14:50:04 RRSAgent has joined #vcwg 14:50:09 logging to https://www.w3.org/2023/08/09-vcwg-irc 14:50:09 RRSAgent, make logs Public 14:50:10 please title this meeting ("meeting: ..."), ivan 14:50:20 Meeting: Verifiable Credentials Working Group Telco 14:50:20 Date: 2023-08-09 14:50:20 Agenda: https://www.w3.org/events/meetings/ae05a21b-c065-4e69-8d5e-352a0d391513/20230809T110000/ 14:50:20 chair: brent 14:50:20 ivan has changed the topic to: Meeting Agenda 2023-08-09: https://www.w3.org/events/meetings/ae05a21b-c065-4e69-8d5e-352a0d391513/20230809T110000/ 14:53:02 Same link is in the agenda for all three of work items, issue triage, and issue discussion... It seems these should differ? 14:54:30 brent has joined #vcwg 14:54:41 brent -- Same link is in the agenda for all three of work items, issue triage, and issue discussion... It seems these should differ? 14:58:10 present+ 14:58:22 present+ brent, TallTed 14:59:31 hsano has joined #vcwg 14:59:41 pl-ASU has joined #vcwg 15:00:56 present+ 15:01:10 present+ hsano 15:01:12 GregB has joined #vcwg 15:01:20 present+ 15:01:47 present+ benjamin, orie, seabass 15:01:48 s/brent -- Same link is in the agenda for all three of work items, issue triage, and issue discussion... It seems these should differ?// 15:01:58 present+ pl-ASU 15:02:06 andres has joined #vcwg 15:02:13 present+ kristina 15:02:43 kristina has joined #vcwg 15:02:47 present+ 15:02:58 present+ 15:03:23 chair: kristina 15:03:33 present+ andres 15:03:37 dmitriz has joined #vcwg 15:03:59 present+ 15:04:18 present+ 15:04:18 present+ PaulD 15:04:24 Paul_Dietrich_GS1 has joined #vcwg 15:04:26 present+ dlongley 15:04:59 Orie has joined #vcwg 15:05:06 present+ 15:05:30 present+ selfissued 15:05:36 present+ manu 15:05:56 scribe+ GregB 15:06:05 present+ 15:06:39 Testing scribing from GregB 15:06:43 present+ 15:06:56 s/Testing scribing from GregB// 15:06:57 me: GregB: greg said xxx 15:07:22 Kristina: let's start rolling... 15:07:39 cabernet has joined #vcwg 15:07:42 present+ cabernet 15:07:42 present+ 15:07:47 q+ 15:08:02 Kristina: for today -- PRs, new issues, status upates 15:08:02 ack TallTed 15:08:19 TallTed: issue with the links for discussion 15:08:51 kgriffin has joined #vcwg 15:09:03 topic: updates on test suites 15:09:33 brent: conformance testing -- a number of test suites developed in CCG, create repo for these in WG 15:09:37 present+ griffin 15:09:53 JoeAndrieu has joined #vcwg 15:10:13 present+ JoeAndrieu 15:10:14 brent: Test suites -- VC schemas, and status lists. Recommends reviewing if you couldn't attend. 15:10:30 link to those minutes? 15:10:41 Topic: PRs 15:10:43 https://github.com/w3c/vc-data-model/pulls?q=is%3Aopen+is%3Apr+-label%3A%22pending+close%22+-label%3Adiscuss+sort%3Aupdated-asc 15:10:55 q+ 15:10:59 ack manu 15:11:08 Link to special topic call minutes: https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-08-08-vcwg-special 15:11:13 subtopic: https://github.com/w3c/vc-data-model/pull/1172 15:11:42 decentralgabe has joined #vcwg 15:11:44 q+ 15:11:47 present+ gabe 15:11:52 manu: VC data model PRs -- #1172 unclear where we are on this PR, Orie change suggestions, TallTed too. Getting to close soon? 15:11:54 ack Orie 15:12:42 orie: Don't know if it will get to a PR that is better than current text. It's ?? that is managing this PR. 15:13:10 q+ 15:13:25 ack JoeAndrieu 15:13:50 q+ to note subjects are not entities. 15:13:56 q+ 15:13:57 +1 JoeAndrieu, I agree with your comment 15:13:58 JoeAndrieu?: Issue on terminology... 