Verifiable Credentials Working Group Telco — Minutes

Date: 2024-09-04

See also the Agenda and the IRC Log

Attendees

Present: Kevin Dean, Ted Thibodeau Jr., Brent Zundel, David Chadwick, Manu Sporny, Benjamin Young, Hiroyuki Sano, Michael Jones, Ivan Herman, Joe Andrieu, Will Abramson, Dave Longley, Geunhyung Kim, Nicholas Steele, Jennie Meier, Kaliya Young

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Benjamin Young

Content:

• 1. TPAC.
• 2. Controller Document.
  • 2.1. Make Terminology section normative (pr controller-document#91)
  • 2.2. Refactor context injection section. (pr controller-document#90)
  • 2.3. Remove normative text in informative section. (pr controller-document#84)
  • 2.4. Specify that controller overrides subject control. (pr controller-document#42)
  • 2.5. Controller document issues.
  • 2.6. Delete @context from examples so as to not mislead readers (issue controller-document#54)
  • 2.7. Correct inappropriate uses of w3id.org domain (issue controller-document#66)
  • 2.8. Verification method definition wordy (issue controller-document#50)
• 3. VCDM Wrap Up.
  • 3.1. Can we change Usage Patterns to Patterns of Use throughout? (issue vc-data-model#1555)

Brent Zundel: welcome everyone.
… our agenda today is about TPAC, Controller Document, and VCDM wrap up.
… Also, we have a special topic call tomorrow.
… at 2pm PT / 5 pm ET.
… the time is to accommodate Tobias Looker from NZ.

Brent Zundel: The topic is the Data Integrity issue Tobias raised.
… and the mitigations the group has taken.
… and what else we might to do.
… Anything else?

Manu Sporny: just a quick note that we put in a request for a TPAC breakout session.

Manu Sporny: Expanding Verifiable Credentials: Future Standards and Innovations: https://github.com/w3c/tpac2024-breakouts/issues/37.

Manu Sporny: we’re trying to get an agenda together.
… topic is beyond our next rechartering.
… this group should have input if you want.

Brent Zundel: anything else for the agenda?
… first topic is TPAC.

1. TPAC.

Brent Zundel: See attendance sheet.

Brent Zundel: please note if you’re attending on that spreadsheet.
… and if you’ll be joining the dinner Monday night.
… if you’re attending remotely, please let us know so we can provide links.
… Our TPAC time will only be haft the usual length since we’re wrapping up.
… we’re also doing a 3rd session with the security group.
… if you have particular things you want on the agenda, please reach out to me or ivan.
… there’s also a page where you can throw additional topic ideas.

2. Controller Document.

Brent Zundel: https://github.com/w3c/controller-document/pulls.

Brent Zundel: we’ll start at looking at pull requests.
… there are 19 open pull requests.

Manu Sporny: not sure the editorial ones need discussion.
… however, there are ones that are marked as needing discussion.

Brent Zundel: sounds good, we’ll look at the “do not merge” group and “editorial” ones only if there are changes requested.
… our policy is to merge things after 2 weeks even without discussion.
… so, first, 91.

2.1. Make Terminology section normative (pr controller-document#91)

See github pull request controller-document#91.

Brent Zundel: most things should be on the PR.
… 91 is about making the Terminology Section being normative raised by Mike Jones.

Manu Sporny: this is a regular request from Jeffrey Yasskin.
… the idea is that if it’s not normative, something bad happens.
… it’s a philosophical question.
… our group says there must be MUST, SHOULD style language.
… traditionally, we don’t have that in terminology sections.
… so we haven’t marked them as normative as it does not effect tests.
… doing so has no effect, so I don’t think we should do it.
… given it lacks RFC style language.

Brent Zundel: one, manu’s right, we’ve never marked out terminology section as normative.
… on the other hand, if it changes nothing other than makes some other people happy, maybe we just do it.

Ivan Herman: consistency is important as manu has said.
… I always found more natural for this section to be normative.
… but on the other hand the group can decide.
… but I also agree with brent that doing is harmless and removes contention.

Michael Jones: as I said in the issue, there are two different things.
… if it’s normative, it’s a matter of fact.
… it being normative doesn’t require there being RFC language.

Ivan Herman: +1 to selfissued.

Michael Jones: there’s a normative statement…“the entity identified by the id property in the controller document”–that’s normative.
… I’m not OK saying that something false can be in the document.
… we already use a normative terminology on JOSE/COSE.

Manu Sporny: I’ll repeat again, this will have zero effect.
… this will not effect anything. not tests. not implementations. none of that, so it’s unnecessary.
… but if people really want to do this, we can, but it will have no effect.

Brent Zundel: I’m not interested in a philosophical debate.
… it seems like a simple course of action.

