- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 2 Aug 2022 14:47:32 +0200
- To: public-credentials@w3.org
- Message-ID: <CAKaEYhKbQcMoXvV8vkjxYz-WLs054pxPxxqxKJU6JhmD9VPA1w@mail.gmail.com>
Quick question: Does "multhash" have its own URI scheme? On Mon, Apr 4, 2022 at 4:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> wrote: > Thanks to Our Robot Overlords for scribing this week! > > The transcript for the call is now available here: > > https://w3c-ccg.github.io/meetings/2022-03-15/ > > Full text of the discussion follows for W3C archival purposes. > Audio of the meeting is available at the following location: > > https://w3c-ccg.github.io/meetings/2022-03-15/audio.ogg > > ---------------------------------------------------------------- > W3C CCG Weekly Teleconference Transcript for 2022-03-15 > > Agenda: > > https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date > Topics: > 1. Introductions and Reintroductions > 2. Announcements and Reminders > 3. CCG Work Items for promotion to VC WG > Organizer: > Heather Vescent, Mike Prorock, Kimberly Linson > Scribe: > Our Robot Overlords > Present: > Kimberly Linson, Manu Sporny, Brian, Ryan Grant, Dmitri > Zagidulin, Shawn Butterfield, Chris Abernethy (mesur.io), Markus > Sabadello, Leo, Kerri Lemoie, Mike Prorock, Andy Miller, Orie > Steele, Charles E. Lehner, Kaliya Young, Adrian Gropper, Brent > Zundel, David I. Lehn, Kayode Ezike, Jeff Orgel, TallTed // Ted > Thibodeau (he/him) (OpenLinkSw.com), Mahmoud Alkhraishi, Juan > Caballero, Heather Vescent > > Our Robot Overlords are scribing. > Kimberly Linson: Recording is on. > Kimberly Linson: I just. > <kerri_lemoie> high five back! > Kimberly Linson: High five to the air so we're all good okay so > let's kind of walk through just our agenda review we're going to > talk about the will go through sort of our housekeeping items and > then we're going to do our main topic today which is that man is > going to frame the context for us around the new VC working group > Charter and some of the work items that we have that are going to > move or potentially move to. > Kimberly Linson: To to that group. > Kimberly Linson: Go ahead and run through our housekeeping > stuff. > Kimberly Linson: So first off anyone is welcome to participate > in these calls however if you are wanting to make substantive > contributions we really would invite you to join the ccg you have > to do two things in order to to be a full contributor one is join > the ccg the link to do that to have an account its free to anyone > is in that link is in that. > Kimberly Linson: Into that I sent. > Kimberly Linson: That's step one step two is to sign the > community contributor license agreement and the link to that is > also in in the agenda so I would definitely if you have not > already done that please do then just a couple of things about > how to participate in the call first of all you're in jitsi which > means that you've done step one and if you have audio issues or > something doesn't seem to be quiet. > Kimberly Linson: Right we do know that. > Kimberly Linson: They're sort of. > Kimberly Linson: Be sometimes be some issues in the system > couple workarounds or one too just refresh to is to try a > different browser and know that that's worked for me on a couple > of different occasions to just switch over to Safari the minutes > and audio are of everything that's said on this call are recorded > and archived and they are also that link to that archive is also > in the agenda and so you can go there to look at those. > Kimberly Linson: We use iirc to. > Kimberly Linson: Jurors during the call as well as to take > minutes we have this awesome CG bought that you can see that is > transcribing and recording everything so hopefully we won't need > a scribe but just to give your give you a few little tips on how > to to use the are see if you aren't familiar with it one is it if > you have something you want to say just add yourself to the queue > by typing q+ if you change your mind you can pick you -. > Kimberly Linson: If you see something in the transcription that > the CG Bot got wrong. > Kimberly Linson: Our that the CG bought got wrong then you can > do s: / whatever was incorrect Bob / what's correct Robert and so > you can fix anything and I've actually asked that as an entire > Community we do that and thanks man you for putting that in there > yes so so I'd asked us all to kind of keep an eye especially on > the things that you say and make sure that that. > Kimberly Linson: It is represented correctly. > Kimberly Linson: And let's see so now I think we're too we'll > skip the Scribe selection I don't think we need that because > hopefully the CG bot will do that for us and we get to do > introductions do we have anybody new to the community or who > would like to hasn't been here for a while who'd like to > reintroduce themselves. > Kimberly Linson: We'd love to welcome you. > > Topic: Introductions and Reintroductions > > Kimberly Linson: And is a former educator I know to give that a > very long pause but I don't see anybody and I recognize most of > the names here so I'll go ahead and move to announcements and > reminders. > Kimberly Linson: Anybody have an announcement for us. > > Topic: Announcements and Reminders > > Manu Sporny: https://w3c.github.io/vc-wg-charter/ > Manu Sporny: Yeah just two things the first one is reminder this > is the weekly reminder that the verifiable credentials working > group Charter is under active development please read it provide > some input we're going to be talking about it today but things > really do seem to be wrapping up on it so please kind of read it > as it stands right now and you know. > Manu Sporny: You're running out of time the chart looks is > starting to look pretty good right now so I don't think this > community would have any objections with it but just a reminder > that that's happening the other kind of news is that it looks > like the did formal objections or moving forward a bit with the > director can't say much more than that but looks like there's > some movement there so that's good and that's it. > Kimberly Linson: