- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Fri, 04 Feb 2022 00:06:33 +0000
Thanks to Our Robot Overlords for scribing this week!
The transcript for the call is now available here:
https://w3c-ccg.github.io/meetings/2022-02-01-vcapi/
Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:
https://w3c-ccg.github.io/meetings/2022-02-01-vcapi/audio.ogg
----------------------------------------------------------------
VC API Task Force Transcript for 2022-02-01
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2022Jan/0245.html
Topics:
1. Introductions and Community Updates
2. Start Workflow - Presentation Availability Convergence
Action Items:
1. Update Presentation Availability to
"/exchanges/initiate/{exchange-type-id}/{?exchange-uuid}" and you
have to POST data to the endpoints.
2. Update POST body to accept a JSON object, where the
Traceability spec will further define exactly the type of object
they're looking for (a VPR?)
Organizer:
Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi
Scribe:
Our Robot Overlords
Present:
Mike Prorock, Manu Sporny, Mahmoud Alkhraishi, Markus Sabadello,
TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Andy Miller,
Dmitri Zagidulin, Joe Andrieu, Juan Caballero, Kerri Lemoie, Phil
L (P1), PL (T3), Eric Schuh, Kaliya Young
Our Robot Overlords are scribing.
Manu Sporny: All right welcome everyone to the February 1st 2022
verifiable credentials API call we have our agenda in the chat
Channel right now on the agenda today we have an agenda review
introductions relevant Community updates.
Manu Sporny: We have a discussion on workflow so the the kind of
one of the goals of this call is to try and align two calls in
the VC API with what the traceability folks are doing and so
we're going to attempt the whole call today is going to be
focused on getting that kind of alignment so that has to do with
the start workflow and then the presentation availability.
Manu Sporny: With either workflow interaction or the submit
presentation call so they're just two calls therefore calls now
we're going to try and boil them down into two calls if possible
or just get a plan together and how to do that there's also some
issue processing that we need to do Mike I think you raised the
concern about controller style and point the pattern that we're
using for the API and so maybe we want to change that and then
there's this.
Manu Sporny: Flo IDs and names should they be in the URL or
should they be in the post body so those are the items that we
have for discussion today and then we'll do issue processing if
we have any time left over which I doubt we're going to have any
updates or changes to the agenda anything else folks want to
discuss today.
Manu Sporny: Okay is there anyone new to the call or anyone that
would like to reintroduce themselves.
Topic: Introductions and Community Updates
Manu Sporny: All right is there are there any Community updates
specifically relevant to be Capi.
Manu Sporny: I do think it's probably relevant mentioning the
chartering.
<manu_sporny> VC APIs "out of scope":
https://github.com/w3c/vc-wg-charter/pull/43
Manu Sporny: Disagreements that are happening right now for
those of you that are not aware BC apis there's a suggestion by
Microsoft that any kind of protocol work any kind of API work in
the VC 2.
Manu Sporny: Co-working.
<pl_(t3)> Why is MS saying that?
Manu Sporny: Escape completely don't want to talk about
protocols none of that stuff there are a couple of us that are
engaging in that thread we would appreciate others chiming in one
of the concerns here is that we want to.
Manu Sporny: One of the concerns there is that we want to
publish a note around the work that we're doing in this group
just to set it up so that we can take it standards track during
the next recharter which would be in 2 years or whenever the work
you know when of the working group finishes its work there.
Manu Sporny: Yourself seems to be pushing back pretty hard on
that Phil you asked why currently Microsoft is trying to get open
IDC the protocol in as the protocol to move mobile driver's
licenses around there has been a decent bit of pushback on mdl as
it's currently formed because it doesn't take into account
verifiable credentials and verifiable presentations.
Manu Sporny: And this is just my opinion my expectation is
Microsoft would like to see that happen over open I DC connect
and having another protocol out there that moves verifiable
credentials around places that approach into question.
Manu Sporny: I will pause and other people that you know other
people may want to speak to that as well anyone want to put
themselves on the Queue to speak to that.
<juancaballero> or at least, into
competition :)
<pl_(t3)> Understood. The revenue impact is now getting clearer
:-(
Mike Prorock: Yeah and II think that there's definitely some
folks working pretty hard on going down like you know open ID can
act as a path for exchanging credentials right and I don't think
that's going to change right when we look at the way you know
who's involved Etc I do think that there is a potential path
forward to do so and in fact I opened a PR for it man oh I don't
know if you saw that all.
Mike Prorock: I think 66 all lengths.
Mike Prorock: https://github.com/w3c/vc-wg-charter/pull/66
Mike Prorock: But basically this a look let's go ahead and very
explicitly in the non-normative side of things from a developer
you know be able to give developer documentation guidance
etcetera put up possibly as an extension or set of extensions on
top of the existing implementation guide for a rest API
definition such as we're talking about here but also not to rule
out guidance on how to handle you know if you're going to
exchange credentials via open it.
Mike Prorock: Eid connect we should be able as working group to
discuss that.
Mike Prorock: His well basically right because I don't it's
gonna take a little while to get to some consensus on that and I
think the danger that I see is that if we try to push back hard
on open ID connect or push back hard on something else that they
you know we may see what more resistance to saying look any
protocols you know for exchanger discussion of that even in a non
normative ways out the.
