19:59:52 RRSAgent has joined #vcwg 19:59:52 logging to https://www.w3.org/2022/01/26-vcwg-irc 20:00:58 mprorock has joined #vcwg 20:01:30 present+ 20:01:35 zakim, start the meeting 20:01:35 RRSAgent, make logs Public 20:01:36 please title this meeting ("meeting: ..."), brentz 20:01:49 meeting: Verifiable Credentials Working Group 20:02:03 chair: brentz 20:02:54 brentz has changed the topic to: Meeting Agenda 2202-01-26 https://www.w3.org/events/meetings/00fecab4-5f6f-4f61-baf2-ef35a10bc9ff/20220126T150000 20:02:56 present+ 20:03:19 present+ 20:03:36 present+ 20:03:40 DavidC has joined #vcwg 20:03:41 selfissued has joined #vcwg 20:03:50 scribe: cel 20:03:50 present+ 20:04:11 topic: Agenda Review 20:04:22 present+ 20:04:30 brent: Brief update on the status of the editorial improvements that we resolved to include once the spec revisions are published. 20:04:43 ... The we will move to discussion of some of the feedback we got on the v1.1 corrections, and what we want to do about those. 20:04:52 ... Even briefer, to talk about the test suite. 20:05:06 ... Then, the bulk of the meeting, conversation on the next VCWG charter and the draft of that. 20:05:07 David_Waite has joined #vcwg 20:05:09 ... Any questions, comments? 20:05:41 topic: Introductions/reintroductions 20:05:59 selfissued: Hi, I'm Mike Jones, I work on identity and security standards at Microsoft. 20:06:23 ... I've done some work that this group has taken as a dependency - lead editor of JSON Web Token spec, also JSON Web Encryption and Algorithms, and JSON Web Key. 20:06:29 loganporter has joined #vcwg 20:06:37 brentz: Glad to have you. Anyone else? 20:06:40 present+ 20:07:17 orie: Hi, I'm Orie Steele, CTO of Transmute, editor of DID spec, impmentations of VCs and linked data proofs, active in CCG and Decentralized Identity Foundation 20:07:32 mprorock: Hi, I'm Mike Prorock, CTO of mesur.io, co-chair of CCG 20:07:50 kristina: Hi, I'm Kristina, I work on identity standards at Microsoft. Nice to meet you. 20:07:56 brentz: Glad to have you all here. 20:07:59 kdenhartog has joined #vcwg 20:08:00 present+ 20:08:05 ... Please join IRC, type present+ 20:08:07 topic: v1.1 Editorial Improvements status 20:08:09 present+ 20:08:10 Kristina has joined #vcwg 20:08:17 topic: v1.1 Editorial Improvements 20:08:19 present+ 20:08:25 brentz: These are improvements we resolved to make, purely editorial. 20:08:38 gnatran has joined #vcwg 20:08:42 ... Kyle, I believe you are our resident editor on the call, you're welcome to take the topic, or I can hand-fist my way through it. 20:08:54 Can I add an agenda item to talk about the call schedule? This call direclty conflicts with the W3C Webauthn call that I also have to attend. 20:08:56 kdenhartog: Are you talking about the edits from Google, or the ones I merged yesterday? 20:09:02 brentz: the ones that were merged 20:09:14 present+ 20:09:20 kdenhartog: The majority have been merged, except mine that I've been slow to update. They hit the 14-day mark. 20:09:44 ... The one with requested changes, it was agreed that could be a secondary issue. That was related to the SVG diagrams, to make them slallwer in size. 20:09:50 ... A new issue was opened for that. 20:10:20 ... The last editorial issue that needs to go in, David and I worked on it in a public Google document, need to make a PR 20:10:22 Orie has joined #vcwg 20:10:27 present+ 20:10:27 ... PR 847 needs to be reviewed. 20:10:40 brentz: The changes you mentioned are specifically going to be made in 847? 20:10:49 JoeAndrieu has joined #vcwg 20:11:02 present+ 20:11:11 kdenhartog: Yes. Context and credential schemas difference. We found some alignment, some text we are both satisfied with, but may want consensus from the larger group. 20:11:25 brentz: Any more questions or comments about these changes? 20:11:29 topic: v1.1 feedback 20:11:42 https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+tracking 20:11:46 brentz: Feedback we received... We've opened some tracking issues ^ 20:12:07 ... These were comments, not intended to be blocking (no formal objection). 