Great thank you any other announcements > reminders. > Manu Sporny: https://w3c.github.io/vc-wg-charter/ > Kimberly Linson: All right I checked and it doesn't seem like we > have any action items that we need to talk about but if somebody > has somebody thing that they want to bring up there now would be > the time to do so. > > Topic: CCG Work Items for promotion to VC WG > > Kimberly Linson: Okay great then let's get into to the main > topic for for today as I said at the beginning this was a good > topic for me to have as my first one because it really gave me > the opportunity to dive in and see what it is that we're doing > and I have to save it as a community group it is amazing the > amount of work and expertise that were contributing and I know > you all know that in parallel to our work the the. > Kimberly Linson: Is also doing their work and so today's topic > is really to as man you said think about those items that we've > been working on and do they need to be promoted to to the formal > BC working group so I'm going to go ahead and turn it over to > Manu to walk us through the context and then we can have a good > discussion around that after he's finished. > Manu Sporny: Okay thanks Kimberly Bryant I don't know if you > would also I'm sorry to put you on the spot print but I don't > know if you would like to say some things to kind of start at > Brent's Brent's one of the co-chairs of the verifiable > credentials working group or if you want me to just dive into > things. > Brent Zundel: Manu I will certainly leave it to you to dive into > things and I'm happy to chime in if folks want me to talk. > Manu Sporny: https://w3c.github.io/vc-wg-charter/ > Manu Sporny: Okay awesome thanks Brent okay so Brent is our > fearless leader in the verifiable credentials working group and > has been a chair therefore since the since the dawn of time for a > long time and currently as I mentioned we've been working on this > verifiable credentials working group Charter I'm going to go > ahead and share going to tempt fate and share my screen. > Manu Sporny: Sorry to do this to you on your first first time > Kimberly butt. > Kimberly Linson: That's okay you said if you said if it was if > it got broken to just call on you so since you're in charge there > you go you can break it and then fix it. > Manu Sporny: Exactly okay so here's the charter so the > verifiable credentials working group Charter and there's a > portion of the charter that talks about the group's deliverables > and typically this group The credentials community group has been > a feeder of incubated specifications to the verifiable credential > working group now this not the only path. > Manu Sporny: Earth to the VC. > Manu Sporny: G but it is a path and we have a number of > community work items that have found themselves in the verifiable > credentials working group Charter so there's a part of the > process here where this community hands are work items over to > the official working group and there is a process there's a > community group process for that you publish what I think is > called a final community group report. > Manu Sporny: People in this community then if you worked on it > make concrete IP our commitments basically is asserting that yes > I worked on it no I don't know about any patents or if I do know > about patents I will bring them to light I will let everyone know > about it in in in in most cases contribute the patents for the > specific purposes of the specification so that process so if you. > Manu Sporny: Dissipated in any of these items there's. > Manu Sporny: Asian that you're going to make that patent > commitment on the specification so what items are in this group > that are moving over currently we have listed the data Integrity > specification Jason Webb signature 2020 Edwards curve signature > for David data Integrity the same thing for the nist. > Manu Sporny: T curve. > Manu Sporny: Thing for the Bitcoin also known as the Cobell its > curves theory mises that stuff as well and then we have > conditional normative specifications that basically say if these > things progress in some groups outside of the group we will take > the work up as well so there's the pgp crypto Suite which is > currently in or he's repo here we've got BBS plus which. > Manu Sporny: Which you know work is happening. > Manu Sporny: At ietf in diff on that and we've got the jwp stuff > where work is happening at diff in ITF on that so the the whole > discussion today is really around like this section of the of the > specification I'm sorry I forgot to mention the post Quantum > crypto stuff as well that mic Pro Rock and in that groups working > on so but but. > Manu Sporny: Basically we're talking about this section. > <mprorock> * i feel slighted ;) > Manu Sporny: Write all the all the stuff in here I sent out a > kind of every year we present this roadmap about what the group > is doing and this I tried to update it I'm sorry if I missed > something there's a lot of stuff to keep track of I tried to > include all the things this community has been working on since > like you know 2010 ish. > Manu Sporny: 14 Ish all the way to present. > Manu Sporny: A and then try to predict out that like 20:27 based > on the stuff that we know this does not include work items that > for example diff is working on it doesn't include work items that > are happening at ietf unless they originated in the ccg so it's > missing some things with the Hope here is that it gives everyone > a pretty good idea of like the types of things we've worked on in > the past and what we're getting ready to move over so. > Manu Sporny: Cific Lee if we if we scroll down here. > Manu Sporny: The red line is today so this is this is where we > are today and if we scroll down here to the cryptography section > right here so the cryptography section this is where we are today > in each one of these items is an official work item in a official > w3c working group so as you can see we are getting ready to hold > like hand over a. > Manu Sporny: A huge amount of. > Manu Sporny: From this group to official working groups at w3c > so that is