W3C

– DRAFT –
Decentralized Identifier Working Group

08 April 2026

Attendees

Present
dmitriz, JennieM, markus_sabadello, ottomorac, TallTed
Regrets
-
Chair
ottomorac
Scribe
transcriber-bot

Meeting minutes

<ottomorac> transcriber-bot, resume

Otto Mora: Yes. Okay, cool. Uh, excellent...
… Uh… yeah, so we have
… Um… the… the two topics, the two
… pull request. At first, though, we wanted to just have a general discussion on… Uh, kind of
… what might make sense to merge first? Uh, so I guess that's where we wanted to, kind of
… have that general conversation. Before we get into the specifics of each
… uh, pull request, like, uh, itself, right? Will, maybe we want to start there, yeah

Will Abramson: Well, I don't even know if it's worth doing that, since there's only four of us on the call, like, it might just be good to hear...
… like, you know, Joe and Steven, you've both been commenting on each other's PRs
… Like, maybe we could hear from both of you about the concerns you still have about. the other PR, and
… Like, it's really hard, because there's not enough people participating in these discussions for us to really, you know, have, like, even a sense of, like, we've got a quorum for
… consensus, but I wonder if we can just use this call for you two to try and
… You know, get some, like, face-to-face time on some of the disagreements that are still outstanding
… I don't know. I mean, I'm open to how to use it, but I think the agenda is kind of mute, since we don't have. whole group, personally

Otto Mora: Mm-hmm. And also, if you want me to stop the transcriber bot, you want anything off the record, let me know, and I can do that. So yeah, I see Joe, go ahead...

Joe Andrieu: Um, yeah, I think that's a fine idea, um, with one, uh, shift, maybe, which is, I think, from some of the commentary...
… on Steven's PR, um, there are a couple of questions that he wanted to bring to the group, and so that might be a little bit more productive to start with, rather than
… you know, re-bringing up the things we've already brought up, I think having distilled some questions might be a good focus

Will Abramson: Okay. I see Dimitri's there...

Stephen Curran: Good...

Dmitri Zagidulin: Hello, hello?...

Will Abramson: Eduin...

w3c/did-resolution#260

Joe Andrieu: Welcome, Dimitri...

Otto Mora: Okay, so I set the topic to… The pull request...
… From Steven, which is the 260, is that right, or is this

Will Abramson: That's the old one...

Otto Mora: Oh, that's the old… okay, sorry...
… That's the other one

Stephen Curran: 316...

Otto Mora: 360...

Stephen Curran: Yeah...

w3c/did-resolution#316

Otto Mora: Yes, go ahead, Steve and Dan, maybe we can start. Start there...

Stephen Curran: Okay, so, um, I did, uh, do you mind if I share screen? I did that presentation that...
… would allow us, I hope, to focus on, um, the specific issues
… So, um, thought I would just walk through this
… And, um, take notes as we go
… So… this one, the first one right off, the data-specific method handling
… Um… Joe and I… Joe, I clearly… you don't understand what I'm saying, I don't understand what you're saying. I think
… My read of what you're saying is exactly what I'm saying, so I think we're in violent agreement, personally. Um, but
… Like, my read of this is that, um… 7-1 is there
… Because if the div URL contains a path, and. There is no
… um… that is the only path… that is the only URL for the object, like, it exists on a blockchain, then
… you defer to the did method that contained the blockchain handling code that allows the dereferencing of the resource. Um… I don't know what else
… uh… like, I'm saying the exact words you put in your last comment last night
… I tried to say the same thing you're saying, so I'm not sure of the confusion
… Do you want to go ahead, Joe?

Otto Mora: Uh, yeah. Go ahead, Joe...

Joe Andrieu: Oh yeah, I would just, you know, the queue's helpful, so… um… The...

Stephen Curran: I, I...

Joe Andrieu: linked resource property is not did method specific, so I can… I can put a linked resource in a DIDWEBH and embed the resource...
… in the did document, or reference it through obfuscation with the hash or hashgraph types

Stephen Curran: It's the URL!...

Joe Andrieu: And there is no URL that can represent that. So, even a did URL, because it is not a did at the end of the day. It is a did that is pointing to this resource, which is in the did document, or specified in the did document. So it's not...

Stephen Curran: So the URL is the div URL. That's what I'm saying. That's exactly what I'm saying. I canceled it...

Joe Andrieu: Yes, and the did URL has a WebHD method, which has no method-specific path handling properties...