Mike Prorock: Window and that's that's.
Mike Prorock: More dangerous I think from an adoption
standpoint.
Mike Prorock: +1 Be able to discuss REST APIs
Manu Sporny: Sure and in the suggestion isn't to say you can't
do open ID connect it's it's yeah absolutely if you want to do
open ID connect and move these around on it that's great we
should be able to talk about that in the group and if the folks
in this group want to see the VC API as a part of that discussion
we need to put it in scope so the concern here is that if we
don't put the document we're working on right now squarely in.
Manu Sporny: From a non-normative standpoint there will be.
Manu Sporny: About it right so that is that is the concern that
I have is that if we do not make it very clear that we can talk
about VC API and publish it as node and all that kind of stuff
there will be objections to doing that once the working group
starts up go ahead Joe your.
Joe Andrieu: I think you mean stop talking about it in that
working group which is not the context we're talking about that
now so it still wouldn't prevent us from continuing the ccg work
on it or charger in another working group to actually standardize
it all right.
<mprorock> we will move on from it and not dedicate resources if
it is not in the WG
Manu Sporny: That is partially correct remember this is now
somewhat of a race in open ID has its own foundation and you know
these participants are active there in all they have to do is
stamp something as a standard of they're done it's a it's a
global standard and then all of a sudden the VC API is a why do
we need that when we already have this other standard out there
right so.
Manu Sporny: From a strategic.
Manu Sporny: They think it's a bit concerning if we just
continue to work on this as a community group and it continues to
be referred to as a yeah but that's just some random group of
people on the Internet working on it rather than it being
actually discussed the spec itself in published as a note in the
verifiable credential working group so that we can take it
standards track.
Manu Sporny: I'm sorry I think I jumped the cute and I might go
ahead apologies.
Mike Prorock: Yeah I think I was going to say some of what you
were saying there but I will clarify like for instance just
because of limited resources and having to pick our battles like
if honestly like if some kind of a rest API and I think putting a
reference in directly to the VC API as it stands today is not the
worst idea but it you know if that's not as part of that working
group honestly we're going to probably.
Mike Prorock: Have to move on.
Mike Prorock: Try we just have limited resources to go dedicate
to it especially if there's a clear path to like an open ID
connect path right so that's the that's the difficulty I see I
vastly prefer arrest for all of these interactions right so
that's part of the reason I'm making the effort here and you know
opening PRS I and you know discussing on the issues over on the
work group you know Charter discussion because I think it's
important to have a clear restful.
Mike Prorock: Path to exchange this kind of the.
Manu Sporny: All right thanks for that Mike no one else is on
the Queue will move on we've just you know this was just
highlight that that conversation is happening there.
Manu Sporny: Okay happy to do that.
Mike Prorock: Yeah let's think I was going to say Manu if if you
want to suggest on that PR you know like a such as and then a
link to the VC API or something I'm happy to I think that'd be a
good way to at least get the conversation going in one place on
that yeah cool thanks.
Topic: Start Workflow - Presentation Availability Convergence
Manu Sporny: All right so let's go ahead and move into our first
topic then which is the start workflow presentation availability
convergence discussion so let me go ahead and share my screen
here one second.
Manu Sporny: There are currently two calls in the VC API that
effectively do the same thing one of them has been in there for a
while and that is the presentation availability availability and
point in the purpose of this endpoint please correct me if I'm
wrong here Mike is to basically kind of.
Manu Sporny: Say that you.
Manu Sporny: Have some presentations available to the server so
you're the client and you're contacting the server and you're
like I've got some stuff that I'd like to send you the server
then responds with potentially be PRI VPR a verifiable
presentation request and it's like okay well if you want to send
those things to me here's some here's some instructions on how
you do it the start workflow.
<mprorock> yep, Query By example, Challenge, etc
Manu Sporny: As opposed to end point in when you post data to it
the workflows kind of encoded as a in the URL and it says okay if
you want to start that workflow with me here's a verifiable
presentation request so the only thing that differs between these
two endpoints is the data that you post to it the start workflow
call just takes any object it's just like just send me it's.
Manu Sporny: It's not very specific.
Manu Sporny: In the expectation here is that the server once it
receives the object will understand oh you want to do that kind
of workflow with me and you gave me the data to kind of kick it
off and here's your presentation request and then you go back and
forth on that the presentation availability and point is a little
more specific in that you actually I think Mike you send it a VPR
but it's effectively an.
Manu Sporny: Checked you send it an object and it responds back
with a.
Manu Sporny: Want to send me that information here the things
that you need to hear the things you really need to send me and
the thing that's usually returned in both cases is like a domain
and a nonce and a challenge and they like that kind of stuff like
the credentials it wants to see that sort of thing so there was a
lot of effort put into this to try and make this call to start
workflow call a superset of the presentation availability.
Manu Sporny: All so you.
Manu Sporny: Do both with with start workflow.
Manu Sporny: So the I think the proposal here is can we merge
these both down into one thing the suggestion is can we do the
start workflow one and then the trace folks specify in the
traceability spec that they want this object to be a VPR.
Manu Sporny: So let me let me start.
