- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 2 Aug 2022 22:48:22 +0200
- To: Orie Steele <orie@transmute.industries>
- Cc: Daniel Buchner <dbuchner@squareup.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAKaEYhKVrV8pfw5GSt9SuCMdAZO+dGUhLkVWqTaotHh9sbAxtg@mail.gmail.com>
On Tue, Aug 2, 2022 at 3:36 PM Orie Steele <orie@transmute.industries> wrote: > This might be helpful: > > https://docs.ipfs.tech/how-to/address-ipfs-on-web/ > Thanks Orie. That was helpful. The document seems to describe the ipfs:// URI scheme ( as well as ipns: and dweb: ) Slight nit is that the scheme seems quite closely coupled to IPFS, and while IPFS uses multihash, multihash itself seems, as far as I can tell, to be designed to used in a loosely coupled manner. So perhaps there is some utility in a more generic, multihash:, scheme. > > > OS > > On Tue, Aug 2, 2022 at 8:17 AM Daniel Buchner <dbuchner@squareup.com> > wrote: > >> Not that I'm aware; it's based on leading bytes and doesn't have a scheme >> registered in IANA (https://multiformats.io/multihash/) >> >> On Tue, Aug 2, 2022, 7:50 AM Melvin Carvalho <melvincarvalho@gmail.com> >> wrote: >> >>> Quick question: >>> >>> Does "multhash" have its own URI scheme? >>> >>> On Mon, Apr 4, 2022 at 4:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> >>> wrote: >>> >>>> Thanks to Our Robot Overlords for scribing this week! >>>> >>>> The transcript for the call is now available here: >>>> >>>> https://w3c-ccg.github.io/meetings/2022-03-15/ >>>> >>>> Full text of the discussion follows for W3C archival purposes. >>>> Audio of the meeting is available at the following location: >>>> >>>> https://w3c-ccg.github.io/meetings/2022-03-15/audio.ogg >>>> >>>> ---------------------------------------------------------------- >>>> W3C CCG Weekly Teleconference Transcript for 2022-03-15 >>>> >>>> Agenda: >>>> >>>> https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date >>>> Topics: >>>> 1. Introductions and Reintroductions >>>> 2. Announcements and Reminders >>>> 3. CCG Work Items for promotion to VC WG >>>> Organizer: >>>> Heather Vescent, Mike Prorock, Kimberly Linson >>>> Scribe: >>>> Our Robot Overlords >>>> Present: >>>> Kimberly Linson, Manu Sporny, Brian, Ryan Grant, Dmitri >>>> Zagidulin, Shawn Butterfield, Chris Abernethy (mesur.io), Markus >>>> Sabadello, Leo, Kerri Lemoie, Mike Prorock, Andy Miller, Orie >>>> Steele, Charles E. Lehner, Kaliya Young, Adrian Gropper, Brent >>>> Zundel, David I. Lehn, Kayode Ezike, Jeff Orgel, TallTed // Ted >>>> Thibodeau (he/him) (OpenLinkSw.com), Mahmoud Alkhraishi, Juan >>>> Caballero, Heather Vescent >>>> >>>> Our Robot Overlords are scribing. >>>> Kimberly Linson: Recording is on. >>>> Kimberly Linson: I just. >>>> <kerri_lemoie> high five back! >>>> Kimberly Linson: High five to the air so we're all good okay so >>>> let's kind of walk through just our agenda review we're going to >>>> talk about the will go through sort of our housekeeping items and >>>> then we're going to do our main topic today which is that man is >>>> going to frame the context for us around the new VC working group >>>> Charter and some of the work items that we have that are going to >>>> move or potentially move to. >>>> Kimberly Linson: To to that group. >>>> Kimberly Linson: Go ahead and run through our housekeeping >>>> stuff. >>>> Kimberly Linson: So first off anyone is welcome to participate >>>> in these calls however if you are wanting to make substantive >>>> contributions we really would invite you to join the ccg you have >>>> to do two things in order to to be a full contributor one is join >>>> the ccg the link to do that to have an account its free to anyone >>>> is in that link is in that. >>>> Kimberly Linson: Into that I sent. >>>> Kimberly Linson: That's step one step two is to sign the >>>> community contributor license agreement and the link to that is >>>> also in in the agenda so I would definitely if you have not >>>> already done that please do then just a couple of things about >>>> how to participate in the call first of all you're in jitsi which >>>> means that you've done step one and if you have audio issues or >>>> something doesn't seem to be quiet. >>>> Kimberly Linson: Right we do know that. >>>> Kimberly Linson: They're sort of. >>>> Kimberly Linson: Be sometimes be some issues in the system >>>> couple workarounds or one too just refresh to is to try a >>>> different browser and know that that's worked for me on a couple >>>> of different occasions to just switch over to Safari the minutes >>>> and audio are of everything that's said on this call are recorded >>>> and archived and they are also that link to that archive is also >>>> in the agenda and so you can go there to look at those. >>>> Kimberly Linson: We use iirc to. >>>> Kimberly Linson: Jurors during the call as well as to take >>>> minutes we have this awesome CG bought that you can see that is >>>> transcribing and recording everything so hopefully we won't need >>>> a scribe but just to give your give you a few little tips on how >>>> to to use the are see if you aren't familiar with it one is it if >>>> you have something you want to say just add yourself to the queue >>>> by typing q+ if you change your mind you can pick you -. >>>> Kimberly Linson: If you see something in the transcription that >>>> the CG Bot got wrong. >>>> Kimberly Linson: Our that the CG bought got wrong then you can >>>> do s: / whatever was incorrect Bob / what's correct Robert and so >>>> you can fix anything and I've actually asked that as an entire >>>> Community we do that and thanks man you for putting that in there >>>> yes so so I'd asked us all to kind of keep an eye especially on >>>> the things that you say and make sure that that. >>>> Kimberly Linson: It is represented correctly. >>>> Kimberly Linson: And let's see so now I think we're too we'll >>>> skip the Scribe selection I don't think we need that because >>>> hopefully the CG bot will do that for us and we get to do >>>> introductions do we have anybody new to the community or who >>>> would like to hasn't been here for a while who'd like to >>>> reintroduce themselves. >>>> Kimberly Linson: We'd love to welcome you. >>>> >>>> Topic: Introductions and Reintroductions >>>> >>>> Kimberly Linson: And is a former educator I know to give that a >>>> very long pause but I don't see anybody and I recognize most of >>>> the names here so I'll go ahead and move to announcements and >>>> reminders. >>>> Kimberly Linson: Anybody have an announcement for us. >>>> >>>> Topic: Announcements and Reminders >>>> >>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>> Manu