- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Wed, 3 Aug 2022 15:49:34 +0200
- To: Orie Steele <orie@transmute.industries>
- Cc: Daniel Buchner <dbuchner@squareup.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAKaEYh+8mTT=UxV-UA5xwEPbwcxyF9GW=LWP+MqcXCkwzt736g@mail.gmail.com>
On Tue, Aug 2, 2022 at 10:48 PM Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > On Tue, Aug 2, 2022 at 3:36 PM Orie Steele <orie@transmute.industries> > wrote: > >> This might be helpful: >> >> https://docs.ipfs.tech/how-to/address-ipfs-on-web/ >> > > Thanks Orie. That was helpful. > > The document seems to describe the ipfs:// URI scheme ( as well as ipns: > and dweb: ) > > Slight nit is that the scheme seems quite closely coupled to IPFS, and > while IPFS uses multihash, multihash itself seems, as far as I can tell, to > be designed to used in a loosely coupled manner. > > So perhaps there is some utility in a more generic, multihash:, scheme. > Thanks for the feedback, I raised an issue on this here: https://github.com/w3c-ccg/multihash/issues/20 > > >> >> >> OS >> >> On Tue, Aug 2, 2022 at 8:17 AM Daniel Buchner <dbuchner@squareup.com> >> wrote: >> >>> Not that I'm aware; it's based on leading bytes and doesn't have a >>> scheme registered in IANA (https://multiformats.io/multihash/) >>> >>> On Tue, Aug 2, 2022, 7:50 AM Melvin Carvalho <melvincarvalho@gmail.com> >>> wrote: >>> >>>> Quick question: >>>> >>>> Does "multhash" have its own URI scheme? >>>> >>>> On Mon, Apr 4, 2022 at 4:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> >>>> wrote: >>>> >>>>> Thanks to Our Robot Overlords for scribing this week! >>>>> >>>>> The transcript for the call is now available here: >>>>> >>>>> https://w3c-ccg.github.io/meetings/2022-03-15/ >>>>> >>>>> Full text of the discussion follows for W3C archival purposes. >>>>> Audio of the meeting is available at the following location: >>>>> >>>>> https://w3c-ccg.github.io/meetings/2022-03-15/audio.ogg >>>>> >>>>> ---------------------------------------------------------------- >>>>> W3C CCG Weekly Teleconference Transcript for 2022-03-15 >>>>> >>>>> Agenda: >>>>> >>>>> https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date >>>>> Topics: >>>>> 1. Introductions and Reintroductions >>>>> 2. Announcements and Reminders >>>>> 3. CCG Work Items for promotion to VC WG >>>>> Organizer: >>>>> Heather Vescent, Mike Prorock, Kimberly Linson >>>>> Scribe: >>>>> Our Robot Overlords >>>>> Present: >>>>> Kimberly Linson, Manu Sporny, Brian, Ryan Grant, Dmitri >>>>> Zagidulin, Shawn Butterfield, Chris Abernethy (mesur.io), Markus >>>>> Sabadello, Leo, Kerri Lemoie, Mike Prorock, Andy Miller, Orie >>>>> Steele, Charles E. Lehner, Kaliya Young, Adrian Gropper, Brent >>>>> Zundel, David I. Lehn, Kayode Ezike, Jeff Orgel, TallTed // Ted >>>>> Thibodeau (he/him) (OpenLinkSw.com), Mahmoud Alkhraishi, Juan >>>>> Caballero, Heather Vescent >>>>> >>>>> Our Robot Overlords are scribing. >>>>> Kimberly Linson: Recording is on. >>>>> Kimberly Linson: I just. >>>>> <kerri_lemoie> high five back! >>>>> Kimberly Linson: High five to the air so we're all good okay so >>>>> let's kind of walk through just our agenda review we're going to >>>>> talk about the will go through sort of our housekeeping items and >>>>> then we're going to do our main topic today which is that man is >>>>> going to frame the context for us around the new VC working group >>>>> Charter and some of the work items that we have that are going to >>>>> move or potentially move to. >>>>> Kimberly Linson: To to that group. >>>>> Kimberly Linson: Go ahead and run through our housekeeping >>>>> stuff. >>>>> Kimberly Linson: So first off anyone is welcome to participate >>>>> in these calls however if you are wanting to make substantive >>>>> contributions we really would invite you to join the ccg you have >>>>> to do two things in order to to be a full contributor one is join >>>>> the ccg the link to do that to have an account its free to anyone >>>>> is in that link is in that. >>>>> Kimberly Linson: Into that I sent. >>>>> Kimberly Linson: That's step one step two is to sign the >>>>> community contributor license agreement and the link to that is >>>>> also in in the agenda so I would definitely if you have not >>>>> already done that please do then just a couple of things about >>>>> how to participate in the call first of all you're in jitsi which >>>>> means that you've done step one and if you have audio issues or >>>>> something doesn't seem to be quiet. >>>>> Kimberly Linson: Right we do know that. >>>>> Kimberly Linson: They're sort of. >>>>> Kimberly Linson: Be sometimes be some issues in the system >>>>> couple workarounds or one too just refresh to is to try a >>>>> different browser and know that that's worked for me on a couple >>>>> of different occasions to just switch over to Safari the minutes >>>>> and audio are of everything that's said on this call are recorded >>>>> and archived and they are also that link to that archive is also >>>>> in the agenda and so you can go there to look at those. >>>>> Kimberly Linson: We use iirc to. >>>>> Kimberly Linson: Jurors during the call as well as to take >>>>> minutes we have this awesome CG bought that you can see that is >>>>> transcribing and recording everything so hopefully we won't need >>>>> a scribe but just to give your give you a few little tips on how >>>>> to to use the are see if you aren't familiar with it one is it if >>>>> you have something you want to say just add yourself to the queue >>>>> by typing q+ if you change your mind you can pick you -. >>>>> Kimberly Linson: If you see something in the transcription that >>>>> the CG Bot got wrong. >>>>> Kimberly Linson: Our that the CG bought got wrong then you can >>>>> do s: / whatever was incorrect Bob / what's correct Robert and so >>>>> you can fix anything and I've actually asked that as an entire >>>>> Community we do that and thanks man you for putting that in there >>>>> yes so so I'd asked us all to kind of keep an eye especially on >>>>> the things that you say and make sure that that. >>>>> Kimberly Linson: It is represented correctly. >>>>> Kimberly Linson: And let's see so now I think we're too we'll >>>>> skip the Scribe selection I don't think we need that because >>>>> hopefully the CG bot will do that for us and we get to do >>>>> introductions do we have anybody new to the community or who >>>>> would like to hasn't been here for a while who'd like to >>>>> reintroduce themselves. >>>>> Kimberly Linson: We'd love to welcome you. >>>>> >>>>> Topic: Introductions and Reintroductions >>>>> >>>>> Kimberly Linson: And is a former educator I know to give that a >>>>> very long pause but I don't see anybody and I recognize most of >>>>> the names here so I'll