like a huge success story I think they're not all > going to the same working group this one here at the top actually > you know what let me let me pause for a second I've kind of fire > hose the group with information are there any questions at least > at a high level about what we're talking about today or just > general questions about the. > Manu Sporny: Okay so that's either everyone understand well > let's see where's the queue right so either everyone understands > or we're all totally lost one of the do I'll keep going feel free > to put yourself on the Queue if there's any any questions so > they're really two working groups at w3c that ccg work is going. > Manu Sporny: To the first world. > Manu Sporny: In group is a very specialized working group to > standardize this spec up here rdf data set canonicalization this > spec has been incubated in this group and other groups for a > decade now literally this work has been going on for a decade and > it's finally moving over to an official working group with the > time span of two years to standardize it the good news here is > that this thing has been pretty settled for six years now. > Manu Sporny: Now 7 years now but it. > Manu Sporny: Goes to show you sometimes how long some of these > things can take to actually get it into an official working group > so rdf data set canonicalization is going into a working group > called rdf data set canonicalization hashing working group at w3c > that group will run in parallel with the re-chartered verifiable > credentials 2.0 working group The VC 20 working group will build > upon this work and and. > Manu Sporny: Their work elsewhere. > Manu Sporny: Um and it will be taking all of these > specifications in right so things like data Integrity multi base > multi hash and multi key this one's a little gray area right now > but other things like Jason Webb signature the Edwards curve > crypto sweet the nist crypto sweet the Cobell it's Bitcoin > ethereum crypto sweet. > Manu Sporny: All you know fairly well formed and inspects that > can be pulled in the BBS Plus work needs more work at ietf but > we've been able to basically phrase the charter so I'm going to > switch back over to the Charter we've been able to phrase the > charter in the in this kind of conditional normative > specification term so basically this means that. > Manu Sporny: Plan to publish official standards for these > Technologies if the base work for these Technologies are > completed before the working group ends so there's base > technology for BBS plus that has to happen at ITF and there's > base technology for J WP s that has to happen at ietf before the > verifiable credentials working group can take it over. > Manu Sporny: Over so these things are. > Manu Sporny: Like optional we may not get to them we really hope > we get to them but it's totally dependent on groups that are kind > of external to the VC WG to deliver on the things that they said > they were going to deliver on okay so going back to kind of this > diagram that's why BBS plus doesn't start for maybe another year > in the group there's some pre-work there that needs to be done. > Manu Sporny: Let me stop there to see if there any questions. > Kimberly Linson: Well I was trying to keep question mark But I > added myself to the queue so I will ask you so so the official > Charter like how long of a period of time does that VC working > group Charter span. > Manu Sporny: Right great question so the charter span see oh wow > they don't have it it's two years basically right in once we know > the start date will will lock those time periods in there so at > the top it's typically two years and they really don't like w3c > members really don't like giving Charters more time than that > they don't like work that doesn't complete in something concrete > so we basically have. > Manu Sporny: Two years. > Manu Sporny: Extensions but and they're typically granted if > they're reasonable but if you have like failed to produce > something implementable at two years that you basically just acts > the group they shut you down which is why it's so important that > we go in with pre incubated work the other thing that's > interesting to look at here from timeline is section 2 6 where it > talks about like what happens a month after two months after five > months after 6 months. > Manu Sporny: After most w3c Charters have. > Manu Sporny: Are and and language like f PW d means first public > working draft CR means candidate recommendation like for > implementation implementer should start implementing at that > point and Rec means recommendation also known as kind of like an > official global standard so that's the time frame two years and > it's kind of broken down a bit in here and it's everyone that's > been in a w3c working group can attest to this is largely. > Manu Sporny: A work of fiction. > Manu Sporny: Things don't always go according to plan but you > know should give you a rough idea of what we intend to do. > Kimberly Linson: Thanks Charles is on the queue. > Charles E. Lehner: Hi can you hear me. > Charles E. Lehner: Hi I was wondering about the IP our > commitment process you mentioned how it works coming from with > documents coming from ccg and I was wondering how it works if > it's the same for the other potential documents coming from other > organizations. > Manu Sporny: That's a great question documents coming from other > organizations that have their own IP are mode or tend to be very > problematic in that it takes us a while to figure it out now if > that organization has a w3c mode like for example diff does > moving things overs typically much easier for the lawyers to > reason their way through it so Charles was your question mostly > about external documents coming in. > Charles E. Lehner: Yeah about the conditional normative > specification documents but. > Manu Sporny: Okay okay that's a great question because these are > there are two partners here this there's a two parts to the > answer here right so the BBS plus crypto Suite is a ccg work item > so at some point not now but maybe in a year maybe in six months > this group will