Manu Sporny: And see Mike if you have any questions concerns
Mahmud or anyone else that would like to comment on this should
these be merged under what circumstances that kind of thing go
ahead Mike Europe.
Mike Prorock: I'll defer to Joe first so.
Manu Sporny: Go ahead Joe.
Joe Andrieu: Okay yeah I'd like to see the merge in part because
I think the semantics of presentations available is that the
wrong layer like I think it's data is available or claims
available the presentation isn't created until the nonce is sent
right so I think there's just a little bit of impedance mismatch
there and I think we can clean that up with a start workflow as
an alternative.
Manu Sporny: Okay thanks Jill Mike Europe.
Mike Prorock: Yeah I have a little bit of some similar to
concern to what Joe just said in the sense that the presentation
is not created yet obviously because what you're saying is hey
give me the stuff I need in order to you know create a
presentation and send it to you where I the the only way were
exchanging data on the supply chain side is via presentations
right it's a presentation with an array.
Mike Prorock: Credentials in it.
Mike Prorock: The concerns I have is that there's a bit of
overloading of the term workflow right so from a supply chain
context and especially from like a USC Customs Border Protection
context when we use the term workflow we're referring to a very
explicit like import workflow or you know set of regulatory rules
and stages and inspections and things that actually have to
occur.
Mike Prorock: To a physical good so.
Mike Prorock: The same you know we have the same term applying
you know being used in it you know supply chain context as
opposed to kind of more of like a broader digital context so that
is one concern I have a bit over the notion of saying yep we're
going to have you know an endpoint that just arbitrary workflow I
think it might work I'm not sure I would love Mike moods thoughts
on this but that's a little that kind of overloading their I
could see cause.
Mike Prorock: And confusion for some folks.
Manu Sporny: Go ahead and Mahmud if you've got some thoughts.
Mahmoud Alkhraishi: So one of the things that Mike and Joe both
mentioned that really resonates is the idea that presentation
isn't actually available when you say position available I think
everybody's on board with that that makes you know all the sense
in the world to at least semantically change what we're saying
there.
Mahmoud Alkhraishi: I think the two flows makes a lot of sense
to me but the word workflow is like ridiculous that overloaded
now I know you've mentioned that this is a working title and then
we're going to change that and I'm happy to you know do that
change so I'm going to only talk about it from a conceptual level
for getting the word workflow right let's just talk about it from
a concept of can I merge the two different.
Mahmoud Alkhraishi: Calls that we're going to do.
<joe_andrieu> perhaps "initiateExchange"?
Mike Prorock: +1 Joe - something like that might work
Mahmoud Alkhraishi: And to me the answer to that is yes as long
as I have a way of saying I need one two three credentials from
you please provide it to me in a presentation and.
Mahmoud Alkhraishi: That's like a hard requirement for me I
think everything else just you know as long as we're able to do
that it makes sense.
Manu Sporny: Got it all right so I'm on the Queue I think the
respond to both of those things so yeah makes total sense
speaking to the workflow term I just I just used that term like
he was just like a placeholder right so if we want to call it
Sally or you know snowboard or whatever like we should totally
buy shed it and call it 11 potential there is just to call it
present.
<mprorock> or notify
Manu Sporny: And flow or something like that but I feel like we
can bike shed that later Mike the way that you use the word
workflow though when you specify traceability is exactly what I
was thinking it with respect to the word workflow so a workflow
is a predetermined kind of set of steps that you want to execute
and in some cases when you enter a workflow you don't necessarily
know what steps.
Manu Sporny: Soooo 34.
Manu Sporny: And seven are going to be you know that you're
going to start with something but then the server might ask you
for something different depending on this the type of you know
when you start a workflow the server is going to ask you the same
thing in return I need to see X y&z from you but that verifiable
presentation request that that it asks for me so this is speaking
to what you said Mahmood that that VPR that you get back that's
like I want to see items one two and three that can.
Manu Sporny: Have some optional things in it and based on what
you give back to the server.
Manu Sporny: Oh oh now I need these other things from you right
so there's the ability to kind of float fork in a workflow and do
that kind of thing but the the semantics of the word workflow
Mike was exactly what you described that's what I what I meant
but at the same time I completely understand if it's overloaded
and people don't feel comfortable with it that's fine we can
rename it I think the key thing here is.
Manu Sporny: You in can the trace folks continue to do what
they're currently doing I think the answer to that's yes so let
me stop there and see if any one kind of wants to react to that
oh sorry go ahead Joe I think you're back in the queue.
Joe Andrieu: Yeah I know we can buy said this later I agree with
that I had proposed initiate Exchange in the chat and just wanted
a bubble that up that may offer the same affordances without the
overloading of the term workflow.
<mprorock> or presentation/notify
Manu Sporny: Cool plus one of that go ahead mama.
Mahmoud Alkhraishi: So one of the things that I want to surface
up is that on the traceability side we've been talking about
workflows as an amalgamation of multiple different actors doing
different things in a long-term process right so what Mike was
saying with import is includes the person who is growing the
product the person who is transporting the products the person
who's filling out the input declaration etcetera etcetera.
