Verifiable Credentials Working Group Telco — Minutes

Date: 2023-04-12

See also the Agenda and the IRC Log

Attendees

Present: Brent Zundel, PhilF, Michael Jones, Joe Andrieu, Oliver Terbu, Phillip Long, David Lehn, Dave Longley, Orie Steele, Manu Sporny, Kerri Lemoie, Gabe Cohen, Sten Reijers, Charles Lehner, Dmitri Zagidulin, Ted Thibodeau Jr.

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Phillip Long

Content:


1. Agenda Review, Introductions, Announcements.

Brent Zundel: below 80 issues for the first time in a while.

Michael Jones: Friday was last day at Microsoft. Looking at other options, will continue to participate in this working group. Will continue consulting in identity and security and open to conversations.

Michael Jones: For the record, my new e-mail address is michael_b_jones@hotmail.com.

Brent Zundel: TPAC coming in Sept. 11-15 in Seville Spain. Haven’t decided on meetings yet. Friday sundown on the 15th is a Jewish holiday, please advise the chairs if this is an issue.
… any other agenda suggestions or changes?

2. Resolution Proposals

Brent Zundel: first proposal Brentz will run. A tool called Echidna what it does once a doc becomes a FDWD it will re:publish the document going forward.

Proposed resolution: This working group will use Echidna to publish all formal TR publications, whenever applicable per the W3C publication rules.. (Brent Zundel)

Manu Sporny: +1.

Gabe Cohen: +1.

Joe Andrieu: +1.

Orie Steele: +1.

Dave Longley: +1.

PhilF: +1.

Brent Zundel: +1.

Michael Prorock: +1.

Michael Jones: +1 Agreeing with Orie ;-).

David Lehn: +1.

Resolution #1: This working group will use Echidna to publish all formal TR publications, whenever applicable per the W3C publication rules..

Brent Zundel: no objections.
… first working drafts for ECDMA and EDCMA cryptoscripts are ready to be published to alert re: patents, etc.

Proposed resolution: Publish the EdDSA Data Integrity Cryptosuite (https://w3c.github.io/vc-di-eddsa/FPWD/2023-04-18/) as a First Public Working Draft with a short name of vc-di-eddsa with a target publication date of April 18th 2023.. (Brent Zundel)

Manu Sporny: +1.

Dave Longley: +1.

PhilF: +1.

Brent Zundel: +1.

Joe Andrieu: +1.

David Lehn: +1.

Gabe Cohen: +1.

Oliver Terbu: +1.

Orie Steele: 0.

Sten Reijers: 0.

Michael Prorock: +1.

Resolution #2: Publish the EdDSA Data Integrity Cryptosuite (https://w3c.github.io/vc-di-eddsa/FPWD/2023-04-18/) as a First Public Working Draft with a short name of vc-di-eddsa with a target publication date of April 18th 2023..

Brent Zundel: for ECDSA poll for acceptance.

Proposed resolution: Publish the ECDSA Data Integrity Cryptosuite (https://w3c.github.io/vc-di-ecdsa/FPWD/2023-04-18/) as a First Public Working Draft with a short name of vc-di-ecdsa with a target publication date of April 18th 2023.. (Brent Zundel)

Gabe Cohen: +1.

Oliver Terbu: +1.

PhilF: +1.

Dave Longley: +1.

Manu Sporny: +1.

Joe Andrieu: +1.

Sten Reijers: 0.

Brent Zundel: +1.

Michael Prorock: +1.

David Lehn: +1.

Orie Steele: 0.

Charles Lehner: +1.

Resolution #3: Publish the ECDSA Data Integrity Cryptosuite (https://w3c.github.io/vc-di-ecdsa/FPWD/2023-04-18/) as a First Public Working Draft with a short name of vc-di-ecdsa with a target publication date of April 18th 2023..

Brent Zundel: no objects for either EdDSA or ECDSA - both approved and resolved.

Manu Sporny: any statuslist2021 - would there be any objections for proposal next week for polling.

3. Work Item status updates/PRs.

Brent Zundel: no objections heard to Manu’s question.

3.1. Add table of reserved properties (pr vc-data-model#1082)

See github pull request vc-data-model#1082.

Brent Zundel: time box 10 mins. for the PRs.

Manu Sporny: PR1082 - please take a look at it. Has to do with PRs that are old and haven’t received attention.