go ahead and move to announcements and >>>>> reminders. >>>>> Kimberly Linson: Anybody have an announcement for us. >>>>> >>>>> Topic: Announcements and Reminders >>>>> >>>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>>> Manu Sporny: Yeah just two things the first one is reminder this >>>>> is the weekly reminder that the verifiable credentials working >>>>> group Charter is under active development please read it provide >>>>> some input we're going to be talking about it today but things >>>>> really do seem to be wrapping up on it so please kind of read it >>>>> as it stands right now and you know. >>>>> Manu Sporny: You're running out of time the chart looks is >>>>> starting to look pretty good right now so I don't think this >>>>> community would have any objections with it but just a reminder >>>>> that that's happening the other kind of news is that it looks >>>>> like the did formal objections or moving forward a bit with the >>>>> director can't say much more than that but looks like there's >>>>> some movement there so that's good and that's it. >>>>> Kimberly Linson: Great thank you any other announcements >>>>> reminders. >>>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>>> Kimberly Linson: All right I checked and it doesn't seem like we >>>>> have any action items that we need to talk about but if somebody >>>>> has somebody thing that they want to bring up there now would be >>>>> the time to do so. >>>>> >>>>> Topic: CCG Work Items for promotion to VC WG >>>>> >>>>> Kimberly Linson: Okay great then let's get into to the main >>>>> topic for for today as I said at the beginning this was a good >>>>> topic for me to have as my first one because it really gave me >>>>> the opportunity to dive in and see what it is that we're doing >>>>> and I have to save it as a community group it is amazing the >>>>> amount of work and expertise that were contributing and I know >>>>> you all know that in parallel to our work the the. >>>>> Kimberly Linson: Is also doing their work and so today's topic >>>>> is really to as man you said think about those items that we've >>>>> been working on and do they need to be promoted to to the formal >>>>> BC working group so I'm going to go ahead and turn it over to >>>>> Manu to walk us through the context and then we can have a good >>>>> discussion around that after he's finished. >>>>> Manu Sporny: Okay thanks Kimberly Bryant I don't know if you >>>>> would also I'm sorry to put you on the spot print but I don't >>>>> know if you would like to say some things to kind of start at >>>>> Brent's Brent's one of the co-chairs of the verifiable >>>>> credentials working group or if you want me to just dive into >>>>> things. >>>>> Brent Zundel: Manu I will certainly leave it to you to dive into >>>>> things and I'm happy to chime in if folks want me to talk. >>>>> Manu Sporny: https://w3c.github.io/vc-wg-charter/ >>>>> Manu Sporny: Okay awesome thanks Brent okay so Brent is our >>>>> fearless leader in the verifiable credentials working group and >>>>> has been a chair therefore since the since the dawn of time for a >>>>> long time and currently as I mentioned we've been working on this >>>>> verifiable credentials working group Charter I'm going to go >>>>> ahead and share going to tempt fate and share my screen. >>>>> Manu Sporny: Sorry to do this to you on your first first time >>>>> Kimberly butt. >>>>> Kimberly Linson: That's okay you said if you said if it was if >>>>> it got broken to just call on you so since you're in charge there >>>>> you go you can break it and then fix it. >>>>> Manu Sporny: Exactly okay so here's the charter so the >>>>> verifiable credentials working group Charter and there's a >>>>> portion of the charter that talks about the group's deliverables >>>>> and typically this group The credentials community group has been >>>>> a feeder of incubated specifications to the verifiable credential >>>>> working group now this not the only path. >>>>> Manu Sporny: Earth to the VC. >>>>> Manu Sporny: G but it is a path and we have a number of >>>>> community work items that have found themselves in the verifiable >>>>> credentials working group Charter so there's a part of the >>>>> process here where this community hands are work items over to >>>>> the official working group and there is a process there's a >>>>> community group process for that you publish what I think is >>>>> called a final community group report. >>>>> Manu Sporny: People in this community then if you worked on it >>>>> make concrete IP our commitments basically is asserting that yes >>>>> I worked on it no I don't know about any patents or if I do know >>>>> about patents I will bring them to light I will let everyone know >>>>> about it in in in in most cases contribute the patents for the >>>>> specific purposes of the specification so that process so if you. >>>>> Manu Sporny: Dissipated in any of these items there's. >>>>> Manu Sporny: Asian that you're going to make that patent >>>>> commitment on the specification so what items are in this group >>>>> that are moving over currently we have listed the data Integrity >>>>> specification Jason Webb signature 2020 Edwards curve signature >>>>> for David data Integrity the same thing for the nist. >>>>> Manu Sporny: T curve. >>>>> Manu Sporny: Thing for the Bitcoin also known as the Cobell its >>>>> curves theory mises that stuff as well and then we have >>>>> conditional normative specifications that basically say if these >>>>> things progress in some groups outside of the group we will take >>>>> the work up as well so there's the pgp crypto Suite which is >>>>> currently in or he's repo here we've got BBS plus which. >>>>> Manu Sporny: Which you know work is happening. >>>>> Manu Sporny: At ietf in diff on that and we've got the jwp stuff >>>>> where work is happening at diff in ITF on that so the the whole >>>>> discussion today is really around like this section of the of the >>>>> specification I'm sorry I forgot to mention the post Quantum >>>>> crypto stuff as well that mic Pro Rock and in that groups working >>>>> on so but but. >>>>> Manu Sporny: Basically we're talking about this section. >>>>> <mprorock> * i feel slighted ;) >>>>> Manu Sporny: Write all the all the stuff in here I sent out a >>>>> kind of every year we present this roadmap about what the group >>>>> is doing and this I tried to update it I'm sorry if I missed >>>>> something there's a lot of stuff to keep track of I tried to >>>>> include all the things this community has been working on since >>>>> like you know 2010 ish. >>>>> Manu Sporny: 14 Ish all the way to present. >>>>> Manu Sporny: A and then try to predict out that like 20:27 based >>>>> on the stuff that we know this does not