Stephen Curran: No, no, no...
… And so… and I'm not saying it's so that… so that it
… Um
… So you're… you're talking about specifically the case where it's not an on-chain resource, you're talking about it's a did-linked resource inside the
… did linked… did link resource object. That's fine
… That's not did method specific, so
… I don't know, I just… I'm saying when there is an on-chain resource that requires
… Code that is specific to that on-chain that that
… take precedence. And that you can't
… Process it any further to get anything other than the need to go to that ledger and get the object off it, and that's the method specific
… Any other case, I'm not talking about. So if it's embedded in the div doc, I'm not talking about that
… I'm talking about when the div URL is the only thing that references it, because it's on a ledger and it requires ledger-specific code. To retrieve the object. The reference
… Is that not a valid case? We don't care about that

Will Abramson: Oh. Well, I'm on the queue...

Otto Mora: Yeah, go… yeah, go ahead, Will...

Will Abramson: Yeah, I just wondered, like, does this need to go first? Like, what's the argument for putting this first, as opposed to, like, putting it at the end?...

Stephen Curran: Because the rest of the things don't apply, and if that is the case...
… I mean, I don't care, but

Will Abramson: I guess I'm wondering, like...
… this is about, like, precedent, like, which takes precedent, right? Like, what if there is a conflict?
… you know, like, I have a did URL that… that did method-specific thing
… would handle, but then it also would target something in the DID document as well
… In this case, we're saying the did matter specific thing takes precedence, right?

Dmitri Zagidulin: Right...

Will Abramson: And in the other case, we would be saying, no, they did not have the specific thing comes last...

Dmitri Zagidulin: So, can you give an example of what you mean by target, something in the document?...

Joe Andrieu: There's a queue, Dimitri...

Will Abramson: Like, for...

Joe Andrieu: But go ahead and answer, Will. Okay...

Dmitri Zagidulin: There's… oh, whoops, sorry, sorry...

Joe Andrieu: Sound good...

Will Abramson: Like, for example, I would have, like, a, you know, a Path service...
… with, uh, a base path, right? That could target… like, that's what I mean by target, like, you should… you could also use this
… Um, service to the references
… like, to me, all of this discussion is around, like, like, not the simple case, but what happens when we have these conflicting properties. You know, a DID document has
… A path that could be dereferenced, potentially, or interpreted multiple different ways
… That's all I'll say

Otto Mora: Uh...
… Yes, and then Joe… Joe is next

Joe Andrieu: Um, yeah, you keep using the phrase that that's the only way you can identify that resource, um, but we don't know that, so we can't use that as guidance or heuristic in the algorithm...
… Um… the… the problem with it being at the beginning, and then I'm going to speak to the
… Does it… do we have a did URL for, um, some things that we don't?
… Um, but the reason I strongly feel it cannot be at the beginning is because this would undermine the entire point of trying to come up with a way
… that DID-enabled applications don't need to know the intricacies of DID methods
… What this suggests is that regardless of what properties are in your document, regardless of what query parameters are in your did URL
… The did method must be understood by the client of resolution, and that
… will create interoperability problems
… Um, but I also want to talk about, you know, if

Stephen Curran: Yep, okay...

Joe Andrieu: If this issue that… you imagine that there's a way to reduce this to a known resource...
… In the, uh, Bitcoin example, I think I posted it on, uh
… I think on your thread, but it may have been on mine. It is very hard to keep track of these things
… Um, the Singleton Beacon service type in BTCR2
… has a service endpoint of a URI. It is really not a URL. Now, because we're using the WhatWG definition for that property, it is technically a URL, but the Bitcoin colon address phenomenon
… When that is normally dereferenced by a software that expects it, it generates a payment form to make a payment to that address
… So, it is… it cannot, on its own explain how you apply the algorithm of the singleton beacon
… Um, in the process of resolving or verifying, uh, did BTCR2?
… I believe that helps

Stephen Curran: Not really. Um… queue, sorry...

Otto Mora: Q is, uh, next up, Dimitri. Jimmy...

Dmitri Zagidulin: Joe, I think I see what you're saying, uh, in your current comment. My question was. if I… if I understood correctly. your… original...
… The original problem with the did path algorithm, with the base path and everything, was that. It messed with
… Some did method-specific things, like
… uh, did link URLs, uh, something a Bitcoin might have, etc, right?
… And so I think in response to that, Stephen highlighted the fact that the did method-specific handling
… will take precedence, right? Just to point out that
… We're not introducing the base path
… Algorithm, the generic algorithm
… to trample on anything that the methods may already have had, right?
… And now you're pointing out very, very correctly and astutely that
… That does mean that clients have to be aware. Of the intricacies of each individual did method
… And yes, that's true, but isn't that
… Wasn't that the concern you were voicing originally?

Otto Mora: Go ahead, George, you can respond...