3.2. Add “Media Type Extensions” category. (pr vc-specs-dir#14)

See github pull request vc-specs-dir#14.

Manu Sporny: VC Specifications dir. PR for media extension vocab, and has had much conversation. An attemp to figure out ADCD, JWT and Gordian etc.
… the VC Spec Dir needs guidance. Should it be a note or registry thing or what for another 3 months and publish to PR space. Guidance requested.

Brent Zundel: so noted and will be brought up.

3.3. JSON Schema.

Gabe Cohen: https://github.com/w3c/vc-json-schema.

Gabe Cohen: work item for JSON Schema has been moved from the CCG to the VCWG.

Orie Steele: https://github.com/w3c-ccg/vc-di-bbs/pull/72.

Orie Steele: pull request prepared for VC BBS has been pulled in and needs to be merged as PR.

3.4. Editorial and non editorial changes (pr vc-jwt#68)

See github pull request vc-jwt#68.

Orie Steele: for VC JWT request for FPWD made and resolved in a previous meeting. Follow ups to possible objections made but it doesn’t appear there will be objections. Go forward and prosper.
… Open pull request for vc-jwt. Some awkward sections cut from ver. 1. Have added around that some vision for enhancements and improvements for securing JSON-LD with JWTs but structure of doc difficult to revise.

Manu Sporny: almost of the opinion to not do a PR for JWT until its in a shape for all to see it in. The specific concerns are the way the transformation algorithm is stated is non-testable. Why are we discussing something that is optional.
… what are we doing with transformation algorithms, are the testable, etc.

Dave Longley: +1 to the idea that there’s a lot that needs to change in the VC-JWT document to reach consensus and make something usable, but FPWD can happen first.

Orie Steele: there are many things that need work in the PR. Media type discussion in the vc specs dir, and the securing specs referring to them, etc.

Manu Sporny: I’m not super concerned either way, but would prefer we get it in better shape before FPWD, but we can also do that after FPWD..

Orie Steele: mappings and interpretations of the mapping in the core model and in the spec dir are differing…
… anything that needs done in this context?

Michael Jones: supports the recommendation that Orie prepare it before it becomes a working draft.

Brent Zundel: process info – publishing as a FWD has patent implications. Working drafts do not represent a consensus of the WG beyond an agreement to work on the topic.
… starts the clock on patent disclosures and says its a tech we as a working group want to pursue.
… encourages folks to look through the PR that Orie has drafted, if something causes concern look for an issue that is already open on it, consider raising it later.

Orie Steele: I agree with JoeAndrieu, its not clear what you want me to do.

Joe Andrieu: Sounds like it’s both a working draft and editor’s draft.

Dave Longley: +1 to brent’s suggestion.

Orie Steele: happy to do whatever..

Manu Sporny: +1 to “Orie go for it, we’ll review, then FPWD” – and time box the review to a week so people can’t hold it up..

PhilF: +1 to Orie getting it squared away first.

Brent Zundel: should we ask Orie to finish it and then review the FPWD?
… no objections to Orie shaping the document as an editor and presenting it to the group.

Orie Steele: next time does Orie need to wait 7 days or what?

Brent Zundel: with the work mode proposed Orie should be able raise PRs people think are needed. Concerns can be tracked in the issue.

4. Issue Discussions.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc+no%3Aassignee+.

Brent Zundel: we will follow the list of issues at the link ^^^.
… First issue #1044.

4.1. Do we have to introduce the Credential class in the VCDM vocabulary? (issue vc-data-model#1044)

See github issue vc-data-model#1044.

Brent Zundel: do we have to introduce the credential class in the vc vocab?

Dave: suggests it be closed and don’t need a resolution to do this.

Manu Sporny: +1 to close, that we’ve come to a resolution NOT to define Credential..

Orie Steele: +1 dlongley.

Brent Zundel: marked as pending closed based on that recommendation.

4.2. Add a unique version property to the core data model (issue vc-data-model#1046)

See github issue vc-data-model#1046.

Brent Zundel: add a unique version property to the data model.

Gabe Cohen: useful to have a unique version model to track it. There isn’t anything that points it to a particular specification.

Brent Zundel: would Gabe take on this issue?

Gabe Cohen: yes!

Manu Sporny: core data model is JSON-LD has an @context value is the version identifier. A separate unique version isn’t needed.

Dave: +1 to Manu’s observation/recommendation. Should close it. Core data model doesn’t need it.