include work items that >>>>> for example diff is working on it doesn't include work items that >>>>> are happening at ietf unless they originated in the ccg so it's >>>>> missing some things with the Hope here is that it gives everyone >>>>> a pretty good idea of like the types of things we've worked on in >>>>> the past and what we're getting ready to move over so. >>>>> Manu Sporny: Cific Lee if we if we scroll down here. >>>>> Manu Sporny: The red line is today so this is this is where we >>>>> are today and if we scroll down here to the cryptography section >>>>> right here so the cryptography section this is where we are today >>>>> in each one of these items is an official work item in a official >>>>> w3c working group so as you can see we are getting ready to hold >>>>> like hand over a. >>>>> Manu Sporny: A huge amount of. >>>>> Manu Sporny: From this group to official working groups at w3c >>>>> so that is like a huge success story I think they're not all >>>>> going to the same working group this one here at the top actually >>>>> you know what let me let me pause for a second I've kind of fire >>>>> hose the group with information are there any questions at least >>>>> at a high level about what we're talking about today or just >>>>> general questions about the. >>>>> Manu Sporny: Okay so that's either everyone understand well >>>>> let's see where's the queue right so either everyone understands >>>>> or we're all totally lost one of the do I'll keep going feel free >>>>> to put yourself on the Queue if there's any any questions so >>>>> they're really two working groups at w3c that ccg work is going. >>>>> Manu Sporny: To the first world. >>>>> Manu Sporny: In group is a very specialized working group to >>>>> standardize this spec up here rdf data set canonicalization this >>>>> spec has been incubated in this group and other groups for a >>>>> decade now literally this work has been going on for a decade and >>>>> it's finally moving over to an official working group with the >>>>> time span of two years to standardize it the good news here is >>>>> that this thing has been pretty settled for six years now. >>>>> Manu Sporny: Now 7 years now but it. >>>>> Manu Sporny: Goes to show you sometimes how long some of these >>>>> things can take to actually get it into an official working group >>>>> so rdf data set canonicalization is going into a working group >>>>> called rdf data set canonicalization hashing working group at w3c >>>>> that group will run in parallel with the re-chartered verifiable >>>>> credentials 2.0 working group The VC 20 working group will build >>>>> upon this work and and. >>>>> Manu Sporny: Their work elsewhere. >>>>> Manu Sporny: Um and it will be taking all of these >>>>> specifications in right so things like data Integrity multi base >>>>> multi hash and multi key this one's a little gray area right now >>>>> but other things like Jason Webb signature the Edwards curve >>>>> crypto sweet the nist crypto sweet the Cobell it's Bitcoin >>>>> ethereum crypto sweet. >>>>> Manu Sporny: All you know fairly well formed and inspects that >>>>> can be pulled in the BBS Plus work needs more work at ietf but >>>>> we've been able to basically phrase the charter so I'm going to >>>>> switch back over to the Charter we've been able to phrase the >>>>> charter in the in this kind of conditional normative >>>>> specification term so basically this means that. >>>>> Manu Sporny: Plan to publish official standards for these >>>>> Technologies if the base work for these Technologies are >>>>> completed before the working group ends so there's base >>>>> technology for BBS plus that has to happen at ITF and there's >>>>> base technology for J WP s that has to happen at ietf before the >>>>> verifiable credentials working group can take it over. >>>>> Manu Sporny: Over so these things are. >>>>> Manu Sporny: Like optional we may not get to them we really hope >>>>> we get to them but it's totally dependent on groups that are kind >>>>> of external to the VC WG to deliver on the things that they said >>>>> they were going to deliver on okay so going back to kind of this >>>>> diagram that's why BBS plus doesn't start for maybe another year >>>>> in the group there's some pre-work there that needs to be done. >>>>> Manu Sporny: Let me stop there to see if there any questions. >>>>> Kimberly Linson: Well I was trying to keep question mark But I >>>>> added myself to the queue so I will ask you so so the official >>>>> Charter like how long of a period of time does that VC working >>>>> group Charter span. >>>>> Manu Sporny: Right great question so the charter span see oh wow >>>>> they don't have it it's two years basically right in once we know >>>>> the start date will will lock those time periods in there so at >>>>> the top it's typically two years and they really don't like w3c >>>>> members really don't like giving Charters more time than that >>>>> they don't like work that doesn't complete in something concrete >>>>> so we basically have. >>>>> Manu Sporny: Two years. >>>>> Manu Sporny: Extensions but and they're typically granted if >>>>> they're reasonable but if you have like failed to produce >>>>> something implementable at two years that you basically just acts >>>>> the group they shut you down which is why it's so important that >>>>> we go in with pre incubated work the other thing that's >>>>> interesting to look at here from timeline is section 2 6 where it >>>>> talks about like what happens a month after two months after five >>>>> months after 6 months. >>>>> Manu Sporny: After most w3c Charters have. >>>>> Manu Sporny: Are and and language like f PW d means first public >>>>> working draft CR means candidate recommendation like for >>>>> implementation implementer should start implementing at that >>>>> point and Rec means recommendation also known as kind of like an >>>>> official global standard so that's the time frame two years and >>>>> it's kind of broken down a bit in here and it's everyone that's >>>>> been in a w3c working group can attest to this is largely. >>>>> Manu Sporny: A work of fiction. >>>>> Manu Sporny: Things don't always go according to plan but you >>>>> know should give you a rough idea of what we intend to do. >>>>> Kimberly Linson: Thanks Charles is on the queue. >>>>> Charles E. Lehner: Hi can you hear me. >>>>> Charles E. Lehner: Hi I was wondering about the IP our >>>>> commitment process you mentioned how it works coming from with >>>>> documents coming from ccg and I was wondering how it works if >>>>> it's the same for the other potential documents coming from other >>>>> organizations. >>>>> Manu Sporny: That's a great question documents coming from other >>>>> organizations that have their own IP