- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 16 Feb 2022 18:48:17 +0000
Thanks to Our Robot Overlords for scribing this week!
The transcript for the call is now available here:
https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/
Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:
https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/audio.ogg
----------------------------------------------------------------
VC API Task Force Transcript for 2022-02-15
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2022Feb/0052.html
Topics:
1. Introductions, Relevant Community Updates
2. Improve Explanations for Exchanges
3. Multibase Transaction Identifiers
4. Discovery of Workflows/Exchanges/Services
5. Next Steps for VC API?
Action Items:
1. Manu to articulate why transaction-id is an expression of a
128-bit number that is meaningful to the server, but opaque to
the client, and how we might open up the range of values later.
2. Mike Varley to create a PR to address issue #259, group will
review PR after it is raised.
3. Manu to fix Respec OAS renderer to render JSON Schema in a
more compelling way.
4. Mike Prorock to put together a PR for rendering all the OAS
files in a way that web developers will understand.
Organizer:
Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi
Scribe:
Our Robot Overlords
Present:
Manu Sporny, Justin Richer, Mike Prorock, Markus Sabadello,
Mahmoud Alkhraishi, TallTed // Ted Thibodeau (he/him)
(OpenLinkSw.com), Andy Miller, Mike Varley, Orie Steele, Eric
Schuh, Kayode Ezike, PL, BrentZ, Brent Zundel, Dmitri Zagidulin,
Ted Thibodeau
Our Robot Overlords are scribing.
Manu Sporny: Right welcome everyone to the February 15th 2022
verifiable credentials API call our agenda.
Manu Sporny: On the agenda today we've got an agenda review
introductions relevant Community updates followed by in trying to
improve explanations for exchanges so PR take a look at that
multi base transaction identifiers another PR to address some
requests that or he had last time and then Mahmoud brought up a
good question last time around.
Manu Sporny: Covering and Mike Varley noted that secure key also
had concerns around.
Manu Sporny: Basically protocol interoperability if we're saying
that you could there these other protocols that you can kind of
speak across fee Capi how do we make sure that we.
Manu Sporny: Interoperability type with those kinds of
extensibility options and then any other issue processing as time
allows so let's go ahead and get started but before we start are
there any updates or changes to the agenda anything anyone wants
changed.
Topic: Introductions, Relevant Community Updates
Manu Sporny: Alright then let's go to introductions in any
relevant Community updates do we have anyone new on the call
today.
Andy Miller: My name is this is Andy Miller from I'm s I'm not
new on the call but I don't think I've introduced myself before
him up standards architect IMS Global.
Manu Sporny: Awesome wonderful to have you here Andy that's
great what's the what's the interest is it just kind of personal
interest or is there IMS Global interest?
Andy Miller: IMS Global interest we have digital credentials
which we are now we've had quite a bit for quite a while actually
starting with open badges that were verifiable credential like
you know sort of based on sort of early talks about verifiable
credentials and we're in the process now of updating them to be
compliant with the verifiable.
Andy Miller: Apple credentials data model.
Manu Sporny: Wonderful that's great Indian in my my expectation
knowing I'm as Global's work is that you know issuing holding
verifying these credentials using apis is probably something that
all of you are are concerned that you know just are interested in
and concerned about and want to make sure happens the right way
so great great to have you here welcome to the call anyone else
knew I think everyone else on here has made.
Manu Sporny: All right then let's move on to relevant Community
updates any relevant Community updates that we should know about
specifically relevant to the VC API work.
Topic: Improve Explanations for Exchanges
Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/261
Manu Sporny: All right if not let's go ahead and move into the
first topic the first one up here is a PR PR let me get the link
to 61 in PR 261 is about moving the non-normative text so we had
a section around workflows.
Manu Sporny: Go ahead and share my screen here.
Manu Sporny: We had a non-normative section around workflows or
sorry that we had a we had a section around workflows and during
the last two calls we were able to converge the workflow apis and
the kind of presentation apis that the traceability folks were
using we now have two unified apis or two two endpoints that are
unified now which is great great progress.