<mprorock> it won't happen all in one api call or set of calls
back and forth even
Mahmoud Alkhraishi: I'm hearing from you about the word workflow
is more about I am talking to a single server and I am initiate
and I'm doing an exchange of VCS once I give you to VCS you come
back to me and you say hey can you give me a third VC that's a
little bit different right so to me you're talking about an
exchange with a single party whereas what Mike is talking about
and what we can talk about disability side.
<mprorock> two weeks later a workflow gets picked up and
continued
<mprorock> etc
Mahmoud Alkhraishi: Multiple instances of that exchange with
multiple different parties that need to be all relatable to each
other I hope I made that clear yeah.
Manu Sporny: Got it yeah I don't know that's crystal clear so
conceptually the way at least I'm looking at that is that your
multi-party workflows are just a bunch of mini workflows chained
together is that a wrong way to look at it so like you know there
can be the the whole workflow like the total end and multi-party
workflow with Bunches of people you know.
Manu Sporny: Sending and receiving.
Manu Sporny: Kind of stuff but each one of those individual
actors in the traceability whole workflow is is doing their own
mini workflow they're just providing their bit of their
particular workflow that point in time thoughts on that go ahead
Mike.
Mike Prorock: Yeah I think that's not a terrible way of thinking
of it but you can't always guarantee that you're going to have
clean segmentation so like in the egg case like in a layout just
like a physical example because sometimes it's easier to think
about right so you'll have a credential comes come in that
represents the Harvest data right so such was harvested packaged
up in a box at the actual Farm itself right cool.
Mike Prorock: Oh great one actor.
Mike Prorock: Yep that was my part of it and I moved it to Cold
Storage great there was my second part right so then though you
might or might not have someone that picks up part of that and
goes down a different path that's like a may go down a certain
path branching case right that may not have been Divine defined
to begin with right so there's just not really clear segmentation
as far as which actors are taking part in which aspects of the
workflow or.
Mike Prorock: Even segments of that workflow and.
Mike Prorock: Us it's a lot easier to just say look I've got
this arbitrary async batch of data ready go ahead and you know
let me know when you're ready to receive it and I'll start
sending it over because that stuff's coming very very
intermittently and in you know not necessarily predictably and we
are linking that stuff very actively via use of like a
correlation ID between presentations right this.
Mike Prorock: Presentation has credentials.
Mike Prorock: Linked up to this particular workflow or
potentially this credential is linked to another one via
correlation ID and we're looking at ways of associating an IED to
associate a specific like regulatory workflow that that
correlation ID applies to as an instance of but that's still
being hashed out so it's does that does that help give a little
Clarity there because it's not like it's going to be oh I start a
workflow.
Mike Prorock: Done with even my portion of the workflow that may
change day-to-day or instance to instance even within the same
product leaving the same location going to the same destination
for the same importer.
Manu Sporny: Yeah so let me check the queue yes that makes sense
I think we're still talking about bit past each other but that's
okay the workflows here at least the definition that I was
thinking of don't need to be synchronous and they don't need to
be known because it before ahead of time and they can change from
day to day and I think all of that meets matches what you just
said.
Manu Sporny: But I'll note that like I don't want us to get like
caught up on the word workflow I think success here is like going
oh we can merge these two because they're effectively the same
thing and we you know go with Joe suggestion of like this is
really about initiating a presentation and kind of go from there.
Manu Sporny: Go ahead mama.
Mahmoud Alkhraishi: To me when we're talking I think we are
talking past each other and that's very valid I think in general
I'm on board with saying we need a way to merge the two apis into
something that's essentially an exchange API the mechanics of
which we can easily hash out over a PR where we go oh actually I
need to Define X first I first that's straightforward to me what
I want to make.
<mprorock> presentation/initiate or something
Mahmoud Alkhraishi: Super clear is that there is a necessity to
link multiple exchanges to each other and that's something that
we've defined on the trade side as a workflow now we can call
that an end-to-end flow whatever you want to call it but the
point is I need to be able to point to separate instances of
exchange and say these exchanges are all.
<mprorock> and to link subsets or incomplete groups as well as
the end to end
Mahmoud Alkhraishi: In some way and I need to be able to point
to what are these exchanges were made by me or by some other
party right it doesn't need to be like I shouldn't only need to
point to an exchange of that I made with a server I could point
to an exchange that somebody else made with you know a different
server and say these are.
Manu Sporny: We do have this bit around so workflows have IDs
the around workflow interactions so that might have to do with
that might speak to your ability to link these things together
that is certainly contemplated here in the workflow interaction.
<mprorock> it is more a UUID to represent a type of workflow, and
another UUID for the specific instance of that type of workflow
Manu Sporny: But I'm wondering if that's where we should take
the conversation because one thing we could just ask is like if
we renamed presentation availability to something like start
interaction or something like that and we made this thing more
generic so it doesn't have to be a VPR it can be any Json object.
<mprorock> but, yes
<mprorock> bc i would like to use this for cred refresh as well
Manu Sporny: That I think just those two things would allow us
to merge the two together and then that would allow us to
initiate like credential refresh using this kind of unified API
and it should allow the trace folks to just continue doing what
they're doing with like a small renamed of the endpoint.