are mode or tend to be very >>>>> problematic in that it takes us a while to figure it out now if >>>>> that organization has a w3c mode like for example diff does >>>>> moving things overs typically much easier for the lawyers to >>>>> reason their way through it so Charles was your question mostly >>>>> about external documents coming in. >>>>> Charles E. Lehner: Yeah about the conditional normative >>>>> specification documents but. >>>>> Manu Sporny: Okay okay that's a great question because these are >>>>> there are two partners here this there's a two parts to the >>>>> answer here right so the BBS plus crypto Suite is a ccg work item >>>>> so at some point not now but maybe in a year maybe in six months >>>>> this group will have to create a final community group report on >>>>> the BBS plus specification and then hand it over to the be cwg. >>>>> Manu Sporny: Ever the base. >>>>> Manu Sporny: Primitives will be ITF work items so ietf doesn't >>>>> hand that stuff over to w3c ITF just basically says we've got it >>>>> we will standardize the base cryptographic Primitives and ITF in >>>>> you ccwg in your crypto sweet can refer to our specs so in the VC >>>>> w g what we would do if everything is in order at ITF the V CW G >>>>> would start pointing normatively. >>>>> Manu Sporny: Lie to the BBS. >>>>> Manu Sporny: ITF specifications did that help Charles. >>>>> Manu Sporny: The other part of that question which is also >>>>> interesting that I don't think many of us have been through here >>>>> is this whole concept of a final community group report in so if >>>>> you'll notice on our community group webpage we have these final >>>>> reports in like the vc10 use cases was one of those things the >>>>> data model 10 was one of those things in the did Speck was one of >>>>> those things there was. >>>>> Manu Sporny: A point in time where we did. >>>>> Manu Sporny: Doing today where we said okay we need to hand over >>>>> a bunch of specs and the editors of those specs publish them as >>>>> final reports in got licensing commitments on those final reports >>>>> so if I go and I click on like the did licensing commitments it's >>>>> takes a while to load because it's got a load all 460 people in >>>>> the group but you'll see these commitments from the credentials >>>>> community group on this did spec so you'll see you. >>>>> Manu Sporny: Like Dan burn. >>>>> Manu Sporny: Commitment reuven made a commitment Michael Zoo >>>>> Pele I mean all these people that worked on the did spec made >>>>> commitments right so all this yes stuff our commitments basically >>>>> saying we are not withholding any kind of intellectual property >>>>> or anything on the spec but if you go down far enough like there >>>>> are a lot of people that that made commitments. >>>>> Manu Sporny: A lot of people made commitments. >>>>> Manu Sporny: You'll see that some people did not write and that >>>>> might be because they didn't contribute anything to it it might >>>>> be because they don't feel like what they did contribute you know >>>>> would make a difference some of these people might not have been >>>>> a part of the group at the time right so really what we're >>>>> looking for are commitments from people that actually contributed >>>>> material and specifically things that are substantive to the >>>>> specification so. >>>>> Manu Sporny: The editor. >>>>> Manu Sporny: A document will put it out there and publish it and >>>>> then we'll publish it as a final report and then we will ask the >>>>> community hey we need you to you know make a commitment if you >>>>> contributed anything make a commitment and the editors themselves >>>>> will know like these five people absolutely definitely me need to >>>>> make commitments or we need to know now that they're not going to >>>>> make a commitment because then that that creates an air of you >>>>> know. >>>>> Manu Sporny: Auntie around IP are so if somebody. >>>>> Manu Sporny: Substantive thing like a something fundamental and >>>>> they're refusing to make and I pee our commitments then that's an >>>>> immediate red flag that you know it's raised now that has never >>>>> happened either that as far as I know in this group ever but what >>>>> we are expecting here is that for this work. >>>>> Manu Sporny: People we're. >>>>> Manu Sporny: Publish F CG s is final community group >>>>> specifications for these items and people are going to make those >>>>> IP our commitments on these documents hopefully that made >>>>> hopefully that made sense. >>>>> Kimberly Linson: Thank you does anybody have any questions for >>>>> me a new queue is currently empty. >>>>> Kimberly Linson: All right man who are the things that we want >>>>> to dive into on specifics or. >>>>> Mike Prorock: +1 That or dive on VC-API implications >>>>> Manu Sporny: We might want to ask each of the editors where they >>>>> think they are on prepping you know each document so we might >>>>> want to dive into each one individually that's one thing we could >>>>> do the other thing we could do is look at the rest of the road >>>>> map I don't know if folks would be interested in doing that and >>>>> asking questions about why things are staged in the way they are >>>>> or there's X is missing. >>>>> Manu Sporny: You know why is that. >>>>> Manu Sporny: Where does it fit in here. >>>>> Dmitri Zagidulin: +1 To roadmap >>>>> Manu Sporny: Either either you know we could we could go either >>>>> way. >>>>> Kimberly Linson: Mike just brought up a really good point that >>>>> maybe we should discuss is the VC API work and maybe we can >>>>> discuss that and then talk about the roadmap so that makes sense. >>>>> Manu Sporny: Oh yeah plus one. >>>>> Kimberly Linson: Mike do you want to jump in and give us kind of >>>>> an overview of the. >>>>> Mike Prorock: Yeah well like yeah sure and I guess really the >>>>> thing that is a little bit concerning to me and I think we're >>>>> making good progress now especially with some of the PRS that are >>>>> in queue on VC API but there's kind of two things if that work >>>>> moves over into the working group I think we should have it at a >>>>> reasonable does not have to be perfect but a reasonable steady >>>>> state. >>>>> Mike Prorock: Which would mean. >>>>> Mike Prorock: In the VC API work item we would want to kind of >>>>> formalize and say Yep this is what we're considering in scope and >>>>> we're just going to kind of lock this in a certain point and then >>>>> re pick up work inside the working group but since that would be >>>>> moving to a non-normative item that is the other question I have >>>>> around kind of what are the implications of that. >>>>> Mike Prorock: That could be detrimental. >>>>> Mike Prorock: Normative item it may