14:58:54 <RRSAgent> RRSAgent has joined #vcwg
14:58:58 <RRSAgent> logging to https://www.w3.org/2024/06/26-vcwg-irc
14:58:58 <Zakim> RRSAgent, make logs Public
14:58:59 <Zakim> please title this meeting ("meeting: ..."), brent
14:59:03 <gkellogg> gkellogg has joined #vcwg
14:59:13 <brent> meeting: Verifiable Credentials Weekly Teleconference
14:59:19 <brent> chair: Brent Zundel
14:59:30 <brent> present+
14:59:59 <hsano> hsano has joined #vcwg
15:00:26 <hsano> present+
15:01:52 <DavidC> DavidC has joined #vcwg
15:02:00 <DavidC> present+
15:02:04 <wes-smith> wes-smith has joined #vcwg
15:02:37 <decentralgabe> decentralgabe has joined #vcwg
15:02:42 <decentralgabe> present+
15:02:45 <manu> present+
15:04:03 <DavidC> scribe+
15:04:04 <Wip> Wip has joined #vcwg
15:04:10 <Wip> present+
15:04:53 <dlongley> present+
15:05:20 <JennieM> JennieM has joined #vcwg
15:05:27 <JennieM> present+
15:05:35 <bigbluehat> bigbluehat has joined #vcwg
15:06:06 <aniltj> aniltj has joined #vcwg
15:06:06 <KevinDean> KevinDean has joined #vcwg
15:06:10 <KevinDean> present+
15:06:24 <DavidC> DavidC has joined #vcwg
15:06:25 <manu> DavidC: I suggested newer simple definitions for issuee, please look at and comment on it, please.
15:06:32 <DavidC> scribe+
15:06:34 <manu> brent: Any updates to agenda?
15:06:37 <bigbluehat> present+
15:06:47 <aniltj> q+
15:06:52 <aniltj> present+
15:06:54 <DavidC> EBSI people will be attending next week
15:06:54 <manu> brent: Visitors from EBSI next week, we can speak with them about Terms of Use.
15:07:11 <dmitriz> dmitriz has joined #vcwg
15:07:16 <dmitriz> present+
15:07:24 <brent> https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211
15:07:39 <TallTed> s|comment on it, please.|comment on it, please. https://github.com/w3c/vc-data-model/issues/1467#issuecomment-2185331647 |
15:07:42 <DavidC> brent: feedback has been received from cryptographers on the above
15:08:22 <decentralgabe> discussion on VC formats - https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211
15:08:28 <decentralgabe> on DIDs - https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/205
15:08:41 <brent> Topic: media types
15:08:53 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1509
15:08:59 <aniltj> q-
15:09:08 <DavidC> brent: have had lots of discussions already about this
15:09:21 <DavidC> .... decided we would just register vc and vp
15:09:26 <manu> q+
15:09:26 <JoeAndrieu> JoeAndrieu has joined #vcwg
15:09:32 <DavidC> ... but some folks want ld adding as well
15:09:36 <brent> ack manu
15:09:50 <dlongley> -1 to change the core media types again, please move forward with `application/vc` and `application/vp`
15:09:55 <DavidC> manu: strong -1 for revisiting this topic again
15:10:24 <JoeAndrieu> I'm also -1 to revisiting this conversation
15:10:30 <KevinDean> -1
15:10:33 <mccown> mccown has joined #vcwg
15:10:37 <DavidC> ... people who want to use sd-jwt as well actually have nothing to do with our VC DM
15:11:06 <DavidC> ... it duplicates the typing mechanism but is incompatible with VCDM
15:11:50 <DavidC> ... we should contact Oauth group at IETF and ask them to stop creating specs that will confuse people with our W3C VCDM spec
15:11:51 <dlongley> +1 to everything Manu said.
15:11:53 <decentralgabe> q+
15:12:10 <TallTed> +1 msporny
15:12:21 <brent> ack decentralgabe
15:13:00 <DavidC> gabe: I am concerned about us being blocked from registering our media types
15:13:05 <brent> q+ to note the collision
15:13:51 <DavidC> brent: of the two media types we want to register (application vc and vp) should not be a problem
15:14:09 <DavidC> ... it is the addition of sd-jwt that may cause problems
15:14:20 <manu> q+ to agree with brent
15:14:35 <dlongley> +1 to brent, yes.