20:12:24 ... We should as a group make a determination of how to proceed, whether to address in v1.1 or in the future. 20:12:28 subtopic: https://github.com/w3c/vc-data-model/issues/863 20:12:47 ... Both of these were brought to us by a Google representative. 20:13:19 ... There are some concerns, to summarize, that the loosening of the normative requirements in the ZKP section made in response to implementations made it more difficult to rely on it as an interoperability mechanism 20:13:31 q+ 20:13:38 ... Comments, questions, concerns... recommendations for moving foward? 20:13:41 ack kdenhartog 20:14:03 kdenhartog: One of the considerations that I think comes into play here is how to handle the well-known ZKP solutions, and when do we want to handle that. 20:14:28 ... I don't think there's much in the way of additional editorial changes that would be in scope, that would be normative changes that I think would be much larger. 20:14:29 I think it can only really be fixed in V2. 20:14:41 ... So I'm glad the rep is okay with it being in v2, there may be a lot of work. 20:14:44 +1 to what kyle is saying. 20:14:50 ... The AnonCreds community is thinking of separating it out 20:14:57 +1 20:15:05 ... Need to consider what is useful for the market... to move away, or to bring closer. 20:15:22 ... Two aspects at play here; would like to have more time 20:15:40 brentz: To summarize, best to keep the changes we've made, and make it a focus of v2 to address this section? 20:15:45 kdenhartog: Correct. 20:16:04 brentz: This text will be added to the issue. Anyone object? 20:16:20 ... Not sure how much formality is needed. A lot of folks seem aligned with this as a way forward. 20:16:30 ... Anyone object to having v2 address this? 20:16:37 ... Not hearing any, going to throw a v2 label on it. 20:16:51 ... So it will still be there for the next iteration of our work. 20:16:59 subtopic: https://github.com/w3c/vc-data-model/issues/862 20:17:16 brentz: One of our proposed corrections changed a URL to a URI. 20:17:34 ... I believe that there is language within the conversations we've already had around this issue that would address the concerns. 20:17:50 ... [reading from thread] 20:17:55 ... Questions or comments? 20:18:20 ... Sounds like this one needs a PR. Is there someone who can be assigned to this issue to raise a PR to address it? 20:18:27 ... It is an editorial change at this point. 20:18:33 kdenhartog: You can assign it to me and I'll take care of it today. 20:18:43 ... Just what was proposed in that comment? 20:18:51 brentz: Yes, the quoted line 20:19:06 ... Putting a v1.1 label on it 20:19:23 kdenhartog: Will do 20:19:25 topic: test suite feedback 20:19:40 i can do it 20:19:40 subtopic: https://github.com/w3c/vc-test-suite/issues/126 20:19:44 scribe+ 20:20:25 TallTed has joined #vcwg 20:20:25 brentz: Some of the corrections we made were not reflected in the test suite, that needs to be addressed. Charles, can you give us a status on this issue? 20:20:37 brentz: Some of the corrections we made were not reflected in the test suite, that needs to be addressed. Charles, can you give us a status on this issue? 20:20:52 cel: I'm still a little stumped by what changes to make 20:21:34 brentz: I think 20:21:39 q+ 20:21:43 one of your PRs from sept addresses this already 20:21:55 ack DavidC 20:22:00 brentz: one of your PRs from sept addresses this already 20:22:36 davidC: as written, this feels impossible-- "full range"/"all possible" is infinite; "representative values" or "one example of each" would be a better wording 20:23:21 brentz: maybe a good first pass would be making a current list of all normative statements; i think tests for anything else (like proof and credential schema properties) would be overkill 20:23:33 ... but still appreciated as a stretch goal 20:23:38 q+ 20:23:52 cel: sure, normative statemetns sounds a good first step 20:24:04 brentz: i'm not sure any second step is mandatory, that can all wait til v2 WG 20:24:06 ack juancaballero 20:24:29 juancaballero: where is the old list of normative statements, and how out-of-date is it? 20:24:32 juan: just to ask if nromative statements have ever been compiled 20:25:06 brentz: I don't know if there is such a list 20:25:16 ... Could ask Manu or Dmitri 20:25:16 ok sounds good 20:25:24 i'll do that before meeting with Charles to continue this 20:25:37 brentz: Any other questions or comments? 