have to create a final community group report on > the BBS plus specification and then hand it over to the be cwg. > Manu Sporny: Ever the base. > Manu Sporny: Primitives will be ITF work items so ietf doesn't > hand that stuff over to w3c ITF just basically says we've got it > we will standardize the base cryptographic Primitives and ITF in > you ccwg in your crypto sweet can refer to our specs so in the VC > w g what we would do if everything is in order at ITF the V CW G > would start pointing normatively. > Manu Sporny: Lie to the BBS. > Manu Sporny: ITF specifications did that help Charles. > Manu Sporny: The other part of that question which is also > interesting that I don't think many of us have been through here > is this whole concept of a final community group report in so if > you'll notice on our community group webpage we have these final > reports in like the vc10 use cases was one of those things the > data model 10 was one of those things in the did Speck was one of > those things there was. > Manu Sporny: A point in time where we did. > Manu Sporny: Doing today where we said okay we need to hand over > a bunch of specs and the editors of those specs publish them as > final reports in got licensing commitments on those final reports > so if I go and I click on like the did licensing commitments it's > takes a while to load because it's got a load all 460 people in > the group but you'll see these commitments from the credentials > community group on this did spec so you'll see you. > Manu Sporny: Like Dan burn. > Manu Sporny: Commitment reuven made a commitment Michael Zoo > Pele I mean all these people that worked on the did spec made > commitments right so all this yes stuff our commitments basically > saying we are not withholding any kind of intellectual property > or anything on the spec but if you go down far enough like there > are a lot of people that that made commitments. > Manu Sporny: A lot of people made commitments. > Manu Sporny: You'll see that some people did not write and that > might be because they didn't contribute anything to it it might > be because they don't feel like what they did contribute you know > would make a difference some of these people might not have been > a part of the group at the time right so really what we're > looking for are commitments from people that actually contributed > material and specifically things that are substantive to the > specification so. > Manu Sporny: The editor. > Manu Sporny: A document will put it out there and publish it and > then we'll publish it as a final report and then we will ask the > community hey we need you to you know make a commitment if you > contributed anything make a commitment and the editors themselves > will know like these five people absolutely definitely me need to > make commitments or we need to know now that they're not going to > make a commitment because then that that creates an air of you > know. > Manu Sporny: Auntie around IP are so if somebody. > Manu Sporny: Substantive thing like a something fundamental and > they're refusing to make and I pee our commitments then that's an > immediate red flag that you know it's raised now that has never > happened either that as far as I know in this group ever but what > we are expecting here is that for this work. > Manu Sporny: People we're. > Manu Sporny: Publish F CG s is final community group > specifications for these items and people are going to make those > IP our commitments on these documents hopefully that made > hopefully that made sense. > Kimberly Linson: Thank you does anybody have any questions for > me a new queue is currently empty. > Kimberly Linson: All right man who are the things that we want > to dive into on specifics or. > Mike Prorock: +1 That or dive on VC-API implications > Manu Sporny: We might want to ask each of the editors where they > think they are on prepping you know each document so we might > want to dive into each one individually that's one thing we could > do the other thing we could do is look at the rest of the road > map I don't know if folks would be interested in doing that and > asking questions about why things are staged in the way they are > or there's X is missing. > Manu Sporny: You know why is that. > Manu Sporny: Where does it fit in here. > Dmitri Zagidulin: +1 To roadmap > Manu Sporny: Either either you know we could we could go either > way. > Kimberly Linson: Mike just brought up a really good point that > maybe we should discuss is the VC API work and maybe we can > discuss that and then talk about the roadmap so that makes sense. > Manu Sporny: Oh yeah plus one. > Kimberly Linson: Mike do you want to jump in and give us kind of > an overview of the. > Mike Prorock: Yeah well like yeah sure and I guess really the > thing that is a little bit concerning to me and I think we're > making good progress now especially with some of the PRS that are > in queue on VC API but there's kind of two things if that work > moves over into the working group I think we should have it at a > reasonable does not have to be perfect but a reasonable steady > state. > Mike Prorock: Which would mean. > Mike Prorock: In the VC API work item we would want to kind of > formalize and say Yep this is what we're considering in scope and > we're just going to kind of lock this in a certain point and then > re pick up work inside the working group but since that would be > moving to a non-normative item that is the other question I have > around kind of what are the implications of that. > Mike Prorock: That could be detrimental. > Mike Prorock: Normative item it may set up the path to a more > normative item once we show people working on it so there's a > variety of ways that could go strategically and politically and > so that's kind of an open for I'd like man whose thoughts on that > and then I think that might spur some interesting conversation > there so. > Kimberly Linson: Great guy had manna. > Manu Sporny: Yeah I think that yeah Mike's totally right the > this is like a very this is a super interesting what's the word > conundrum that that were in with the VC API so so we've got > multiple people implementing the VC API and I know the trace > folks are doing it I know digital bazaars committed to it you > know number of organizations committed to interrupt through the > VC API but. > Manu Sporny: There have been some. > Manu Sporny: See members that have pushed really hard to keep > protocol out of scope for the verifiable credentials working > group so you will know that there is. > Manu Sporny: Out of scope right normative specification of apis > are protocols and we are expecting that if we try to put it in > scope it would be challenged heavily if not formal objections so > the what we've tried to do here is to basically say the group is > going to work on a developer guide the VC to working group is > going to work on a developer guide and there's going to be input > to that one of them is the VC API. > Manu Sporny: II just be Capi. > Manu Sporny: Other ones can app like we want to be able to talk > about protocols that are carrying verifiable credentials over > them but we're not allowed to say anything normatively about > those things so how are we you know how is this group going to > feed VC API into the VC to working group The verifiable > credential 20 working group. > Manu Sporny: One option. > Manu Sporny: When is we just handed over completely and it stops > being a ccg work item and then it's up to the verifiable > credentials working group to determine what what should happen to > the VC API upside there is like hey it's in the group that's > great but the only thing they can do is publish it as a note and > one of the implications of that that Kyle did hartog brought up > which I thought was a great point. > Manu Sporny: Point is that because it's a note it. > Manu Sporny: Kind of IPR protection whatsoever 0 IPR protection > so people can start injecting all kinds of horrible proprietary > patented stuff in there and there is no requirement to say > anything about that now we know I think all of us don't think > like that's going to happen but that is one of the concerns there > so option one is give it completely over to the verifiable > credential working group but all they can really do is work on it > as kind of like a note a developer guide that kind of thing. > Manu Sporny: Option two is that we keep it as a ccg work item > and we continue to incubate it here it has IPR protection in this > group and will continue to have IPR protection in the group and > what we can do is hand over snapshots to the verifiable > credentials to working group we can basically tell them hey can > you snap shot this in they can publish it as a note and they can > snapshot you know couple times throughout the year the benefit > there is that it has IPR protection and we can continue to > incubate it as kind of. > Manu Sporny: A high priority item. > Manu Sporny: So it'll get like the air it needs to breathe here > and have protection while also signaling to the w3c membership > that we do plan on doing protocols at some point like maybe not > right now but maybe in the VC 30 working group the recharter we > plan to put protocols in scope so that's option two option three > is to just keep it in the ccg and keep working on it and it would > be good you know I don't know. > Manu Sporny: If there are other options too. > Manu Sporny: Other options of the things that we could do with > it or it would also be good to hear back like what do folks feel > we should do with that item. > Manu Sporny: Let me ask a more pointed question traceability > folks what do you want to do with that item I mean you guys > depend on it right. > Mike Prorock: Yeah I mean I am honestly fine with it going in as > a note on the w3c side one of the kind of bigger picture items > that we have to balance as kind of the multiple aspects of > traceability because a lot of digital traceability is also coming > up and there seems to be a critical mass actually on the ietf > side right with some working groups there and that's where. > Mike Prorock: We have to still find out. > Mike Prorock: Willing to be friendly to use of VCS and Ed's > right in especially linked data usage and that's a bit of an > unknown right now and that's kind of a high risk I don't know or > eicu on the queue as well. > Orie Steele: Yeah I agree with the what Mike said you know I > think when we consider technologies that are related to > verifiable credentials dids and the sort of basic cryptographic > envelope formats like Jose Jose come to mind and I would want to > make sure that I think you know just speaking frankly the > verifiable credentials a. > Orie Steele: P I work for her. > Orie Steele: That's not the only thing that's important support > for traditional Jose and cozy a is also really important > especially for kids and and so I think. > Orie Steele: My experience with the w3c you know especially > after the did working group I'm not sure that the w3c is really > the best place to do anything related to protocols I think I > agree in large part with some of the positions that other w3c > members have held that the w3c is not really great at developing > protocols and in particular support for Jose and cozy which are. > Orie Steele: Of users are actively contributing to and > maintaining them at ietf I think there is a future where the VC > apis that exist today might be better served becoming more of a > dids plus Jose and cozy at ITF but that is the kind of thing that > you know it's about going to where the contributors are and > asking them how they want to see these Technologies working > together. > Orie Steele: And recognizing that. > <mprorock> it is really nebulous and makes me highly nervous > <mprorock> I don't think CCG helps it long term either > Orie Steele: Not everyone wants to use the same tools to build > their favorite sandcastles so I think the verifiable credentials > API as a non normative item at the w3c obviously doesn't really > do anything to secure its future anywhere like it could just > become a non-normative item and then never be defined further > could become a normatively defined API at W3 for support for the > defined verifiable potential formats. > Orie Steele: I think that's a best-case scenario but. > Orie Steele: My experience over the last few years is that even > when you plan for something like that you may not actually be in > control of achieving it especially given the you know kinds of > contributions we see the w3c standards so if it feels nebulous > and scary the yeah that's kind of how I feel about it. > Kimberly Linson: Go ahead manu. > Manu Sporny: Yeah so I mean this is this is this is new to me > and that does seem like a very big change in scope and Direction > Ori. > <orie> there is OIDF as well, working on protcols related to this > Manu Sporny: And so where it's so I haven't seen work like this > done at ITF ever there's low-level protocol bits and bytes stuff > that does happen at ITF but not application you know layer > protocols like sip is an example HTTP an example but those are > you know much more lower lower level than the VC API we're in the > w3c has. > Manu Sporny: Unlike application. > Manu Sporny: Linked data platform you know they did you know > protocol work there we're at ietf are both of you thinking the > work would fit in like it would be a complete rewrite of the > specification I think that's what I mean that's what I'm hearing > is like hey let's not use verifiable credentials let's use > something else and let's not do a w3c spec Let's do an ITF spec > so it sounds to me like this is a totally different > specification. > Manu Sporny: And you guys talk. > Manu Sporny: What where where did IETF with the work happen. > Orie Steele: So I'm not saying any work what happened ietf I'm > saying that ITF works on things that I care about deeply and if > you look at you know the work on an app that's happening and ietf > you can see that you know clearly ITF has ability to gather folks > who are passionate about these issues and work on standards there > I'm mostly saying that from a software supply chain or hardware > supply chain use cases dids and VCS are. > Orie Steele: Obviously an important part of that but I think > also. > Orie Steele: Port for existing cryptosystems like pgp Jose and > cozy is an important part of that and bgp Jose and Jose have been > defined at ITF so I'm mostly just saying that work will happen > where people are and you know obviously the VC API is currently > being incubated here in the w3c ccg and the plan is to work on it > as a non normative note in the w3c verifiable credentials working > group assuming the charter is approved. > Orie Steele: It's all I can say about that as I. > Orie Steele: I'm just noting that like there are also other > things that are happening out in the ecosystem like now and the > open ID connect verifiable presentation Flows at open ID > foundation and you know I'm interested in contributing to these > items as well so maybe really what I'm saying is that work > happens outside of the ccg and w3c as well. > Kimberly Linson: Thanks Orie, Mike did you want to add some > something to that. > Mike Prorock: Yeah I mean I can add some color and then some > concern I mean the I think a I think fundamentally having the VC > API live as a were even traceability for that matter live as a > long-term ccg non-normative items not going to be helpful to > adoption right and that's that's concerning to me so we have to > start thinking even if it's a way down the line where's this > going to work in a graduate to in quotes right. > Mike Prorock: > > https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-00.html > Mike Prorock: The I think you know Trends I am seeing in ietf > are for sure more work going on on exactly this kind of thing and > a case in point there's I'm going to link an individual draft > that's dealing more with supply chain from a software supply > chain like s bomb and things like that this this work is going > on. > Mike Prorock: Whether we like. > <bumblefudge> Fraunhofer SIT 🤩 > Mike Prorock: And so it's kind of forcing some decisions like > can we you know try to engage in a positive way and help move > those work items forward while also making sure our needs are met > from a like I have no desire to move away from verifiable > credentials like none whatsoever so you know it's stuff we just > kind of have to be aware of that is happening and unfortunately > because the players involved that stuff. > Mike Prorock: I'll get critical mass. > Mike Prorock: Like there's not only you know major players > involved in this kind of stuff and at that actual like protocol > API level type definition in architecture level definition but it > dition Ali there is regulatory momentum to go ahead and push some > of that stuff through I mean we're seeing increasing amounts of > executive orders on like how do you respond to zero trust > architecture things like that so these are you know items at > least from the US perspective. > Mike Prorock: Spective as well as also you know increased. > Mike Prorock: On the EU perspective that we're going to see some > of this stuff either you know get moved out of our hands because > we're not getting stuff ready quick enough or you know in a > presentable State quick enough or sometimes is as as I've seen > happen a couple of times lately take the work too far before > getting the conversation going with other players right and then > then it does become one of those like worst-case scenarios where > you're sitting down and rewriting stuff or readapting. > Mike Prorock: Whatever you just. > Mike Prorock: Forced into using and we want to avoid that as > well so so it's a complex it's a complex issue and it does make > me nervous and I think it should ultimately anyone who is working > heavily on things like VC API or off shoots of it and profiles > should be thinking about this stuff you know broadly and from a > big picture with you know who are the players in the ecosystem > taking this stuff seriously. > Mike Prorock: You know who made. > Mike Prorock: Out-compete whether we want them to or not. > Manu Sporny: Yeah I guess it's so I what I'm hearing is that > there are other groups out there that are working on technologies > that either directly compete with verifiable credentials or > directly