15:14:42 <brent> ack brent
15:14:42 <Zakim> brent, you wanted to note the collision
15:14:44 <brent> ack manu
15:14:44 <Zakim> manu, you wanted to agree with brent
15:14:51 <DavidC> ... we should register our base two types first
15:15:23 <TallTed> q+
15:15:34 <DavidC> manu: we need to move on, so lets not discuss further unless our initial registrations are blocked
15:15:53 <aniltj> q+
15:16:23 <gkellogg> gkellogg has joined #vcwg
15:16:28 <DavidC> ... its not clear to me how many sd-jwt data types there are, and they all seem to be incompatible with one another
15:16:44 <brent> ack TallTed
15:16:46 <decentralgabe> +1 to Brent's suggestion to register the base types first
15:16:56 <mccown> +1 for proceeding with the 1st 2 base types.  It doesn't sound like doing that and discussing the others later hinders anything.
15:17:06 <manu> q+ to take an action to submit the registration at IETF.
15:17:08 <DavidC> TallTed: we should not pre-determine that our registrations will be blocked.
15:17:16 <DavidC> ... lets wait to see the outcome
15:17:49 <DavidC> ... I see a lot of slopiness in what media types are being discussed, with the + and - signs
15:18:00 <brent> ack aniltj
15:18:33 <TallTed> s/with the + and - signs/with the + and - signs flipped or otherwise incorrectly used/
15:18:42 <DavidC> aniltj: feedback on ARF may suggest changes to media types are needed
15:18:58 <brent> ack manu
15:18:58 <Zakim> manu, you wanted to take an action to submit the registration at IETF.
15:19:28 <DavidC> manu: I will volunteer to submit the registration request for the two data types in our VC DM
15:19:37 <dlongley> +1 to that plan
15:19:41 <decentralgabe> +1 thanks Manu
15:19:44 <DavidC> ... application/vc and application/vp
15:19:44 <JoeAndrieu> +1 to that plan
15:19:56 <brent> Topic: VCDM Issue Processing
15:20:13 <brent> https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+-label%3Afuture+sort%3Aupdated-asc
15:20:37 <DavidC> brent: currently have 9 open issues that are not marked future
15:20:52 <DavidC> ... Tou will be discussed next week
15:20:57 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1479
15:21:28 <DavidC> dmitriz: coming along shortly
15:21:33 <ivan> present+
15:21:37 <manu> q+
15:21:38 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1479
15:21:43 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1500
15:22:04 <brent> ack manu
15:22:09 <DavidC> brent: what is there for us to do here?
15:22:13 <Wip> Wip has joined #vcwg
15:22:38 <ivan> zakim, who is here?
15:22:38 <Zakim> Present: brent, hsano, DavidC, decentralgabe, manu, Wip, dlongley, JennieM, KevinDean, bigbluehat, aniltj, dmitriz, ivan
15:22:41 <Zakim> On IRC I see Wip, gkellogg, mccown, JoeAndrieu, dmitriz, DavidC, KevinDean, aniltj, bigbluehat, JennieM, decentralgabe, wes-smith, hsano, RRSAgent, Zakim, brent, TallTed, tzviya,
15:22:41 <Zakim> ... rbyers, jyasskin, hadleybeeman, csarven, rhiaro, shigeya, manu, dlehn, cel, ivan, dlongley
15:22:51 <DavidC> manu: its not a good idea to redefine name and description
15:23:23 <DavidC> ... we should say WG has discussed it and its not a good idea to change the terms as currently described
15:23:23 <ivan> present+ will
15:23:36 <ivan> present+ mccown
15:23:45 <ivan> present+ joe
15:23:49 <ivan> +1 to close
15:23:51 <DavidC> brent: so the issue should be closed
15:23:54 <bigbluehat> +1 to close
15:24:08 <DavidC> ... so I will close it after the meeting today
15:24:14 <manu> q+
15:24:15 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1502
15:24:25 <brent> ack manu
15:24:40 <DavidC> manu: these are comments from EFF
15:25:03 <DavidC> ... EFF has reviewed the PR and says it addresses their concerns
15:25:14 <DavidC> ... only other thing is edit from TallTed
15:25:49 <gkellogg> gkellogg has joined #vcwg
15:26:07 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1503
15:26:25 <DavidC> brent: if I remember correctly this issue should be addressed
15:26:48 <ivan> https://github.com/w3c/vc-data-model/pull/1505
15:26:56 <DavidC> ... PR#1505 addresses this
15:27:08 <manu> q+
15:27:13 <brent> subtopic: https://github.com/w3c/vc-data-model/issues/1507
15:27:23 <brent> ack manu
15:27:55 <DavidC> manu: I have been working with a number of AI companies on how VCs can be used to determine if an online entity is a real person or an AI bot
15:28:10 <ivan> present+ wesley
15:28:10 <DavidC> ... AI systems can now pass Turing test
15:28:31 <DavidC> ... how AI affects IDM systems need to be documented
15:28:44 <brent> related PR: https://github.com/w3c/vc-data-model/pull/1508
15:28:56 <DavidC> ... will be a number of research papers published this summer that go into greater details
15:29:14 <decentralgabe> q+
15:29:15 <JoeAndrieu> q+ to say this is important, but we want to be careful about "solutions" based on anything other than cryptography (preferably post-quantum cryptography)
15:29:23 <brent> ack decentralgabe
15:30:05 <DavidC> gabe: AI does not affect the VC DM data structures
15:30:25 <manu> q+ to as decentralgabe if he's asking for the section to be moved to validation? I think he is.
