14:58:54 RRSAgent has joined #vcwg 14:58:58 logging to https://www.w3.org/2024/06/26-vcwg-irc 14:58:58 RRSAgent, make logs Public 14:58:59 please title this meeting ("meeting: ..."), brent 14:59:03 gkellogg has joined #vcwg 14:59:13 meeting: Verifiable Credentials Weekly Teleconference 14:59:19 chair: Brent Zundel 14:59:30 present+ 14:59:59 hsano has joined #vcwg 15:00:26 present+ 15:01:52 DavidC has joined #vcwg 15:02:00 present+ 15:02:04 wes-smith has joined #vcwg 15:02:37 decentralgabe has joined #vcwg 15:02:42 present+ 15:02:45 present+ 15:04:03 scribe+ 15:04:04 Wip has joined #vcwg 15:04:10 present+ 15:04:53 present+ 15:05:20 JennieM has joined #vcwg 15:05:27 present+ 15:05:35 bigbluehat has joined #vcwg 15:06:06 aniltj has joined #vcwg 15:06:06 KevinDean has joined #vcwg 15:06:10 present+ 15:06:24 DavidC has joined #vcwg 15:06:25 DavidC: I suggested newer simple definitions for issuee, please look at and comment on it, please. 15:06:32 scribe+ 15:06:34 brent: Any updates to agenda? 15:06:37 present+ 15:06:47 q+ 15:06:52 present+ 15:06:54 EBSI people will be attending next week 15:06:54 brent: Visitors from EBSI next week, we can speak with them about Terms of Use. 15:07:11 dmitriz has joined #vcwg 15:07:16 present+ 15:07:24 https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211 15:07:39 s|comment on it, please.|comment on it, please. https://github.com/w3c/vc-data-model/issues/1467#issuecomment-2185331647 | 15:07:42 brent: feedback has been received from cryptographers on the above 15:08:22 discussion on VC formats - https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211 15:08:28 on DIDs - https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/205 15:08:41 Topic: media types 15:08:53 subtopic: https://github.com/w3c/vc-data-model/issues/1509 15:08:59 q- 15:09:08 brent: have had lots of discussions already about this 15:09:21 .... decided we would just register vc and vp 15:09:26 q+ 15:09:26 JoeAndrieu has joined #vcwg 15:09:32 ... but some folks want ld adding as well 15:09:36 ack manu 15:09:50 -1 to change the core media types again, please move forward with `application/vc` and `application/vp` 15:09:55 manu: strong -1 for revisiting this topic again 15:10:24 I'm also -1 to revisiting this conversation 15:10:30 -1 15:10:33 mccown has joined #vcwg 15:10:37 ... people who want to use sd-jwt as well actually have nothing to do with our VC DM 15:11:06 ... it duplicates the typing mechanism but is incompatible with VCDM 15:11:50 ... we should contact Oauth group at IETF and ask them to stop creating specs that will confuse people with our W3C VCDM spec 15:11:51 +1 to everything Manu said. 15:11:53 q+ 15:12:10 +1 msporny 15:12:21 ack decentralgabe 15:13:00 gabe: I am concerned about us being blocked from registering our media types 15:13:05 q+ to note the collision 15:13:51 brent: of the two media types we want to register (application vc and vp) should not be a problem 15:14:09 ... it is the addition of sd-jwt that may cause problems 15:14:20 q+ to agree with brent 15:14:35 +1 to brent, yes. 15:14:42 ack brent 15:14:42 brent, you wanted to note the collision 15:14:44 ack manu 15:14:44 manu, you wanted to agree with brent 15:14:51 ... we should register our base two types first 15:15:23 q+ 15:15:34 manu: we need to move on, so lets not discuss further unless our initial registrations are blocked 15:15:53 q+ 15:16:23 gkellogg has joined #vcwg 15:16:28 ... its not clear to me how many sd-jwt data types there are, and they all seem to be incompatible with one another 15:16:44 ack TallTed 15:16:46 +1 to Brent's suggestion to register the base types first 15:16:56 +1 for proceeding with the 1st 2 base types. It doesn't sound like doing that and discussing the others later hinders anything. 15:17:06 q+ to take an action to submit the registration at IETF. 15:17:08 TallTed: we should not pre-determine that our registrations will be blocked. 