Dave Longley: +1 ok with the change.

Brent Zundel: those who don’t care can continue not caring.

Ivan Herman: +1 to brent.

Brent Zundel: I think we can merge this since it will be harmless.

Ivan Herman: just emphasizing that we need to be consistent.

Brent Zundel: selfissued, can you make the necessary PRs.

Michael Jones: yes.

Brent Zundel: any formal objections?

2.2. Refactor context injection section. (pr controller-document#90)

See github pull request controller-document#90.

Brent Zundel: 90 - refactoring.
… it’s only been open a couple days, so not a lot of review.

See github pull request controller-document#43.

Ivan Herman: so, this is related to another PR.
… the one I sent in about the consistency of the whole section.
… in this PR, I propose a compromise or…an agreement, rather.
… that we restructure what is vocab specific and therefore general.
… and adding a separate section for JSON-LD.

Ivan Herman: See agreement proposal.

Ivan Herman: and put there the section that manu is proposing about context injection.
… that should make it clearer about needing context injection with JSON-LD.
… to make the pill sweeter if we agree, then I am happy to do a PR that combines these.

Brent Zundel: so ivan is proposing to combine these two PRs.

Manu Sporny: not opposed to that.
… but we’re starting to restructure DID Core…
… we’ve told reviewers that this is just reorganizing, but that makes reviewers doubt that too much has changed.
… and that there may be new things here.
… like one could interpret a DID doc as RDF without going through JSON-LD is a new thing. We haven’t talked about that before.
… we just need to be careful.

Ivan Herman: I could argue that there’s no significant change.
… the context will be different.
… I relied on some things that you put into other PRs manu.
… namely, that the controller document vocab would have it’s own specialized context file.
… I’m not opposed to that, but also not sure it’s necessary.
… but we do need to know from the WG.
… and it has to be clear.

Manu Sporny: yeah, I think that’s a discussion we haven’t had yet.

Ivan Herman: right.

Manu Sporny: there’s confusion and disagreement around concrete serialization and media type.
… I was under the impression that we were saying that the controller document has a concrete representation.
… and a media type.
… I think those are needed discussions.

Ivan Herman: maybe we say at least for the context file we get it into the PR and discuss it.
… I have no idea why we would need a media type.
… I don’t see the need for it.
… the context is used by various applications (VC, etc).
… the context file makes sense.
… the media type doesn’t make any sense to me, but we can leave that for later.

Brent Zundel: ivan do we need a separate conversation on 43?

Manu Sporny: what else is in this PR?

Ivan Herman: I’m concerned about Jeffrey’s comment and would like your thoughts on it first.

Manu Sporny: k. I can do that.
… ivan you also have modifications in 43 that removes the content digests from the contexts.

Ivan Herman: k. I will take care of that.

Brent Zundel: sounds like 43 is covered, then?

Manu Sporny: yes.

Ivan Herman: yes.

2.3. Remove normative text in informative section. (pr controller-document#84)

See github pull request controller-document#84.

Brent Zundel: changes on 84 are straightforward, so this can be brief.

Manu Sporny: agreed.

2.4. Specify that controller overrides subject control. (pr controller-document#42)

See github pull request controller-document#42.

Brent Zundel: controller overrides subject control.
… JoeAndrieu was maybe going to do a quick read and leave some review?

Manu Sporny: we just talked in the DID WG about this, but we didn’t come to a conclusion.

Brent Zundel: happy to do a couple minutes now.

Joe Andrieu: yeah, we need to talk about it more.
… I do need to go through it and highlight language in the spec.

Michael Jones: Joe made some good language suggestions.
… I think we’re closer on this than it may seem.

Brent Zundel: that’s the PRs on the controller document.
… but before we move on, lets bask in the immense amount of work done on that document.
… good job editors.

2.5. Controller document issues.

Brent Zundel: we’re skipping the horizontal review issues.

2.6. Delete @context from examples so as to not mislead readers (issue controller-document#54)

See github issue controller-document#54.

Brent Zundel: and focus on discuss issue.
… delete @context from examples.

Manu Sporny: removing the @context from every other example feels arbitrary and confusing.
… we can have an example that shows you can do it either way.
… @context is a valid JSON key, so it doesn’t change the document from being JSON.
… the challenge with removing it is what happens to the extensibility model?

Michael Jones: https://github.com/openid/federation/issues/35 includes an example without @context.

Manu Sporny: the only alternative I’ve heard is a centralized registry.
… which is something the DID WG did not feel was a good path forward.
… so this raises the question of extensibility.

