[MINUTES] W3C CCG Traceability Call - 2022-08-23

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:


Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:


Verifiable Traceability Task Force Transcript for 2022-08-23

  1. IP Note, Agenda Review, Scribe Selection
  2. GitHub Issue & PR review
  Orie Steele, Mike Prorock, Mahmoud Alkhraishi
  Our Robot Overlords
  Chris Abernethy, Russell Hofvendahl (mesur.io), nis, Ben - 
  Transmute, Mahmoud Alkhraishi, vivien, TallTed // Ted Thibodeau 
  (he/him) (OpenLinkSw.com), Ted Thibodeau

Our Robot Overlords are scribing.
Chris_Abernethy: A recording has started at a quick transcriber 
  check just to see if it's working.

Topic: IP Note, Agenda Review, Scribe Selection

Chris_Abernethy: Okay yeah Miss maybe tomorrow or a day that's 
  not a normal day for this so we don't get messed up with the 
  recording of the audio and transcription maybe we can hop on a 
  meeting and see if we can troubleshoot what's going on with while 
  you transcribe it doesn't work for you I'm happy to do that 
  whenever you want yeah okay.
Ben_-_Transmute: Yeah hour or less just be mindful about not 
  remembering to write stuff in chat.
Chris_Abernethy: Yeah okay so quick IP note for the beginning of 
  the call anyone can participate in these calls however all 
  substantive contribution contributors to any ccg work items must 
  be members of the ccg with full IP our agreement signed 
  information about and links to the required license agreements 
  can be found in the meeting agenda so the this mentioned the 
  topic this week is Trace interop so we can go ahead.
Chris_Abernethy: You PR's going to sort these with oldest first.

Topic: GitHub Issue & PR review

Chris_Abernethy: A link is in the chat the first PR here is 
  number 353 I think most of these are mine so I'll just dive 
  straight into them this one is to make some modifications that 
  were recommended by Miss to the documentation for meeting Note 
  updates specifically an explicit instruction to commit the new 
  group that text file and I think there are some minor typos and 
  some corrections for Ted in there as well.
Chris_Abernethy:  this has rubles from.
Chris_Abernethy: Owners plus Ted are there any objections to 
  merging this documentation updates.
Chris_Abernethy: Merging it now.
Chris_Abernethy: An 353 has been merged.
Chris_Abernethy: Next PR excuse me I just lost my list.
Chris_Abernethy: Next one is 355 this one is mine as well and 
  this is one of two PRS that is in place to update the request 
  body for oauth 2 token requests we were using raw Json encoding 
  but the official RFC six seven four nine specifies it should be 
  application/x-www-form-urlencoded request body.
Chris_Abernethy:  so this.
Chris_Abernethy: P are updates to requests for the conformance 
  tests any objections to merging this PR.
Chris_Abernethy: Okay I'm merging now.
Chris_Abernethy: Next PR is the second of these two is number 
Chris_Abernethy: This is similar but it modifies a number of 
  requests because this is for the tutorials and we have I think 
  seven or eight different Postman files but it is the same 
  modification in addition is also adds the required Scopes to each 
  of those Postman excuse me each of those auth token requests 
  because each one requires different Scopes obviously so this 
  includes that and that is for issue 3.
Chris_Abernethy: Are there any objections to merging this 
  modification to the tutorial Postman Scripts.
Chris_Abernethy: In Crete I believe that with oz0 they take the 
  stance that if you are doing machine-to-machine authentication 
  you should have all of the possible grants that are granted to 
  that idea and they just give them all to you but it's if you want 
  different Behavior you need to write one of their hooks in order 
  to do that other implementers don't do that or maybe they do it 
  by default but they will also Grant specific.
Chris_Abernethy: Request them the reason that we're even doing 
  this at all is so that we can have negative testing for tokens 
  which don't contain the correct scope.
Chris_Abernethy: That makes sense.