15:17:16 ... lets wait to see the outcome 15:17:49 ... I see a lot of slopiness in what media types are being discussed, with the + and - signs 15:18:00 ack aniltj 15:18:33 s/with the + and - signs/with the + and - signs flipped or otherwise incorrectly used/ 15:18:42 aniltj: feedback on ARF may suggest changes to media types are needed 15:18:58 ack manu 15:18:58 manu, you wanted to take an action to submit the registration at IETF. 15:19:28 manu: I will volunteer to submit the registration request for the two data types in our VC DM 15:19:37 +1 to that plan 15:19:41 +1 thanks Manu 15:19:44 ... application/vc and application/vp 15:19:44 +1 to that plan 15:19:56 Topic: VCDM Issue Processing 15:20:13 https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Afuture+sort%3Aupdated-asc 15:20:37 brent: currently have 9 open issues that are not marked future 15:20:52 ... Tou will be discussed next week 15:20:57 subtopic: https://github.com/w3c/vc-data-model/issues/1479 15:21:28 dmitriz: coming along shortly 15:21:33 present+ 15:21:37 q+ 15:21:38 subtopic: https://github.com/w3c/vc-data-model/issues/1479 15:21:43 subtopic: https://github.com/w3c/vc-data-model/issues/1500 15:22:04 ack manu 15:22:09 brent: what is there for us to do here? 15:22:13 Wip has joined #vcwg 15:22:38 zakim, who is here? 15:22:38 Present: brent, hsano, DavidC, decentralgabe, manu, Wip, dlongley, JennieM, KevinDean, bigbluehat, aniltj, dmitriz, ivan 15:22:41 On IRC I see Wip, gkellogg, mccown, JoeAndrieu, dmitriz, DavidC, KevinDean, aniltj, bigbluehat, JennieM, decentralgabe, wes-smith, hsano, RRSAgent, Zakim, brent, TallTed, tzviya, 15:22:41 ... rbyers, jyasskin, hadleybeeman, csarven, rhiaro, shigeya, manu, dlehn, cel, ivan, dlongley 15:22:51 manu: its not a good idea to redefine name and description 15:23:23 ... we should say WG has discussed it and its not a good idea to change the terms as currently described 15:23:23 present+ will 15:23:36 present+ mccown 15:23:45 present+ joe 15:23:49 +1 to close 15:23:51 brent: so the issue should be closed 15:23:54 +1 to close 15:24:08 ... so I will close it after the meeting today 15:24:14 q+ 15:24:15 subtopic: https://github.com/w3c/vc-data-model/issues/1502 15:24:25 ack manu 15:24:40 manu: these are comments from EFF 15:25:03 ... EFF has reviewed the PR and says it addresses their concerns 15:25:14 ... only other thing is edit from TallTed 15:25:49 gkellogg has joined #vcwg 15:26:07 subtopic: https://github.com/w3c/vc-data-model/issues/1503 15:26:25 brent: if I remember correctly this issue should be addressed 15:26:48 https://github.com/w3c/vc-data-model/pull/1505 15:26:56 ... PR#1505 addresses this 15:27:08 q+ 15:27:13 subtopic: https://github.com/w3c/vc-data-model/issues/1507 15:27:23 ack manu 15:27:55 manu: I have been working with a number of AI companies on how VCs can be used to determine if an online entity is a real person or an AI bot 15:28:10 present+ wesley 15:28:10 ... AI systems can now pass Turing test 15:28:31 ... how AI affects IDM systems need to be documented 15:28:44 related PR: https://github.com/w3c/vc-data-model/pull/1508 15:28:56 ... will be a number of research papers published this summer that go into greater details 15:29:14 q+ 15:29:15 q+ to say this is important, but we want to be careful about "solutions" based on anything other than cryptography (preferably post-quantum cryptography) 15:29:23 ack decentralgabe 15:30:05 gabe: AI does not affect the VC DM data structures 15:30:25 q+ to as decentralgabe if he's asking for the section to be moved to validation? I think he is. 15:30:35 brent: are you saying this PR text is in the wrong section of the spec? 15:30:39 gabe: yes 15:30:52 ... move to validation/verification section 15:30:56 ack JoeAndrieu 15:30:56 JoeAndrieu, you wanted to say this is important, but we want to be careful about "solutions" based on anything other than cryptography (preferably post-quantum cryptography) 15:31:23 present+ dlehn 15:31:28 JoeAndrieu: confidenceMethod can be affected by AI 15:31:47 ... there is an AI arms race at the moment 15:32:11 ack manu 15:32:11 manu, you wanted to as decentralgabe if he's asking for the section to be moved to validation? I think he is. 15:33:00 q+ 15:33:01 +1 to that, Manu 15:33:23 manu: the text will not provide text on exact solutions, but we should point to research papers when they become available 15:33:55 "We have something AI doesn't have. That is cryptography." That's great framing. 15:34:14 Have we started actively discussing moves towards post quantum cryptography? 15:34:17 ack TallTed 15:34:18 q+ 15:34:37 TallTed: AI is a moving target so not something we can solve now 15:35:23 ... I have provided substantial text edits to the existing paragraphs 15:35:38 +1 to Ted 15:35:43 ack DavidC 15:35:59 scribe+ 15:36:02 +1 to Ted. That was a good argument for keeping it in Security Considerations. 