compete with the verifiable credential API and we should > be aware of those initiatives I think that's the one of the > things I'm hearing the other thing I'm hearing is that. > Manu Sporny: Ricci might not be the best place for some of this > work and I think there was a finger pointed at the VC API > potentially so those are the two things I heard both Orion and > Mike you saying please correct me if I didn't hear that correctly > the third thing is a bit it's so nebulous it's hard for me to > understand what you're asking the community to do. > Manu Sporny: Do other than be. > <orie> I am not asking for anyone to do anything. > <orie> contribute where you think you should. > Manu Sporny: In the be aware even that is kind of like it's you > know it's not clear to me what the alternate plan wouldn't what > an alternate plan would be so I'm not hearing a very okay so are > you saying he's not asking anyone to do anything just be aware > that other work is happening elsewhere so let me let me stop > talking no mics on the Q I'm having a hard time. > Mike Prorock: Yeah I can get I can get into some very specifics > you know from like my personal and this is not chair hat right > this is just like me personal member of the community writing and > deploying software that is dependent on these specs right and > building a business that touches all this stuff you know you know > I think this is one of the reasons I fought very hard to make > sure in. > Mike Prorock: The working group. > Mike Prorock: Order for the next version of the VC API that we > can discuss from a practical developer standpoint what are the > implications of this and how do you work with these things and I > fought very strongly for the inclusion of two key items one was > the ability for us to discuss the oid see work going on you know > for exchange of credentials right over oid see that is obviously > work that is going on outside the w3c that is directly related. > Mike Prorock: And impacting on VCs I don't think that's. > Mike Prorock: I think that's just a thing right but we when we > think about it from a broader verifiable credential standpoint we > need to be able to guide and provide advice around how do you > actually interact with that stuff are we so you know what is > helpful etcetera same thing with the VC API and I don't see a > problem and I'm fact I plan to and I've stated multiple times in > the working group you know plan to one author you know or make > significant contributions. > Mike Prorock: Tribution stew that developer guide for both. > Mike Prorock: And for the VC API aspect if not fully flushing > and helping to fully flush out into find the VC API in a note > standpoint so I that is the path that I am proceeding down that > does not negate more detailed you know specific work that may > have normative requirements either in w3c or elsewhere right and > so that's I think the hit man who does that help clarify a bit > like you know but I. > Mike Prorock: Yeah and in the main reason on like the be. > <identitywoman> The Relying party problem (where can VCs be > accepted) is a really big one - the OIDC relying party "solution" > is reasonable - expecting everyone to rip and replace completely > to use VCs. > <identitywoman> is not reasonable > Mike Prorock: It's like especially from you know and I'm you > know being blunt here but like especially when we look at the > Microsoft's the IBM's the sap is the world right these are the > folks that to date have had a Stranglehold on this kind of > information exchange possibly also with GSX if you want to go > down the EDI path also you know additionally and so we need to be > aware that they will do you know players that have an established > foothold will do what they can to prevent losing. > Mike Prorock: That established footholds. > Mike Prorock: And it's just something we talked around that > issue a lot but we should be aware of it concretely and also be > very much Mindful and watching carefully what they are doing in a > standards basis to that could potentially serve as something that > is a competing standard that is a standard possibly even > sometimes in name only in order to justify a proprietary solution > and those are things we need to avoid from a lock-in standpoint > etcetera. > Kimberly Linson: Thanks Mike Adrian you're on the Queue next. > Adrian Gropper: Yes after working on this issue that we're > talking about now for about a year and talking to a lot of people > my conclusion has is that the protocol work that's going on here > under the very reasonable flag of self Sovereign identity and > authentication things does not Translate. > Adrian Gropper: Late in. > Adrian Gropper: Moving those under that decentralisation self > Sovereign flag to protocol work as it's being done in w3c and so > I at least you know have am completely moving the protocol > attention to ietf basically because you know the things that are > very much in the news these days whether you want to call. > Adrian Gropper: Them human. > Adrian Gropper: You trust or other things like that have to do > with the platform issues regulating the platforms and and things > like that and we just seeing that every day and to me the > protocol work that I've witnessed here is just completely > detached from the reality of what the world is worried about in > Europe and different cultures. > Adrian Gropper: Seeing again from this antitrust and human > rights perspective thank you that's it. > Kimberly Linson: Man who I have you on the queue. > Mike Prorock: +1 Manu > Manu Sporny: Yeah just real quick to Adrian Adrian that is just > not true we have gotten delegate abby'll authorization > capabilities working for the VC API full delegation so it > achieves the things you've been asking for for a long time we > have yet to put it in scope because the group's not ready to do > it yet so I strongly strongly disagree with your notion that > we're not paying attention to things like human rights and > delegation. > Manu Sporny: And specifically. > Manu Sporny: Ensuring that providers don't prevent you know > those holders from delegation so that's the first point