Joe Andrieu: Uh, sure, thanks. Um, no, my concern was that PATH Service dismissed the work of previous efforts and did not find a way to integrate it. It's not about precedence, it's about...
… We need to come up with a way so that we can have any, um, mechanism that is in the system that wants to provide custom path handling
… that it… that can be signaled so that you should use that path handling. That's where a huge chunk of my PR came from
… Was this realization that we need to disambiguate the retrieval strategy, and what are the signals that we can use that?
… And so, the did method is a really bad signal for interoperability. We shouldn't be using that
… But I can understand that we have historically told people you can do all this thing in a did method-specific way, so we believe that there are probably did methods out there that have specific path handling
… But my concern with linked resources is not about being did method specific, because that is a property which is not did method specific

Otto Mora: Okay, I know that, uh, Joe was there, but he just responded, so, uh, Steven...

Stephen Curran: Yeah, so I think given that, and the argument's good about the precedence, um, it should go...
… I think it is necessary because, as I say, I mean, originally I didn't have it. Then I put it in, sort of
… Because the working group suggested it, um, I do think there's a very valid use case that says. You know, ultimately
… If we're talking about something that we're trying to get off something where the div URL is
… the URL for it, that we move it down to where, uh, 7.6 is now, so at the bottom of the screen
… Where there's no objects matching. Um, that we could put it there
… Uh, so… in hopes of moving on, let's
… is that a… well, I mean, it's
… I don't think anything's acceptable at this point, so I kind of think it's… to keep discussing, but I could move it down there, and that could be the next step
… That's it

Otto Mora: Okay, and I see Marcus has his hand up, so… uh… yeah, it's not an IRC, but go ahead, Marcus...

Markus Sabadello: So I don't… I don't really understand why...
… It linked resources would not be considered method-specific, and
… In my mind, they are a method-specific way of geofencing the path, because
… It's supported by some deep methods, and not supported by other deep methods, and
… Other methods and other extensions may define other ways how the path can be. be referenced from
… So, in my mind, when we say something is
… Not method specific, then… then it… it would mean that
… It works consistently, uh, across all… Good method, so I think the… The path service
… such as Zoom, even though I don't like it very much personally, but I think that is a… Method independent
… feature, whereas the deep link sources… the deep link resources, in my mind, are a bit method-specific, uh

Otto Mora: Mm-hmm. Uh, uh, Joe...

Joe Andrieu: Um, uh, Marcus, you might be right about did linked resources, but linked resources is a different thing...

<Zakim> JoeAndrieu, you wanted to say because any did document can have that property. It has nothing to do with did methods

Joe Andrieu: And linked resources is not at all did method specific. It is a property that's in the extension registry. I can have a linked resource property
… in a did method… in a BTCR2 did, it can be… and it did WebVH did
… It really is not did method specific. So, this ordering of the protocol means that someone could come up with a path algorithm, create a DID method, and just obliterate the expectations around the properties that are expected to be applied. Um, independent of the did method

Markus Sabadello: Okay, thanks. Sorry, I mixed those up then. Sorry...

Joe Andrieu: Yeah, I think they… they're just… they have the metadata engagement, which I think does sort of entangle the did method. Um...

Otto Mora: Uh… yeah. Well...

Will Abramson: Yeah, I guess I just wanted to build on that, maybe, and say, like, that does seem to be the core of the...
… disagreement or debate here, that, you know, the point is, the controller controls the did document, and the controller can put whatever they want in a did document
… And whatever they want includes whatever might be defined in the future
… that we don't know about now and can't plan for now. So, I think the question is, how do we define a dereferencing algorithm. That can be future-facing
… while not closing off these points of extensibility, right? Like, and I think one of the proposals that has been discussed. Is, like, a type that flags
… this property in the did document, wherever it ends up
… is for handling paths, right? And that might be the path service approach, right? The path service is a type
… It's a specific type that is a service endpoint. I think Joe is saying that we should have something that's more generic than that
… And it just flags, this thing, this object, is this path handling
… thing, and you should
… Treat it as such, and if you don't understand it, then
… maybe you throw an error. I don't know about all that, but the point is, we want some way to identify all the things in the document that. The dereferencer should… Care about when handling fast. And that should be did method. independent
… Uh, I guess I'm wondering if people disagree with that as a thing that we should be doing

Otto Mora: I don't see anybody in the queue, but I see Steven wrote down a proposal...
… On screen to move down to 7.6

Stephen Curran: Um, I guess in response to Will's, I just went on a few, um, in response to Will's, um...
… comment. I… the only thing I don't under… I don't know is… is… The use of type. Um, in that
… I don't know what it means from a JSON-LD and all that perspective. I don't know enough about JSON-LD to
… To really understand that, so that's my only concern with using that as the signal. I've got that as another question later on in this
… Um, in this sequence, is how do we determine what our path handling objects?