Chris_Abernethy: So we want you know we have defined in the open 
  API spec that certain Scopes are required in order to access the 
  various endpoints in order to do - testing we need to be able to 
  obtain tokens that do not contain those scopes.
Chris_Abernethy: It does if you if you implement a hook and the 
  auth0 side so that it only grants the tokens that were requested 
  and I'm happy to discuss that with you offline and in the grand 
  scheme of things if someone doesn't do that the only thing that's 
  going to fail as a - testing for that conformance it because it's 
  not possible to test that but all the you know the interop test 
  will still work the rest of the conformance testing will still 
Chris_Abernethy: We are also using Auth0 and I have implemented 
  the correct hook which I'm happy to share with you.
Chris_Abernethy: Okay emerges but yeah touch base with me offline 
  and I'll go over that with you.
Chris_Abernethy: Our production implementation I am not positive 
  but the implementation I'm working on that will be rolling out 
  soon yes.
Chris_Abernethy: Okay so that was 357.
Chris_Abernethy: I believe you got it.
<nis> Let's push ahead, but we might scale back from making RFC 
  6749 a requirement for conformance testing
Chris_Abernethy: Perched next PR is one and this one comes from 
  Isaac burn and what he has done in this I don't believe is on the 
Chris_Abernethy: I'm sorry I'll just go over this he has modified 
  the postman tests for credentials issue such that request body 
  contains an issuance date that corresponds to the current time so 
  that they can differentiate between various stored credentials 
  and understand which one of them may have caused has caused a 
  test failure if they have to go back and look at them I believe 
  that's a the effect of the comment that you made Ben is that is 
  that correct.
Chris_Abernethy: So this is a fairly straightforward change it 
  just makes use of some Postman predefined variables.
Chris_Abernethy: There are a number of modifications that I 
  requested which have all been integrated and we have approvals 
  from Alba to code owners does anyone object emerging pull 
  requests 361.
Chris_Abernethy: It does indeed object-- okay.
Ben_-_Transmute: I'll pay him and to say can be merged wants to 
  compliment this been interested.
Chris_Abernethy: Last PR 362.
Chris_Abernethy: And this PR is part of the implementation of 
  issue number 199 which is related to storing historical runs of 
  our integration ink excuse me interoperability and conformance 
  testing so what I've done here is taken some input from Ted 
  regarding the format of historical reports so nightly whenever 
  our reports are published.
Chris_Abernethy:  t' I publish them to the current.
Chris_Abernethy: Station and also a second location that is a 
  folder which contains the type of report either interoperability 
  or conformance a hyphen and then Unix timestamp so that each time 
  this is run we have the archive available to go back to now with 
  this PR does not Implement is any sort of browsable index into 
  that content so that is something that still needs to be created 
  in order to close 199.
Chris_Abernethy:  so this is just a partial fix for that.
<tallted> any chance of changing that unix epochstamp to a normal 
Chris_Abernethy: Precisely what this this store is the beautiful 
  charts that we normally create nightly you just have no waiting 
  each one of them and we see manually go in but yeah so I have 
  approvals from to of for it does anyone object to merging this 
  test functionality.
Chris_Abernethy: I'm Ted I'll just I just saw your comment can 
  you elaborate what you mean.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): All right 
  yeah I'm just wondering if instead of basically a serial number 
  for the timestamp that it could be a human-readable parts of all 
  you know your mom's day and time to whatever degree.
Chris_Abernethy: I would counter that with this is never going to 
  be human readable but I would 100% suggest that when we generate 
  the index file we parse that into a daytime that is human 
  readable if that makes sense.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I suppose 
  that's reasonable since that's the way will mostly be interacting 
  with that sure okay.
Chris_Abernethy: Yeah yeah that's it that's a good point and I 
  think that would probably be the best way to implement that.
Chris_Abernethy: Yes tonight when it runs you should see an 
  additional folder that publish to GitHub pages so instead of just 
  a single commit they'll be to one of them will contain an 
  entirely new folder the other one will overwrite the latest 
Chris_Abernethy: All right merging 362.