Mahmoud Alkhraishi: So I've been simplifying how we use work
clothes a little bit just for the sake of you know making it
clear but what Mike put in chat is absolutely important to the
Limit right and that's basically when we talk about end-to-end
flows we're talking about a process and we have to separate
identifiers that were associating with those bosses right one is
an identifier.
Mahmoud Alkhraishi: That says this is the it.
Mahmoud Alkhraishi: Pace of what are the possible paths that
this process can take which were using as a way to define hey I
can do X Y or Z separate actions and all of these actions will
generate a VC or won't generate a VC or whatever but it this is
the whole problem space so to speak right the second identifier
is an identified were using for an instance of a workflow now.
Mahmoud Alkhraishi: If I'm able.
Mahmoud Alkhraishi: To link multiple exchanges to a single
instance of an end-to-end flow via the ID that you pointed out
then that would be a very reasonable solution in my money right.
Manu Sporny: Could you could you repeat that again my mood
because I almost got it but but didn't so you're saying if we
could.
Manu Sporny: Link this ID.
Manu Sporny: To the information that you're talking about okay.
Mahmoud Alkhraishi: Heidi I'm going to call an exchange ID right
this exchange ID I want to link it to three other exchanges that
have occurred all by pointing to a end-to-end flow ID right so I
want to say this end-to-end flow ID is associated with
interactions XY and z and this end-to-end flow ID is of type.
Mahmoud Alkhraishi: Or avocados to you.
<identitywoman> isn't this what DIDComm does?
Mahmoud Alkhraishi: All right and so if we satisfy that
requirement then I think we're happy on the trade side.
Mahmoud Alkhraishi: I'm saying as long as we have that ability
then.
Manu Sporny: Yeah I mean I eat that shouldn't I use that that
should be possible with this are you saying you wanted to find in
the VC API like doing that like oh yeah I mean you certainly have
that ability right because well I guess the question is where
where are where the trace folks doing that today like how how you
doing that link today in the traceability APA.
Mike Prorock: Yeah so we we actually defined a credential that
represents like a traceable presentation right or a type that
represents a traceable presentation so that we can have in the
message body itself right here there's two uuids at play one is a
uuid representing the actual type of workflow itself what is this
end-to-end workflow which is all possible maybe some review no
required items you know.
Mike Prorock: Nigel's I could be looking at tote right then
there's the uid that represents the actual instance of that
workflow that we're talking about here and we're so as long as we
have the ability to refer to both at like if we're thinking about
this from a restful standpoint ideally we would like to be able
to in any of these flows you know even if it's a post with like a
you know containing a presentation.
Mike Prorock: If it's referencing you know both the workflow ID
name in this case right so the actual type of workflow that is
plus the ID of the you know the actual instance that it's
applying to I think that gets a lot of it right there and I will
note because I think you said something important man in which is
we also have a credential refresh you know flow that I think
mirrors very closely to yours that we would like to.
Mike Prorock: To be able to.
Mike Prorock: You use the same you know set of end points for
right so I think it's worth it's a little bit painful because we
have to you know kind of a line on terms Etc but it's I think it
feel like this is heading the right direction.
Manu Sporny: Okay I mean you should be able to do that with this
this API I mean they both do the same thing after the first.
<mahmoud_alkhraishi> yeah im not hearing any real blockers
Mike Prorock: Yeah after that kick off right and.
Mike Prorock: The now a question for you would you ever be
exchanging data outside of a presentation like crossing a trust
boundary outside of a verifiable presentation for some reason.
Manu Sporny: You mean in this start workflow thing it's possible
in the future but I don't think we should even like go there
until there's like the solid use case yeah.
Mike Prorock: Yeah it just feels like an out of scope thing
because I'm almost wondering if we just have because like if we
just do some naming adjustments right because like instead of
saying like you know presentation you know available because the
presentation isn't ready yet do something like presentation
initiate and then presentation exchange and as long as the rest
URI allows us to specify both a workflow ID of some kind
preferably you know in our case.
Mike Prorock: At least you know probably a uid.
Mike Prorock: An instance ID in the path I think it's fine like.
Manu Sporny: So you want to put that in the path like it's here.
Mike Prorock: Yeah to be typically from a risk standpoint you
want to try to get both right you would like workflow the type of
the workflow then the ID if it exists if not then it doesn't
create on it right and returns back the new idea I mean that's
just kind of like a rest best practice thing because you have
that cross check between the payload and the URI itself.
Manu Sporny: Yeah got it okay that's that's interesting.
Mike Prorock: That good rolls back to that controller comment
earlier right that's part of the reason so much like that they've
clarified so much about that because so many issues have Arisen
from that not being clear early on when rest was you know people
not reading the paper basically right just going off the web.
Manu Sporny: Yeah and I think that that was largely pushed by
Ori I think right so let me let me try and rattle off a list of
changes to either one of these that I think would bring alignment
so one of them is rename this from availability to something
else.
<mprorock> @Joe - is this making sense and seeming sane?
Manu Sporny: The other one would be adding something into the
URL that allows you to give it an ID of some kind so it's
something here / in ID / maybe something or maybe nothing so it's
either presentation / in a presentation you know exchange numbers
or something like that that's a uid and you post to it.
Manu Sporny: I think that's what my.