15:14:03 q? 15:14:14 q- 15:14:17 s/?:/:/ 15:14:22 ack TallTed 15:14:50 TallTed: not sure where "entity" has been defined (in RDF)... 15:15:06 subtopic: https://github.com/w3c/vc-data-model/pull/1199 15:15:35 manu: PR 1199, about validation section on "holder", waiting on JoeAndrieu feedback 15:16:05 q+ to agree on the validation vs verification 15:16:11 JoeAndrieu: not sure where I'm at, "validation" versus "verification", no new comments from 3 weeks ago 15:16:15 ack Orie 15:16:15 Orie, you wanted to agree on the validation vs verification 15:16:44 Orie: Agree "validation/verification", can file an issue, Joe agrees 15:16:51 subtopic: https://github.com/w3c/vc-data-model/pull/1202 15:17:06 identitywoman has joined #vcwg 15:17:10 present+ identitywoman 15:17:11 present+ 15:17:56 q+ 15:18:00 manu: PR 1202, everyone who needs to reviewed has reviewed, need JSON/JSON-LD processing section, conflicts needs to be resolved, plan to merge tomorrow 15:18:03 ack seabass 15:18:23 sebastian: What script? Ivan: that's my script 15:18:36 ivan: don't have to minutes that!!! 15:18:51 subtopic: https://github.com/w3c/vc-data-model/pull/1211 15:18:51 s/ivan: don't have to minutes that!!!// 15:18:57 s/sebastian: What script? Ivan: that's my script// 15:19:46 manu: PR 1211 "abstract concepts" trying to get agreement with Orie and David Chadwick. Media types... 15:19:56 q+ 15:20:11 ack Orie 15:20:24 q+ 15:20:41 orie: "testable difference" between the two concepts... Feeling mushy 15:21:45 orie: media type distinguishable, RDF, english sentence, securing mechanism, duration of proof vs information 15:22:01 orie: not sure how to fix 15:22:08 ack manu 15:23:02 manu: Will propose concrete text. One is secure, one is not, or ability to be secured; Can door be locked, does it have a door... 15:23:06 q+ to add analogy 15:24:14 manu: Three interpretations floating around and they don't line up. Depending on the securing mechanism may has "proof" on it. JWT and SD-JWT don't have proof on them 15:24:54 selfissued has joined #vcwg 15:25:05 present+ 15:25:17 q? 15:25:20 manu: okay to have prose that says VC must be secured. We can test it... Concrete suggestion/testable. Can Ted/Orie/DavidC agree? 15:25:21 ack seabass 15:25:21 seabass, you wanted to add analogy 15:25:24 I'm not sure its testable, but I hope it can be made testable 15:25:42 perhaps it will become more obvious with better text 15:25:43 q+ 15:25:53 q? 15:25:57 q+ 15:26:29 manu: its absolutely testable. Run a verification algorithm. Know which algorithm to run 15:26:30 You can run algorithms on anything, which is why that test is problematic IMHO. 15:27:23 ack seabass 15:28:24 seabass: Analogy -- Safe is secure, sledge hamer breaks safe, transfer to VC world, if alg is later insecure it still was a VC 15:28:26 ack selfissued 15:28:28 q? 15:28:47 yes, +1000 selfissued ! 15:28:51 q+ 15:28:51 q+ 15:29:00 MikeJones: agree with Manu. If crypto signed verifiable if not no. 15:29:16 +1 to that language 15:29:17 q+ 15:29:19 manu: plus 1000 to Mike Jones. 15:29:25 +1 to selfissued 15:29:25 ack TallTed 15:29:25 +1 15:29:44 +1 if this doesn't trigger a bunch of other changes, i'm happy with that solution 15:29:51 q- 15:29:57 why can't we clarify it's "cryptographicaly verifiable" credential 15:30:14 ack Orie 15:30:14 that might work as well, kristina 15:30:17 TalTed: if it remains that loose, I can live with it. If the crypto needs to be at a certain level that is different 15:30:19 maybe we can add "cryptographically" before "verifiable credential" to solve this like kristina said. 15:30:23 depends on how far down the rabbit hole we want to go. 15:30:32 q+ 15:30:49 q+ to say we, the W3C, are the people that vet W3C VCs 15:30:57 orie: agree, the abstract concept of "proof", versus the terminology "proof" in our defs 15:31:22 q? 15:31:30 ack selfissued 15:31:31 orie: in summary keeping it higher level and not using word proof... 