20:25:44 topic: VCWG Draft Charter 20:25:55 https://github.com/w3c/vc-wg-charter/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc 20:26:14 brentz: These are the set of issues on the charter that we will look at, as well as pull-requests that are open. 20:27:03 Kristina: We may have a scheduling conflict 20:27:11 q+ 20:27:21 brentz: This time is every other week, the other one is in 8am pacific 20:27:47 ack selfissued 20:27:47 ... Could alter the time for the later meeting, will save 5min for that 20:28:13 selfissued: There's a number of us that need to be on the WebAuthN call, at noon pacific every other week. 20:28:30 ... If we can shift it to the same time but a week later, then we can alternate with WebAuthN. 20:28:37 +1 shifting a week works for us better as well 20:28:49 ... Right now it's a conflict for us and also otheres, e.g from Ping Identity 20:28:52 +1 as far as at same time 20:28:55 +1 20:28:56 +1 20:29:08 brentz: We can shift it, next week will meet at this time and begin alternating after that 20:29:24 subtopic: https://github.com/w3c/vc-wg-charter/issues/38 20:29:48 brentz: "Multilingual support for selecting a image file" Raised by Shigeya. 20:29:52 Webauthn will likely move back to weekly meetings once their charter is approved; we'll make sure to re-raise the issue for coordination of the two groups at that time to see if one or the other wants to move 20:30:13 ... There is conversation in the PR 20:30:31 https://github.com/w3c/vc-wg-charter/pull/44 20:30:36 shigeya: The original markdown... not only the text but also the image file... 20:30:53 ... This PR and the last one, for multilingual text support, replacing strings... 20:31:10 ... to support both localized string and localized images. 20:31:34 ... I had some conversation... I hope she understands my intention... 20:32:15 ... Committed by some folks at Keio 20:32:23 ... I'm still working with Kristina on some of these changes 20:32:24 q+ 20:32:31 ... If she is satisfied with that, I'll create a PR 20:32:32 ack Kristina 20:33:01 Kristina: Are you suggesting to keep the original PR, or accepting the change request? 20:33:10 shigeya: I'm a bit confused about your comment 2 hours ago 20:33:35 ... The support for multilingual is not limited to ...? 20:33:53 https://github.com/w3c/vc-wg-charter/pull/44#issuecomment-1022484682 20:33:55 "Support for multilingual representations of resources not limited to the text strings that can be included by reference or by value" 20:34:19 brentz: Thank you both 20:34:35 subtopic: https://github.com/w3c/vc-wg-charter/issues/45 20:34:54 brentz: PR 45 raised by Orie. Orie, can you talk us through this? 20:35:12 Orie: Sure. For those who don't know, in the VC Data Model 1.0 JSON-LD context, which are included and supported. 20:35:23 ... One is Ed25519, one is Secp256k1. 20:35:32 ... Both use detached JWS with algs from the JOSE registry 20:35:43 ... Since the work ended, those are the only ones in the context. 20:36:06 q+ 20:36:08 ... This proposal would add support for all JWK key representations that could be used to verify verifiable credentials, as well as adding support for the JSON Web Signature 2020 signature type, which supports all those types. 20:36:25 ... This expression is a superset of what the VCDM already supports 20:36:43 ... If we accept this, it will support RSA and NIST curves, as well as the already-supported Secp256k1 and Ed25519 20:36:51 q+ 20:36:55 ... JWK is critical to VC Data Model 20:36:58 ack kdenhartog 20:37:24 kdenhartog: Some considerations need to come into play. For that context, I think Manu agrees with this as well, is pulling things out of it, rather than adding to it. 20:37:30 yep, +1 to not creating a single context. 20:37:38 ... We've had conflicts with it. I don't think it leads to actionable changes in the charter. 