "validDID" 06:09:19 ... but the problem is that problem details has a different statement 06:09:30 ... The values MUST be prepended. The type must be a URL 06:09:55 ... I implented incorrectly, and the tests passed. And Markus also did the same, but it shouldn't. 06:10:31 ... The error objects' type field MUST be a URL, but "validDID" isn't a URL 06:10:58 ... We are linking to the problem details section, but as a developed, two of us independently failed to follow the link. 06:11:15 manu: So the change is just to have a full URL instead of "invalidDID" 06:11:24 wip: Ok. I will do this at some point. 06:11:51 [manu updates issue] 06:12:10 subtopic: https://github.com/w3c/did-resolution/issues/220 06:12:43 wip: there are three outstanding ISSUE markers in the spec we haven't talked about. 06:13:06 ... Issue 38 seems good. But the two immediately after that, we should discuss to see if they matter 06:13:31 ... First issue explain that DIDs are not necessarily globally resolvable. This is in security considerations sections 06:13:33 q+ 06:13:38 ack JoeAndrieu 06:14:08 JoeAndrieu: I know that I've used the term, but we don't have clear definition of what globally resolveable is. If we want to use the term, we need to define it more clearly. 06:14:26 manu: can we just delete this? 06:14:59 joeandrieu: Agree. Also its not a security 06:15:10 q+ 06:15:16 ack Wip 06:15:21 JoeAndrieu: I think we could just delete it since it's off topic 06:15:31 ... so it's kind of off topic. 06:15:36 wip: ok. let delete 06:15:42 ... second one seems similar 06:16:10 ... so we'll update the PR to remove the two issues, but is Issue 38 still useful 06:17:44 wip: Yes, it's important, but should it be in the spec as such. 06:17:56 manu: yeah, we can just track it in the repo. 06:18:01 JoeAndrieu: I think we should say something about this. There is strong narrative assumption that this is always resolveable -- but that might not be possible... but there might be good reasons to not give access to it 06:18:27 present- 06:18:40 subtopic: https://github.com/w3c/did-resolution/issues/212 06:18:48 wip: I think there is already a PR for this 06:19:00 PZ has joined #DID 06:22:24 joeandrieu: in that PR it seems that the involved parties have come to agreement 06:22:31 wip: great. Then we can remove the "discuss" label 06:22:49 joeandrieu: are we going to merge it? 06:22:53 wip: I'm going to ask Markus 06:22:55 subtopic: https://github.com/w3c/did-resolution/issues/208 06:23:30 wip: Should we add a design goals section? 06:23:43 manu: Uh... no. 06:23:57 ... we shouldn't do this. I don't think TAG requires it. 06:24:09 ... The reason we sometimes put it in is because it's not clear what we are trying to do. 06:24:36 JoeAndrieu: Yes, +1, for VCs and DIDs, people wanted to know, for this spec, probably not. 06:24:41 ... I don't think we need to add that unless someone is asking 06:24:43 TallTed has joined #did 06:24:48 subtopic: https://github.com/w3c/did-resolution/issues/203 06:25:32 wip: Madison is saying we need to define what we mean by datetime 06:25:53 ... I was going to do that. So I looked at VCs and they don't normalize time 06:26:41 maybe https://www.w3.org/TR/timezone/ ? 06:30:28 joeandrieu: I think its the 00:00:00 which doesn't make sense. We normalize to UTC, not UTC 00:00:00 06:31:08 manu: we do say it should be specified datetime timestamp with Z. 06:31:28 VCDM Representing Time section: https://w3c.github.io/vc-data-model/#representing-time 06:31:39 ... we had this section (VC 2.0 section 5.8 representing time) and it survived internationalization review, so let's just use that 06:31:56 wip: I think that's fine. I'm happy to use it. That is a change to this normative statement. 06:32:09 manu: don't say "normalize" 06:32:45 pchampin: A recent comment in RDF working group. The term "normalized" doesn't not appear. "Adjust" does. Adjust hours/min. 06:32:55 ... seeing the hours minute seconds, I see Joe's confusion 06:33:05 ... we can just replace normalized with "adjusted" 06:33:18 wip: so, should we reference the VCDM section? 06:33:27 manu: Yes, it has lots of language that matters. 