Will Abramson: Hmm...

Stephen Curran: I mean, and I guess I'll...
… go back on the queue and say, um, I put this down here just because I think
… It's… we need to have
… A fallback at some point in the play, in the algorithm, for did method specific
… I get the argument for not putting it first. Um… It
… in that… I mean, unless from a practical, but… concern, I'm not
… particularly concerned about it from a practical, but I… but I… but I get why
… not to do it. Um, from a
… just from a processing, um, I would like it to move it down to the
… to the bottom, where if nothing else is triggered, then attempt a fallback. So that's where it was before, and I'll put it back there. So… That will allow us to move forward to talk about other topics
… Is that okay?

<JoeAndrieu> +1

Otto Mora: Uh, Marcus, is it Nikhil? Breakfast...

Markus Sabadello: Um...
… Sorry, I wasn't… wasn't paying attention, I
… Not sure if you're looking at the current version of the specification, or

Stephen Curran: No, I'm looking at my spec, um, version, uh, because we're talking about this… this PR...

Markus Sabadello: Okay, then I just want to say that in the current specification, there is such a fallback, right? In the algorithm, it covers...
… A few cases, like when there's a service parameter and things like that, but
… If… if that doesn't apply, so in the general case, it says if there is a
… path or a query that is not handled by the rest of the algorithm, then methods or extensions may specify how to dereference the
… path. Sorry, I didn't realize you were talking about the PR, but in the current. Specification, this fallback exists

Stephen Curran: That's… that's this section here...

Otto Mora: The .8, otherwise, if the date, okay...
… And uh

Stephen Curran: Um… Moving on to the next topic...

Otto Mora: I guess, yeah, nobody disagrees with moving it down to 7.6. I don't see anybody… Agreeing there… So, yeah. Go ahead...

Stephen Curran: Does it… um, so this is one thing Manu raised, um, um...
… So, I'll raise it here on his behalf. Um
… Does the did URL return a path to a URL, or… or the resource itself? Um, I originally had it that it return the resource
… Um, in… in review of this, it was suggested that it
… shouldn't, that it should just return the URL to the resort
… Um, I think Joe's arguments are… and Marcus has pointed out that there are other places, although they're… I find them pretty subtle, but there are other places where
… In the spec, a resource is to be returned
… Um, and I will acknowledge the language that you don't want the word return to be used at all
… Um, there isn't such a thing as anything being returned, um
… But I think it's fairly clear that
… Um, in the service… in the past service that I'm proposing
… Um, it should return not the path to the resource, the URL for the resource, but rather
… Um, the resource itself. So, currently
… in my PR, again, um
… That might be it, yeah. Um, it
… Uh, it returns
… an array containing the list of URLs
… Um, so I think it
… should be, you know, the resource should in turn… the URL should in turn be
… The referenced and… and the resource return

<Zakim> JoeAndrieu, you wanted to ask return from what?

Otto Mora: Okay. Uh, yeah...

Joe Andrieu: Um… yeah, my… my question was because, um...
… I thought you may have been talking about resolution. Um, but this does touch on why I ended up with an algorithmic rewrite
… Because I don't think a function that is forced to return something
… Um, tells us how to pull a resource or the representation thereof into the current context
… And so, during that process of figuring out which actual resource to dereference
… Um, it's understood that there are redirects, sometimes those redirects have multiple URLs
… Um, that's all fine, but at the end of the day
… The dereferencing application, the one who's calling this pointer and invoking it in the current context
… They pick one resource, and that's what gets dereferenced. So it's when we funnel it through a return value that we run into this weirdness that the dereferencer can't actually dereference to the one resource
… And so the party that is capable of making the choice between different resources is the client. And the client gets a DID document, and then figures out how to do dereferencing
… Um, so this is… this is really a, you know, a point that I think we should get rid of that, uh, dereferencer. Because it's causing this… this weird problem. And if we didn't have it, we wouldn't have this problem

Otto Mora: Okay, uh, Marcus?...

Markus Sabadello: Um, in the case of did linked resources, the result of dereferencing is, is the resource itself, right? So it's, it's not a...
… URI or URL, because the only URL for
… Titlinked resource is… is the Tit URL, right? There are no… there are no service endpoints, there are no HTTP URLs, so you
… you have a tutorial, you dereference it, and you get a resource, that's how… Did linked resources work?

<swcurran> +1 to what Markus

Markus Sabadello: in the case of the service parameter, so if you have a DTRL with a service parameter
… Then you select a service from the DID document, and the result
… After the referencing process is
… a list of the… of the selected service endpoint URIs. And I think path service
… works in a similar way, so in my understanding, the path service would also
… return a list of, uh, URLs, not, uh, not the resources themselves

Otto Mora: Uh… Steven?...