20:37:49 ... More important: what we will face as interop problems 20:38:03 ... I don't necessarily see it needs to be discussed in the charter 20:38:08 q+ 20:38:20 ... But I could see it blocked if we are trying to support multiple signture types, JSON and Linked Data Integrity 20:38:20 The time to fix this IS at charter time :) 20:38:21 ack selfissued 20:38:40 selfissued: I support Orie's points. Standardizing JWS-based signatures will improve interoperability quite a lot. 20:38:46 ... Those are based on existing IETF standards. 20:38:59 q+ 20:39:03 note PR https://github.com/w3c/vc-wg-charter/pull/47 20:39:07 ... I hear Kyle about supporting 2 things, that that's already the case. Fully supporting JWS and the associated JWKs will improve interoperability with existing systems, not hinder it. 20:39:15 ack Orie 20:39:22 ... So I don't see that resulting in charter objections, I think it would result in charter support. 20:39:41 Orie: I agree about the context... I'm expecting this will be handled differently. 20:39:46 ... The job of the WG is to solve this. 20:40:14 ... The work items in the linked data integrity work stream are trying to define suites at charter time, to make it explicit what's in or out of scope. 20:40:29 +1 that this should occur at charter time 20:40:31 ... This could result in some intention. We should bear the cost now, at charter time, to make things smoother moving forward. 20:40:37 ack kdenhartog 20:40:46 ... Thanks 20:41:25 kdenhartog: I think it's actually quite useful for us to have these conversations. Personally, I believe having this JSON support is very beneficial. But since VCs and Linked data integrity has already been deployed... 20:41:36 ... If we can get it supported, great, but I don't see if it helps us get interoperability. 20:41:52 I don't share your long term goal :) I believe suits should be defined... its not our job to tell folks which suites to use. 20:41:55 ... Arguments can be made it's not that big a problem; it's probably resolvable in the charter. If we can do that, it may be useful. 20:42:09 subtopic: https://github.com/w3c/vc-wg-charter/pull/47 20:42:14 ... So I'm in favor of having the conversation now, to see if we can figure it out early 20:42:27 brentz: Related PR adds language to the charter 20:42:34 ... Has been reviewed and approved. 20:42:43 ... Specifically this PR, is there language here that would be opposed? 20:42:46 q+ 20:42:52 Merge it! 20:42:53 ack kdenhartog 20:43:03 kdenhartog: I see no objectionable issues with this. 20:43:12 ... I think the one we need to check with is Manu 20:43:23 ... I see has not approved it yet. That is one reason to hold off. 20:43:24 q+ 20:43:39 brentz: Would you ask for him to look at it in the PR? 20:43:51 ack selfissued 20:43:52 kdenhartog: Yes, he had some delays in his work, so we may be waiting, but I'll raise it 20:44:35 q+ 20:44:49 selfissued: I'm new to this WG and don't know your processes in general. But looking at it, there's 7 approvers. I don't think Manu has some special status over others in the WG. I would propose instead we merge it, and if he wants to create a PR with language modifying it, he could do so 20:44:51 ack kdenhartog 20:44:52 +1 git will keep track of history, and we can debate PRs that have objections. 20:44:55 ... I'd rather see progress than waiting 20:45:12 kdenhartog: Normally I would agree with you, but this PR has only been open a day 20:45:22 ... I want to see if there will be controversy we can address ahead of time. 20:45:30 ... I can see arguments "It's already in there, don't pull it out" 20:45:35 ... Don't want to get into that too early 20:45:59 ... Would like to get alignment and agreement. It's to manage the way the group is going to achieve consensus. 20:46:17 +1 brent... this is a charter that still has to be appoved... 