Manu Sporny: There was some content.
Manu Sporny: Workflows section this explanation so let me go
ahead and get a preview of this thing that kind of talked about
what the exchange would look like apologies the image isn't going
to show up because the preview tool doesn't show images but the
idea here was that we wanted to kind of explain what a protocol
flow would look like using the data that was posted the HP
endpoints and we have that now.
Manu Sporny: Now I've gone through.
Manu Sporny: Did all of the text to the new exchange language
that we decided to use until something better comes along and so
that's all this pull request does is it just moves that
non-normative text from the workflow section to this section and
then renames it to exchanges any questions concerns about this PR
I think we've got multiple positive reviews on it it can probably
be merged.
Manu Sporny: Aged in after the call unless.
<orie> we don't merge PRs on this call?
Manu Sporny: Okay if that's good then we'll go ahead and merge
that in after the call the next item up was the multi base
encoded transaction identifiers so let me get.
Topic: Multibase Transaction Identifiers
Manu Sporny: A quick link for this channel.
Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/258
<mprorock> i vote for live merging
Manu Sporny: Okay so this is PR 258 hmm in the pr 258 basically
let's see.
Manu Sporny: It adds a it adds so I think the on the last call
Orie suggested that.
Manu Sporny: Well actually what happened or he suggested that
one we pull this out and make it a parameter path parameter so
that was done and then there was I think my Pro rock you said
you'd be okay with it being having all their ways of expressing
the identifier so we started out with uuid I know digital bizarre
tends to like multi Pace in coded values but I think that there
was just a general concept that this thing is like 128.
Manu Sporny: But identifier and we.
Manu Sporny: I mean white want to express it as different
encodings uuid and then multi base and coded things so that's all
this PR does Laurie I think we had a discussion about what
transaction ID could be used for here so we might want to touch
on that a bit and then I know that Marcus and Mike Varley both of
you provided some concerns about like well why can't we.
Manu Sporny: Why can't it be a little.
Manu Sporny: Order so let me pause there or we would you like to
kind of articulate your concerns over this PR first.
Orie Steele: I mean I don't have any concerns regarding merging
the PRI prove the pull request I have comments on the PR but I
don't have any concerns with merging it as is.
Mike Prorock: +1 Let's merge it and fix it after it is in
Manu Sporny: Okay do you want to voice those comments now or do
you want to.
Orie Steele: Only if there's questions regarding them.
Manu Sporny: I mean I don't have any questions I don't think I
do think that there yeah it's kind of it hasn't ended yet I think
most of the questions worry kind of shifted to like the domain
Challenge and what to do with it.
Orie Steele: Yeah which is again probably not well addressed on
this particular poll request so I think conversation will
continue on the pull request as long as it remains open but
concrete change requests or approval should happen to the pull
request and its current change set and we should probably limit
our discussion on pull requests to the changes suggested and open
issues if there's another.
Orie Steele: We want to keep the conversation focused on the
changes that are suggested not conversations about the entire
ecosystem.
Manu Sporny: Okay I'm good with that Mike Farley on the queue.
Mike Varley: Yeah so I raised a concern on this one just because
on the last call I heard an unanswered question from Brian as to
why we were at the time I think last week it was just focused on
uuid and now it's been expanded to something else so I want to
make it clear that I'm not opposed to having a clear definition
of what the transaction ID should be we should just wrap in Logic
for.
Mike Varley: Or decision process for making that choice so that
it's clear to people coming to the API why that decision is made
and is the way it is so it's more of an opportunity for those who
who might have a reason to have a different type of transaction
ID or have different plans for this transaction ID that don't
currently fit in within the multi base encoding or the uuid
format but it's an open window as far as I'm concerned but I'm
ready to close.
Mike Varley: Is it and say.
Mike Varley: You know we've decided on on this format for a
session ID for the following good reasons or you articulated them
with your owasp you know input validation post so I'm good
anybody else.