<mprorock> +1, and maybe a few types as examples
Manu Sporny: Or and I would be totally on board with that and
then the only other difference here is replacing this with the
ability to just post an arbitrary Json object because for the
credential refresh case we don't need post a VPR and in fact
there's some other use cases we have where we do want to post
some different type of Jason it doesn't it's not a VPR it's
something else.
Manu Sporny: And you know if the server.
<mprorock> i like json
<mprorock> or a refresh, etc
Manu Sporny: And that it can just replace pain back with the
like I don't know what you're talking about like you know you
sent me something to initiate a presentation exchange that I
don't know what it is so you know error so the changes would be
widened this the acceptable thing here to just be a Json object
and in traceability you guys can in your specs say no it needs to
be a VPR or whatever you want to make it and then add an ID.
Manu Sporny: D up here and then rename.
Manu Sporny: Initiate or something.
Manu Sporny: Is that go ahead like you're on the Queue and then
my mood.
Mahmoud Alkhraishi: One quick question on that you're basically
saying each server would Define on that end point the kind of
Json that it would understand and if it gets something that it
does understand it or respond with sorry I have no idea what this
is please provide it please provide XYZ is that roughly what
you're saying.
<mprorock> close
<mprorock> more that our profile can specify what that type of
JSON is
Manu Sporny: Roughly I except for the last little bit that you
said the server I mean it works like any kind of HTTP server
right I mean you send it garbage and it's like I don't know what
you're talking about error right 400 works malformed right but
for the things that it does understand it can basically be like
oh you're starting to you're trying to initiate a trace thing
with me like a traceability API.
Manu Sporny: I thing with me I know what that means here you
go.
Manu Sporny: Here's a.
Manu Sporny: PR I want to see these things from you.
Manu Sporny: That makes sense.
Manu Sporny: Okay and then I think Mike you're on the queue.
Mike Prorock: Yeah I thought I'd let my food go first so the
clarification there my mood is we can specify and this is exactly
the way I've been looking at like the trace profile versus the VC
API is that the trace profile is going in and saying yep we've
got this kind of broad common set of capabilities you know like
your bare minimum common MVP capabilities so to speak in the VC
API we can go in and say hey if you're going to support the new
presentation.
<mahmoud_alkhraishi> yeah im on board
Mike Prorock: Y'see method we only in that trace it you know if
you're complying with the trace profile you would have to accept
like a you know VP request for sending a presentation right or
you would have to accept a credential refresh right you know so
we can specify exactly what data must be accepted or it could
only be accepted right we have that flexibility there especially
if it's defined broadly.
Mike Prorock: Only to say that the endpoint is.
Mike Prorock: At the VC API level is yep its way to initiate or
exchange presentations there's some additional parameters that
you can leverage and oh by the way it can be just Json right
that's that's the way I'm kind of reading it manner because that
gives us both kind of the flexibility to say yep we've got these
specific you know like credential refresh type scenarios that
apply to like citizenship use cases or credential refresh that I
think overlap right for like an AG inspection and.
Mike Prorock: By the way this is also a way that you can
initiate a.
Mike Prorock: Presentation of data.
Manu Sporny: Yep I think we're I think we're on the same page
there Mahmud what are your thoughts on putting an ID in this URL
so well hold on let's go by these one by one I think we all agree
that we're going to rename and availability to be like something
else like presentation initiation is there agreement on that.
Mahmoud Alkhraishi: Yeah on my own.
Manu Sporny: Okay alright I'm hearing anyone.
Mike Prorock: My mood if we if you we do that I'm putting you on
the spot to open the pr to change it all on our side I got your
back but.
PROPOSAL: Rename "Presentation Availability" to something else,
the current proposal is "Initiate Presentation".
Joe Andrieu: I think presentation also has semantic issues that
several people chimed in.
Manu Sporny: Well here let's put it down as a proposal renamed
presentation availability to something else the current proposal
is initiate presentation how does that work for folks just okay
what would you like.
Joe Andrieu: It suggested initiate exchange that seem to have
some residence.
Manu Sporny: I should exchange okay all right so.
Mahmoud Alkhraishi: Sorry man I think this is probably something
that's almost definitely better when you see it in the pr and
it's a lot harder to resolve it over phone.
<mprorock> presentation/initiate ?
<mprorock> or exchange/initiate
Manu Sporny: So let me just put some actions down then so
renamed presentation availability to Joe you said initiate
Exchange.
Manu Sporny: ACTIONS: Rename "Presentation Availability" to
"Initiate Exchange".
Joe Andrieu: As a candidate like I don't know that we need to
buy set of now but.
Manu Sporny: Okay I'll just you know I can I can do a PR for
that okay the second one Mike you said that you would be okay
with having an ID here so I don't know what is this become /
exchanges.
Manu Sporny: Let's go.
Manu Sporny: Run with it and say it's / exchange is update and
Tatian availability to / present or sorry exchange it is / uid
well I'll just I'll just put identifier.
<mprorock> /exchanges/{TYPE_ID}/{INSTANCE_ID}
Manu Sporny: You have you have to post.
Manu Sporny: By the instance ID could you clarify what type ID
and instance ideas like.
<joe_andrieu> I had forgot the noun/verb pattern begs for nouns.