Sporny: Yeah just two things the first one is reminder this >>>> is the weekly reminder that the verifiable credentials working >>>> group Charter is under active development please read it provide >>>> some input we're going to be talking about it today but things >>>> really do seem to be wrapping up on it so please kind of read it >>>> as it stands right now and you know. >>>> Manu Sporny: You're running out of time the chart looks is >>>> starting to look pretty good right now so I don't think this >>>> community would have any objections with it but just a reminder >>>> that that's happening the other kind of news is that it looks >>>> like the did formal objections or moving forward a bit with the >>>> director can't say much more than that but looks like there's >>>> some movement there so that's good and that's it. >>>> Kimberly Linson: Great thank you any other announcements >>>> reminders. >>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>> Kimberly Linson: All right I checked and it doesn't seem like we >>>> have any action items that we need to talk about but if somebody >>>> has somebody thing that they want to bring up there now would be >>>> the time to do so. >>>> >>>> Topic: CCG Work Items for promotion to VC WG >>>> >>>> Kimberly Linson: Okay great then let's get into to the main >>>> topic for for today as I said at the beginning this was a good >>>> topic for me to have as my first one because it really gave me >>>> the opportunity to dive in and see what it is that we're doing >>>> and I have to save it as a community group it is amazing the >>>> amount of work and expertise that were contributing and I know >>>> you all know that in parallel to our work the the. >>>> Kimberly Linson: Is also doing their work and so today's topic >>>> is really to as man you said think about those items that we've >>>> been working on and do they need to be promoted to to the formal >>>> BC working group so I'm going to go ahead and turn it over to >>>> Manu to walk us through the context and then we can have a good >>>> discussion around that after he's finished. >>>> Manu Sporny: Okay thanks Kimberly Bryant I don't know if you >>>> would also I'm sorry to put you on the spot print but I don't >>>> know if you would like to say some things to kind of start at >>>> Brent's Brent's one of the co-chairs of the verifiable >>>> credentials working group or if you want me to just dive into >>>> things. >>>> Brent Zundel: Manu I will certainly leave it to you to dive into >>>> things and I'm happy to chime in if folks want me to talk. >>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>> Manu Sporny: Okay awesome thanks Brent okay so Brent is our >>>> fearless leader in the verifiable credentials working group and >>>> has been a chair therefore since the since the dawn of time for a >>>> long time and currently as I mentioned we've been working on this >>>> verifiable credentials working group Charter I'm going to go >>>> ahead and share going to tempt fate and share my screen. >>>> Manu Sporny: Sorry to do this to you on your first first time >>>> Kimberly butt. >>>> Kimberly Linson: That's okay you said if you said if it was if >>>> it got broken to just call on you so since you're in charge there >>>> you go you can break it and then fix it. >>>> Manu Sporny: Exactly okay so here's the charter so the >>>> verifiable credentials working group Charter and there's a >>>> portion of the charter that talks about the group's deliverables >>>> and typically this group The credentials community group has been >>>> a feeder of incubated specifications to the verifiable credential >>>> working group now this not the only path. >>>> Manu Sporny: Earth to the VC. >>>> Manu Sporny: G but it is a path and we have a number of >>>> community work items that have found themselves in the verifiable >>>> credentials working group Charter so there's a part of the >>>> process here where this community hands are work items over to >>>> the official working group and there is a process there's a >>>> community group process for that you publish what I think is >>>> called a final community group report. >>>> Manu Sporny: People in this community then if you worked on it >>>> make concrete IP our commitments basically is asserting that yes >>>> I worked on it no I don't know about any patents or if I do know >>>> about patents I will bring them to light I will let everyone know >>>> about it in in in in most cases contribute the patents for the >>>> specific purposes of the specification so that process so if you. >>>> Manu Sporny: Dissipated in any of these items there's. >>>> Manu Sporny: Asian that you're going to make that patent >>>> commitment on the specification so what items are in this group >>>> that are moving over currently we have listed the data Integrity >>>> specification Jason Webb signature 2020 Edwards curve signature >>>> for David data Integrity the same thing for the nist. >>>> Manu Sporny: T curve. >>>> Manu Sporny: Thing for the Bitcoin also known as the Cobell its >>>> curves theory mises that stuff as well and then we have >>>> conditional normative specifications that basically say if these >>>> things progress in some groups outside of the group we will take >>>> the work up as well so there's the pgp crypto Suite which is >>>> currently in or he's repo here we've got BBS plus which. >>>> Manu Sporny: Which you know work is happening. >>>> Manu Sporny: At ietf in diff on that and we've got the jwp stuff >>>> where work is happening at diff in ITF on that so the the whole >>>> discussion today is really around like this section of the of the >>>> specification I'm sorry I forgot to mention the post Quantum >>>> crypto stuff as well that mic Pro Rock and in that groups working >>>> on so but but. >>>> Manu Sporny: Basically we're talking about this section. >>>> <mprorock> * i feel slighted ;) >>>> Manu Sporny: Write all the all the stuff in here I sent out a >>>> kind of every year we present this roadmap about what the group >>>> is doing and this I tried to update it I'm sorry if I missed >>>> something there's a lot of stuff to keep track of I tried to >>>> include all the things this community has been working on since >>>> like you know 2010 ish. >>>> Manu Sporny: 14 Ish all the way to present. >>>> Manu Sporny: A and then try to predict out that like 20:27 based >>>> on the stuff that we know this does not include work items that >>>> for example diff is working on it doesn't include work items that >>>> are happening at ietf unless they originated in the ccg so it's >>>> missing some