set up the path to a more >>>>> normative item once we show people working on it so there's a >>>>> variety of ways that could go strategically and politically and >>>>> so that's kind of an open for I'd like man whose thoughts on that >>>>> and then I think that might spur some interesting conversation >>>>> there so. >>>>> Kimberly Linson: Great guy had manna. >>>>> Manu Sporny: Yeah I think that yeah Mike's totally right the >>>>> this is like a very this is a super interesting what's the word >>>>> conundrum that that were in with the VC API so so we've got >>>>> multiple people implementing the VC API and I know the trace >>>>> folks are doing it I know digital bazaars committed to it you >>>>> know number of organizations committed to interrupt through the >>>>> VC API but. >>>>> Manu Sporny: There have been some. >>>>> Manu Sporny: See members that have pushed really hard to keep >>>>> protocol out of scope for the verifiable credentials working >>>>> group so you will know that there is. >>>>> Manu Sporny: Out of scope right normative specification of apis >>>>> are protocols and we are expecting that if we try to put it in >>>>> scope it would be challenged heavily if not formal objections so >>>>> the what we've tried to do here is to basically say the group is >>>>> going to work on a developer guide the VC to working group is >>>>> going to work on a developer guide and there's going to be input >>>>> to that one of them is the VC API. >>>>> Manu Sporny: II just be Capi. >>>>> Manu Sporny: Other ones can app like we want to be able to talk >>>>> about protocols that are carrying verifiable credentials over >>>>> them but we're not allowed to say anything normatively about >>>>> those things so how are we you know how is this group going to >>>>> feed VC API into the VC to working group The verifiable >>>>> credential 20 working group. >>>>> Manu Sporny: One option. >>>>> Manu Sporny: When is we just handed over completely and it stops >>>>> being a ccg work item and then it's up to the verifiable >>>>> credentials working group to determine what what should happen to >>>>> the VC API upside there is like hey it's in the group that's >>>>> great but the only thing they can do is publish it as a note and >>>>> one of the implications of that that Kyle did hartog brought up >>>>> which I thought was a great point. >>>>> Manu Sporny: Point is that because it's a note it. >>>>> Manu Sporny: Kind of IPR protection whatsoever 0 IPR protection >>>>> so people can start injecting all kinds of horrible proprietary >>>>> patented stuff in there and there is no requirement to say >>>>> anything about that now we know I think all of us don't think >>>>> like that's going to happen but that is one of the concerns there >>>>> so option one is give it completely over to the verifiable >>>>> credential working group but all they can really do is work on it >>>>> as kind of like a note a developer guide that kind of thing. >>>>> Manu Sporny: Option two is that we keep it as a ccg work item >>>>> and we continue to incubate it here it has IPR protection in this >>>>> group and will continue to have IPR protection in the group and >>>>> what we can do is hand over snapshots to the verifiable >>>>> credentials to working group we can basically tell them hey can >>>>> you snap shot this in they can publish it as a note and they can >>>>> snapshot you know couple times throughout the year the benefit >>>>> there is that it has IPR protection and we can continue to >>>>> incubate it as kind of. >>>>> Manu Sporny: A high priority item. >>>>> Manu Sporny: So it'll get like the air it needs to breathe here >>>>> and have protection while also signaling to the w3c membership >>>>> that we do plan on doing protocols at some point like maybe not >>>>> right now but maybe in the VC 30 working group the recharter we >>>>> plan to put protocols in scope so that's option two option three >>>>> is to just keep it in the ccg and keep working on it and it would >>>>> be good you know I don't know. >>>>> Manu Sporny: If there are other options too. >>>>> Manu Sporny: Other options of the things that we could do with >>>>> it or it would also be good to hear back like what do folks feel >>>>> we should do with that item. >>>>> Manu Sporny: Let me ask a more pointed question traceability >>>>> folks what do you want to do with that item I mean you guys >>>>> depend on it right. >>>>> Mike Prorock: Yeah I mean I am honestly fine with it going in as >>>>> a note on the w3c side one of the kind of bigger picture items >>>>> that we have to balance as kind of the multiple aspects of >>>>> traceability because a lot of digital traceability is also coming >>>>> up and there seems to be a critical mass actually on the ietf >>>>> side right with some working groups there and that's where. >>>>> Mike Prorock: We have to still find out. >>>>> Mike Prorock: Willing to be friendly to use of VCS and Ed's >>>>> right in especially linked data usage and that's a bit of an >>>>> unknown right now and that's kind of a high risk I don't know or >>>>> eicu on the queue as well. >>>>> Orie Steele: Yeah I agree with the what Mike said you know I >>>>> think when we consider technologies that are related to >>>>> verifiable credentials dids and the sort of basic cryptographic >>>>> envelope formats like Jose Jose come to mind and I would want to >>>>> make sure that I think you know just speaking frankly the >>>>> verifiable credentials a. >>>>> Orie Steele: P I work for her. >>>>> Orie Steele: That's not the only thing that's important support >>>>> for traditional Jose and cozy a is also really important >>>>> especially for kids and and so I think. >>>>> Orie Steele: My experience with the w3c you know especially >>>>> after the did working group I'm not sure that the w3c is really >>>>> the best place to do anything related to protocols I think I >>>>> agree in large part with some of the positions that other w3c >>>>> members have held that the w3c is not really great at developing >>>>> protocols and in particular support for Jose and cozy which are. >>>>> Orie Steele: Of users are actively contributing to and >>>>> maintaining them at ietf I think there is a future where the VC >>>>> apis that exist today might be better served becoming more of a >>>>> dids plus Jose and cozy at ITF but that is the kind of thing that >>>>> you know it's about going to where the contributors are and >>>>> asking them how they want to see these Technologies working >>>>> together. >>>>> Orie Steele: And recognizing that. >>>>> <mprorock> it is really nebulous and makes me highly nervous >>>>> <mprorock> I don't think CCG helps it long term either >>>>> Orie Steele: Not everyone wants to use the same tools to build >>>>> their favorite