Chris_Abernethy: And that is completely leave until we see 361 
  resolved that is the last PR for interrupt so let's hop over to 
  trace vocab PR's.
Chris_Abernethy: See that we have seven peers here one of which 
Chris_Abernethy: Merge first so let me just get the link for 
  oldest to newest first.
Chris_Abernethy: Chat and let's begin with 35 excuse me 535 which 
  is tagged March first.
Chris_Abernethy: Who do you want to introduce this one for us.
Chris_Abernethy: Anyone objects to merging in this PR even that 
  we I think agreed to this prior to the conflicts and it's 
  probably okay let's speak now or forever hold your peace.
Chris_Abernethy: Okay merging 535.
Chris_Abernethy: And that is smirched so now let us return to the 
  normal order of things which puts 525 top Vivian this one looks 
  like yours would you like to introduce it please.
Vivien: Yeah so five two five dots for that's adding I guess 
  schema for delivery schedule which is going like what's meant to 
  represent a plan for transportation of like commodity across 
Chris_Abernethy: Okay I see that we have.
Chris_Abernethy: Bunch of approvals and we actually held this one 
  over from last week specifically so people could have a chance to 
  look at it there don't appear to be any objections if no one on 
  the call today objects I will go ahead and merge 525.
Chris_Abernethy: That is perched.
Chris_Abernethy: Spr is 529.
Chris_Abernethy: Is also yours Vivian.
Vivien: Yeah so last week called one of the issue that we went 
  through there was like a batch number description it's not 
  aligned across different files and this PR just fixing the 
  description for badge numbers.
Chris_Abernethy: Okay this one looks very straightforward we have 
  to of for approvals does anyone object emerging 529.
Chris_Abernethy: And that is marched.
Chris_Abernethy: Next PR we have is 538.
Chris_Abernethy: Benjamin this one is yours would you like to 
  intro it please.
Ben_-_Transmute: Sure now this is just a very small change for 
  the regenerate script it assumes that currently assumes the 
  credentials in is in a fixed position from where the script is 
  being called but that's not necessarily where the current working 
  directory is when calling it so I added a small change to resolve 
  the path so it can be able to plan the credentials even when it's 
  not called directly in the in the director that's.
Chris_Abernethy: Has two of for approvals does anyone object to 
  merging or request 538.
Ben_-_Transmute: Yeah this is kind of a precursor to adding it 
  into the the npm I thing is that now it should be able to run 
  from the root directory so we can play update package.json to 
  make it easier it's just yeah.
Ben_-_Transmute: So this is just a small I think I think I could 
  have actually probably included that in this PR but just one step 
  at a time.
Chris_Abernethy: All right right so I will merge right now.
Chris_Abernethy: It's merged the next is 539 which is in draft 
  and would you like to discuss this one today.
Ben_-_Transmute: It's a draft enough CI is also failing but I 
  will go ahead and describe the current work in progress so right 
  now we have a script called open API to concept that Jess and 
  what that's doing is it's taking all the schemas and it's 
  building the traceability be one that json-ld file which is being 
  used when as a reference when credentials are signed and if you 
  look at the flower currently it's about you know ten lines of 
  code that calls.
Ben_-_Transmute: An external Library so it's taking this.
Ben_-_Transmute: Function from the external library and it's 
  declaring it directly inside the scripts that we can edit it do 
  it and change those we need need to as far as work on this goes 
  is I managed to get the script working and declaring the context 
  file but for some reason when I try to actually sign credentials 
  with the context is not working and I think that has to do with 
  something with the way the context file is structured it's not 
  good enough that everything is there I think.
Ben_-_Transmute: Jen and vocab needs to be at the very top of the 
  resulting Json file or something so a few more tweaks to make on 
  this and after that hopefully we can do things like some little 
  one of Json schema issues that are in the issues so this is also 
  just a precursor to addressing this.
Chris_Abernethy: Okay that sounds like it'll be helpful to be 
  able to modify that bit of code.