Stephen Curran: Um, two points. I fundamentally don't agree with Joe's comments about, um...
… What a client is, and what a dereferencer is
… Um, and Marcus, I agree with your comment that it should return a resource, and we should… adjust it to say
… specifically that, that the next step should be dereferencing whatever that URL is, whether it's a
… HTTP URL, whether it's a DID URL or any other type of URL, we should dereference it after that, if possible, obviously, because that might not be possible
… That's it

Otto Mora: Joe?...

Joe Andrieu: Yeah, Steven, I'd like you to unpack what you don't like about the client definition, since I'm using the definition that's in the spec right now. Which is, it's the software that calls the resolver...
… Um, but also, I think… I think we're conflating here the difference between
… a redirect functionality, which is what the 300, uh, response is that Manu mentioned on our last call
… Um, and something that returns multiple resources. That's a redirect, not the actual reference. The client who tried to redirect with the first URL is now given some other options
… to… and I must pick one, and then dereferences one. So the final process of dereferencing, at the end of the day, is a single resource. In the current context
… Um… and I don't know how we do that if we're returning URLs
… Because that doesn't seem to bring the actual resource into context. It's just a redirect

Stephen Curran: Um, again, to unpack, I think if… if the spec does not tell us...
… what to do with a did URL
… And that it's left as, you know, up to the caller
… Um, and… and we just then
… Then, even if… then, what's the point of the spec to me? Uh, we're trying to give guidance to say, when you get this
… You return the result
… when you… when this did URL is processed, we wanted many
… implementations… To do the same thing
… And… and to abdicate and say, oh, it's up to the client to do
… to do it. I think you could say that, but they… we still want them to do all that implementation of that client to do the same thing, so I think
… It's just confusing to have the client involved at all
… Um, so that's why I don't understand your
… Reframing of it, using just

<Zakim> JoeAndrieu, you wanted to say my PR says exactly what to do with a DID URL

Stephen Curran: Using client, I just don't think I've had. That's it

Otto Mora: Sure...

Joe Andrieu: Yeah, so my PR does, in fact, explain exactly how the client of resolution prepares...
… Invokes, and then responds to the result from resolution
… The spec is absolutely explaining how any dereferencer of a did URL
… Can correctly call and process resolution
… It is exactly what happens on the web, where what we specify for an HTTP URL
… Is it, hey, you should go and get it, and then it… render it based on its mime type
… And if it's an HTML page, it's gonna trigger off a whole bunch of stuff, and different browsers will render that differently
… Um, and so, fundamentally, you can't get rid of the client. The client, at a minimum
… Absolutely must be dereferencing the fragment

<swcurran> Agree on the fragment

Joe Andrieu: And it also must be choosing the singleton resource if there is a possible plethora. Based on content of the document
… Um, so I don't… I mean, the client is a fact of the system. I don't know how we can ignore it, and I do define the algorithm of what that client should be doing

Otto Mora: I will...

Will Abramson: Yeah, to say, I think I agree with what Joe just said. In his...
… VR, you know, he's defining this thing called a client, which, as he says, does exist, right? There is a client that takes a did URL and
… and does something with it, the first thing they're going to do is resolve the did, right, or resolve the URL
… Now, and get back the document, and then they're going to do some
… some extra steps, which I think still in Joe's PR is called
… the URL dereferencing algorithm. So, in my sense, what Joe CR changes is. Instead of calling… Something a dereference, sir
… it's now called a DID URL Client
… And there is no function call, like, there's no function contract that you… Call to dereference
… Rather, it's an algorithm that, I guess, doesn't have, like, a
… Like, inputs and outputs explicitly defined. But the algorithm itself is
… defined in the status. I guess
… You know, like, some bits that maybe are slightly less defined, like, use the resource
… Um, but I think that's not for us to define how the resource is used
… I don't know, that was my understanding. So I guess I'm a bit confused, Steven, whether you are not happy with the fact that
… it's called a client, like, the did URL client, because I think Joe's real still makes sense if that was called the did URL
… dereferenced it, right? It's just a name for this thing that is executing a res… you know, calling out to a resolver. And then doing some stuff with the results

Stephen Curran: Um… sorry, I'll keep plus, but anyway, um...

Otto Mora: Yep...

Stephen Curran: Um...
… Yes, I definitely don't like the term client, because to me, that… conflates
… Um, this idea of… of
… Calling an algorithm and then getting something back, but we're… and then even more, I don't like this idea that you call an algorithm
… With unspecified inputs and get unspecified output
… That just seems odd to me. I mean, there's lots of things that
… Maybe in there, but to say that is
… I, I don't understand

Otto Mora: Marcus?...