06:34:01 manu: we shouldn't repeat this much spec text 06:34:09 wip: my concern is that we are not requiring it uses UTC. 06:34:22 joeandrieu: VCDM doesn't care about UTC, but we do. 06:34:45 manu: good point 06:35:12 joeandrieu: we want to profile the VCDM with like "You must represent tiem as in VCDM and it must be adjusted to UTC 0" 06:35:48 wip: In the DID resolution spec, we have different properties that define time, versionTime, created, lastUpdated, etc. I think Jeffrey suggested we define our representation once and refer to that throughout. 06:36:18 wip: it might be better to have a time property that we reference in each property that is "time" 06:36:51 manu: this is section 4.3? 06:37:35 manu: Yeah. I think that's the right thing. Specify a datetime format and in that section, refer to VCDM and adjusted to UTC without subsecond decimal precision 06:37:42 wip: and where does that go in the spec? 06:37:53 manu: it could go anywhere. define it before you use it 06:38:01 wip: ok. great. 06:38:16 wip: marking ready for PR 06:38:27 subtopic: https://github.com/w3c/did-resolution/issues/133 06:38:28 wip: Threat modeling 06:39:04 wip: This should be addressed when we have threat modeling 06:39:13 q? 06:39:27 joeandrieu: it's going to block us from going into security review 06:40:48 JoeAndrieu: The bottleneck has been figuring out what security group wants out of a threat model. We are very close to being able to share something -- once that's done, in about 3 weeks, we have three diagrams that Markus has put together, we have local/remote proxy archiectures -- we might need to do diagrams with focused threats -- threats are relatively straightforwad to do once we have diagrams. 06:41:45 JoeAndrieu: There are four different types of threats we want to speak to, threats in threat model, in VCs we knew tampering was a threat -- that's why we have proofs. Next is implementation threats, key compromise, issuing VCs? Have to manage keys -- but implementers have to deal with it. External threats, which we don't know a away around, but people should be aware of. 06:42:49 JoeAndrieu: Dependency threats -- eg. DID Resolution relies on TCP/IP and HTTP -- specify some threats on TCP/IP dependencies -- and DNS -- spoofing DNS, and get false DID Document, that's a threat -- networking layer, router might decide Joe is a bad person and is sending me over there. That's part of wy it's taken longer, but getting close to something usable by the group. 06:43:02 JoeAndrieu has joined #did 06:43:29 wip: we have asked Simone for a security review. 06:44:17 JoeAndrieu: This "needs work" -- we are going to finish the threat modelling guide -- we'll need to facilitate some conversations, special topic calls, maybe this is "to be discussed" in context of threat modelling guide. 06:44:20 q+ 06:44:45 wip: we need to be in CR before April 06:44:55 ack manu_ 06:44:56 ... Maybe we should break to talk about that 06:45:38 manu: I'm really concerned about this timeline 06:45:48 ... we wanted to get through our issues and be ready for PR 06:45:57 ... And this looks like it might take another 3 months 06:46:01 q+ 06:46:03 ack Wip 06:46:14 wip: Maybe its worth talking with Simone to understand. 06:46:20 JennieM has joined #did 06:46:21 q+ 06:46:32 q+ 06:46:37 ack JoeAndrieu 06:47:32 ack manu_ 06:47:35 JoeAndrieu: I think it's negotiating with SING -- in order to go to CR, do we need threat model today -- conversation that staff needs to think about -- is it worth extending now because we need threat model, we are making good progress, maybe we put options to staff. 06:51:05 manu: I'm really concerned about what this does for our timeline. 06:51:12 JoeAndrieu has joined #did 06:51:25 JoeAndrieu: We should discuss this with Staff and have them provide guidance on what we do next. 06:52:10 wip: ok. we have a section that is security considerations 06:52:36 ... the work is to review the DID architecture section and update the Privacy Consideration sections 06:52:38 q+ 06:53:39 JoeAndrieu: I do agree with where we should put these edits -- this is not put privacy/security issues in architecture section. 06:54:13 JoeAndrieu: Do we mention threat model in this issue? 06:54:19 Wip: No, we don't. 06:54:45 JoeAndrieu: Ok, let's keep threat model in another issue. Our intention is to complete threat model while we're in CR, not before. 