Chris_Abernethy: Okay the next PR is 540 which looks like we've 
  got some conflicts but miss would you like to comment on what 
  this one is.
Ben_-_Transmute: As a kind of a side note to add on to mrs. thing 
  when I was going through the script I kind of realized it term 
  might not be something that we need to declare in our demo files 
  because the term is always going to be the same as the property 
  name and so all this does is allow for bugs to pop up and it 
  doesn't actually provide any.
Ben_-_Transmute: Quick note on that.
Chris_Abernethy: We feel like we need to create an issue to 
  remove those.
Ben_-_Transmute: II think we once we update I can I can remove 
  right now the the current context file is being generated from 
  the library and it depends on term being there and what update 
  the script I can update the script in a way that it doesn't use 
  term so I could probably go ahead and make it obsolete by 
  updating by updating the scripted do that half.
Ben_-_Transmute: We can have a issue that says term is no longer 
  needed to want to remove them.
Chris_Abernethy: Do we feel like this is something back to 540 
  now if this is something that we can merge was conflicts are 
  fixed or would folks like to see this again comment.
Chris_Abernethy: Sorry I didn't hear you it's rather.
Chris_Abernethy: Um yeah I agree with that assessment does anyone 
  else disagree otherwise we can merge this one's conflicts are 
Ben_-_Transmute: Let's just make a note confirming that merge on 
  once conflict has been addressed.
Chris_Abernethy: I have added a comment let's carry on that was 
  540 the next one is pull request 541 this one also has some 
  conflicts among students.
Ben_-_Transmute: Not the same thing.
Chris_Abernethy: Okay I will create a comment to that effect.
Chris_Abernethy: Okay I believe that is it for pull requests and 
  we are.
Chris_Abernethy: Over halfway through are there any specific 
  issues that folks want to ensure get a dress today before we dive 
  into the trace interop issues.
Chris_Abernethy: If not I will sort by recently updated.
Chris_Abernethy: It's the list first issue is issue 199 just 
  discussed a PR that addresses part of this PR addresses the 
  storing of the historical data but not the actual index I will 
  add a comment here.
Chris_Abernethy: Not yet we actually need to produce an index 
  that's browsable so folks can actually view this data.
Chris_Abernethy: Okay I see your point in that case we need to 
  create a new issue.
Chris_Abernethy: I am all for reducing complexity and reducing 
  scope of each issue so I will have we create close this and 
  create a new issue after the call.
Chris_Abernethy: So I've closed 199 the next issue is a perennial 
  favorites number 39.
Chris_Abernethy: This is related to selective disclosure 
  credentials and it is externally blocked and has been for quite 
  some time does anyone have any updates regarding information that 
  we were hoping for out of ietf.
Chris_Abernethy: I will add a comment at this is still blocked.
Chris_Abernethy: Next issue is number 87 this one has also been 
  around for quite some time on the last call we added pending 
  closed actually several calls ago.
Chris_Abernethy: You're waiting for Ori to agree to closing which 
  he did two weeks ago so unless anyone object I think that the 
  proper action here is to close this.
Chris_Abernethy: Closing number 87.
Chris_Abernethy: Next issue is number 100 which is a similar 
  status we added anything close to this Q two weeks ago or a 
  confirmed after we asked him if he was ready to close I believe 
  that we should close this one as well unless anyone has an 
Chris_Abernethy: I closing 100.
Chris_Abernethy: Next shoe is 330 this is a crush.
Chris_Abernethy: If I remember correctly that was added by Elite 
  that's correct.
Chris_Abernethy: Now you definitely added something to the head 
  of each tutorial how you could download and install the The 
  Collection instead of going through the tutorial.
Chris_Abernethy: Would it then be possible to do something 
  similar here and create a new ticket for that specific issue I 
  think we've moved quite far from hosted Postman collections.
Chris_Abernethy: Awesome thank you.
Chris_Abernethy: Okay the next one is 3:30.