things with the Hope here is that it gives everyone >>>> a pretty good idea of like the types of things we've worked on in >>>> the past and what we're getting ready to move over so. >>>> Manu Sporny: Cific Lee if we if we scroll down here. >>>> Manu Sporny: The red line is today so this is this is where we >>>> are today and if we scroll down here to the cryptography section >>>> right here so the cryptography section this is where we are today >>>> in each one of these items is an official work item in a official >>>> w3c working group so as you can see we are getting ready to hold >>>> like hand over a. >>>> Manu Sporny: A huge amount of. >>>> Manu Sporny: From this group to official working groups at w3c >>>> so that is like a huge success story I think they're not all >>>> going to the same working group this one here at the top actually >>>> you know what let me let me pause for a second I've kind of fire >>>> hose the group with information are there any questions at least >>>> at a high level about what we're talking about today or just >>>> general questions about the. >>>> Manu Sporny: Okay so that's either everyone understand well >>>> let's see where's the queue right so either everyone understands >>>> or we're all totally lost one of the do I'll keep going feel free >>>> to put yourself on the Queue if there's any any questions so >>>> they're really two working groups at w3c that ccg work is going. >>>> Manu Sporny: To the first world. >>>> Manu Sporny: In group is a very specialized working group to >>>> standardize this spec up here rdf data set canonicalization this >>>> spec has been incubated in this group and other groups for a >>>> decade now literally this work has been going on for a decade and >>>> it's finally moving over to an official working group with the >>>> time span of two years to standardize it the good news here is >>>> that this thing has been pretty settled for six years now. >>>> Manu Sporny: Now 7 years now but it. >>>> Manu Sporny: Goes to show you sometimes how long some of these >>>> things can take to actually get it into an official working group >>>> so rdf data set canonicalization is going into a working group >>>> called rdf data set canonicalization hashing working group at w3c >>>> that group will run in parallel with the re-chartered verifiable >>>> credentials 2.0 working group The VC 20 working group will build >>>> upon this work and and. >>>> Manu Sporny: Their work elsewhere. >>>> Manu Sporny: Um and it will be taking all of these >>>> specifications in right so things like data Integrity multi base >>>> multi hash and multi key this one's a little gray area right now >>>> but other things like Jason Webb signature the Edwards curve >>>> crypto sweet the nist crypto sweet the Cobell it's Bitcoin >>>> ethereum crypto sweet. >>>> Manu Sporny: All you know fairly well formed and inspects that >>>> can be pulled in the BBS Plus work needs more work at ietf but >>>> we've been able to basically phrase the charter so I'm going to >>>> switch back over to the Charter we've been able to phrase the >>>> charter in the in this kind of conditional normative >>>> specification term so basically this means that. >>>> Manu Sporny: Plan to publish official standards for these >>>> Technologies if the base work for these Technologies are >>>> completed before the working group ends so there's base >>>> technology for BBS plus that has to happen at ITF and there's >>>> base technology for J WP s that has to happen at ietf before the >>>> verifiable credentials working group can take it over. >>>> Manu Sporny: Over so these things are. >>>> Manu Sporny: Like optional we may not get to them we really hope >>>> we get to them but it's totally dependent on groups that are kind >>>> of external to the VC WG to deliver on the things that they said >>>> they were going to deliver on okay so going back to kind of this >>>> diagram that's why BBS plus doesn't start for maybe another year >>>> in the group there's some pre-work there that needs to be done. >>>> Manu Sporny: Let me stop there to see if there any questions. >>>> Kimberly Linson: Well I was trying to keep question mark But I >>>> added myself to the queue so I will ask you so so the official >>>> Charter like how long of a period of time does that VC working >>>> group Charter span. >>>> Manu Sporny: Right great question so the charter span see oh wow >>>> they don't have it it's two years basically right in once we know >>>> the start date will will lock those time periods in there so at >>>> the top it's typically two years and they really don't like w3c >>>> members really don't like giving Charters more time than that >>>> they don't like work that doesn't complete in something concrete >>>> so we basically have. >>>> Manu Sporny: Two years. >>>> Manu Sporny: Extensions but and they're typically granted if >>>> they're reasonable but if you have like failed to produce >>>> something implementable at two years that you basically just acts >>>> the group they shut you down which is why it's so important that >>>> we go in with pre incubated work the other thing that's >>>> interesting to look at here from timeline is section 2 6 where it >>>> talks about like what happens a month after two months after five >>>> months after 6 months. >>>> Manu Sporny: After most w3c Charters have. >>>> Manu Sporny: Are and and language like f PW d means first public >>>> working draft CR means candidate recommendation like for >>>> implementation implementer should start implementing at that >>>> point and Rec means recommendation also known as kind of like an >>>> official global standard so that's the time frame two years and >>>> it's kind of broken down a bit in here and it's everyone that's >>>> been in a w3c working group can attest to this is largely. >>>> Manu Sporny: A work of fiction. >>>> Manu Sporny: Things don't always go according to plan but you >>>> know should give you a rough idea of what we intend to do. >>>> Kimberly Linson: Thanks Charles is on the queue. >>>> Charles E. Lehner: Hi can you hear me. >>>> Charles E. Lehner: Hi I was wondering about the IP our >>>> commitment process you mentioned how it works coming from with >>>> documents coming from ccg and I was wondering how it works if >>>> it's the same for the other potential documents coming from other >>>> organizations. >>>> Manu Sporny: That's a great question documents coming from other >>>> organizations that have their own IP are mode or tend to be very >>>> problematic in that it takes us a while to figure it out now if >>>> that organization has a w3c mode like for