Stephen Curran: That's it...

Markus Sabadello: Um, I agree with Joe that, uh...
… In the dereferencing process, or algorithm, or function, or whatever we call it, that
… Resolution is a part of that. It's a… it's a first step, or an early step
… And in that step, whatever we call the component that's doing the dereferencing
… does indeed act as a client of a resolver, so I
… I agree with that. I don't think it
… It means that we need to get rid of the concept of a dereferencer
… So I would agree that the DTO reality referencer is
… A client to a… to a resolver
… What makes all of this sometimes a bit confusing, maybe, is the fact that we
… Never really have a… a fixed, uh
… Network setup, or network topology, let me
… We don't say that a resolver must be a server that exposes a network endpoint
… In the case of Did Key, for example, then you can resolve Did Key entirely locally
… But from a logical perspective, there's still a client and a resolver. It's just all local, and if you have a DID key with a fragment
… Then you can also logically construct the referencer, which is a client, to a resolver
… But in the end, the key with a fragment, you can also dereference entirely locally without any kind of
… Endpoint or network communication, so this is maybe what sometimes
… A bit difficult to understand that sometimes these steps can happen locally and sometimes they do involve
… remote endpoints, which is why we have the HTTP bindings
… But, uh, yeah, just to confirm the idea that the reference is
… He's a client to a resolver that… But that makes sense to me

<Zakim> JoeAndrieu, you wanted to say clarify the spec defines a client today

Otto Mora: Uh, yeah...

Joe Andrieu: Um, yeah, I… I agree that as the spec currently reads, Marcus, the dereferencer is acting as a client to the resolver...
… Um, but in the current spec, the client is what calls the resolver
… Um, it is not what calls a dereferencer, and that's… that's where we have this hiccup that I think is very confusing
… Um, because there are multiple clients, and we do not adequately describe how both of them do things differently
… Um, as we certainly only describe on the
… Final, final client, this fragment dereferencing thing. And, um
… Perhaps more importantly, I don't understand why a client with a did URL
… Would need to have a function that packages the inputs and outputs in this way
… I understand, um, Steven, your… your confusion is… Um, you know, but how do you call it?
… But you don't call an algorithm. You evaluate or execute an algorithm
… And so, when a web browser is rendering a page, it is executing an algorithm
… Now, internally, it may have all sorts of classes and methods and functions that go down very, very deep, but I had tried in this… in the latest rev of mine
… to clarify, I don't mean client as something that goes over a network, um, in terms of the problem with the dereferencer
… To me, it's that it is reduced to a function which requires specific inputs and has specific outputs
… Because those outputs don't map clearly to how the rest of the world talks about dereferencing. It's… it's a weird
… Um, we still have to dereference what the dereferencer returns

Otto Mora: Uh, Steven...
… You're on mute

Stephen Curran: Sorry. This specification… I'm reading the current test in the introduction. This specification defines a standard interface that clients can use to execute did resolution. And did URL dereferencing request...
… That, to me, says the clients are outside the scope of this, so where it's used inside, such as that reference you made in the… your… in the
… your referencing algorithm, it's incorrect, it shouldn't be, because the client is outside of this specification. That's the thing that I'm
… I can't get my hand… I can't get my mind around what
… how you've repositioned clients. So, um, I assume you've removed that from the spec to
… But to me, that is exactly what this spec is for, and that it does lead to a client makes a. invocation. Uh, and get something back
… And… and we're trying to make it… Consistent
… And, and to not make that is… means the spec is… Fundamentally changed
… That's it

Otto Mora: Mm-hmm. Well...

Will Abramson: Yeah, maybe Joe will speak to this better, but my understanding is what Joe is saying is that's. Wrong, because the client...
… is defined as doing things in the current spec, right? Like, it is at least handling the fragment

Otto Mora: Mm-hmm...

Will Abramson: So, like, it is inside the dereferencing process, whether we like it or not...

<swcurran> Fragment is the one special case.

Will Abramson: So, isn't it better to actually draw the boundaries a little different, I think? That's my understanding, what just replaced

<Zakim> JoeAndrieu, you wanted to say my PR changes that opening line

<swcurran> But that is the only one

Otto Mora: That it still has a role in the… at least the fra- yeah, it could, yeah. Uh, so...