Chris_Abernethy: This is a question that I added and this is 
  whether or not acceptable options for the credential issue or 
  endpoint should still include credential status the reason I ask 
  this is because I noticed there's some discussion in d.c. API 
  repo regarding possibly removing those I have not myself 
  implemented the credentials revocation.
Chris_Abernethy:  T so I'm not 100%.
Chris_Abernethy: Exactly how that works and whether or not this 
  information is required in the credential issue requests so if 
  anyone has some more insight into that saying that would be 
Chris_Abernethy: It says nobody implemented credential 
Chris_Abernethy: Got it so I think specifically what they're 
  saying is when you go to issue a credential there's the 
  credential object and then there's the options object and inside 
  the options object is a credential status sub object and specific 
  event I linked to talking about removing that that's the one that 
  contains domain and Challenge and I think proof date if I'm not 
  mistaken I forget.
Chris_Abernethy: I think I think yeah that's better.
Chris_Abernethy: Yeah so I don't know the answer to this I don't 
  have a proposal because I don't have enough information to make 
  one but I would like that information if anyone has it.
Chris_Abernethy: I'm happy to let this one sit if folks want to 
  Noodle it and come back to it over the week.
Chris_Abernethy: I've also seen.
Chris_Abernethy: I've also seen cases where credential stats is 
  part of a credential and not part of the options and apologies I 
  don't remember where I saw that or if that's even relevant.
Chris_Abernethy: So been just this is a verifiable credential 
  that's already been issued right now you just listen.
Ben_-_Transmute: Not as should not should yet this is from the 
  guy did actor just it was this is just reminding myself to for 
  look at the credential status.
Chris_Abernethy: Okay so I will.
Ben_-_Transmute: But I think I think in terms the issue 
  specifically if the PC API doesn't have anything concrete like 
  I'd be more than happy to be reactive on this and like once I 
  decide we can adjust involved from there.
Ben_-_Transmute: Oh I think I think I can speak to a little bit 
  of maybe what the background is behind that is I think they're 
  trying to address the phone home problem which it will Cory 
  eventually before is if the issuer defines if the revocation 
  index is 0 then every time they know that so on you know request 
  for the index zero to be verified that they know that you know 
  the specific you know the specific index is being a you know a.
Ben_-_Transmute: For and they like oh.
Ben_-_Transmute: He's checking to see if my college you know my 
  college verification is like okay like I said I sent my resume 
  out to four companies so I know one of those four companies is 
  now looking at my at my college you know credentialed I sent them 
  and so that kind of tells people that gives people information 
  that gives a verifier early issuer information on who's coming to 
  verify their credentials and this is I guess that's describes his 
  phone home problem so I guess trying to remove.
Ben_-_Transmute:  move that they might be trying to remove the.
Ben_-_Transmute: Address that by having the index randomizer okay 
  then then forget what I just said.
Chris_Abernethy: I'm also going to link a specific bit of open 
  API that I'm talking about which does not have revocation list or 
  revocation list index or any of that it only contains type and 
  you can only specify revocation list 2020 status and that's it.
Chris_Abernethy: I do think it makes sense and I also think it 
  makes sense to have this in the request think I should probably 
  reword issue to what should this be an option or should this be 
  part of the credential.
Chris_Abernethy: So if you click on the link it have in the body 
  of the issue there's a comment from Manu on 21 July and it's 
  third paragraph in the body says new PR remove challenge domain 
  and credential status from the list of suitable options 
  prudential's issue issue service and.
Chris_Abernethy: And really that's it it's your.
Chris_Abernethy: Will be awesome thank you so I think we can let 
  this one sit still.
Chris_Abernethy: Next time and move on to issue 333 and let 
  anyone else would like to helmet.
Chris_Abernethy: So she 333 this is another question that I have 
  added and this is whether or not the type property of credential 
  and presentation should allow a bear string in addition to an 
  array of strings the reason that I'm even thinking about this is 
  because I'm writing some code that uses the hyper Ledger areas 
  framework go to deal with credentials and one of the things 
Chris_Abernethy:  they do is.