Mike Prorock: Yeah so the more and I missed a thing in there but
it would be like exchanges initiate and then an exchange of a
specific type right so you know or a specific workflow by uuid
depending on how it's being used and then the instance ID if it's
available would be if the if you already have a known you know
uuid for correlation right between presentations.
Manu Sporny: Okay so then you have to post data to those
endpoints.
Manu Sporny: So we're keeping the post post to the endpoints we
do use case where we need to get.
ACTION: Update Presentation Availability to
"/exchanges/initiate/{exchange-type-id}/{?exchange-uuid}" and you
have to POST data to the endpoints.
<mprorock> POST
/presentations/initiate/{TYPE_UUID}/{INSTANCE_UUID}
Manu Sporny: I think we can talk about that later like people we
have to submit we have to support post and maybe only a couple
people support kit but I don't want to complicate the discussion
while we're making progress okay and then the last and final
thing is generalized the post body to accept any Json object
where trace of the trace folks will specify that they require a
VPR for certain types of things.
Manu Sporny: Update post body to accept a Json object where the
traceability spec will further Define exactly the type of object
object here looking for it's a VPR right now isn't it.
ACTION: Update POST body to accept a JSON object, where the
Traceability spec will further define exactly the type of object
they're looking for (a VPR?)
<mprorock> or POST/GET/PUT
/presentations/exchange/{TYPE_UUID}/{INSTANCE_UUID}
Manu Sporny: Is that right okay alright okay so and that's the
final one and if we do that then I think we are aligned we can
merge these into one and then we can bike shed bit more Mike I'm
expecting or E2 object to structure of the URL I don't know if
you're expecting the same thing.
Mike Prorock: I am we need to get the stuff more in line with
the way things are done broadly so I'm willing to kind of argue
that one out in and by the way if we go this route of like oh
it's a presentations / exchange / like a uuid to the type of
exchange to the instance itself or something similar to that then
your post get put you know delete Etc all works right you we can
Define this stuff very cleanly.
Mike Prorock: Rest and point because we're not abstract to get.
Mahmoud Alkhraishi: +1
Mike Prorock: Who like we're doing rest properly right we're
letting the actual HTTP method call Define the type of operation
going on my mood I expect full arguments from you with my favor
on this again story.
Mahmoud Alkhraishi: Yeah definitely it's going to be a fun
friend.
Manu Sporny: Okay okay great so you two are aligned on that
there's a huge plus one from digital bizarre as well we always
wanted to take this path we just you know it seemed like
everybody else wanted to go the different a different route so
totally agree with both of you well we would rather see the API
structured in that way and follow good restful design principles.
Manu Sporny: That is a bigger discussion that was actually one
of the issues towards the end that we had but I think this is we
should declare Victory and move on because from my reading that's
alignment my mom would do you guys disagree like does it seem
like we just align the two.
Mahmoud Alkhraishi: I think it makes the most sense to me.
Mike Prorock: Yeah it gives us a really clean path forward it
doesn't mean that it's set in stone and of the day everything
right that's kind of the beauty what we have here but it gives us
a way to put something out test it and see how it works right.
Manu Sporny: Beautiful okay awesome okay that's that's the first
item and that was not as difficult as I thought it was going to
be so that's great okay so the second one is workflow interaction
this is very much this is very much kind of see the submit
presentation thing the difference between these two endpoints is
with the workflow interaction thing.
Manu Sporny: MIT a you're expected to submit a presentation here
and the only difference is that in this submit presentation
they're all kinds of things that are returned back like payment
required is a is a potential here in the presentation didn't
contain a proof and all that kind of stuff in what we needed at
least for the refresh you.
Manu Sporny: Has case is the ability.
<mprorock> PUT or POST right?
<mprorock> if we are gonna due this right
Manu Sporny: To respond back with another VPR right so I think
the way the tray stuff is defined right now it's just like a you
know you start the exchange and then and then you send the
presentation and that's it you can do anything more than that in
what at least we'd like on the the refresh side of it is the
ability to like say well thank you for that presentation you
just.
<mprorock> upsert or create
<mprorock> and possibly defined by a correlation id
Manu Sporny: I need this other thing from you and so what you
get back is a VPR and so I think a lot of this alignment has to
do with making it so that it is possible to respond back with a v
p so the first one was having an ID to post to that's an active
kind of ID where you're in process and it's got an ID on the
server and then the second part of it is being able to respond
back with.
Manu Sporny: Got your presentation that's the traceability use
case but for the credential refresh one we'd like to be ability
to be able to be like actually we need more information from you
and here's another VPR or well yeah you here's another VPR
thoughts on that.
Mahmoud Alkhraishi: I think the idea of sorry that my trunk.
Mike Prorock: Beat you to the formal Q I think if we change this
to put or post right depending on whether or not you're creating
or observing and we say presentations and then it's an IED of you
know potentially write that kind of a thing then we're getting
this a little bit more in line and then allows potential
responses that say yep I'm not accepting this here's why and
here's this.
Mike Prorock: Response that says I need more information.
Mike Prorock: Something else I think the way Direction you're
heading that at least that's kind of how kind of feeling about it
I'm in submission I'm a little bit okay with right it just feels
a little bit weird but I mean obviously we've got it in there
that way now but.