15:31:49 ack JoeAndrieu 15:31:49 JoeAndrieu, you wanted to say we, the W3C, are the people that vet W3C VCs 15:31:52 MikeJones: agree, keep it simple, omit use of word proof 15:32:04 +1 JoeAndrieu (IRC) 15:32:22 JoeAndrieu: on vetting securing mechanisms, that is us (W3C) 15:32:27 q+ 15:32:31 ack manu 15:32:35 q+ 15:32:39 -1 we're not sufficiently crypto expert to perform this vetting, especially not for the indeterminate futuer 15:32:42 we are absolutely not qualified to vet all possible VC securing mechanisms 15:33:10 present+ oliver 15:33:12 oliver has joined #vcwg 15:33:14 present+ 15:33:14 in my experience we are *not* careful enough to confuse "abstract proof" with "data integrity proof" 15:33:24 and this issue is a result of that 15:33:33 manu: on same path until we had to remove the word proof, concern that we need to replace every use of the word proof... 15:33:36 q+ to reply about qualifications (if this is still on the agenda) 15:33:43 s/careful enough to confuse/careful enough to not confuse/ 15:33:54 Orie: i'm actually not sure if the outcome of this discussion changes anything practical. 15:33:54 q+ 15:33:56 we were on the right path until the suggestion was made that the VCWG needs to bless every possible securing mechanism. 15:34:00 manu: we have been very careful on the use of the language and the word "proof" 15:34:03 DavidC has joined #vcwg 15:34:05 present+ davidc 15:34:07 q+ to suggest PRs from Orie where he can point out exactly where "proof" is problematic 15:34:10 ack manu 15:34:12 present+ 15:34:20 dlongley I am in the same boat... that is why its so concerning. 15:34:27 +1 15:34:28 ack seabass 15:34:28 seabass, you wanted to reply about qualifications (if this is still on the agenda) 15:34:35 Orie: I'm actually *not* concerned for that reason :) 15:35:14 It's ok for me to be " 15:35:23 sebass: agree with Manu's direction. This WG *is* qualified to say something about cryptography... 15:35:30 "in the rough" on the proof langauge... 15:35:33 q+ to move on :) 15:35:34 we have a section titled "Proofs (signature)" so I think we can safely add clarification that "VC is cryptographically verifiable/secured" without affecting proof terms 15:35:37 ack TallTed 15:36:18 TallTed: Sebastian this WG has an end date. Cannot make any guarantees on on going crypto... 15:36:20 this sentence is why no need to change anything 'proof' while adding 'cryptographically verifiable': "The cryptographic mechanism used to prove that the information in a verifiable credential or verifiable presentation was not tampered with is called a proof. " 15:36:38 most of my comments regarding use of the "word proof" are based on the numerous conversations tallted and I have had on many issues regarding this. 15:36:39 TallTed: on lockable/locked door. 15:36:47 Yes, to some variation of what Kristina said above ^ 15:36:55 @TallTed - in your analogy, the question is "is it the door with a lock?" and YES, it still is, even if key is hanging outside 15:36:59 ... and I feel like we already say that in the spec. 15:37:05 TallTed: key left hanging on the door... 15:37:11 I'm now officially lost on the locked door analogies 15:37:23 q? 15:37:29 FWIW I agree there is a way to make it clear when we are being abstract, and when we are being concrete... my only concern is that when we are concrete we are consistent in both RDF and english 15:37:32 ack JoeAndrieu 15:37:32 JoeAndrieu, you wanted to suggest PRs from Orie where he can point out exactly where "proof" is problematic 15:38:09 JoeAndrieus: yes, to Manu's direction. Let's get to specifics... To Ted the door is securable 15:38:13 ack manu 15:38:13 manu, you wanted to move on :) 15:38:25 subtopic: https://github.com/w3c/vc-data-model/pull/1212 15:38:26 YES, securABLE, not necessarily securED! 