example diff does >>>> moving things overs typically much easier for the lawyers to >>>> reason their way through it so Charles was your question mostly >>>> about external documents coming in. >>>> Charles E. Lehner: Yeah about the conditional normative >>>> specification documents but. >>>> Manu Sporny: Okay okay that's a great question because these are >>>> there are two partners here this there's a two parts to the >>>> answer here right so the BBS plus crypto Suite is a ccg work item >>>> so at some point not now but maybe in a year maybe in six months >>>> this group will have to create a final community group report on >>>> the BBS plus specification and then hand it over to the be cwg. >>>> Manu Sporny: Ever the base. >>>> Manu Sporny: Primitives will be ITF work items so ietf doesn't >>>> hand that stuff over to w3c ITF just basically says we've got it >>>> we will standardize the base cryptographic Primitives and ITF in >>>> you ccwg in your crypto sweet can refer to our specs so in the VC >>>> w g what we would do if everything is in order at ITF the V CW G >>>> would start pointing normatively. >>>> Manu Sporny: Lie to the BBS. >>>> Manu Sporny: ITF specifications did that help Charles. >>>> Manu Sporny: The other part of that question which is also >>>> interesting that I don't think many of us have been through here >>>> is this whole concept of a final community group report in so if >>>> you'll notice on our community group webpage we have these final >>>> reports in like the vc10 use cases was one of those things the >>>> data model 10 was one of those things in the did Speck was one of >>>> those things there was. >>>> Manu Sporny: A point in time where we did. >>>> Manu Sporny: Doing today where we said okay we need to hand over >>>> a bunch of specs and the editors of those specs publish them as >>>> final reports in got licensing commitments on those final reports >>>> so if I go and I click on like the did licensing commitments it's >>>> takes a while to load because it's got a load all 460 people in >>>> the group but you'll see these commitments from the credentials >>>> community group on this did spec so you'll see you. >>>> Manu Sporny: Like Dan burn. >>>> Manu Sporny: Commitment reuven made a commitment Michael Zoo >>>> Pele I mean all these people that worked on the did spec made >>>> commitments right so all this yes stuff our commitments basically >>>> saying we are not withholding any kind of intellectual property >>>> or anything on the spec but if you go down far enough like there >>>> are a lot of people that that made commitments. >>>> Manu Sporny: A lot of people made commitments. >>>> Manu Sporny: You'll see that some people did not write and that >>>> might be because they didn't contribute anything to it it might >>>> be because they don't feel like what they did contribute you know >>>> would make a difference some of these people might not have been >>>> a part of the group at the time right so really what we're >>>> looking for are commitments from people that actually contributed >>>> material and specifically things that are substantive to the >>>> specification so. >>>> Manu Sporny: The editor. >>>> Manu Sporny: A document will put it out there and publish it and >>>> then we'll publish it as a final report and then we will ask the >>>> community hey we need you to you know make a commitment if you >>>> contributed anything make a commitment and the editors themselves >>>> will know like these five people absolutely definitely me need to >>>> make commitments or we need to know now that they're not going to >>>> make a commitment because then that that creates an air of you >>>> know. >>>> Manu Sporny: Auntie around IP are so if somebody. >>>> Manu Sporny: Substantive thing like a something fundamental and >>>> they're refusing to make and I pee our commitments then that's an >>>> immediate red flag that you know it's raised now that has never >>>> happened either that as far as I know in this group ever but what >>>> we are expecting here is that for this work. >>>> Manu Sporny: People we're. >>>> Manu Sporny: Publish F CG s is final community group >>>> specifications for these items and people are going to make those >>>> IP our commitments on these documents hopefully that made >>>> hopefully that made sense. >>>> Kimberly Linson: Thank you does anybody have any questions for >>>> me a new queue is currently empty. >>>> Kimberly Linson: All right man who are the things that we want >>>> to dive into on specifics or. >>>> Mike Prorock: +1 That or dive on VC-API implications >>>> Manu Sporny: We might want to ask each of the editors where they >>>> think they are on prepping you know each document so we might >>>> want to dive into each one individually that's one thing we could >>>> do the other thing we could do is look at the rest of the road >>>> map I don't know if folks would be interested in doing that and >>>> asking questions about why things are staged in the way they are >>>> or there's X is missing. >>>> Manu Sporny: You know why is that. >>>> Manu Sporny: Where does it fit in here. >>>> Dmitri Zagidulin: +1 To roadmap >>>> Manu Sporny: Either either you know we could we could go either >>>> way. >>>> Kimberly Linson: Mike just brought up a really good point that >>>> maybe we should discuss is the VC API work and maybe we can >>>> discuss that and then talk about the roadmap so that makes sense. >>>> Manu Sporny: Oh yeah plus one. >>>> Kimberly Linson: Mike do you want to jump in and give us kind of >>>> an overview of the. >>>> Mike Prorock: Yeah well like yeah sure and I guess really the >>>> thing that is a little bit concerning to me and I think we're >>>> making good progress now especially with some of the PRS that are >>>> in queue on VC API but there's kind of two things if that work >>>> moves over into the working group I think we should have it at a >>>> reasonable does not have to be perfect but a reasonable steady >>>> state. >>>> Mike Prorock: Which would mean. >>>> Mike Prorock: In the VC API work item we would want to kind of >>>> formalize and say Yep this is what we're considering in scope and >>>> we're just going to kind of lock this in a certain point and then >>>> re pick up work inside the working group but since that would be >>>> moving to a non-normative item that is the other question I have >>>> around kind of what are the implications of that. >>>> Mike Prorock: That could be detrimental. >>>> Mike Prorock: Normative item it may set up the path to a more >>>> normative item once we show people working on it so there's a >>>> variety of ways