Mike Prorock: But I think that notion of being able to specify
like it's a presentation with an ID potentially with like abroad
you know like a tighter group of presentations right you know so
you know like a type of like overthink it relate it back to the
workflow side it's very very similar very very related the trick
is are we defining and giving ourself enough flexibility in the
response or the method call right.
Mike Prorock: Is that is that.
Mike Prorock: Struggle is plus the ability to you know specify
ID and or put right as opposed to post.
Mike Prorock: Yeah presentations The Exchange initiate bright.
Manu Sporny: Yeah I think the the first so if we had to get a
list of changes here it's insert an ID in here just like we
agreed to for whatever we were calling this thing initiate
something or another yep yep yep and so so put put an ID in the
URL and then we can have a debate about post versus put in what
that means but the.
Manu Sporny: So that's item one.
Manu Sporny: In the URL item 2 is allow us to respond back with.
Manu Sporny: CPR meaning like either like cool everything looks
great presentation accepted or you know we can also do malformed
and didn't contain proof in that kind of time think we're okay
with that but we need to be able to respond back with a VPR to
say.
Mike Prorock: Potentially could you just request a reject it
though and indicate that they need to request an exchange if you
need a.
Mike Prorock: You know an actual like VPR.
Manu Sporny: Yep that's right yeah you can you know because the
way VP are structured you can respond back with like a now go
back to go back and start over right or go to this other URL and
continue the workflow they're like you're done here but you need
to go over there now.
Manu Sporny: Abilities if we enable a VPR to beerus sent back so
when they posted this endpoint we're able to send the VP are back
that's like you you're not done yet all right.
Mike Prorock: Yeah and I'm not sure that a 400 is the right
error for that but it would be something like that right where
you're throwing a response code back along with the message that
happens to be like either you know a VP are back or some Json
object in response right.
<mahmoud_alkhraishi> 418 im a teapot is always the correct
response
Manu Sporny: Yeah I'm less concerned about the response codes
than I am with the ability to respond back with a VPR as like a
continuation of you know the the flow yep exactly.
Mike Prorock: Go into go do this next.
<manu> haha HTTP 418
Mike Prorock: Question because right now what is the is it does
it allow you to give an error message back or what's the.
Mike Prorock: Don't.
Manu Sporny: We should probably also allow that as well I don't
think that's allowed is either.
Mike Prorock: Yeah yeah because I think that's some of the issue
is that we need to specify and honestly we should consider
specifying if the accept type is application Json right that it
should return Json back period so then that use case is covered
plus proper are handlings covered right.
Manu Sporny: Yep yep yep yep yeah I think is so right now we
don't support oh yeah so here's what we support like accepting
like everything's cool we support sending back a verifiable
presentation we do not support sending back a VPR and we don't
support sending back an error message.
Manu Sporny: So we should.
Mike Prorock: Oh yeah so if we just change 400 and that if
accept Json is in the headers that you can send back a saint to
whoever posted we've solved the problem right and that's the
right way in quotes to do it from a rest standpoint anyways.
<mahmoud_alkhraishi> i think we're there
Manu Sporny: Yep yep yep yeah I think I think that that works I
mean I think the only all the implementers of just implemented
application Chase and I don't think well I shouldn't say that
okay so I don't think we have complete resolution yet but would
my mood you know or Mike would either of you object if I put
together PR that like suggests the other return types that should
I want to try and get this done in one go and.
Manu Sporny: Didn't what.
Manu Sporny: Maybe that's maybe that's asking too much.
Mahmoud Alkhraishi: I think there were at is next up is
absolutely waiting up there because there's just no way to like
we're going to get lost in the weeds unless we actually get a PR
where we get to go into the weeds and figure out how to solve it
so yes absolutely and I think if you can get it with responsible
that would be perfect.
<mprorock> yep, PR or openAPI is good
Manu Sporny: Okay alright let me do them one at a time so I'll
try and collapse start workflow in presentation availability in
one PR and then I'll try and collapse workflow interaction and
submit presentation in one go I just wanted to make sure that
before I did that PR that both of you weren't like immediate I'm
going to immediately subject to it I'm hearing that both of you
are willing to have a discussion around a PR and it seems like
we're.
Manu Sporny: Converging so that's good.
Manu Sporny: Did I misread any of that.
Mike Prorock: No I think where you could potentially see
objections from some folks in and I'm not saying I would have
ejected to it is if you try to make it to specific like if you
keep it General and just say ah yeah if a method has an error and
you're following the right rules and sending the server back text
or Json depending on what they asked for you could send back
anything conformant with that right because a VPR is just Json so
that way we're not painting ourselves into a corner there and
then we're still giving.
Mike Prorock: The ability for a profile to say oh it could only
be a.
Mike Prorock: Are or an X in this case right you know so.
<mahmoud_alkhraishi> thank you all
<mprorock> rock on
Manu Sporny: Yep okay I've got enough direction to put together
some PR's that I'm fairly certain won't get immediate objections
all right this was a very productive call thank you everyone for
participating thank you Mike and my mood for engaging I'm feeling
upbeat about where this is going all right that's it for the call
today thanks everyone we will meet again next week ciao.
Received on Friday, 4 February 2022 22:28:02 UTC