06:54:46 q+ 06:54:58 ack 06:55:01 ack manu_ 06:55:12 q- JoeAndrieu 06:56:14 subtopic: https://github.com/w3c/did-resolution/issues/132 06:56:17 JoeAndrieu: Next steps are to talk w/ Simone / PA / Joe to figure out how to proceed 06:56:18 wip: next up threat modeling issue 06:57:42 JoeAndrieu: let's just tag this as "During CR" 06:57:59 wip: maybe PA can talk about getting an extension 06:58:10 wip: there remain 4 discuss issues and some related to test suite 06:58:43 manu: There is the DID threat model... 06:58:58 JoeAndrieu: I don't think that's usable 06:59:07 JennieM has joined #did 06:59:18 wip: that's it. To break 07:04:21 JennieM has joined #did 07:19:28 dlongley has joined #did 07:33:22 Wip has joined #did 07:34:32 scribe+ 07:35:09 Topic: DIDWG Charter Extension 07:35:59 pchampin: We need a little more time. We can do an automatic charter extension, relatively straightforward since it's a team decision. Otherwise, we have to do rechartering -- requires more time and more effort, these are not exclusive. 07:37:16 pchampin: We are in a good position to request one charter extension to finalize specs. If we want to recharter, then we can use the extra time we have, waiting on others to review specs, maybe we can have bandwidth to discuss -- do we want to recharter? I'm working under assumption that we recharter... we could do two charter extensions of six months. Without rechartering, we could buy up to a year. 07:37:35 pchampin: Rechartering also means defining scope of next WG -- needs more discussion. We prefer to focus on specs themselves. 07:37:36 q+ 07:37:44 ack manu_ 07:37:46 scribe+ 07:37:47 Wip: We expect that we'll be extending intiially. 07:38:00 manu_: +1 for 6 month charter extension 07:38:10 ... We need to get these specs done. Time pressure helps with that 07:38:28 ... Concerned about the additional time when the DID Methods WG starts up 07:38:41 ... If we were going to recharter I would expect it to be a maintenance charter 07:38:54 ... Not sure what else needs doing other than Rubric and the DID Extensions registry 07:39:17 JoeAndrieu: Turning DID methods into proper W3C registry would be worth doing 07:39:19 scribe- 07:39:39 q? 07:39:41 pchampin: Maintenance is not an official W3C Process, it's just a way to talk about charters that don't allow class 4 changes. 07:40:14 Wip: It makes sense -- we want to be in CR to ask for an extension, given charter ends in April, when do we need to ask for extension? 07:40:24 pchampin: A month ahead would be good. 07:40:25 JoeAndrieu has joined #did 07:40:27 q+ 07:40:37 ack manu_ 07:40:44 scribe+ 07:40:45 Wip: DID Resolution should be to be done around Jan/Feb. 07:41:11 manu_: I am concerned about being able to get it done by Jan/Feb with the holidays coming up 07:41:33 JoeAndrieu: The path convesation could take 2-3 months 07:41:42 manu_: We could make the path stuff as at risks 07:41:54 ... I am concerned about the number of people raising PRs and moving the spec forwards 07:42:02 ... Need to start making significant strides in that direction 07:42:11 ... Very aggresive to get into CR by March 07:42:21 ... Very dependent on people writing PRs and moving the spec forward faster 07:42:34 q+ 07:42:42 ... May be worth asking Markus if he has capcity to drive this forward given the deadline 07:42:52 ... Might be worth giving W3C staff a heads up 07:43:03 ack markus_sabadello 07:43:38 markus_sabadello: For me it's hard to say how long it will take to get it done. A few weeks ago I thought we were almost done, but now there are new issues. A lot of issues are relatively easy to address, but there are 2-3 that might take a while. 07:44:12 markus_sabadello: +1 to what Manu said, getting the work done -- doing what I can, but also have other things to get done. We need more PRs raised. 07:44:49 Wip: Yes, tricky, don't have that big a WG with active contributors -- we can try our best, and staff will hopefully be open to discussion. 07:45:03 Topic: DID Resolution Issue Processing 07:45:11 dlongley has joined #did 07:45:23 subtopic: https://github.com/w3c/did-resolution/issues/131 07:46:02 Wip: What would need to happen in he spec to make this happen? 07:46:37 JoeAndrieu: I'm assigned to it. We pulled this into the threat modelling. Another possible response, illustrations of DID Resolution architectures that Markus put together. 07:46:48 q+ 07:46:54 JoeAndrieu: Haven't gotten to that yet. I think we can consider this part of threat mdel work, we can do this during CR. 07:47:40 JoeAndrieu: There is a version of illustration of different DID Resolution architectures that satisfy the issue. 