Michael Jones: The following example provides a minimum conformant controller document containing a minimum conformant verification method as required by the algorithm in this section:

Example 16: Minimum conformant controller document.
{.
"id": "https://controller.example/123",.
"verificationMethod": [{.
"id": "https://controller.example/123#key-456",.
"type": "ExampleVerificationMethodType",.
"controller": "https://controller.example/123",.
// public cryptographic material goes here.
}],.
"authentication": ["#key-456"].
}.

Michael Jones: example 16 doesn’t have a @context.
… my suggestion was a straw man.
… I’m fine if we delete them from half of them.

Manu Sporny: -1 for “half of them” – again, it’s arbitrary.

Ivan Herman: I do not think we should restart the JSON-LD or not conversation again.

Manu Sporny: +1 to Ivan - we can do that in the conformance section.

Ivan Herman: for the sake of simplicity, we just say @context is optional but keep it in all the examples.

Brent Zundel: so, is @context a normatively required property.

Michael Jones: no.

Brent Zundel: than maybe we just have one example with it in with all other required properties.

Michael Jones: per the chat, I just put a link to a rendering of the document that shows that a minimal document doesn’t need an @context.
… I don’t want to confuse people that it’s necessary.

Manu Sporny: to follow up on ivan and brent.
… example 16 is the minimal example, we can start with that.
… ivan also said for the sake of uniformity we can do the same thing we did with languages.
… totally fine with having a couple examples not having @context in it, but I think removing it from half is arbitrary.
… for the people who don’t want to use @context, we already have clear statements and examples that show it’s not required.

Joe Andrieu: just because we have an example doesn’t mean we have consensus on that example.
… there doesn’t seem to be a technical argument for 50%.
… if there are specific ones where having it is confusing, we could address those.
… I think this mostly hinges on whether we have a concrete serialization or not.

David Chadwick: I think since it’s optional only one example should have it and the rest not.

Brent Zundel: please add further thoughts on the issue.

2.7. Correct inappropriate uses of w3id.org domain (issue controller-document#66)

See github issue controller-document#66.

Brent Zundel: Mike Jones raised this issues about w3id.org.
… we have had extensive conversations about this in the past.
… which makes this more a topic for w3m than for us.

Michael Jones: I suggest not taking our time on this now.
… there’s a conversation about this that may happen at TPAC.
… but manu provided enough context that made it clear that it’s not our decision.

Ivan Herman: it’s not our decision and the decision has already been made by w3m.
… the decision was that w3id.org be used.

Brent Zundel: you said a decision was made.

Ivan Herman: the decision was that w3id.org could be used and leave it as it is.

Brent Zundel: the conversation with w3m was an ask to make it an official w3c domain.
… but like selfissued said, there are conversations to be had at TPAC.

Manu Sporny: just going to add some history.
… we did ask w3c 10 years ago to run w3id.org.
… they said no, they were too busy with the maintenance of other systems.
… by now w3id.org has 9k+ redirects.
… I’d be in favor of the W3C taking this over.
… but at the same time, this is completely orthogonal to this WG.
… we have hashes on all the contexts to avoid questions of origins of the documents.

Brent Zundel: k. I’m going to remove both labels from the issue.

Manu Sporny: I don’t think we should leave this open. we have to close them all.

Brent Zundel: if we see that the decision hasn’t been made at some point in the future, then we can close it.

Ivan Herman: manu and I can talk to Ralph about it.

Brent Zundel: Mike Jones will want to be apart of it as well.

2.8. Verification method definition wordy (issue controller-document#50)

See github issue controller-document#50.

Brent Zundel: verification method definition is wordy.
… selfissued suggested new wording to make it simpler.
… manu said it looses quality.

Manu Sporny: selfissued has a suggestion at the very end that could work.
… this does need a review as it changes text around a key term.

Brent Zundel: sounds good.
… we’re going to take a break from controller document.
… most of those PRs are going to be merged before we meet again.

3. VCDM Wrap Up.

Brent Zundel: we currently have two open PRs on the VCDM.
… one is an editorial review section.
… it has nothing but positive reviews.
… it’s a larger PR, but it will be merged soon.
… so if you care, please review 1554.
… The other is 1557.
… it’s a very minor change and purely editorial.
… just FYI both will be merged soon.
… at this point we have 4 open issues.

3.1. Can we change Usage Patterns to Patterns of Use throughout? (issue vc-data-model#1555)

See github issue vc-data-model#1555.

Brent Zundel: we will look at 1555.
… a question from TallTed.
… can we say “patterns of use” instead of “usage patterns”.

Manu Sporny: I said last time I would. I just haven’t gotten to it yet.

Brent Zundel: thank you all for the conversation and bigbluehat for scribing today.
… see you on the special topic call at 5pm ET and 2pm ET tomorrow.

Ivan Herman: rssagent, draft minutes.

Geunhyung Kim: quit.