4.3. Does calling something “verifiable” indicate a proof somewhere of some kind associated with it (issue vc-data-model#1060)

See github issue vc-data-model#1060.

Brent Zundel: Does calling something verifiable imply a proof is associated with it?

Brenz: anyone want to be assigned to this issue?

Dave Longley: +1 to orie that we’ve hashed this out elsewhere and +1 to close.

Orie Steele: this seems to be a straggler left over from media type discussion. Calling something verifiable doesn’t tell you anything about. vc+ld+json doesn’t tell you if it does or does not contain a proof.

Manu Sporny: +1 to orie and dlongley.

Orie Steele: can’t infer anything from vc+ld+json about presence or absence of a proof.

Brent Zundel: are issues open to address updating terminology - no objections to mark as pending close.

4.4. NIST defines “credential” differently (issue vc-data-model#1047)

See github issue vc-data-model#1047.

Brent Zundel: issue #1047.

Orie Steele: Doing a terminology review.

Orie Steele: and citing terminology issues, is a great way to start contributing!

Brent Zundel: anyone who wishes to be assigned to this issue?

Charles Lehner: sure.

Charles Lehner: (can’t speak).

Charles Lehner: clehner.

Charles Lehner: cheers.

Brent Zundel: Charles in the chat will be assigned to it (voice not available).

4.5. Potential improvements to section “5.8 Zero-Knowledge Proofs” (issue vc-data-model#939)

See github issue vc-data-model#939.

Brent Zundel: issue #939.
… Potential improvements to section “5.8 Zero-Knowledge Proofs.

Oliver Terbu: +1 brentz.

Brent Zundel: recommendation that it be marked as pending closed because some have been made and has had no objections.

Manu Sporny: Sebastian was asking about salted claims (?).

Ted Thibodeau Jr.: what was noted is that PR1030 will be merged soon so nothing for Sebastian to review yet. Brent will mark it pending closed and alert Sebastian.

4.6. How could an issuer indicate that the VC is deliberately fake? (issue vc-data-model#1070)

See github issue vc-data-model#1070.

Brent Zundel: Brent raised this issue - we’re using a production environment using real VCs without real date in them. Should this be clearly indicated? Verifiers should not trust it if presented to a verifier.

Joe Andrieu: Isn’t feature freeze in effect?

Sten Reijers: Is there a possibility of marking it as a particular type such as test?

Dave Longley: would be worried about that suggestion. Best way is to have a different issuer if in a production environment.

Brent Zundel: that doesn’t work if you want to test trusting the issuer.

Gabe Cohen: this is a larger trust issue. Should be up to a verifier. Communicating level of trust to a verifier might be an interesting topic.

Oliver Terbu: likes the credential type approach. Agrees with Dave that a production environment should have a different cert or something similar.

Brent Zundel: likes suggestions made. Suggests moving it to the implementation guide for implementers.
… issue #1063.

Dave Longley: could be a mess with SD-style VCs … where every one of them would have to say “you must disclose if this is a test credential or not” … and so on – lots of potential problems with independent claims / selective disclosure mechanisms.

4.7. Can you use WebAuthN for Presentation Holder Binding? (issue vc-data-model#1063)

See github issue vc-data-model#1063.

Orie Steele: no you cannot. That’s the answer. There are browser APIs if you’re in a browser environment. Should close issue.

Manu Sporny: +1 to Orie, no you cannot, close issue..

Brent Zundel: any objections to marking as pending closed. No objections - marked pending close.

4.8. Verifiable Credentials Vocabulary v2.0 not contains “name” and “description” (issue vc-data-model#1074)

See github issue vc-data-model#1074.

Brent Zundel: Verifiable Credentials Vocabulary v2.0 not contains “name” and “description”.

Orie Steele: name and description are not in https://www.w3.org/2018/credentials/.

Manu Sporny: i’ll take it.

Brent Zundel: Manu assigned to it.

4.9. Verifier Role Confusion (issue vc-data-model#984)

See github issue vc-data-model#984.

Brent Zundel: issue #984 no one has commented on it. No one has asked to be assigned to it.

Charles Lehner: i think the (b) there may have been what was called “the relying party”.

Brent Zundel: what should we do?
… not for the day - looking like no action will be taken for #984.

Oliver Terbu: wishes to be assigned to #984.

Brent Zundel: will be bothering for those not marked close. We’re done. IIW next week!


5. Resolutions