20:46:25 brentz: Because this is just a draft charter, not a spec... If people actually showing up object to the work, it won't get approved 20:46:36 q+ 20:46:38 q+ 20:46:39 ... So I have less heartburn about merging this PR... 20:46:43 ack kdenhartog 20:47:06 kdenhartog: In that case, I'm fine with merging it, if you feel comfortable that it's not going to be a problem. Mike makes a good point, let's make progress 20:47:18 ack JoeAndrieu 20:47:19 ... I'll just make sure Manu is at least alert to it 20:47:23 selfissued: Thanks, Kyle. 20:48:11 JoeAndrieu: I don't understand the rush here. If there are some concerns that someone in this community might object, I think we should tag the and give them 24 hours to respond. That's all. 20:48:23 +1 20:48:30 brentz: Opposition to course of action, Kyle will tag him, and if we don't see objections by tomorrow, I'll merge it? 20:48:30 +1 to a tag and pause 20:48:39 brentz: Thank you all for that conversation. 20:48:48 subtopic: https://github.com/w3c/vc-wg-charter/issues/46 20:49:03 ... Issue 46. Orie, can you talk about this one? 20:49:08 Orie: Yes. This is a cool one. 20:49:18 zakim, who is here? 20:49:18 Present: cel, shigeya, brentz, mprorock, DavidC, selfissued, loganporter, kdenhartog, David_Waite, Kristina, gnatran, Orie, JoeAndrieu 20:49:21 On IRC I see TallTed, JoeAndrieu, Orie, gnatran, Kristina, kdenhartog, loganporter, David_Waite, selfissued, DavidC, mprorock, RRSAgent, Zakim, brentz, tzviya, dlehn1, dlongley, 20:49:21 ... manu, cel, wayne, hadleybeeman, shigeya, stonematt, bigbluehat, cel[m], juancaballero, rhiaro 20:49:41 ... For folks familiar with the DID specification, that are really two key representations that the DID specification acknowledges as existing: publicKeyJwk (previous PR), and publicKeyMultibase (this PR) 20:50:07 present+ TallTed 20:50:10 ... A community of folks working on multiformats... Filecoin, IPFS community... multibase emerges from those communities. Public key representations based on binary encoding with uvarint. 20:50:11 present+ juancaballero 20:50:17 ... Folks want to use publicKeyMultibase to create verifiable credentials. 20:50:31 ... This proposal is to support publicKeyMultibase as a class of verificartion method, consistently. 20:50:46 ... For every JWK with a multibase representation, let's do the work to see how they are related... 20:51:14 ... Allow using for verifiable credentials... Define suites specific to raw cryptographic operations not based on JWS but coming from the same cryptographic primitives that JWS is built on. 20:51:29 ... Like the JWK proposal but using publicKeyMultibase... 20:52:03 ... I have talked with Manu about this, he's not in favor of supporting it across the board, only for P256 and Ed25519, but perspective may have changed 20:52:05 q+ 20:52:11 ack kdenhartog 20:52:22 q+ 20:52:32 kdenhartog: I like the idea of consolidating around keys within a suite. I'm not sure how well it fits in the VC spec. Maybe it could. 20:52:37 look at the existing JSON-LD context to see how it fits. 20:53:04 ... Other question: within the DID Core data model, we define two but allow extensions that define any verification method... Creates arbitrariness that may create more complexity at the VC layer 20:53:18 ... Not sure if standardizing it helps. How well does it fit within this system? 20:53:31 ack David_Waite 20:53:37 I agree with you again kyle :) 20:53:37 ... The JSON-LD context... I want to pull that stuff out. Just keep the terms defined by the data model specifications. 20:54:24 David_Waite: Multiformats are interesting, but I worry... A spec like JWK has a definition of a key, standardized, has libraries, W3C references it in other specs like WebCrypto. Multiformats does not have a lot of uptake... multiformats.io not a standards body, no versioned specification 20:54:31 ... We might be taking on work to define it 20:54:43 ... What is a crypto format... in the VC charter? 20:54:59 ... Could that work be elsewhere? Maybe in IETF, doesn't have a standards track... Not all IETF either. 20:55:09 agree with everything David is saying, this is mostly to ensure that we discuss this before the charter is approved, and that we address this consistently, and not on a 1-off basis. 