that could go strategically and politically and >>>> so that's kind of an open for I'd like man whose thoughts on that >>>> and then I think that might spur some interesting conversation >>>> there so. >>>> Kimberly Linson: Great guy had manna. >>>> Manu Sporny: Yeah I think that yeah Mike's totally right the >>>> this is like a very this is a super interesting what's the word >>>> conundrum that that were in with the VC API so so we've got >>>> multiple people implementing the VC API and I know the trace >>>> folks are doing it I know digital bazaars committed to it you >>>> know number of organizations committed to interrupt through the >>>> VC API but. >>>> Manu Sporny: There have been some. >>>> Manu Sporny: See members that have pushed really hard to keep >>>> protocol out of scope for the verifiable credentials working >>>> group so you will know that there is. >>>> Manu Sporny: Out of scope right normative specification of apis >>>> are protocols and we are expecting that if we try to put it in >>>> scope it would be challenged heavily if not formal objections so >>>> the what we've tried to do here is to basically say the group is >>>> going to work on a developer guide the VC to working group is >>>> going to work on a developer guide and there's going to be input >>>> to that one of them is the VC API. >>>> Manu Sporny: II just be Capi. >>>> Manu Sporny: Other ones can app like we want to be able to talk >>>> about protocols that are carrying verifiable credentials over >>>> them but we're not allowed to say anything normatively about >>>> those things so how are we you know how is this group going to >>>> feed VC API into the VC to working group The verifiable >>>> credential 20 working group. >>>> Manu Sporny: One option. >>>> Manu Sporny: When is we just handed over completely and it stops >>>> being a ccg work item and then it's up to the verifiable >>>> credentials working group to determine what what should happen to >>>> the VC API upside there is like hey it's in the group that's >>>> great but the only thing they can do is publish it as a note and >>>> one of the implications of that that Kyle did hartog brought up >>>> which I thought was a great point. >>>> Manu Sporny: Point is that because it's a note it. >>>> Manu Sporny: Kind of IPR protection whatsoever 0 IPR protection >>>> so people can start injecting all kinds of horrible proprietary >>>> patented stuff in there and there is no requirement to say >>>> anything about that now we know I think all of us don't think >>>> like that's going to happen but that is one of the concerns there >>>> so option one is give it completely over to the verifiable >>>> credential working group but all they can really do is work on it >>>> as kind of like a note a developer guide that kind of thing. >>>> Manu Sporny: Option two is that we keep it as a ccg work item >>>> and we continue to incubate it here it has IPR protection in this >>>> group and will continue to have IPR protection in the group and >>>> what we can do is hand over snapshots to the verifiable >>>> credentials to working group we can basically tell them hey can >>>> you snap shot this in they can publish it as a note and they can >>>> snapshot you know couple times throughout the year the benefit >>>> there is that it has IPR protection and we can continue to >>>> incubate it as kind of. >>>> Manu Sporny: A high priority item. >>>> Manu Sporny: So it'll get like the air it needs to breathe here >>>> and have protection while also signaling to the w3c membership >>>> that we do plan on doing protocols at some point like maybe not >>>> right now but maybe in the VC 30 working group the recharter we >>>> plan to put protocols in scope so that's option two option three >>>> is to just keep it in the ccg and keep working on it and it would >>>> be good you know I don't know. >>>> Manu Sporny: If there are other options too. >>>> Manu Sporny: Other options of the things that we could do with >>>> it or it would also be good to hear back like what do folks feel >>>> we should do with that item. >>>> Manu Sporny: Let me ask a more pointed question traceability >>>> folks what do you want to do with that item I mean you guys >>>> depend on it right. >>>> Mike Prorock: Yeah I mean I am honestly fine with it going in as >>>> a note on the w3c side one of the kind of bigger picture items >>>> that we have to balance as kind of the multiple aspects of >>>> traceability because a lot of digital traceability is also coming >>>> up and there seems to be a critical mass actually on the ietf >>>> side right with some working groups there and that's where. >>>> Mike Prorock: We have to still find out. >>>> Mike Prorock: Willing to be friendly to use of VCS and Ed's >>>> right in especially linked data usage and that's a bit of an >>>> unknown right now and that's kind of a high risk I don't know or >>>> eicu on the queue as well. >>>> Orie Steele: Yeah I agree with the what Mike said you know I >>>> think when we consider technologies that are related to >>>> verifiable credentials dids and the sort of basic cryptographic >>>> envelope formats like Jose Jose come to mind and I would want to >>>> make sure that I think you know just speaking frankly the >>>> verifiable credentials a. >>>> Orie Steele: P I work for her. >>>> Orie Steele: That's not the only thing that's important support >>>> for traditional Jose and cozy a is also really important >>>> especially for kids and and so I think. >>>> Orie Steele: My experience with the w3c you know especially >>>> after the did working group I'm not sure that the w3c is really >>>> the best place to do anything related to protocols I think I >>>> agree in large part with some of the positions that other w3c >>>> members have held that the w3c is not really great at developing >>>> protocols and in particular support for Jose and cozy which are. >>>> Orie Steele: Of users are actively contributing to and >>>> maintaining them at ietf I think there is a future where the VC >>>> apis that exist today might be better served becoming more of a >>>> dids plus Jose and cozy at ITF but that is the kind of thing that >>>> you know it's about going to where the contributors are and >>>> asking them how they want to see these Technologies working >>>> together. >>>> Orie Steele: And recognizing that. >>>> <mprorock> it is really nebulous and makes me highly nervous >>>> <mprorock> I don't think CCG helps it long term either >>>> Orie Steele: Not everyone wants to use the same tools to build >>>> their favorite sandcastles so I think the verifiable credentials >>>> API as a non normative