the > second Point Orion Mike maybe I read what you two are saying as > in as a you're abandoning the be Capi work I don't think that's > what you meant to communicate but that's how I read it or even > abandon the be Capi work at w3c so. > Manu Sporny: +1 To support VC-API, yes, DB is fully committed to > that work item. > Mike Prorock: Okay quite the yeah and I'm on Q I'm just going to > act myself because of time and quite the opposite I mean that's > why I stated clearly like I plan on you know if not being a > primary author like major contributions on the actual developer > guide node or whatever that ends up becoming and that will > include how do we do restful exchange and handling of verifiable > credentials period end of sentence right but so and I'm assuming > that we'll start with the. > Mike Prorock: Capi we bring that in and then we evolve it as > well. > Mike Prorock: Group I'd be that's. > Mike Prorock: That is absolutely my attention there so I don't I > think that Baseline how do you do this stuff over rest is such a > core implied thing that we have to talk about it as working group > right and to the point where I am willing to sacrifice a lot of > my own time to go make sure that gets done so. > Kimberly Linson: Thanks Mike, Orie. > Manu Sporny: +1 To what MikeP was saying. > Orie Steele: Yeah I'm you know working with folks on the > verifiable credentials Charter on in support of the work items > that have been added both you know as normative deliverables on > non-normative deliverables and in the VC working group is going > to be the place where the VC API even gets defined better or it > doesn't but good news is that it's a note in either case so I > mean I'm contribute to working in that workgroup on the item and > yes like at some point this community. > Orie Steele: Group should theoretically. > Orie Steele: Each day final Community Draft before handing that > work to them but if it's going to go into a note it doesn't seem > like that really matters and so really what I'm saying is I'll > continue to do work on the item wherever it is. > Manu Sporny: Yeah okay plus 1 that's so that's that's crystal > clear and that's good thank you for making clarification like a > Nori the note thing a w3c has traditionally been used to signal > that the group would like to pick something up like groups > actually right in the top of the document we intend to pick this > up as a normative work item at some point in the future and that > is usually a very good signal that leads to a smoother each > ordering process so that's why. > Manu Sporny: Some groups have published notes for things. > Mike Prorock: +1 Manu > Manu Sporny: To take wreck track in Annex recharter it just > makes it all you know it makes all of it much much easier my > suggestion is that we can do both we can continue to work on that > in this group and refine it and get the test Suites get > interoperability working while throwing snapshots over the wall > to the verifiable credential working group I think that gets us > the best of both worlds. > Manu Sporny: And keeps us very nimble. > Manu Sporny: In ensures that we keep it at number one priority > will not be a number one priority in the verifiable credentials > working group but we as the ccg for the VCA be I can keep in a > you know very high priority and in finish it up with respect to > like work going on elsewhere yes indeed be again to be to be > blunt I think that there is damaging work happening in other > organizations when it comes to protocols and verifiable > credentials. > Manu Sporny: And I don't expect that to be. > Manu Sporny: Traversal will point fingers at which organizations > are doing it but you know I think you're both Orion my core right > we need to be on top of that we need to pay attention to the work > happening elsewhere in there are very powerful Market forces that > could either accidentally re centralize everything or on purpose > centralized things for you know the purposes of market dominance > and things of that nature that's it. > <orie> Many folks feel the same way about the CCG manu... it's > the nature of human tribalism. > Kimberly Linson: Mike you've got 30 seconds. > Mike Prorock: Yeah and in conclusion I would also say that and > you know in a little bit of clarification man who around like > damaging work I think in some cases like the software supply > chain stuff I think it's extremely well intentioned and really > important work just that VCS weren't on their radar neither were > kids but there was a desire to go after there is a desire to go > after decentralisation so they seem willing to learn and engage > at least at the you know early stages. > <bumblefudge> perhaps they were really wed to COSE? > <orie> yes, some folks like COSE over JSON. > <manu_sporny> I know folks feel the same way about CCG, Orie :) > -- and it is the unfortunate nature of tribalism. People spend > time on the things that they want to contribute to, where they > want to contribute to them. > Mike Prorock: They can write and ultimately could help adoption > if you know if we approach the right way if we don't approach it > in a you know we can't you know like anything right you can't go > in assuming that we have the only right path and everything else > right it's yes we have a a path it is right in many many ways but > it also can be adopted into other things right or as a piece of > other things so. > <bumblefudge> patience!? > Kimberly Linson: Great thank you this was a really interesting > discussion and I'm I learned a lot about sort of how the > community group and and the working groups work together and so I > really appreciate everybody's input we're just about at time so > I'm going to go ahead and wrap us up I'll let you know that next > week I'm going to be talking about decentralized storage thank > you everybody for your patience with me today and have a great > rest of your day thank you. > <manu_sporny> You did great, Kimberly! :) > <heather_vescent> Great job Kimberly!! > <bumblefudge> you're doing great! thanks so much > <kerri_lemoie> Thank you! > > >
Received on Tuesday, 2 August 2022 12:48:02 UTC