07:47:46 ack markus_sabadello 07:48:42 markus_sabadello: Regarding DID Resolution architectures, there are diagrams in the document. Local resolvers and remote resolvers -- DID Methods can work in different ways -- intention of this issue was to add architectures for specific DID Methods.. What we have in spec is generic, but we can apply how generic model applies to did:key / did:web 07:48:54 markus_sabadello: This issue is option, if we don't do it it's not a big deal. 07:49:16 Wip: I'll leave it for "during CR" -- if we don't get to it, we can close the issue w/o consequences. 07:49:20 subtopic: https://github.com/w3c/did-resolution/issues/113 07:50:08 q+ 07:50:31 Wip: This says "A DID document is a reprsentation of information describing a DID subject" -- the language is in terminology section of DID Resolution and DID Core. We discussed that we would remove terminology from DID Resolution where they're already defined. If we want to update language, we'd have to do it in DID Core. 07:50:36 ack JoeAndrieu 07:51:39 q+ 07:51:45 JoeAndrieu: I don't like this language -- Dave Longley is on the other side of the discussion of this -- Dave's coming from RDF perspective. Imagining DIDs as representing subjects gets us in trouble w/ GDPR, how long lived they are, how they're bound to you... You as an individual might have thousands of DIDs about actions that are momentarily about you. Privacy problem, aggregation problem -- DIDs enable you to look up cryptographic information 07:51:46 associated with identifier. 07:52:23 ack markus_sabadello 07:52:27 JoeAndrieu: If you say someting about subject -- if you say something about my car, it's not a statement about me. VCs contain things about subjects, we have privacy/security architecture about that -- DID Documents just don't have that. 07:52:52 markus_sabadello: I added a comment about this. 07:53:12 Wip: Not all of us here -- is anyone here opposed to changing language? 07:53:30 No objections 07:53:41 JoeAndrieu: We should check w/ Dave. 07:53:53 Wip: We could write a PR and see what he thinks. 07:54:34 subtopic: https://github.com/w3c/did-resolution/issues/38 07:55:15 JoeAndrieu: This is mostly a duplicate. 07:55:31 JoeAndrieu: Curious about how people feel about bengo's suggestion? 07:56:01 JoeAndrieu: he suggests that you may restrict access using some authentication/authorization process inbetween. 07:56:13 q+ 07:56:34 ack markus_sabadello 07:56:44 +1 to it. Some DID methods are consortium blockchain related. 07:56:48 subtopic: https://github.com/w3c/did-resolution/issues/38 07:56:55 subtopic: https://github.com/w3c/did-resolution/issues/244 07:58:03 Wip: We discussed this earlier today Markus -- dereferncing algorithm step 10 is problematic -- client returns error, but noted new language -- we think language around step 10 needs to change. 07:58:43 q+ 07:58:47 Wip: Steven is also recommending that we remove step 9.4 07:58:53 ack markus_sabadello 08:00:47 markus_sabadello: Im fine with changing that to Manu's proposal to simplify the step. I agree step 9.4 sounds strange -- has to do with RDF and semantic web applications where this doesn't necessarily mean retrieval -- sometimes in semantic web there are use cases where URI there is no URL meaning/processing of URI is determined by client. 08:01:01 q+ 08:01:12 markus_sabadello: I'd be fine with removing it if it sounds too strange, something related to URI philosophy and theoretical constructs, but also fine w/ removing it. 08:02:37 ack Wip 08:03:02 Wip: I think I'm hearing remove 9.4 and refactor 10 to use Manu's language. 08:03:08 Wip: Those are all the discuss issues. 08:03:19 Wip: We're going to move on to test suite now 08:03:23 Topic: DID Resolution Test Suite 08:04:00 subtopic: https://github.com/w3c/did-resolution/issues/239 08:04:14 Wip: There are duplicated satements, we might want to remove items. 08:04:44 Wip: Same requirement -- second normative statement we probably don't need it 08:04:45 q+ 08:04:49 q- 08:05:01 manu: +1, don't need it. 08:05:07 JoeAndrieu: We only have one conformant representation. 08:05:23 Wip: That's a separate issue. 