15:36:06 ... leave text as is and more text in Validation section 15:36:06 q+ 15:36:28 q+ to say VCs have cryptography 15:36:35 Wip has joined #vcwg 15:36:37 DavidC: Joe said that humans have cryptography and AI doesn't, that's a good point, but I think AI can have that too. 15:36:41 ack JoeAndrieu 15:36:41 JoeAndrieu, you wanted to say VCs have cryptography 15:36:51 AI's are currently being created for brute force attacks on cryptography 15:37:15 scribe- 15:37:22 yes, +1 to what Joe said, that's what I meant too. 15:37:23 +1 15:37:24 ECC isn't quantum secure... 15:37:34 q+ to time box :) 15:37:37 q- 15:37:58 q- 15:38:04 will continue in issue 15:38:24 the issue about cryptography is not that AI cannot use crypto and sign, but rather that AI cannot break crypto 15:38:39 Topic: Controller Document 15:38:46 https://github.com/w3c/vc-data-model/pulls 15:38:47 I would contend that AI can break crypto 15:38:47 Therefore AI cannot fake a signed document 15:38:51 q+ 15:39:11 subtopic: https://github.com/w3c/controller-document/pull/32 15:39:30 ack manu 15:40:00 manu: we have a number of approvals already on these additions to the data model 15:40:36 ... the text is mainly from DID core so I prefer not to change it in the Controller document, but rather raise issues on DID core 15:40:46 q+ 15:40:56 ack ivan 15:41:03 ... specifically to ivan's comments 15:41:47 ivan: I could not properly explain what a controller document is from the existing text 15:41:48 q+ 15:42:01 ack manu 15:42:14 ... need a higher level section to explain what the controller document is actually about 15:42:24 subtopic: https://github.com/w3c/controller-document/pull/30 15:42:40 q+ 15:42:46 brent: has a lot of approvals so will be merged after this meeting 15:43:16 dmitriz has joined #vcwg 15:43:17 TallTed: there is still one open question did URI or https URL 15:43:23 manu: https 15:43:24 ack manu 15:43:56 suptopic: general discussion on issues 15:44:34 manu: next step is to remove all controller doc related text in JOSE/COSE and Data Integrity and point to Controller Doc 15:44:38 s/suptopic/subtopic/ 15:44:49 ack would be good to bring up on the call tomorrow 15:44:57 ... will be a massive edit but not technical in nature 15:45:00 https://github.com/w3c/controller-document/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc 15:45:30 subtopic: https://github.com/w3c/controller-document/issues/10 15:46:18 q+ 15:46:30 ack manu 15:46:46 manu: we need to make the content and vocabularies consistent 15:47:15 ... we already have a security vocabularly so dont need a new controller doc vocabularly 15:47:18 q+ 15:47:28 q+ 15:47:41 ack ivan 15:48:12 ivan: if you go to the vocabularly document we refer to one or our specs for the definition of the term 15:48:49 ... so any references to one of our security specs should refer to controller doc instead 15:48:57 gkellogg has joined #vcwg 15:48:58 +1 to ivan's plan, unless we bump into some issue 15:49:07 Yes, +1 agree with Ivan on the path forward. 15:49:07 gkellogg has joined #vcwg 15:49:15 ack dmitriz 15:49:37 We won't be updating the security context. 15:49:40 q+ 15:49:43 (IMHO) 15:49:49 dmitriz: manu mentioned updating security vocabulary. This does not require update to security context as well 15:49:51 ack ivan 15:50:48 ivan: keeping security vocabularly URLs as now means less changes. We only need to point to controller doc for the definition of terms 15:50:54 Yes, +1 to what ivan said, agreed. 15:51:12 subtopic: https://github.com/w3c/controller-document/issues/8 15:51:31 q+ 15:52:29 ack ivan 15:52:37 Yes, +1, agree with what brent just said... applying Mike's change would change the horizontal review assertions (that they've reviewed and approved a variation of this before) 15:52:38 brent: because we are pulling text from existing documents, we should not in this case re-write to make text cleaner, but rather keep as is 15:52:45 +1 15:53:09 ... since this will make horizontal reviews much easier 15:54:41 ivan: there are some significant tasks for me to do, including obsoleting some existing documents 15:54:46 +1 to publishing JsonWebSignature2020 as a discontinued draft. 15:54:52 +1 15:55:32 q+ 15:55:50 ack ivan 15:55:56 q+ 15:56:21 ack DavidC 15:56:44 s/gabe/decentralgabe 15:58:06 rrsagent, draft minutes 15:58:07 I have made the request to generate https://www.w3.org/2024/06/26-vcwg-minutes.html ivan 15:58:59 rrsagent, bye 15:58:59 I see no action items