Verifiable Credentials Working Group Telco — Minutes
Date: 2024-11-13
See also the Agenda and the IRC Log
Attendees
Present: Ivan Herman, Mandy Venables, Brent Zundel, Manu Sporny, Joe Andrieu, Brian Campbell, Wesley Smith, Benjamin Young, Dave Longley, Ted Thibodeau Jr., David Chadwick, Kevin Dean, Will Abramson, Jennie Meier, Gabe Cohen
Regrets:
Guests:
Chair: Brent Zundel
Scribe(s): Benjamin Young
Content:
- 1. Upcoming SING Review Process.
- 2. Blind BBS and BBS Pseudonyms.
- 3. Report on IETF.
- 4. Controller Document.
Brent Zundel: welcome to the VCWG call.
… we are back after some events last week.
… today’s agenda is pretty simple.
… we’d like to hear about IETF meeting results from last week and how they pertain to us.
… and also look at the Controller Document remaining issues.
… anyone have any changes or additions to the agenda?
Manu Sporny: should we talk about the future security work?
… maybe 2-5 minutes on that?
Brent Zundel: sounds fine.
… anyone on the call who would like to introduce themselves?
1. Upcoming SING Review Process.
Manu Sporny: the security interest group is starting in the next few weeks.
… the charter review for that group has gone well.
… a few of us have talks with folks that are going to be in that group about the VC work.
… once the group exists, they can formally finalize the reviews on our specifications.
… focusing first on the data model.
… then the securing mechanisms.
… and then other things beyond that.
… thanks for that update simone !
… there’s potential that we could bring SING groups into this call to get feedback.
… but this will certainly need to be a priority.
Brent Zundel: the topics simone wanted to discuss with the group and the threat modeling exploration…
… I think that would be great to hear about on this call.
… so ivan and I will reach out to SING to try and arrange something.
2. Blind BBS and BBS Pseudonyms.
Manu Sporny: there has been a recent request to put out a call for consensus to adopt Blind BBS and BBS Pseudonyms at the CFRG.
… these are important because they enable things with the BBS cryptosuites we use here.
… like unlinkability.
… where the signature changes every time you do the presentation.
… the Psuedonyms provide for preventing Sybil attacks.
… it would be super helpful to have folks support the adoption on the CFRG list.
Manu Sporny: Request for a call for adoption of Blind BBS and BBS Pseudonyms: https://mailarchive.ietf.org/arch/msg/cfrg/J4pdvxigpXiW7bUfCNeD92fgzng/.
Manu Sporny: these are basic cryptographic primitives that can be used in many technologies, so please write in to support that.
Brent Zundel: any questions or comments?
3. Report on IETF.
Brent Zundel: I was at the IETF last week.
… I briefly shared a few things.
… I was at the SPICE meetings.
… their current work items are SD-CWT.
… there’s a push in that group to produce an architecture document.
… once that’s in progress, I expect that to be of interest here.
… as folks here have already spent quality time on that topic and terminology.
Manu Sporny: +1 thanks to OAuth WG for avoiding the collision.
Brent Zundel: SD-JWT is at last call and very very close to being done.
… the JOSE/COSE spec should be able to reference it.
… the SD-JWT spec will also be using a different media type which will avoid the previous conflicts.
… any comments before moving to controller document?
Manu Sporny: it’s great news about the media type change.
… does that mean there are no more standing formal objections planned?
… can we get a confirmation that there are no more potential blockers to JOSE/COSE.
Brian Campbell: I will not commit to that at this point.
Manu Sporny: what might you still object over?
… your original objection was over the media type.
Brian Campbell: correct. We don’t have a media type conflict.
… but I’m not going to say anything here you’ll use later.
Brent Zundel: thank you, BC. I’ll move things forward.
Brian Campbell: thank you brent. There likely will not be.
4. Controller Document.
Brent Zundel: no more comments, then? let’s move to controller document.
Brent Zundel: https://github.com/w3c/controller-document/pulls.
Brent Zundel: we have a controller document, but no consensus yet on a possible new name for it.
… there is one pull request.
… it only has 99 comments in last couple weeks.
4.1. Updates re controller property (pr controller-document#116)
See github pull request controller-document#116.
Joe Andrieu: there’s some editorial work to do yet.
… most of the substantive things to address as well.
… DavidC’s proposal to adjust the name of the controller.
… there’s some confusion about the controller property at the root of the document.
… DavidC proposed trying to make that value’s use more clear by renaming it.
… but I think making that a separate issue could help us move the rest of it forward.
David Chadwick: my motivating factor was to remove ambiguity.