08:06:28 dlongley has joined #did 08:06:45 JoeAndrieu: We had a long discussion about this w/ VCs -- we say that things that can be transformed into VCs are VCs... you can't give me a media type and not be serialized in that format. 08:06:57 Section about representations: https://w3c.github.io/did/#production-and-consumption 08:07:39 JoeAndrieu: This is all legacy 08:07:40 q+ 08:08:03 ack manu_ 08:08:04 JoeAndrieu: This could confuse the market -- we don't want to revisit that -- it would be better if we could update via wisdom learned from that conversation 08:08:08 scribe+ 08:08:25 manu_: I tried to modify the spec according to the charter 08:08:32 ... I tried to do the minimal changes possible 08:09:12 JoeAndrieu: If you send me someething that is not a DID Document, it shouldn't work. 08:09:19 pchampin: This isn't aying media type should be the same. 08:09:34 JoeAndrieu: The media type defines the serialization, and we have one media type and one serialization. 08:09:40 q+ 08:09:44 JoeAndrieu: All this laguage creates confusion that we don't need to have. 08:09:47 ack Wip 08:10:11 Wip: This has been my sense, but relates to use of accept -- if we have one media type, and you do did resolution if there is an accept header, why do we have this? 08:10:38 Wip: markus_sabadello has said you might ask for CBOR, application/did-cbor -- not a DID Document, repreentation that can be tranforme dinto a DID Document. 08:11:15 markus_sabadello: I'm not sure, Joe -- we did remove abstract data model, there could be other representations... don't know what this means for accept option, still makes sense to have that. 08:11:17 q+ 08:11:38 JoeAndrieu: To speak to accept header, in DID Resolution, enabling feature extensibility, but we don't ave any use for it right now. 08:11:41 ack manu_ 08:12:15 manu_: I don't think the language says you can shove anything that is not application/did in the resolution result 08:12:35 ... I agree this is confusing to have production and consumption rules in DID 1.1 when we only have one media type 08:12:55 ... there are many normative requirements in this section. I wanted to avoid making class 4 changes 08:13:35 Wip: We got off topic on this -- feels like this group doesn't have time to take that on -- do we want to raise an issue on didv1.1 and label it future. I'd be wary about getting this in. 08:14:14 q+ 08:14:19 Wip: Back to 239 -- are we ok w/ the suggested change -- no duplicate requirements. I'm going to make this change 08:14:21 JoeAndrieu: +1 08:14:47 q+ 08:15:01 markus_sabadello: The change would be to remove the second statement -- yes, that's fine. We can remove/change it to say resolvers might support multiple DID Methods. 08:15:06 ack markus_sabadello 08:15:24 ack JoeAndrieu 08:16:32 JoeAndrieu: I think I understood your pushback -- that's not what this issue is about -- can we change conformant representation -- I think it's understood that a non-conformant representation is not what we're talking about. 08:17:53 subtopic: https://github.com/w3c/did-resolution/issues/223 08:18:48 q+ 08:19:13 ack markus_sabadello 08:19:17 Wip: The read operation can tells you what to do 08:19:57 q+ to say this is test requirement 08:20:01 markus_sabadello: This is for DID Methods that require certain resolution options -- that would be in context of specific DID Method, resolution only works if resolution option is passed to the method 08:20:04 ack JoeAndrieu 08:20:06 JoeAndrieu, you wanted to say this is test requirement 08:20:27 JoeAndrieu: I don't know if we do this anywhere else, this is a requirement on the test suite -- we don't have any normative requirements on client of resolver, we could sepcify requirements on test suite. 08:20:29 q+ 08:21:03 Wip: The test suite is testing a universal resolver, you pass in a DID and some options and you get back resolution result -- I'm trying to test inputs/outputs. 08:21:12 JoeAndrieu: Dereferencing tests start w/ DID URL and they must do this. 08:21:12 ack manu_ 08:21:13 q- 08:22:02 Wip: The way you test it is by having verifiable input -- these resolution option are required -- this DID URL pass it over to universal resolvers API - in test suite -- it's ablack box, I can't go in there and check to see if options have been passed. 