Joe Andrieu: Um, yeah, that's… that's exactly right. I mean, the… the...
… I just got distracted by Steven's comment. Um
… The… the fragment isn't a special case. Um… But
… I am breaking the current spec with my PR, because I believe it introduces this object
… that people don't understand. And I… Steven, I think you're one of them
… And I made that with all the love in the world, because I do really like you, Steven, even despite our technical differences. Um, but
… A web browser, as a dereferencer of URLs, doesn't need to expose an interface to anyone
… Um, and it doesn't have to organize its internals according to any particular function

<swcurran> A web browser is the client

Joe Andrieu: Um, what it does is it uses the specifications and the protocols out there to execute algorithms that go out into the world and bring resources back into the current context
… Um, and I think I'm trying to follow that pattern. In the introduction of a dereferencer, I think
… Um, is very strange. Um, and I think it's… it's a real problem

Otto Mora: Steven?...

Stephen Curran: Again, I failed to understand. To me, the web browser is the client...
… passes the did URL to something, it uses DNS to figure out who to pass it to, and then it gets the result back, and after that, it
… it does some things. Now, the difference with the docs is you've got this
… You've got to get the relevant did dot first
… And then, um, there may be other things you need to do
… Um, and so that's slightly different, and that… that's where this… two-part. Comes from, but
… I still… I still think a client simply passes a did URL into
… Into a logical piece of software that may… that software may have many different components to it, and may be remote or local or whatever, and… It expects, from that logical
… Call will get back a result that it
… Expects and can process and if we aren't doing that, then
… and this back is not doing what the current introduction says, then I think it's
… It does not help implementer in any way

Otto Mora: Oh, well...
… Oh, sorry, I don't see anybody in the queue anymore

Will Abramson: No, sorry, I was on the queue, I just...
… Yeah, I was trying to say, uh
… I mean, there is something I wanted to say to that, but, like, just at a higher level, you know, we know we talked for an hour now
… I… I… I don't know, are we any closer to either of these, you know, like, having some points of consensus. It feels like within these PRs, there are points of consensus, but they're also. Point of severe
… disagreement, and I'm wondering how we… Can move closer towards
… something that the group would agree with. Uh, and with that, I'll also say, Steven, like, I think what you say, like, the web browser is the client
… To me, that is exactly right, and it's the web browser as the client that is
… Executing the dereferencing process, right? I think. Uh… Anyway

Stephen Curran: I don't think so, I think it calls… It calls...
… I don't know. It's… this is… yeah

<Zakim> JoeAndrieu, you wanted to say that singular result is the DID document from resolution. if the client needs to verify a proof, that's not well handled by returning a subset resource

Otto Mora: Okay, Joe?...

Joe Andrieu: Um, yeah, I agree with the framing at the top level that you had, Steven, that when you get a data URL, you should be able to call a function that...
… encapsulates all the did method-specific stuff and gives you back the metadata you need to dereference the resource or to use that did document in a particular way
… Um, if… if I'm a… if I'm a wallet, and I am proving a… or verifying a proof. That comes out of a verification method
… Um, you can't just give me the public key of that. They need to hold the document to get the context to actually perform the function
… So in that context, the final dereferencing is the application of that verification method to the current algorithm
… Um, it isn't a resource that gets returned that says, yes, it's verified, because
… that dereferencer, which… the actual dereferencer of the DID URL is processing a verifiable credential, and that dereferencer as a client needs to apply the information in the DID document
… to do that. They're not offshoring this verification check to some other dereferencer

Stephen Curran: And up. Okay...

Joe Andrieu: like, it's really just a category error. Um, but I want to try, and… hold on, Steven, I wanted to try and turn our attention to, I think, really a bigger problem...
… That hasn't come yet up on the call, um, which is the dependency on the 3986, um, relative ref algorithm
… Um, I honestly don't think it does what people think it does, and I think it is a big security problem
… Because it allows any DID writer to create a DID URL that completely bypasses the service endpoint in the DID document
… Um, you can rewrite the query, you can rewrite the path part, um, all that seems problematic. Um, I commented on it with
… quotes from the 3986 algorithm to try and clarify, but we as a group need to be… I think what we should be doing is figuring out what is the actual use case, Steven, that you're fighting for
… And let's figure out the best way to support it. I think what you're trying to do is enable a DID to be the top level of, like, a folder structure, a file hierarchy
… Um, and let people just append file paths and names to the DID, and have the DID document point to where you go to go, you know, find that set of resources. I think that's a fine use case
… Um, uh, but we need to figure out how to do it in a way that doesn't create a security problem, and I think dependency on the 3986 is, in fact, a huge security hole

Otto Mora: Uh, yeah, and we want to move to the What WG. There's an open issue for that, but… Yeah. Go ahead, Steven...