Chris_Abernethy: Normalize that value to a single string if all 
  it is is an array of one string and I went through a couple of 
  examples that I could find and many places indicate that should 
  be an array of strings but then there are some that for example 
  the VC implementation guide has examples with just a string so 
  food brought up the point that if we allow both here this does 
Chris_Abernethy:  makes it easier to interrupt.
Chris_Abernethy: So I put the question to the group should we 
  should we allow a single string for type credential and 
Chris_Abernethy: Perhaps a more appropriate question is does 
  anyone on the call today object to modifying these open API spec 
  to allow a single string in this instance.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I don't 
  objectify what it was.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): It was 
  discussed rather heatedly that it was much more difficult to look 
  for strain or array of string than it is to just deal with it an 
  array that has a single string in it.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I don't have 
  any feeling on this because I don't cook so I don't know how much 
  work it is.
Chris_Abernethy: A very narrow view on this with a Counterpoint 
  that says the library I'm using does all that for me I realize 
  I'm not the only case here just to suggest that there's there's a 
  Counterpoint there do you remember where that was disgusted and 
  be interested in Reading those notes.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Oh I wish no 
  I have no idea where it was I don't even know if it was this repo 
  versus vocab versus another one entirely.
Ben_-_Transmute: I don't in terms of coding I don't mind a string 
  or an array of strings but in terms of data modeling prefer to 
  avoid that kind of thing it if you know if you have an array type 
  you you know that would be better solved with array with the 
  single string in it but.
Ben_-_Transmute: Yeah I yeah they issue or one is yeah I would 
  prefer odd I would definitely prefer objects or Stringer that's 
  be sterilized because you have to be like oh if it's an object 
  check for ID if it's not an object check to the string and that's 
  issuer issuer being an object versus string is definitely very 
  annoying so I would that be sterilized would definitely be 
Chris_Abernethy: Well I mean I'm happy to to go either way here 
  if we want to make this a required to be an array that would be 
Ben_-_Transmute: That's what I'm kind of alluding to.
Ben_-_Transmute: Yeah yeah just to kind of I'm using about the 
  data modeling side I didn't address the inner upside and you know 
  if it's a hip if it's an interrupt issue then you know they do 
  modeling wolves aside and you know it's unfortunate that we 
  should probably support it.
Chris_Abernethy: Okay then if that's the case I will change this 
  to ready to PR I'll sign it to myself and that's time for us 
  today would anyone like to volunteer to submit the meeting 
Chris_Abernethy: Not submitted the meeting minutes yet everyone 
  should do that at least once.
Chris_Abernethy: All right if there's no volunteers I will 
  happily do that.
Ben_-_Transmute: Or I would kind of counter and say that you know 
  potentially if we kind of round robin who chairs the meeting then 
  get do.
Ben_-_Transmute: Are you know we could kind of set up a schedule 
  to say to kind of know in advance and then that way we can avoid 
  having discusses on the call kind of thing.
Chris_Abernethy: Yeah that works for me too then people will come 
  on time because they're not worried about having to start the 
Ben_-_Transmute: All right so Chris decide who uploads meeting 
Chris_Abernethy: I'm happy to do it today and going forward 
  whoever runs the meeting should up with the meeting notes.
Ben_-_Transmute: Okay so I don't mean this movement are you going 
  to be on the next call.
Ben_-_Transmute: Okay next okay so wait the next week are you 
  planning on being here.
Ben_-_Transmute: Okay alright I will go ahead and save move 
  doesn't show up I will be the backup post and that I guess that 
Chris_Abernethy: All right sounds great thanks everyone in just a 
  point before I forget we ran into this last week when this and I 
  were working on the notes the full audio doesn't often populate 
  for quite some time so if you happen to notice that the audio is 
  only 6 minutes long give it an hour.
Chris_Abernethy: I'll see everyone next week.

Received on Tuesday, 23 August 2022 18:50:17 UTC