08:22:25 JoeAndrieu: We don't have a way of transforming input and getting signatue of the call. My own unit tests would teest this, I'd isolate the function away from the APi. 08:23:17 Wip: Yes, here is my API, ehre are some dids you can test it with -- that's what the test suite does. DID Methods are going to put requirements to pass on sidecar data -- ensure information is passed in... what could we change this to -- resolution options passed to read option, could be just execute read operation. 08:23:39 q+ 08:24:58 JoeAndrieu: This is a requirement of unviersal resolver, not any particular resolver. 08:25:34 JoeAndrieu: When I make a BTCR2 resolver, it has resolution options because its a single component. When we write something that isn't designed for universal resolver, you give DID and get back DID Document -- it already has parameters. 08:25:39 q+ 08:25:44 JoeAndrieu: I don't disagree w/ markus_sabadello framing. 08:25:51 JoeAndrieu: Maybe we should just remove it. 08:26:11 JoeAndrieu: We are not standardizing the architecture of the universal resolver. 08:26:25 q- 08:26:28 ack markus_sabadello 08:26:30 manu: +1 to remove 08:26:41 dlongley has joined #did 08:26:48 q+ 08:26:57 markus_sabadello: I don't really see how this is specific to universal resolver -- this applies to any resolver 08:26:59 q+ 08:27:19 q+ 08:27:45 q+ to say did btcr2 doesn't have a read method 08:27:51 ack Wip 08:27:54 markus_sabadello: In my mind, the sentence here wrt. read operation is very generic, pasing it doen't mean sending it over the wires -- if it's hard to test then maybe remove, but it's not specific to universal resolver. 08:28:28 Wip: What Joe si getting at, if I care about DID method, I'm going to implement the resolver spec by combining both interfaces... but in practice, they might do resolver for single DID Method. 08:28:29 ack manu_ 08:28:50 ack JoeAndrieu 08:28:50 JoeAndrieu, you wanted to say did btcr2 doesn't have a read method 08:29:01 manu: this is impossible to test, let's remove it. 08:29:15 JoeAndrieu: BTRC2 doesn't have a read method, we have a resolve mechanism and a resolver implements it. 08:29:49 Wip: ok, consensus is we're going to remove this statement. 08:30:02 subtopic:https://github.com/w3c/did-resolution/issues/222 08:30:15 Wip: This is a duplicate normative requirement. 08:30:58 Wip: Let's remove the second statement. 08:31:00 manu: +1 08:31:15 JoeAndrieu: Aren't we using problem details instead of error properties -- errors could be different. 08:31:45 Wip: Error property is an property in did resolution metadata, that error property is a ProblemDetails object. 08:32:50 Topic: DID Resolution Test Suite 08:32:51 subtopic: https://github.com/w3c-ccg/did-resolution-mocha-test-suite/issues/17 08:33:56 q+ 08:34:13 ack JoeAndrieu 08:34:15 Wip: How do I get tests that provide this sort of result? 08:35:06 JoeAndrieu: I don't know if we have requirements to have public keys -- we have verification methods, not public keys -- it's a use cases question, what would trigger these... some of these are intellectual exercise that identify real problems that might cause issues because of the spec. 08:35:42 q+ 08:35:47 Wip: markus_sabadello thoughts on this? 08:35:48 ack manu_ 08:36:01 manu_: I think the error is invalid verification methon 08:36:08 q+ 08:36:08 ... I am wondering if the way to test this is through DID key 08:36:30 ... It could be that we just delete five of these return valies 08:36:37 s/valies/values/ 08:37:04 q+ 08:38:35 ack markus_sabadello 08:39:04 q- 08:39:10 manu: We don't throw any of these PUBLIC_KEY errors in the spec, we should delete them. 08:39:21 manu: We don't throw INTErNAL_ERROR either 08:39:31 JoeAndrieu: We need to -- what happens when you have a bug? 08:40:39 manu: We need to say something about it in the algorithm -- it needs to be normative. 08:41:03 markus_sabadello: These errors could still be in extension registry -- we need to add sentence or two in algorithm that mentions these errors. 08:41:48 Wip: I'll create new issue to review all errors in error section, identify errors not in algorithm, either we remove it and put it in extensions or we add step in algorithm that throws that error 08:41:58 JoeAndrieu: Yes, +1, because we might have an error in the algorithm. 08:42:51 Wip: In BTCR2 - we had need in resolver to throw an error, we defined something to ensure -- invalid_did_document isn't thrown anywhere, but maybe DID method would throw a part of their algorithm. 