20:55:21 ... So I have some concerns. Also about how to profile usage of the crypto, in a working group mostly talking about data models, at least traditionally. 20:55:28 please comment on the issue. 20:55:39 brentz: Good conversation, please continue in the issue, so we can see if there is consensus. 20:55:44 subtopic: https://github.com/w3c/vc-wg-charter/issues/24 20:56:06 ... Issue 24. Originally raised by Mike, before he was even in the group. Recently had more conversation. Opening up the floor 20:56:17 ... Mike, would you like to introduce the issue? 20:56:48 selfissued: Thank you. The point was made on the issue that there are a lot of protocols using the spec, which is great, that's a form of adoption, that's happened without us doing any of the protocols. 20:57:07 ... I think it would overload us and present us with more interop challenges if we are defining protocols. 20:57:17 ... But fine to talk about how choices in the data model may affect protocols. 20:57:30 ... Consider protocol considerations in scope, but I don't think it should be our job to pick winners among protocols. 20:57:31 q+ to mention the key dereferening issue 20:57:36 ... So should remain out of scope, like it was for v1. 20:57:36 ack Orie 20:57:36 Orie, you wanted to mention the key dereferening issue 20:57:43 Orie: I agree with everything Mike just said 20:57:58 ... One area of VCDM v1 where we experienced a lot of pain, regarding the JWT implementation 20:58:10 ... We don't have a great way of going from the identifier to a key 20:58:17 ... With the URL to URI change, same thing 20:58:19 q+ to note that a note defining a clean RESTful API might be a good option 20:58:33 ... I know how to resolve URL, but not URI. Destroying interoperability. I agree with them, we have to be careful... 20:58:59 ... If we say there is an identifier and something behind it, we should be careful not to handwave that could lead to non-interoperabiliy 20:59:14 ack mprorock 20:59:14 mprorock, you wanted to note that a note defining a clean RESTful API might be a good option 20:59:17 ... Maybe it doesn't fall into what this group considers a protocol. Apologies if it's not right place 20:59:29 q+ 20:59:53 ack kdenhartog 20:59:54 mprorock: Quick option, having a note similar to an implementation guide, etc., that if you want to exchange this over REST, you might want to use this... Maybe one way to approach it, I think in line with Mike Jones's comment 20:59:56 selfissued: I agree 21:00:03 s/interoperabiliy/interoperability/ 21:00:13 kdenhartog: General understanding was to leave this non-normative. 21:00:30 ... I think the current text allows that to happen, and allows us to talk about the impact, and discuss it with other groups. 21:00:37 https://github.com/w3c/vc-wg-charter/pull/43 21:00:41 brentz: Thank you all. Please continue the conversation in the PR ^ 21:01:01 ... Welcome to everyone new here. 21:01:13 ... Next week meeting same time. Will update calendar. Thanks all 21:01:18 selfissued: Thank you for welcoming us. 21:01:23 https://github.com/w3c/vc-data-model/pull/847 21:01:31 zakim, who is here? 21:01:31 Present: cel, shigeya, brentz, mprorock, DavidC, selfissued, loganporter, kdenhartog, David_Waite, Kristina, gnatran, Orie, JoeAndrieu, TallTed, juancaballero 21:01:35 On IRC I see TallTed, JoeAndrieu, Orie, gnatran, Kristina, kdenhartog, loganporter, David_Waite, selfissued, DavidC, mprorock, RRSAgent, Zakim, brentz, tzviya, dlehn1, dlongley, 21:01:35 ... manu, cel, wayne, hadleybeeman, shigeya, stonematt, bigbluehat, cel[m], juancaballero, rhiaro 21:01:50 zakim, end the meeting 21:01:50 As of this point the attendees have been cel, shigeya, brentz, mprorock, DavidC, selfissued, loganporter, kdenhartog, David_Waite, Kristina, gnatran, Orie, JoeAndrieu, TallTed, 21:01:54 ... juancaballero 21:01:54 RRSAgent, please draft minutes 21:01:54 I have made the request to generate https://www.w3.org/2022/01/26-vcwg-minutes.html Zakim 21:01:56 I am happy to have been of service, brentz; please remember to excuse RRSAgent. Goodbye 21:02:01 Zakim has left #vcwg 21:02:04 rrsagent, bye 21:02:04 I see no action items