Manu Sporny: Okay thanks Mike Marcus Europe.
Markus Sabadello: Pretty much the same from from me I don't feel
strongly about it so I'm also find leaving it the way it is I
just thought that if transaction ID supposed to be opaque to the
client right it doesn't mean anything to a client and on the
server side different implementations may use that in different
ways sometimes it might be a uuid sometimes it may be a
sequential number and sometimes sometimes the server side image.
<mprorock> there are cases where a client might use that - e.g.
get me a list of my transactions from last 30 days, then let me
get the details of one specific one
Markus Sabadello: Should identifiers to encode state in the
identifier itself right in some kind of format that we may not
yet be be aware of and yeah but I also understood or is comments
about potential attack vectors this this opens up so I also just
have a 1230 chelate this as a common without really having a
strong opinion in a hurry.
Manu Sporny: Okay yeah I mean this is good this is useful to get
down in the transcription and so that we can refer to it later I
think what we're saying is we're saying presently the only number
you know the only thing that we seem to be considering is just a
uuid or some 128-bit value to identify the transaction ID it's
meaningful for the server.
Manu Sporny: Not necessarily it's not meaningful at all to the
client it's opaque to the client and what we're trying to do is
we're not trying to create kind of an arbitrary field where you
can just encode just about anything in it we're saying for now we
are very specifically restricting it to different representations
of 128-bit numbers and in the future if we find a use case or a
reason.
Manu Sporny: Kind of the the allowable alphabet to be larger or
more diverse we can open that up later on so we're starting very
strict and very narrow and in the future if we find out that
there are other reasons to make it less narrow we can open up the
aperture at that point does that feel like a logical stance for
us to take at this point and then.
Manu Sporny: We'll see what.
<markus_sabadello> Sounds good
Manu Sporny: Really owe me it would anyone object to that
effectively being articulated in the spec as an explanation for.
Manu Sporny: Action ID is the way it is.
Manu Sporny: Okay no objections I will take an action on a to
articulate why transaction ID is an expression 28 number that is.
ACTION: Manu to articulate why transaction-id is an expression of
a 128-bit number that is meaningful to the server, but opaque to
the client, and how we might open up the range of values later.
Manu Sporny: Meaningful to the server let go Pake to the client
and how we might well we might open the range of values later.
Manu Sporny: Okay I'll take that action so that probably means
that this one is ready to be merged unless there are any
last-minute objections to it.
<mprorock> ha!
Topic: Discovery of Workflows/Exchanges/Services
Manu Sporny: Okay I will merge that after the call and I did mic
Pro Rock and or I did see the support for doing life merging I'm
just not doing it because I get distracted when the merge fails
because there's some kind of merge conflict so once I get over
that I'm happy to do life emerging on the call Discovery.
Manu Sporny: A of workflows exchanges and.
Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/259
Manu Sporny: Is okay this was the point that Mahmoud raised last
week there is an issue for it issue 259 and if we pull up issue
259 my hood maybe you would like to give us an intro here and
then Mike your thoughts as as well.
Mahmoud Alkhraishi: Yeah so this came out of our thinking when
we were talking about workflows being defined entities where they
tell you the scope of the exchange basically if you have a
workflow that is supposed to be a credential refresh it would be
nice to know the general scope of you know you are expected to do
XYZ steps or something on those lines right if that's defined
somewhere then.
Mahmoud Alkhraishi: It would be nice to know if.
Mahmoud Alkhraishi: These API supports that workflow or it
doesn't right and so what this issue is Raising is it's saying we
need to way to know what are the workflows that are supported by
this specific instance of the VC API.
Manu Sporny: Got it thanks Mahmud Mike Varley.
Mike Varley: Yeah so I agreed that this kind of Discovery is
going to be very important for the open-world approach when a
client wallet holder application is communicating with one of
these servers around exchanges how is it supposed to know what to
do in in other protocols when you have.