08:42:51 q+ 08:43:10 q+ 08:43:13 ack manu_ 08:43:13 Wip: We are expecting DID Methods to use these errors, would be nice for them to be already defined. 08:44:14 JoeAndrieu: The invalid did document error is return from dereferncing call -- everthing might look good from resolution process, but what it got back was not valid DID Document. 08:44:24 JoeAndrieu: Algorithm is check the spec and see where we say to return these things. 08:44:27 q+ 08:45:08 JoeAndrieu: For 404 not found, do we need to determine DID Document not found and resource not found? 08:45:08 q+ 08:45:10 ack pchampin 08:45:16 q- JoeAndrieu 08:45:37 ack markus_sabadello 08:45:37 pchampin: Let's not define error codes for specific DID Methods, but we do need generic placeholder for METHOD_SPECIFIC_ERROR. 08:46:20 markus_sabadello: Rgarding Joe's question -- don't think we need to differentiate between DID Document not found and resource not found, they can share same error code -- we could also split them. 08:46:39 q+ 08:46:50 ack markus_sabadello 08:46:51 JoeAndrieu: My concern is that dereferncing function call is going to respond the same way to both DID DOcument not bieng able to be found and Linked Resource not being found -- feels like we're losing information. 08:47:25 markus_sabadello: it wouldn't respond in the same way -- DID Resolution result is... 08:48:12 JoeAndrieu: I'm not calling resolver, calling dereferencer -- dereferencing response doen't get the same thing s aresolution? 08:48:28 markus_sabadello: dereferencing result or resolution result -- those are different. 08:48:29 q+ 08:48:45 JoeAndrieu: if URL dereferencing fails, do I get back entirety of response from rsolution action? 08:48:50 markus_sabadello: yes, you get the whole thing back. 08:48:52 JoeAndrieu: Ok 08:48:52 ack pchampin 08:49:11 Wip: Yes, lets move on, that was useful. 08:49:28 subtopic: https://github.com/w3c-ccg/did-resolution-mocha-test-suite/issues/14 08:49:48 Wip: We're saying DID Resolution MUST implement the algorithm. 08:50:07 q+ 08:51:45 manu: This is duplicative, we should remove it -- we say the same thing in conformance section. 08:52:07 JoeAndrieu: +1 to remove because it's duplicative. 08:52:35 ack manu_ 08:52:39 subtopic: https://github.com/w3c-ccg/did-resolution-mocha-test-suite/issues/15 08:52:51 Wip: Feels like normative requirement on an extension. 08:53:09 q+ 08:53:16 Wip: This is not a requirement on the DID Resolver. 08:53:47 ack manu_ 08:54:08 manu: We should move this to the registry and put it in the registration requirements. 08:54:37 subtopic: https://github.com/w3c-ccg/did-resolution-mocha-test-suite/issues/16 08:54:46 Wip: This is untestable. 08:55:32 q+ 08:55:40 JoeAndrieu: Remove 08:55:43 manu: +1 08:56:15 markus_sabadello: In DID Core, we have a section about DID Methods and MUST statements there -- why would we remove this? 08:56:16 q+ 08:56:23 q+ 08:56:24 ack markus_sabadello 08:56:26 q+ 08:56:27 ack manu_ 08:56:43 q- 08:58:02 manu: We can't move this to DID pec because it's class 4 -- and even if we did, we'd have to define how to put proofs on DID DOcuments. We should wait until some DID Methods put proofs on their documents before generalizing the feature/reuiqmrent. 08:58:04 ack JoeAndrieu 08:58:50 JoeAndrieu: I agree we can't move it to DID Core -- but wanted to comment on why untestable thing on DID Core -- testable by human, we can't automate it, but we do need to have these requirements. One of the places where we don't have automated/testable mechanisms for conformance statements we believe are important. 08:59:01 Wip: Are you ok if we remove, markus_sabadello ? 08:59:29 markus_sabadello: I agree, we can move on. 09:00:27 RRSAgent, make minutes 09:00:29 I have made the request to generate https://www.w3.org/2025/11/11-did-minutes.html pchampin 09:03:23 dlongley has joined #did 09:15:34 dlongley has joined #did 09:42:01 dlongley has joined #did 09:53:20 dlongley has joined #did 10:06:37 dlongley has joined #did 10:21:19 dlongley has joined #did 10:32:04 dlongley has joined #did 12:46:10 dlongley has joined #did 15:03:07 dmitriz has joined #did 18:35:11 Zakim, bye 18:35:11 leaving. As of this point the attendees have been shigeya, Wip, JoeAndrieu, dariusk, jay, manu_, David_Ezell, identitywoman, denkeni, JennieM, swcurran, csarven, hsano, pchampin 18:35:11 Zakim has left #did