15:38:40 This is the primary place where we are being messy: https://w3c.github.io/vc-data-model/#securing-verifiable-credentials 15:39:08 q+ 15:39:20 @Orie - interesting. any particular place in that section? Looking through it, it seems pretty clear.. 15:39:21 manu: PR 1212 examples of securing mechanisms in spec. Point to specifications or directory? Need PR about media types? 15:39:27 q? 15:39:30 ack Orie 15:39:53 q+ to say that SHOULD use something from the Dir is problematic 15:40:36 orie: VCs with some securing mechanims, with DI proofs; two specs; or media types; This or that language in DM spec 15:40:55 q+ to note that's not what we do (only refer to two things) 15:41:02 orie: merge media types, refer to them consistently 15:41:04 ack JoeAndrieu 15:41:04 JoeAndrieu, you wanted to say that SHOULD use something from the Dir is problematic 15:41:27 +1 on should to MAY 15:41:33 JoeAndrieu: this establishes related specs into a priveleged posistion... 15:41:35 +1 on SHOULD to MAY conversion 15:41:40 ack manu 15:41:40 manu, you wanted to note that's not what we do (only refer to two things) 15:41:48 +1 to MAY 15:42:42 manu: securing mechanisms we have vetted here and those not. Anyone can add to specs dir. No review... 15:42:49 q+ to say it won't suggest that. it's a directory not a registry 15:43:05 I want XML DSIG 15:43:09 manu: very dangerous thing; any mechanism... 15:43:21 q+ 15:43:30 ack JoeAndrieu 15:43:30 JoeAndrieu, you wanted to say it won't suggest that. it's a directory not a registry 15:43:55 +1 JoeAndrieu 15:44:14 ack seabass 15:44:21 JoeAndrieu: I think anything does go; people can come up with new crypto; a registry is okay; our mechanisms are published as recs. 15:44:49 s/a registry is okay/a directory is okay/ 15:44:50 sebass: be careful, don't devalue our (WG) opinion 15:45:07 q+ to note that we don't say what has and has not been vetted in the registry. 15:45:12 kristina: safely change to MAY... 15:45:14 ack manu 15:45:14 manu, you wanted to note that we don't say what has and has not been vetted in the registry. 15:45:40 q+ 15:45:45 ack Orie 15:45:53 manu: we don't say what has/hasn't been vetted in registry? The VC DM doesn't say what has been vetted. 15:46:21 manu: how should we refer to securing mechanisms we have been working on? 15:46:34 I suggested a concrete change here: https://github.com/w3c/vc-data-model/pull/1212/files#r1279836059 15:46:46 manu: what sections/where to put? 15:46:51 ack Orie 15:47:56 orie: if media types is merge is will be ovious; 15:48:08 https://github.com/w3c/vc-specs-dir/pull/14 15:48:26 +1 manu 15:48:36 manu: blocking on Kristina PR 14; create media type in specs dir; then merge 15:48:38 ack JoeAndrieu 15:48:47 I can edit "register to list" 15:48:54 directister 15:49:02 JoeAndrieu: avoid that directory is a registry 15:49:08 subtopic: https://github.com/w3c/vc-data-model/pull/1215 15:49:16 https://github.com/w3c/vc-data-model/pull/1218 15:49:24 manu: PR 1215 1218. approvals. 