Mike Prorock: +1 A GET /workflows will be very nice in practice -
i am working on a PR with that kind of content
Mike Varley: Open world or interpretation it can actually lead
to a lack of interoperability because you know a very specific
parameter you know as required by the server but you know the
client doesn't support it even though they think they're they're
speaking the same you know message structure so I think the this
particular proposal on how a client can find out what the
endpoints mean and maybe those.
Mike Varley: Spec names as I think I'll illustrate it there or
maybe their gamble files but then a client should be able to
recognize those strings and say yes I know what that is head to
toe or or know I don't so I won't call that endpoint and then and
then I think this PR is also important to get in so we can also
go to the next level in describing what those you know strings
actually point to how.
Mike Varley: They actually mean and how a client is supposed
to.
Mike Varley: Understand you know what do I do to need to support
that protocol so Discovery is a very important topic for that
open world where we don't want to just leave it to free-for-all
we want to be we want to give the client clear guidance on how to
implement a protocol that it has discovered and this is this is
this is the right start I think for for doing that work and I
guess we have workflows here's but I don't know if that should be
exchanges but that's.
Mike Varley: Kind of a side comment.
Manu Sporny: Got it thanks Mike yeah their exchanges now but
that's a minor minor thing all good points Mike Pro Rock.
Mike Prorock: Yeah I kind of concur here and I think obviously
exchanges workflows whatever the languages and I can say that use
case that I Envision like a particular scenario that we're
looking at right now and supporting to a degree is user build
interfaces on top of some of our apis and things like that right
so if you're saying hey let me get a list of all the exchanges
that I potentially support and in our case those are.
Mike Prorock: You know business Process Management you know
definitions they could just get that list and then query each one
specifically so that they could put an appropriate UI or
integrated into existing tools for bpmn and so it's it's the kind
of thing that I think is a natural next extension as we've noted
with a lot of the kind of Getters you know that we talked about
where appropriate right whenever you have a collection of stuff
you kind of want to be able to get that collection or at least a
list of that.
Mike Prorock: Collection to be able to get specific items out
of that.
Mike Prorock: I d-- care about.
Manu Sporny: I think these are all good points I'm going to I'm
going to kind of argue at it from the other side only just to try
to see if any of this resonates I'm now I'm totally fine with us
defining this and in putting it in the spec and trying it out
there are like a the the sniff test at least to me couldn't have
kind of smells a bit like soap in a bit like Hydra which is a
which tend to be fairly kind of like.
<orie> See https://www.markus-lanthaler.com/hydra/
Manu Sporny: Mine generic discoverability right how do you
express this stuff in a way that allows a smart client to come
along and figure out how it can interact with the HTTP and points
so that's that's my only concern noting also that like many of
the discovery conversations we've had before have not really
resulted in in at least some of us doing Discovery a totally you
know there are other there's like the you know the did endpoints.
Manu Sporny: They're using on that does Discovery so I'm just
raising the question of like who's who exactly is going to use
this and for what use case so that's the first question the
second kind of note is that with so for example with credential
refresh the discovery mechanism is in the verifiable credential
itself you issue a verifiable credential you give it to someone
in they discover what the exchange endpoint is.
Manu Sporny: In the verifiable credential itself so it's not
post you know it's not done through a get to the server it's a
it's a piece of data that you get and you carry around with you
so that's another approach for you know discovery that I that I
know we're going to be that isn't you know it's going to be
implemented right so I'm wondering who's got the use cases that
are going to do a get here and then.
Manu Sporny: I'd I guess something to the user how does that.
Manu Sporny: Work I'm not following how that works.
Mike Varley: Yeah thanks so I wanted to Echo your your let's not
reinvent soap comment was well I think that that's an excellent
example of where Discovery got you know almost out of control and
clients had to be you know so when you know deeply developed in
order to accommodate all the the open world you know API
discovery that it became just kind of quite difficult so the
suggestion here is not to re you know.
Mike Varley: Absolutely not reinvent that.
Mike Varley: Let's stay away.