sandcastles so I think the verifiable credentials >>>>> API as a non normative item at the w3c obviously doesn't really >>>>> do anything to secure its future anywhere like it could just >>>>> become a non-normative item and then never be defined further >>>>> could become a normatively defined API at W3 for support for the >>>>> defined verifiable potential formats. >>>>> Orie Steele: I think that's a best-case scenario but. >>>>> Orie Steele: My experience over the last few years is that even >>>>> when you plan for something like that you may not actually be in >>>>> control of achieving it especially given the you know kinds of >>>>> contributions we see the w3c standards so if it feels nebulous >>>>> and scary the yeah that's kind of how I feel about it. >>>>> Kimberly Linson: Go ahead manu. >>>>> Manu Sporny: Yeah so I mean this is this is this is new to me >>>>> and that does seem like a very big change in scope and Direction >>>>> Ori. >>>>> <orie> there is OIDF as well, working on protcols related to this >>>>> Manu Sporny: And so where it's so I haven't seen work like this >>>>> done at ITF ever there's low-level protocol bits and bytes stuff >>>>> that does happen at ITF but not application you know layer >>>>> protocols like sip is an example HTTP an example but those are >>>>> you know much more lower lower level than the VC API we're in the >>>>> w3c has. >>>>> Manu Sporny: Unlike application. >>>>> Manu Sporny: Linked data platform you know they did you know >>>>> protocol work there we're at ietf are both of you thinking the >>>>> work would fit in like it would be a complete rewrite of the >>>>> specification I think that's what I mean that's what I'm hearing >>>>> is like hey let's not use verifiable credentials let's use >>>>> something else and let's not do a w3c spec Let's do an ITF spec >>>>> so it sounds to me like this is a totally different >>>>> specification. >>>>> Manu Sporny: And you guys talk. >>>>> Manu Sporny: What where where did IETF with the work happen. >>>>> Orie Steele: So I'm not saying any work what happened ietf I'm >>>>> saying that ITF works on things that I care about deeply and if >>>>> you look at you know the work on an app that's happening and ietf >>>>> you can see that you know clearly ITF has ability to gather folks >>>>> who are passionate about these issues and work on standards there >>>>> I'm mostly saying that from a software supply chain or hardware >>>>> supply chain use cases dids and VCS are. >>>>> Orie Steele: Obviously an important part of that but I think >>>>> also. >>>>> Orie Steele: Port for existing cryptosystems like pgp Jose and >>>>> cozy is an important part of that and bgp Jose and Jose have been >>>>> defined at ITF so I'm mostly just saying that work will happen >>>>> where people are and you know obviously the VC API is currently >>>>> being incubated here in the w3c ccg and the plan is to work on it >>>>> as a non normative note in the w3c verifiable credentials working >>>>> group assuming the charter is approved. >>>>> Orie Steele: It's all I can say about that as I. >>>>> Orie Steele: I'm just noting that like there are also other >>>>> things that are happening out in the ecosystem like now and the >>>>> open ID connect verifiable presentation Flows at open ID >>>>> foundation and you know I'm interested in contributing to these >>>>> items as well so maybe really what I'm saying is that work >>>>> happens outside of the ccg and w3c as well. >>>>> Kimberly Linson: Thanks Orie, Mike did you want to add some >>>>> something to that. >>>>> Mike Prorock: Yeah I mean I can add some color and then some >>>>> concern I mean the I think a I think fundamentally having the VC >>>>> API live as a were even traceability for that matter live as a >>>>> long-term ccg non-normative items not going to be helpful to >>>>> adoption right and that's that's concerning to me so we have to >>>>> start thinking even if it's a way down the line where's this >>>>> going to work in a graduate to in quotes right. >>>>> Mike Prorock: >>>>> >>>>> https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-00.html >>>>> Mike Prorock: The I think you know Trends I am seeing in ietf >>>>> are for sure more work going on on exactly this kind of thing and >>>>> a case in point there's I'm going to link an individual draft >>>>> that's dealing more with supply chain from a software supply >>>>> chain like s bomb and things like that this this work is going >>>>> on. >>>>> Mike Prorock: Whether we like. >>>>> <bumblefudge> Fraunhofer SIT 🤩 >>>>> Mike Prorock: And so it's kind of forcing some decisions like >>>>> can we you know try to engage in a positive way and help move >>>>> those work items forward while also making sure our needs are met >>>>> from a like I have no desire to move away from verifiable >>>>> credentials like none whatsoever so you know it's stuff we just >>>>> kind of have to be aware of that is happening and unfortunately >>>>> because the players involved that stuff. >>>>> Mike Prorock: I'll get critical mass. >>>>> Mike Prorock: Like there's not only you know major players >>>>> involved in this kind of stuff and at that actual like protocol >>>>> API level type definition in architecture level definition but it >>>>> dition Ali there is regulatory momentum to go ahead and push some >>>>> of that stuff through I mean we're seeing increasing amounts of >>>>> executive orders on like how do you respond to zero trust >>>>> architecture things like that so these are you know items at >>>>> least from the US perspective. >>>>> Mike Prorock: Spective as well as also you know increased. >>>>> Mike Prorock: On the EU perspective that we're going to see some >>>>> of this stuff either you know get moved out of our hands because >>>>> we're not getting stuff ready quick enough or you know in a >>>>> presentable State quick enough or sometimes is as as I've seen >>>>> happen a couple of times lately take the work too far before >>>>> getting the conversation going with other players right and then >>>>> then it does become one of those like worst-case scenarios where >>>>> you're sitting down and rewriting stuff or readapting. >>>>> Mike Prorock: Whatever you just. >>>>> Mike Prorock: Forced into using and we want to avoid that as >>>>> well so so it's a complex it's a complex issue and it does make >>>>> me nervous and I think it should ultimately anyone who is working >>>>> heavily on things like VC API or off shoots of it and profiles >>>>> should be thinking about this stuff you know broadly and from a >>>>> big picture with you know who are the players in the ecosystem >>>>> taking this stuff seriously. >>>>> Mike Prorock: You know who made. >>>>> Mike Prorock: Out-compete whether we want them to or