15:30:35 <DavidC> brent: are you saying this PR text is in the wrong section of the spec?
15:30:39 <DavidC> gabe: yes
15:30:52 <DavidC> ... move to validation/verification section
15:30:56 <brent> ack JoeAndrieu
15:30:56 <Zakim> JoeAndrieu, you wanted to say this is important, but we want to be careful about "solutions" based on anything other than cryptography (preferably post-quantum cryptography)
15:31:23 <ivan> present+ dlehn
15:31:28 <DavidC> JoeAndrieu: confidenceMethod can be affected by AI
15:31:47 <DavidC> ... there is an AI arms race at the moment
15:32:11 <brent> ack manu
15:32:11 <Zakim> manu, you wanted to as decentralgabe if he's asking for the section to be moved to validation? I think he is.
15:33:00 <TallTed> q+
15:33:01 <JoeAndrieu> +1 to that, Manu
15:33:23 <DavidC> manu: the text will not provide text on exact solutions, but we should point to research papers when they become available
15:33:55 <JoeAndrieu> "We have something AI doesn't have. That is cryptography." That's great framing.
15:34:14 <mccown> Have we started actively discussing moves towards post quantum cryptography?
15:34:17 <brent> ack TallTed
15:34:18 <DavidC> q+
15:34:37 <DavidC> TallTed: AI is a moving target so not something we can solve now
15:35:23 <DavidC> ... I have provided substantial text edits to the existing paragraphs
15:35:38 <ivan> +1 to Ted
15:35:43 <brent> ack DavidC
15:35:59 <manu> scribe+
15:36:02 <JoeAndrieu> +1 to Ted. That was a good argument for keeping it in Security Considerations.
15:36:06 <DavidC> ... leave text as is and more text in Validation section
15:36:06 <decentralgabe> q+
15:36:28 <JoeAndrieu> q+ to say VCs have cryptography
15:36:35 <Wip> Wip has joined #vcwg
15:36:37 <manu> DavidC: Joe said that humans have cryptography and AI doesn't, that's a good point, but I think AI can have that too.
15:36:41 <brent> ack JoeAndrieu
15:36:41 <Zakim> JoeAndrieu, you wanted to say VCs have cryptography
15:36:51 <mccown> AI's are currently being created for brute force attacks on cryptography
15:37:15 <manu> scribe-
15:37:22 <manu> yes, +1 to what Joe said, that's what I meant too.
15:37:23 <Wip> +1
15:37:24 <mccown> ECC isn't quantum secure...