item at the w3c obviously doesn't really >>>> do anything to secure its future anywhere like it could just >>>> become a non-normative item and then never be defined further >>>> could become a normatively defined API at W3 for support for the >>>> defined verifiable potential formats. >>>> Orie Steele: I think that's a best-case scenario but. >>>> Orie Steele: My experience over the last few years is that even >>>> when you plan for something like that you may not actually be in >>>> control of achieving it especially given the you know kinds of >>>> contributions we see the w3c standards so if it feels nebulous >>>> and scary the yeah that's kind of how I feel about it. >>>> Kimberly Linson: Go ahead manu. >>>> Manu Sporny: Yeah so I mean this is this is this is new to me >>>> and that does seem like a very big change in scope and Direction >>>> Ori. >>>> <orie> there is OIDF as well, working on protcols related to this >>>> Manu Sporny: And so where it's so I haven't seen work like this >>>> done at ITF ever there's low-level protocol bits and bytes stuff >>>> that does happen at ITF but not application you know layer >>>> protocols like sip is an example HTTP an example but those are >>>> you know much more lower lower level than the VC API we're in the >>>> w3c has. >>>> Manu Sporny: Unlike application. >>>> Manu Sporny: Linked data platform you know they did you know >>>> protocol work there we're at ietf are both of you thinking the >>>> work would fit in like it would be a complete rewrite of the >>>> specification I think that's what I mean that's what I'm hearing >>>> is like hey let's not use verifiable credentials let's use >>>> something else and let's not do a w3c spec Let's do an ITF spec >>>> so it sounds to me like this is a totally different >>>> specification. >>>> Manu Sporny: And you guys talk. >>>> Manu Sporny: What where where did IETF with the work happen. >>>> Orie Steele: So I'm not saying any work what happened ietf I'm >>>> saying that ITF works on things that I care about deeply and if >>>> you look at you know the work on an app that's happening and ietf >>>> you can see that you know clearly ITF has ability to gather folks >>>> who are passionate about these issues and work on standards there >>>> I'm mostly saying that from a software supply chain or hardware >>>> supply chain use cases dids and VCS are. >>>> Orie Steele: Obviously an important part of that but I think >>>> also. >>>> Orie Steele: Port for existing cryptosystems like pgp Jose and >>>> cozy is an important part of that and bgp Jose and Jose have been >>>> defined at ITF so I'm mostly just saying that work will happen >>>> where people are and you know obviously the VC API is currently >>>> being incubated here in the w3c ccg and the plan is to work on it >>>> as a non normative note in the w3c verifiable credentials working >>>> group assuming the charter is approved. >>>> Orie Steele: It's all I can say about that as I. >>>> Orie Steele: I'm just noting that like there are also other >>>> things that are happening out in the ecosystem like now and the >>>> open ID connect verifiable presentation Flows at open ID >>>> foundation and you know I'm interested in contributing to these >>>> items as well so maybe really what I'm saying is that work >>>> happens outside of the ccg and w3c as well. >>>> Kimberly Linson: Thanks Orie, Mike did you want to add some >>>> something to that. >>>> Mike Prorock: Yeah I mean I can add some color and then some >>>> concern I mean the I think a I think fundamentally having the VC >>>> API live as a were even traceability for that matter live as a >>>> long-term ccg non-normative items not going to be helpful to >>>> adoption right and that's that's concerning to me so we have to >>>> start thinking even if it's a way down the line where's this >>>> going to work in a graduate to in quotes right. >>>> Mike Prorock: >>>> >>>> https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-00.html >>>> Mike Prorock: The I think you know Trends I am seeing in ietf >>>> are for sure more work going on on exactly this kind of thing and >>>> a case in point there's I'm going to link an individual draft >>>> that's dealing more with supply chain from a software supply >>>> chain like s bomb and things like that this this work is going >>>> on. >>>> Mike Prorock: Whether we like. >>>> <bumblefudge> Fraunhofer SIT 🤩 >>>> Mike Prorock: And so it's kind of forcing some decisions like >>>> can we you know try to engage in a positive way and help move >>>> those work items forward while also making sure our needs are met >>>> from a like I have no desire to move away from verifiable >>>> credentials like none whatsoever so you know it's stuff we just >>>> kind of have to be aware of that is happening and unfortunately >>>> because the players involved that stuff. >>>> Mike Prorock: I'll get critical mass. >>>> Mike Prorock: Like there's not only you know major players >>>> involved in this kind of stuff and at that actual like protocol >>>> API level type definition in architecture level definition but it >>>> dition Ali there is regulatory momentum to go ahead and push some >>>> of that stuff through I mean we're seeing increasing amounts of >>>> executive orders on like how do you respond to zero trust >>>> architecture things like that so these are you know items at >>>> least from the US perspective. >>>> Mike Prorock: Spective as well as also you know increased. >>>> Mike Prorock: On the EU perspective that we're going to see some >>>> of this stuff either you know get moved out of our hands because >>>> we're not getting stuff ready quick enough or you know in a >>>> presentable State quick enough or sometimes is as as I've seen >>>> happen a couple of times lately take the work too far before >>>> getting the conversation going with other players right and then >>>> then it does become one of those like worst-case scenarios where >>>> you're sitting down and rewriting stuff or readapting. >>>> Mike Prorock: Whatever you just. >>>> Mike Prorock: Forced into using and we want to avoid that as >>>> well so so it's a complex it's a complex issue and it does make >>>> me nervous and I think it should ultimately anyone who is working >>>> heavily on things like VC API or off shoots of it and profiles >>>> should be thinking about this stuff you know broadly and from a >>>> big picture with you know who are the players in the ecosystem >>>> taking this stuff seriously. >>>> Mike Prorock: You know who made. >>>> Mike Prorock: Out-compete whether we want them to or not. >>>> Manu Sporny: Yeah I guess it's so I what I'm