… it came from JoeAndrieu’s comment about them being two different things.
… my hope is to make the document more understandable.
… but I’m happy for it to be a separate issue.
Dave Longley: +1 to use a separate issue (and -1 to change it generally).
David Chadwick: I’d like the doc to be understandable to the average computer scientist.
Manu Sporny: I understand the desire for clarity.
… I would like to see the discussion continue.
… and a separate issue would help us move the normative changes forward and get to CR.
… the “different semantics” bit is probably debatable.
… you know which is which based on where the property is used.
… so changing the name could actually introduce confusion.
… regardless, +1 to making this a separate issue as there’s certainly more we can discuss.
Joe Andrieu: +1 to it being debatable.
Dave Longley: +1 to not “worth the squeeze”.
Joe Andrieu: and glad it will be it’s own issue, so we can do that.
… we have some guarantees for the id at the root of the document matching the resolution mechanism.
… we don’t have that for other scenarios.
… we need a way to reference the canonical place this should be.
… we don’t mean the id of any of the other contained things, but the id at the root of the document.
Manu Sporny: can we use HTTP dereferencing semantics?
Joe Andrieu: I think we are partially, because we’re saying “canonical URL”.
… which identifier we’re talking about in the JSON document seems more like a JSON problem than an HTTP problem.
Brent Zundel: is that a new issue? or part of this PR?
Joe Andrieu: this PR needs to say that they are the same.
… I kinda made up the “base identifier” term.
Brent Zundel: maybe just “the id property at the root of the document”?
… do we need more terms?
Joe Andrieu: that is a mouthful.
… it’d be easier to say “the base identifier”.
… and define that in one place.
Brent Zundel: so, maybe add it to the terminology section?
… unless others have a term they’d prefer?
Ivan Herman: I don’t have a term I’d prefer.
Manu Sporny: I’d be fine w/ defining a term and then referring to it :).
Ivan Herman: I want to make it clear that the terminology of “base identifier” does not bring new things to the vocabulary–that it’s editorial only.
… this is where I stumbled on this problem.
Dave Longley: fine for it to be clearly indicated as “editorial”.
Manu Sporny: yep ^.
Joe Andrieu: what about the other half?
Ivan Herman: if we want to formalize it, you introduce more things into the actual vocabulary.
Joe Andrieu: there’s some motivation to do that, as needed.
… you were opposed to canonical URL.
… I think it is canonical.
Ivan Herman: what do you mean by canonical?
Joe Andrieu: DID documents are defined by resolution for that did method.
… so the canonical URL is the one where you go and get that thing.
Ivan Herman: but on the Web you might have several.
Joe Andrieu: but only one is canonical.
Ivan Herman: but what does that mean?
Dave Longley: the canonical URL is the one that appears as the value of the base identifier, specified by the
idproperty at the root of the controller document.
Joe Andrieu: it means if you got it from a different URL, it’s “a DID document” not “the DID document”?
Manu Sporny: ivan can we make this into an issue?
… it sounds editorial possibly.
Ivan Herman: no. agreed. these are editorial.
Manu Sporny: this PR needs to get in to address the normative things?
… and then we apply these during CR?
Joe Andrieu: it’s not editorial…because it’s glossary.
… I’ll put some spec text in so ivan can discuss around that text.
… hopefully, it’ll be close to what you want.
Ivan Herman: and if not, we can fight over it. :) that’s fine.
Brent Zundel: any more discussion needed for today?
… so, raising an issue to track that.
Joe Andrieu: I’ll take care of that.
Brent Zundel: great. is PR116 ready to move forward then?
Joe Andrieu: I think we still need people to look at the glossary terms, then we could.
4.2. Find a better name for the specification (issue controller-document#100)
See github issue controller-document#100.
Manu Sporny: we ran a poll to rename the controller document.
… we got good turn out.
… I wish I could share my screen…
… what we got as a result was fairly clear preference.
… 129 for Identifier Document.
… 113 for Controller Document.
… 96 for Cryptographic Identifier Document.
… and more beyond.
… I’ll collect the results and announce them later.
… this was ranked choice voting.
… mainly to show a preference in the group.
… so, that’s the data.
… we said we’d run the poll and use that as input to a proposal.
… brent it’s up to you if you want to make the proposal now or later.
Brent Zundel: with chair hat on, I don’t think 129 vs. 113 is a strong preference…seems like a slight preference.
… we can make a proposal, but if we were to do a poll on those two options what would emerge.
David Chadwick: looking at those numbers and you take 129 and 96 together, there may be evidence of a preference for Identifier being in the name.