not. >>>>> Manu Sporny: Yeah I guess it's so I what I'm hearing is that >>>>> there are other groups out there that are working on technologies >>>>> that either directly compete with verifiable credentials or >>>>> directly compete with the verifiable credential API and we should >>>>> be aware of those initiatives I think that's the one of the >>>>> things I'm hearing the other thing I'm hearing is that. >>>>> Manu Sporny: Ricci might not be the best place for some of this >>>>> work and I think there was a finger pointed at the VC API >>>>> potentially so those are the two things I heard both Orion and >>>>> Mike you saying please correct me if I didn't hear that correctly >>>>> the third thing is a bit it's so nebulous it's hard for me to >>>>> understand what you're asking the community to do. >>>>> Manu Sporny: Do other than be. >>>>> <orie> I am not asking for anyone to do anything. >>>>> <orie> contribute where you think you should. >>>>> Manu Sporny: In the be aware even that is kind of like it's you >>>>> know it's not clear to me what the alternate plan wouldn't what >>>>> an alternate plan would be so I'm not hearing a very okay so are >>>>> you saying he's not asking anyone to do anything just be aware >>>>> that other work is happening elsewhere so let me let me stop >>>>> talking no mics on the Q I'm having a hard time. >>>>> Mike Prorock: Yeah I can get I can get into some very specifics >>>>> you know from like my personal and this is not chair hat right >>>>> this is just like me personal member of the community writing and >>>>> deploying software that is dependent on these specs right and >>>>> building a business that touches all this stuff you know you know >>>>> I think this is one of the reasons I fought very hard to make >>>>> sure in. >>>>> Mike Prorock: The working group. >>>>> Mike Prorock: Order for the next version of the VC API that we >>>>> can discuss from a practical developer standpoint what are the >>>>> implications of this and how do you work with these things and I >>>>> fought very strongly for the inclusion of two key items one was >>>>> the ability for us to discuss the oid see work going on you know >>>>> for exchange of credentials right over oid see that is obviously >>>>> work that is going on outside the w3c that is directly related. >>>>> Mike Prorock: And impacting on VCs I don't think that's. >>>>> Mike Prorock: I think that's just a thing right but we when we >>>>> think about it from a broader verifiable credential standpoint we >>>>> need to be able to guide and provide advice around how do you >>>>> actually interact with that stuff are we so you know what is >>>>> helpful etcetera same thing with the VC API and I don't see a >>>>> problem and I'm fact I plan to and I've stated multiple times in >>>>> the working group you know plan to one author you know or make >>>>> significant contributions. >>>>> Mike Prorock: Tribution stew that developer guide for both. >>>>> Mike Prorock: And for the VC API aspect if not fully flushing >>>>> and helping to fully flush out into find the VC API in a note >>>>> standpoint so I that is the path that I am proceeding down that >>>>> does not negate more detailed you know specific work that may >>>>> have normative requirements either in w3c or elsewhere right and >>>>> so that's I think the hit man who does that help clarify a bit >>>>> like you know but I. >>>>> Mike Prorock: Yeah and in the main reason on like the be. >>>>> <identitywoman> The Relying party problem (where can VCs be >>>>> accepted) is a really big one - the OIDC relying party "solution" >>>>> is reasonable - expecting everyone to rip and replace completely >>>>> to use VCs. >>>>> <identitywoman> is not reasonable >>>>> Mike Prorock: It's like especially from you know and I'm you >>>>> know being blunt here but like especially when we look at the >>>>> Microsoft's the IBM's the sap is the world right these are the >>>>> folks that to date have had a Stranglehold on this kind of >>>>> information exchange possibly also with GSX if you want to go >>>>> down the EDI path also you know additionally and so we need to be >>>>> aware that they will do you know players that have an established >>>>> foothold will do what they can to prevent losing. >>>>> Mike Prorock: That established footholds. >>>>> Mike Prorock: And it's just something we talked around that >>>>> issue a lot but we should be aware of it concretely and also be >>>>> very much Mindful and watching carefully what they are doing in a >>>>> standards basis to that could potentially serve as something that >>>>> is a competing standard that is a standard possibly even >>>>> sometimes in name only in order to justify a proprietary solution >>>>> and those are things we need to avoid from a lock-in standpoint >>>>> etcetera. >>>>> Kimberly Linson: Thanks Mike Adrian you're on the Queue next. >>>>> Adrian Gropper: Yes after working on this issue that we're >>>>> talking about now for about a year and talking to a lot of people >>>>> my conclusion has is that the protocol work that's going on here >>>>> under the very reasonable flag of self Sovereign identity and >>>>> authentication things does not Translate. >>>>> Adrian Gropper: Late in. >>>>> Adrian Gropper: Moving those under that decentralisation self >>>>> Sovereign flag to protocol work as it's being done in w3c and so >>>>> I at least you know have am completely moving the protocol >>>>> attention to ietf basically because you know the things that are >>>>> very much in the news these days whether you want to call. >>>>> Adrian Gropper: Them human. >>>>> Adrian Gropper: You trust or other things like that have to do >>>>> with the platform issues regulating the platforms and and things >>>>> like that and we just seeing that every day and to me the >>>>> protocol work that I've witnessed here is just completely >>>>> detached from the reality of what the world is worried about in >>>>> Europe and different cultures. >>>>> Adrian Gropper: Seeing again from this antitrust and human >>>>> rights perspective thank you that's it. >>>>> Kimberly Linson: Man who I have you on the queue. >>>>> Mike Prorock: +1 Manu >>>>> Manu Sporny: Yeah just real quick to Adrian Adrian that is just >>>>> not true we have gotten delegate abby'll authorization >>>>> capabilities working for the VC API full delegation so it >>>>> achieves the things you've been asking for for a long time we >>>>> have yet to put it in scope because the group's not ready to do >>>>> it yet so I strongly strongly disagree with your notion that >>>>> we're not paying attention to things like human rights and >>>>> delegation. >>>>> Manu Sporny: And specifically. >>>>> Manu Sporny: Ensuring that providers don't prevent you know >>>>> those holders from