15:37:34 <manu> q+ to time box :)
15:37:37 <manu> q-
15:37:58 <decentralgabe> q-
15:38:04 <decentralgabe> will continue in issue
15:38:24 <DavidC> the issue about cryptography is not that AI cannot use crypto and sign, but rather that AI cannot break crypto
15:38:39 <brent> Topic: Controller Document
15:38:46 <brent> https://github.com/w3c/vc-data-model/pulls
15:38:47 <mccown> I would contend that AI can break crypto
15:38:47 <DavidC> Therefore AI cannot fake a signed document
15:38:51 <manu> q+
15:39:11 <brent> subtopic: https://github.com/w3c/controller-document/pull/32
15:39:30 <brent> ack manu
15:40:00 <DavidC> manu: we have a number of approvals already on these additions to the data model
15:40:36 <DavidC> ... the text is mainly from DID core so I prefer not to change it in the Controller document, but rather raise issues on DID core
15:40:46 <ivan> q+
15:40:56 <brent> ack ivan
15:41:03 <DavidC> ... specifically to ivan's comments
15:41:47 <DavidC> ivan: I could not properly explain what a controller document is from the existing text
15:41:48 <manu> q+
15:42:01 <brent> ack manu
15:42:14 <DavidC> ... need a higher level section to explain what the controller document is actually about
15:42:24 <brent> subtopic: https://github.com/w3c/controller-document/pull/30
15:42:40 <manu> q+
15:42:46 <DavidC> brent: has a lot of approvals so will be merged after this meeting
15:43:16 <dmitriz> dmitriz has joined #vcwg
15:43:17 <DavidC> TallTed: there is still one open question did URI or https URL
15:43:23 <DavidC> manu: https
15:43:24 <brent> ack manu
15:43:56 <ivan> suptopic: general discussion on issues
15:44:34 <DavidC> manu: next step is to remove all controller doc related text in JOSE/COSE and Data Integrity and point to Controller Doc
15:44:38 <ivan> s/suptopic/subtopic/
15:44:49 <decentralgabe> ack would be good to bring up on the call tomorrow
15:44:57 <DavidC> ... will be a massive edit but not technical in nature
15:45:00 <brent> https://github.com/w3c/controller-document/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc
15:45:30 <brent> subtopic: https://github.com/w3c/controller-document/issues/10
15:46:18 <manu> q+
15:46:30 <brent> ack manu
15:46:46 <DavidC> manu: we need to make the content and vocabularies consistent
15:47:15 <DavidC> ... we already have a security vocabularly so dont need a new controller doc vocabularly
15:47:18 <ivan> q+
15:47:28 <dmitriz> q+
15:47:41 <brent> ack ivan
15:48:12 <DavidC> ivan: if you go to the vocabularly document we refer to one or our specs for the definition of the term
15:48:49 <DavidC> ... so any references to one of our security specs should refer to controller doc instead
15:48:57 <gkellogg> gkellogg has joined #vcwg
15:48:58 <dlongley> +1 to ivan's plan, unless we bump into some issue
15:49:07 <manu> Yes, +1 agree with Ivan on the path forward.
15:49:07 <gkellogg> gkellogg has joined #vcwg
15:49:15 <brent> ack dmitriz
15:49:37 <manu> We won't be updating the security context.
15:49:40 <ivan> q+
15:49:43 <manu> (IMHO)
15:49:49 <DavidC> dmitriz: manu mentioned updating security vocabulary. This does not require update to security context as well
15:49:51 <brent> ack ivan
15:50:48 <DavidC> ivan: keeping security vocabularly URLs as now means less changes. We only need to point to controller doc for the definition of terms
15:50:54 <manu> Yes, +1 to what ivan said, agreed.
15:51:12 <brent> subtopic: https://github.com/w3c/controller-document/issues/8
15:51:31 <ivan> q+
15:52:29 <brent> ack ivan
15:52:37 <manu> Yes, +1, agree with what brent just said... applying Mike's change would change the horizontal review assertions (that they've reviewed and approved a variation of this before)
15:52:38 <DavidC> brent: because we are pulling text from existing documents, we should not in this case re-write to make text cleaner, but rather keep as is
15:52:45 <dlongley> +1
15:53:09 <DavidC> ... since this will make horizontal reviews much easier
15:54:41 <DavidC> ivan: there are some significant tasks for me to do, including obsoleting some existing documents
15:54:46 <manu> +1 to publishing JsonWebSignature2020 as a discontinued draft.
15:54:52 <dlongley> +1
15:55:32 <ivan> q+
15:55:50 <brent> ack ivan
15:55:56 <DavidC> q+
15:56:21 <brent> ack DavidC
15:56:44 <decentralgabe> s/gabe/decentralgabe
15:58:06 <ivan> rrsagent, draft minutes
15:58:07 <RRSAgent> I have made the request to generate https://www.w3.org/2024/06/26-vcwg-minutes.html ivan
15:58:59 <ivan> rrsagent, bye
15:58:59 <RRSAgent> I see no action items