15:49:30 subtopic: https://github.com/w3c/vc-data-model/pull/1219 15:49:50 q+ 15:49:52 manu: JWT stuff from Orie... 15:50:04 q+ 15:50:11 ack ivan 15:50:30 q+ 15:50:30 q+ on URls to use 15:50:33 Sorry, I'm slow, I have to re-review most recent changes in https://github.com/w3c/vc-specs-dir/pull/14 15:50:37 ack oliver 15:50:58 oliver: how to keep spec in sync with IANA registry 15:51:01 q+ if ok, I'd like to suggest an improvement related to that previous issue about specs-dir 15:51:08 q? 15:51:10 q+ to if ok, I'd like to suggest an improvement related to that previous issue about specs-dir 15:51:12 ack Orie 15:51:16 kristina: Orie only adding already reged 15:51:38 q- 15:51:46 s/reged/registered 15:52:00 manu has joined #vcwg 15:52:04 q? 15:52:28 q+ 15:52:30 orie: has spoken with IANA folks; registries being updated, no timeline 15:52:46 q- 15:52:47 yes, what Orie said :) 15:52:49 ack JoeAndrieu 15:52:49 JoeAndrieu, you wanted to if ok, I'd like to suggest an improvement related to that previous issue about specs-dir 15:52:58 q+ 15:53:04 ack oliver 15:53:12 q+ to if ok, I'd like to suggest an improvement related to that previous issue about specs-dir 15:53:21 Oliver, the same thing that happens today... you add a second context. 15:53:24 q+ 15:53:26 q+ 15:53:28 correct ^ 15:53:33 oliver: concern was publish, then new "claims" get registered; can we update context 15:53:36 q later 15:53:43 q? 15:54:04 ack kristina 15:54:11 q- 15:54:12 kristina: not sure what claims your concerned about... 15:54:17 it is a problem for a future working group 15:54:22 https://github.com/w3c/vc-specs-dir/issues/27 15:54:25 ack JoeAndrieu 15:54:25 JoeAndrieu, you wanted to if ok, I'd like to suggest an improvement related to that previous issue about specs-dir 15:54:37 q? 15:55:14 manu: let's end here 15:55:22 winning! 15:55:44 q+ 15:56:12 ack Orie 15:56:50 is:issue is:open -label:before-CR -label:"pending close" sort:updated-asc 15:57:15 gkellogg has joined #vcwg 15:57:19 https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Abefore-CR+-label%3A%22pending+close%22+sort%3Aupdated-asc 15:57:34 kristina: thanks all, see you next week 15:57:46 rrsagent, draft minutes 15:57:47 I have made the request to generate https://www.w3.org/2023/08/09-vcwg-minutes.html ivan 15:57:59 zakim, end meeting 15:57:59 As of this point the attendees have been ivan, brent, TallTed, hsano, GregB, benjamin, orie, seabass, pl-ASU, kristina, dlongley, andres, bigbluehat, dmitriz, PaulD, selfissued, 15:58:02 ... manu, cabernet, griffin, JoeAndrieu, gabe, identitywoman, oliver, davidc 15:58:02 RRSAgent, please draft minutes 15:58:03 I have made the request to generate https://www.w3.org/2023/08/09-vcwg-minutes.html Zakim 15:58:09 I am happy to have been of service, ivan; please remember to excuse RRSAgent. Goodbye 15:58:09 rsagent, bye 15:58:09 Zakim has left #vcwg 18:33:56 gkellogg has joined #vcwg 18:36:59 gkellogg_ has joined #vcwg 18:38:17 tzviya has joined #vcwg 18:39:00 gkellog__ has joined #vcwg 18:40:50 gkello___ has joined #vcwg 18:41:57 gkellogg has joined #vcwg 18:46:23 gkellogg_ has joined #vcwg 18:57:12 gkellogg has joined #vcwg 19:01:36 gkellogg_ has joined #vcwg 19:03:03 gkellog__ has joined #vcwg 19:08:43 gkellogg has joined #vcwg 19:20:18 gkellogg has joined #vcwg 21:10:39 gkellogg has joined #vcwg 21:10:59 gkellogg has joined #vcwg 21:35:07 gkellogg has joined #vcwg 21:45:18 gkellogg has joined #vcwg 21:45:42 gkellogg has joined #vcwg 21:58:35 gkellogg has joined #vcwg 23:37:02 gkellogg has joined #vcwg 23:41:55 gkellogg has joined #vcwg 23:57:55 gkellogg has joined #vcwg