hearing is that >>>> there are other groups out there that are working on technologies >>>> that either directly compete with verifiable credentials or >>>> directly compete with the verifiable credential API and we should >>>> be aware of those initiatives I think that's the one of the >>>> things I'm hearing the other thing I'm hearing is that. >>>> Manu Sporny: Ricci might not be the best place for some of this >>>> work and I think there was a finger pointed at the VC API >>>> potentially so those are the two things I heard both Orion and >>>> Mike you saying please correct me if I didn't hear that correctly >>>> the third thing is a bit it's so nebulous it's hard for me to >>>> understand what you're asking the community to do. >>>> Manu Sporny: Do other than be. >>>> <orie> I am not asking for anyone to do anything. >>>> <orie> contribute where you think you should. >>>> Manu Sporny: In the be aware even that is kind of like it's you >>>> know it's not clear to me what the alternate plan wouldn't what >>>> an alternate plan would be so I'm not hearing a very okay so are >>>> you saying he's not asking anyone to do anything just be aware >>>> that other work is happening elsewhere so let me let me stop >>>> talking no mics on the Q I'm having a hard time. >>>> Mike Prorock: Yeah I can get I can get into some very specifics >>>> you know from like my personal and this is not chair hat right >>>> this is just like me personal member of the community writing and >>>> deploying software that is dependent on these specs right and >>>> building a business that touches all this stuff you know you know >>>> I think this is one of the reasons I fought very hard to make >>>> sure in. >>>> Mike Prorock: The working group. >>>> Mike Prorock: Order for the next version of the VC API that we >>>> can discuss from a practical developer standpoint what are the >>>> implications of this and how do you work with these things and I >>>> fought very strongly for the inclusion of two key items one was >>>> the ability for us to discuss the oid see work going on you know >>>> for exchange of credentials right over oid see that is obviously >>>> work that is going on outside the w3c that is directly related. >>>> Mike Prorock: And impacting on VCs I don't think that's. >>>> Mike Prorock: I think that's just a thing right but we when we >>>> think about it from a broader verifiable credential standpoint we >>>> need to be able to guide and provide advice around how do you >>>> actually interact with that stuff are we so you know what is >>>> helpful etcetera same thing with the VC API and I don't see a >>>> problem and I'm fact I plan to and I've stated multiple times in >>>> the working group you know plan to one author you know or make >>>> significant contributions. >>>> Mike Prorock: Tribution stew that developer guide for both. >>>> Mike Prorock: And for the VC API aspect if not fully flushing >>>> and helping to fully flush out into find the VC API in a note >>>> standpoint so I that is the path that I am proceeding down that >>>> does not negate more detailed you know specific work that may >>>> have normative requirements either in w3c or elsewhere right and >>>> so that's I think the hit man who does that help clarify a bit >>>> like you know but I. >>>> Mike Prorock: Yeah and in the main reason on like the be. >>>> <identitywoman> The Relying party problem (where can VCs be >>>> accepted) is a really big one - the OIDC relying party "solution" >>>> is reasonable - expecting everyone to rip and replace completely >>>> to use VCs. >>>> <identitywoman> is not reasonable >>>> Mike Prorock: It's like especially from you know and I'm you >>>> know being blunt here but like especially when we look at the >>>> Microsoft's the IBM's the sap is the world right these are the >>>> folks that to date have had a Stranglehold on this kind of >>>> information exchange possibly also with GSX if you want to go >>>> down the EDI path also you know additionally and so we need to be >>>> aware that they will do you know players that have an established >>>> foothold will do what they can to prevent losing. >>>> Mike Prorock: That established footholds. >>>> Mike Prorock: And it's just something we talked around that >>>> issue a lot but we should be aware of it concretely and also be >>>> very much Mindful and watching carefully what they are doing in a >>>> standards basis to that could potentially serve as something that >>>> is a competing standard that is a standard possibly even >>>> sometimes in name only in order to justify a proprietary solution >>>> and those are things we need to avoid from a lock-in standpoint >>>> etcetera. >>>> Kimberly Linson: Thanks Mike Adrian you're on the Queue next. >>>> Adrian Gropper: Yes after working on this issue that we're >>>> talking about now for about a year and talking to a lot of people >>>> my conclusion has is that the protocol work that's going on here >>>> under the very reasonable flag of self Sovereign identity and >>>> authentication things does not Translate. >>>> Adrian Gropper: Late in. >>>> Adrian Gropper: Moving those under that decentralisation self >>>> Sovereign flag to protocol work as it's being done in w3c and so >>>> I at least you know have am completely moving the protocol >>>> attention to ietf basically because you know the things that are >>>> very much in the news these days whether you want to call. >>>> Adrian Gropper: Them human. >>>> Adrian Gropper: You trust or other things like that have to do >>>> with the platform issues regulating the platforms and and things >>>> like that and we just seeing that every day and to me the >>>> protocol work that I've witnessed here is just completely >>>> detached from the reality of what the world is worried about in >>>> Europe and different cultures. >>>> Adrian Gropper: Seeing again from this antitrust and human >>>> rights perspective thank you that's it. >>>> Kimberly Linson: Man who I have you on the queue. >>>> Mike Prorock: +1 Manu >>>> Manu Sporny: Yeah just real quick to Adrian Adrian that is just >>>> not true we have gotten delegate abby'll authorization >>>> capabilities working for the VC API full delegation so it >>>> achieves the things you've been asking for for a long time we >>>> have yet to put it in scope because the group's not ready to do >>>> it yet so I strongly strongly disagree with your notion that >>>> we're not paying attention to things like human rights and >>>> delegation. >>>> Manu Sporny: And specifically. >>>> Manu Sporny: Ensuring that providers don't prevent you know >>>> those holders from delegation so that's