Stephen Curran: Um, two things. 100% agreement that I don't expect a client to call. Uh, did URL...
… processor, and have it verify a key for me. Absolutely. And… and
… The client is going to do something after it gets a result back from dereferencing
… What I'm saying is just that we're trying to make a
… An abstract interface, if you will, that allows a consistency in what… in what happens
… when a client passes a bid URL into that interface, and something comes back
… Um, as to the 3986
… I, I agree, relative rep itself, the, the, the, um… the

<JoeAndrieu> the interface is the problem. the algorithm is what is important, not what is passed or returned

Stephen Curran: the, uh… the relative ref query parameter is problematic. Um, I
… Yeah, I can't comment on whether
… Our attempt… when we… there are places where we attach. A
… a relative reference, not the query parameter, but a relative reference to a base URI, and my understanding is the way you do that is 3986 section 5
… If that's not right, that's fine, but I sure don't want us to define in this spec
… a way to do that, and cover all of the possible edge cases and use cases. That… I thought that was the purpose of using Section 5, if that's not right. beyond me

Otto Mora: Joe...

Joe Andrieu: Um… I think that was an old queue, but um...
… I… I… I do think we shouldn't be using it. I think it's… it

<swcurran> What should we use?

Joe Andrieu: The fact that whatever is put in the service endpoint
… Um, can be completely overwritten by whoever writes the did
… Um… I think is not the expected behavior. Um

Stephen Curran: Are you talking… sorry, Joe, are you talking about the relative ref query parameter?...
… Or the use of 3986 in general. section

Joe Andrieu: The use of the… specifically, the 3986 reference resolution algorithm...
… Because all that is retained, um, when you have a relative ref that starts with a slash
… Is the authority part, i.e. the domain name, host name, port
… user name, etc. Um
… The whole path and the queries, they're all gone, they're all rewritten
… Um… if… that's the problem

Stephen Curran: Okay...
… Then… okay, so that's
… The security issue, but also the fact that it… it overwrites as opposed to simply adding on to whatever is already there
… My understanding, again, I was just following the guidance
… Was that it would handle all of the edge cases of
… logically appending
… the relative reference part to whatever the existing URL was. If it's not doing that, then yes, I agree

Joe Andrieu: Yeah, what it does do a good job is the… and you can knock me off the queue, um...

Stephen Curran: Hmm...

Joe Andrieu: is sort of deconstructing the path and reconstructing the path in a good way. It deals with, like, dot parts, you know, if you have a dot in your path, you collapse it, etc...

Stephen Curran: Okay...

Joe Andrieu: Um, but it is… the edge cases that it deals with are for this website use case...
… Um, and that's not quite our use case

Stephen Curran: Yeah...

Otto Mora: Mm-hmm. So, okay, so just to close, I'm not sure if this, uh, particular, uh...

<ottomorac> w3c/did-resolution#275

Otto Mora: Uh, issue of the 3986 should be part of this other issue, the 275. Um… yeah

<swcurran> So how do we say what we really mean?

Otto Mora: Or maybe we just open a separate one, Joe, if you want, but uh… maybe
… Maybe, yeah, maybe that's the action item on that one

Joe Andrieu: H...

Otto Mora: And, um, yeah, we can continue the discussion tomorrow. Sorry, go ahead...

<swcurran> If we can't use Section 5 as a "short cut"

Joe Andrieu: Yeah, just… just a comment real quickly, Otto. I'm pretty certain that the WhatWG is gonna be the same, because the functionality...
… that you want from a relative ref in a web page is, if I don't use a path, then you keep the parent. um, sort of path of the resource that I'm at
… Um, and that basically starts in the current directory, if you're thinking in a Unix way
… Um, but if you start with the slash, it goes back to the root authority. Like, that's… that's deeply baked into the web, so
… I… I don't believe we're gonna get around this with the… going and figuring out how the… what WG does it, because. Functionally, it's gonna end up the same

Otto Mora: Okay...
… Okay, well, we are time, uh, so yeah, we will debrief tomorrow. I think at least we do know where
… People are coming from each side, so I think at least in that sense, we're a little closer to at least understanding the differences
… Yeah. Uh, thank you, gentlemen

Joe Andrieu: Thanks, Otto...

Otto Mora: Thank you...

<ottomorac> transcriber-bot, pause

Minutes manually created (not a transcript), formatted by scribe.perl version 248 (Mon Oct 27 20:04:16 2025 UTC).

Diagnostics

Succeeded: s/Dig URL client/DID URL Client/

Succeeded: s/Adam/Otto

Maybe present: Dmitri Zagidulin, Joe Andrieu, Markus Sabadello, Otto Mora, Stephen Curran, Will Abramson

All speakers: Dmitri Zagidulin, Joe Andrieu, Markus Sabadello, Otto Mora, Stephen Curran, Will Abramson

Active on IRC: dmitriz, JennieM, JoeAndrieu, markus_sabadello, ottomorac, swcurran, TallTed, transcriber-bot, Wip