Manu Sporny: We also had someone suggest Identifier’s Authentic Metadata Graph.
Brent Zundel: not sure that’s the right interpretation.
Ivan Herman: I agree with brent…as the one who brought this up to begin with…
… let’s close this without any action.
… because we didn’t find a clear preference.
Joe Andrieu: I sadly need to disagree.
… we’re not going to get more information by running another poll.
… this is the conversation where we’ll have the opportunity to discuss this.
… and I think given we didn’t get to discuss the name last time, we should follow the poll.
Brent Zundel: there was a good deal of conversation around the name “Controller Document”.
… mostly on an issue, but also on call.
Joe Andrieu: when we first came up with the name, it was a “let’s use this for now”.
… I don’t think it has merit to dismiss the poll.
David Chadwick: +1 JoeAndrieu.
Brent Zundel: I don’t think that’s what’s happening.
Manu Sporny: I agree with JoeAndrieu as one of the people who named it initially, we did select it out of thin air…mostly.
… I’m not a fan of “Controller Document”.
… the way ranked choice works isn’t about the margin.
… anything that comes out on top, is the clear preference, even if the margin is slim.
… we sadly don’t know who all voted.
… I’m willing to make the change across the documents.
… I think it was Gabe who made the “Identifier Document” which shows some of it’s lineage to “Decentralized Identifier Document”.
… the poll does show a preference…however small.
… could we run a poll for the top two?
… and if there’s still no consensus, we stay the course?
Brent Zundel: before going to the queue, let me attempt to express my deeply felt apathy about this change.
… I don’t care.
… we could call it the Poopy Pants Thingy Document.
Gabe Cohen: I also do not care. Even as the person who proposed “Identifier Document”.
Proposed resolution: Rename Controller Document to Identifier Document. (Brent Zundel)
Manu Sporny: +1.
Gabe Cohen: I think there are better things to discuss.
Joe Andrieu: +1.
Brent Zundel: +0.
Gabe Cohen: +1.
Benjamin Young: +0.
David Chadwick: +1.
Dave Longley: -1 but would support Controllable Identifier Document.
Ivan Herman: +1.
Jennie Meier: +1.
Ted Thibodeau Jr.: -0.7.
Ted Thibodeau Jr.: the problem with “identifier document” is that it holds both identifier and crypto material.
… the crypto is not identifiers as currently defined.
… if we want the name of this thing to communicate to people who find these, I think “identifier document” is the wrong name for it.
Dave Longley: similar concerns from me.
… there are many documents you could describe as “identifier documents”.
… these documents, however, are about controlling identifiers.
… so we’d sadly be missing that key thing.
… we’d be missing something if that’s the only words in the name.
David Chadwick: I wanted to propose something different.
… is there anyone strongly against “Identifier Document”…that’s how the poll went anyway.
Brent Zundel: we sadly do not have consensus to change it.
Joe Andrieu: I want to make the case that this document is about one identifier.
… it then provides things related to that identifier.
Dave Longley: i don’t care enough to block it.
David Chadwick: The voting shows a strong consensus to change the name. 5 for, 2 dont care, 1.7 against.
Dave Longley: -0.
Ted Thibodeau Jr.: “Identifier Interaction Methods [Document]”?
Dave Longley: would we get fully support for “Controllable Identifier Document”?
Dave Longley: full*.
Brent Zundel: bigbluehat: I also don’t care. It may be about one identifier, but the document has more than than. I think Identifier Document is painfully broad. Controllable Identifier Document if kind of okay.
Manu Sporny: Controllable Identifier Document polled at 79, FWIW.
Proposed resolution: Rename Controller Document to Controllable Identifier Document. (Brent Zundel)
Manu Sporny: -1.
Dave Longley: +1.
Gabe Cohen: +0.
Benjamin Young: +0.
Joe Andrieu: +1.
Ivan Herman: 0.
Ted Thibodeau Jr.: -0.9.
David Chadwick: With dlongley’s change of vote we have 5 for, 3 dont care, 0.7 against.
Brent Zundel: the W3C process works on hard consensus.
… so people not liking something, means we keep working on finding what works for everyone.
Manu Sporny: k. everyone’s sad.
… let’s move on.
… it would’ve been easier if there was strong support for something.
… I would have loved to change the name.
… but it’s not worth fighting for.
… let this be a lesson to everyone to not arbitrarily name specs in the future.
Brent Zundel: shoulda named it poopy pants.
Joe Andrieu: clearly you do care brent.
Ivan Herman: so we should close this issue.
Brent Zundel: thanks everyone, that was the meeting.
… let’s talk again next week.