delegation so that's the first point the >>>>> second Point Orion Mike maybe I read what you two are saying as >>>>> in as a you're abandoning the be Capi work I don't think that's >>>>> what you meant to communicate but that's how I read it or even >>>>> abandon the be Capi work at w3c so. >>>>> Manu Sporny: +1 To support VC-API, yes, DB is fully committed to >>>>> that work item. >>>>> Mike Prorock: Okay quite the yeah and I'm on Q I'm just going to >>>>> act myself because of time and quite the opposite I mean that's >>>>> why I stated clearly like I plan on you know if not being a >>>>> primary author like major contributions on the actual developer >>>>> guide node or whatever that ends up becoming and that will >>>>> include how do we do restful exchange and handling of verifiable >>>>> credentials period end of sentence right but so and I'm assuming >>>>> that we'll start with the. >>>>> Mike Prorock: Capi we bring that in and then we evolve it as >>>>> well. >>>>> Mike Prorock: Group I'd be that's. >>>>> Mike Prorock: That is absolutely my attention there so I don't I >>>>> think that Baseline how do you do this stuff over rest is such a >>>>> core implied thing that we have to talk about it as working group >>>>> right and to the point where I am willing to sacrifice a lot of >>>>> my own time to go make sure that gets done so. >>>>> Kimberly Linson: Thanks Mike, Orie. >>>>> Manu Sporny: +1 To what MikeP was saying. >>>>> Orie Steele: Yeah I'm you know working with folks on the >>>>> verifiable credentials Charter on in support of the work items >>>>> that have been added both you know as normative deliverables on >>>>> non-normative deliverables and in the VC working group is going >>>>> to be the place where the VC API even gets defined better or it >>>>> doesn't but good news is that it's a note in either case so I >>>>> mean I'm contribute to working in that workgroup on the item and >>>>> yes like at some point this community. >>>>> Orie Steele: Group should theoretically. >>>>> Orie Steele: Each day final Community Draft before handing that >>>>> work to them but if it's going to go into a note it doesn't seem >>>>> like that really matters and so really what I'm saying is I'll >>>>> continue to do work on the item wherever it is. >>>>> Manu Sporny: Yeah okay plus 1 that's so that's that's crystal >>>>> clear and that's good thank you for making clarification like a >>>>> Nori the note thing a w3c has traditionally been used to signal >>>>> that the group would like to pick something up like groups >>>>> actually right in the top of the document we intend to pick this >>>>> up as a normative work item at some point in the future and that >>>>> is usually a very good signal that leads to a smoother each >>>>> ordering process so that's why. >>>>> Manu Sporny: Some groups have published notes for things. >>>>> Mike Prorock: +1 Manu >>>>> Manu Sporny: To take wreck track in Annex recharter it just >>>>> makes it all you know it makes all of it much much easier my >>>>> suggestion is that we can do both we can continue to work on that >>>>> in this group and refine it and get the test Suites get >>>>> interoperability working while throwing snapshots over the wall >>>>> to the verifiable credential working group I think that gets us >>>>> the best of both worlds. >>>>> Manu Sporny: And keeps us very nimble. >>>>> Manu Sporny: In ensures that we keep it at number one priority >>>>> will not be a number one priority in the verifiable credentials >>>>> working group but we as the ccg for the VCA be I can keep in a >>>>> you know very high priority and in finish it up with respect to >>>>> like work going on elsewhere yes indeed be again to be to be >>>>> blunt I think that there is damaging work happening in other >>>>> organizations when it comes to protocols and verifiable >>>>> credentials. >>>>> Manu Sporny: And I don't expect that to be. >>>>> Manu Sporny: Traversal will point fingers at which organizations >>>>> are doing it but you know I think you're both Orion my core right >>>>> we need to be on top of that we need to pay attention to the work >>>>> happening elsewhere in there are very powerful Market forces that >>>>> could either accidentally re centralize everything or on purpose >>>>> centralized things for you know the purposes of market dominance >>>>> and things of that nature that's it. >>>>> <orie> Many folks feel the same way about the CCG manu... it's >>>>> the nature of human tribalism. >>>>> Kimberly Linson: Mike you've got 30 seconds. >>>>> Mike Prorock: Yeah and in conclusion I would also say that and >>>>> you know in a little bit of clarification man who around like >>>>> damaging work I think in some cases like the software supply >>>>> chain stuff I think it's extremely well intentioned and really >>>>> important work just that VCS weren't on their radar neither were >>>>> kids but there was a desire to go after there is a desire to go >>>>> after decentralisation so they seem willing to learn and engage >>>>> at least at the you know early stages. >>>>> <bumblefudge> perhaps they were really wed to COSE? >>>>> <orie> yes, some folks like COSE over JSON. >>>>> <manu_sporny> I know folks feel the same way about CCG, Orie :) >>>>> -- and it is the unfortunate nature of tribalism. People spend >>>>> time on the things that they want to contribute to, where they >>>>> want to contribute to them. >>>>> Mike Prorock: They can write and ultimately could help adoption >>>>> if you know if we approach the right way if we don't approach it >>>>> in a you know we can't you know like anything right you can't go >>>>> in assuming that we have the only right path and everything else >>>>> right it's yes we have a a path it is right in many many ways but >>>>> it also can be adopted into other things right or as a piece of >>>>> other things so. >>>>> <bumblefudge> patience!? >>>>> Kimberly Linson: Great thank you this was a really interesting >>>>> discussion and I'm I learned a lot about sort of how the >>>>> community group and and the working groups work together and so I >>>>> really appreciate everybody's input we're just about at time so >>>>> I'm going to go ahead and wrap us up I'll let you know that next >>>>> week I'm going to be talking about decentralized storage thank >>>>> you everybody for your patience with me today and have a great >>>>> rest of your day thank you. >>>>> <manu_sporny> You did great, Kimberly! :) >>>>> <heather_vescent> Great job Kimberly!! >>>>> <bumblefudge> you're doing great! thanks so much >>>>> <kerri_lemoie> Thank you! >>>>> >>>>> >>>>> >> >> -- >> *ORIE STEELE* >> Chief Technical Officer >> www.transmute.industries >> >> <https://www.transmute.industries> >> >
Received on Wednesday, 3 August 2022 13:50:04 UTC