the first point the >>>> second Point Orion Mike maybe I read what you two are saying as >>>> in as a you're abandoning the be Capi work I don't think that's >>>> what you meant to communicate but that's how I read it or even >>>> abandon the be Capi work at w3c so. >>>> Manu Sporny: +1 To support VC-API, yes, DB is fully committed to >>>> that work item. >>>> Mike Prorock: Okay quite the yeah and I'm on Q I'm just going to >>>> act myself because of time and quite the opposite I mean that's >>>> why I stated clearly like I plan on you know if not being a >>>> primary author like major contributions on the actual developer >>>> guide node or whatever that ends up becoming and that will >>>> include how do we do restful exchange and handling of verifiable >>>> credentials period end of sentence right but so and I'm assuming >>>> that we'll start with the. >>>> Mike Prorock: Capi we bring that in and then we evolve it as >>>> well. >>>> Mike Prorock: Group I'd be that's. >>>> Mike Prorock: That is absolutely my attention there so I don't I >>>> think that Baseline how do you do this stuff over rest is such a >>>> core implied thing that we have to talk about it as working group >>>> right and to the point where I am willing to sacrifice a lot of >>>> my own time to go make sure that gets done so. >>>> Kimberly Linson: Thanks Mike, Orie. >>>> Manu Sporny: +1 To what MikeP was saying. >>>> Orie Steele: Yeah I'm you know working with folks on the >>>> verifiable credentials Charter on in support of the work items >>>> that have been added both you know as normative deliverables on >>>> non-normative deliverables and in the VC working group is going >>>> to be the place where the VC API even gets defined better or it >>>> doesn't but good news is that it's a note in either case so I >>>> mean I'm contribute to working in that workgroup on the item and >>>> yes like at some point this community. >>>> Orie Steele: Group should theoretically. >>>> Orie Steele: Each day final Community Draft before handing that >>>> work to them but if it's going to go into a note it doesn't seem >>>> like that really matters and so really what I'm saying is I'll >>>> continue to do work on the item wherever it is. >>>> Manu Sporny: Yeah okay plus 1 that's so that's that's crystal >>>> clear and that's good thank you for making clarification like a >>>> Nori the note thing a w3c has traditionally been used to signal >>>> that the group would like to pick something up like groups >>>> actually right in the top of the document we intend to pick this >>>> up as a normative work item at some point in the future and that >>>> is usually a very good signal that leads to a smoother each >>>> ordering process so that's why. >>>> Manu Sporny: Some groups have published notes for things. >>>> Mike Prorock: +1 Manu >>>> Manu Sporny: To take wreck track in Annex recharter it just >>>> makes it all you know it makes all of it much much easier my >>>> suggestion is that we can do both we can continue to work on that >>>> in this group and refine it and get the test Suites get >>>> interoperability working while throwing snapshots over the wall >>>> to the verifiable credential working group I think that gets us >>>> the best of both worlds. >>>> Manu Sporny: And keeps us very nimble. >>>> Manu Sporny: In ensures that we keep it at number one priority >>>> will not be a number one priority in the verifiable credentials >>>> working group but we as the ccg for the VCA be I can keep in a >>>> you know very high priority and in finish it up with respect to >>>> like work going on elsewhere yes indeed be again to be to be >>>> blunt I think that there is damaging work happening in other >>>> organizations when it comes to protocols and verifiable >>>> credentials. >>>> Manu Sporny: And I don't expect that to be. >>>> Manu Sporny: Traversal will point fingers at which organizations >>>> are doing it but you know I think you're both Orion my core right >>>> we need to be on top of that we need to pay attention to the work >>>> happening elsewhere in there are very powerful Market forces that >>>> could either accidentally re centralize everything or on purpose >>>> centralized things for you know the purposes of market dominance >>>> and things of that nature that's it. >>>> <orie> Many folks feel the same way about the CCG manu... it's >>>> the nature of human tribalism. >>>> Kimberly Linson: Mike you've got 30 seconds. >>>> Mike Prorock: Yeah and in conclusion I would also say that and >>>> you know in a little bit of clarification man who around like >>>> damaging work I think in some cases like the software supply >>>> chain stuff I think it's extremely well intentioned and really >>>> important work just that VCS weren't on their radar neither were >>>> kids but there was a desire to go after there is a desire to go >>>> after decentralisation so they seem willing to learn and engage >>>> at least at the you know early stages. >>>> <bumblefudge> perhaps they were really wed to COSE? >>>> <orie> yes, some folks like COSE over JSON. >>>> <manu_sporny> I know folks feel the same way about CCG, Orie :) >>>> -- and it is the unfortunate nature of tribalism. People spend >>>> time on the things that they want to contribute to, where they >>>> want to contribute to them. >>>> Mike Prorock: They can write and ultimately could help adoption >>>> if you know if we approach the right way if we don't approach it >>>> in a you know we can't you know like anything right you can't go >>>> in assuming that we have the only right path and everything else >>>> right it's yes we have a a path it is right in many many ways but >>>> it also can be adopted into other things right or as a piece of >>>> other things so. >>>> <bumblefudge> patience!? >>>> Kimberly Linson: Great thank you this was a really interesting >>>> discussion and I'm I learned a lot about sort of how the >>>> community group and and the working groups work together and so I >>>> really appreciate everybody's input we're just about at time so >>>> I'm going to go ahead and wrap us up I'll let you know that next >>>> week I'm going to be talking about decentralized storage thank >>>> you everybody for your patience with me today and have a great >>>> rest of your day thank you. >>>> <manu_sporny> You did great, Kimberly! :) >>>> <heather_vescent> Great job Kimberly!! >>>> <bumblefudge> you're doing great! thanks so much >>>> <kerri_lemoie> Thank you! >>>> >>>> >>>> > > -- > *ORIE STEELE* > Chief Technical Officer > www.transmute.industries > > <https://www.transmute.industries> >
Received on Tuesday, 2 August 2022 20:48:52 UTC