Mike Varley: From that the use case is I think there needs to be
some context around the exchange ID for example I have credential
refresh in in that example that's just a string that that I could
say credential refresh or credential refresher or credential
refresh to what protocol is the client expected to engage with at
that end point and to your.
Mike Varley: In the credential itself for credential refresh
their I think with service endpoints and you know there's a type
field I think we are close to to having a mechanism for
communicating how you know a client is supposed to communicate to
that you know URL path but and I think it should be tightly
controlled in that way so that it doesn't become just you know.
Mike Varley: Discovery so maybe you know I do have a yam will
file their the expectation is not necessarily that the client is
going to build a compliant you know Epi on the fly but it should
at least recognize the string and it know and you know as a
developer you know where to go find the spec related to how to
actually communicate with this endpoint and and I'll just point
out that I think I've seen a couple variations on this endpoint
already in different PR and I apologize I don't have.
Mike Varley: Them in my fingertips one of them.
Mike Varley: We're within the VP our language there's a there's
a way to you know present a verifier represent a presentation of
verifiable presentation and then get back a continuation method
with more information on how to continue but then I also saw you
know well maybe I'd like to do a post and provide some parameters
to that post which kicks off a VP our request and so on and and
that's where you know the hair on the back of my neck kind of
stood.
Mike Varley: This is this is becoming more complicated than just
simply something we can handle and VPR and if that's what we want
to do we just need some way of indicating to clients if you're
going to call this endpoint that I've called you know Foo this is
what I mean and this and this is the spec that I'm talking about
and and you know you and as a developer you can go and find it if
your clients Frozen are that's my thinking path.
<justin_richer> huge +1 to not repeating the mistakes of WSDL and
relying to automated code generation and configuration
Manu Sporny: Got it interesting so to compare contrast I mean I
feel like the the next step for this is a PR right I think we
should be you know it'll be much easier to talk about this with
the PO are who's going to write the pr and what do you need to
know from the group to write that PR.
Mike Varley: I'm so sorry I'd maybe I'm jumping the queue I
could write the pr for for this endpoint and possibly for what
you would do when discovering you know / exchanges / credential
refresh.
Mike Varley: I don't know what I don't know what I need for the
group maybe just throw eggs at what you see and we can go from
there.
<mprorock> I volunteer for egg throwing
Manu Sporny: Great okay now I mean that's that's all we need
action like Varley to create a PR to address issue.
ACTION: Mike Varley to create a PR to address issue #259, group
will review PR after it is raised.
Manu Sporny: Shoo 259 group will review PR after it is raised
okay awesome thank you like I wanted to touch on something
actually queue is empty I wanted to touch on something you said
Mike which I thought was really interesting that I did not get
from your comment here viable presentation request.
Manu Sporny: He requests back we have these like these new
interaction types so if you wanted to bootstrap into another
protocol you can do that there right so the idea here is that in
the VPR when you get back a query of verifiable presentation
request you get back one or more ways to interact so this is very
much inspired by good nap I'm wondering Mike do you mean that the
the types could.
Manu Sporny: Could basically be these.
Manu Sporny: Types but listed here.
Mike Varley: I think so I think that's what I mean.
<mprorock> that seems extremely sane
Manu Sporny: Okay okay yeah no I mean I think that's that's
that's really interesting like that's definitely another way to
do it yeah that's cool I like that now keep in mind there's I
think you said you wanted them to be simple strings in some of
these cases like this did come messaging one you know I tried to
pick something straight out of the specs for for did Cam and you
may need more.
Manu Sporny: But I mean I think that's just something for the
group to explore right once the pr is there just in your own you
can go ahead.
Justin Richer:
https://mailarchive.ietf.org/arch/msg/txauth/KNB3BJhwmAYyJ68y_m1VnnS2kQ4/
Justin Richer: All right thanks money so Dimitri zag Dylan
presented this this part of the VC API proposal to the canal
working group a few weeks ago and I've started a thread on the
Kanab mailing list linking to the archive page in the chat right
now hopefully that makes it into the transcript but I were trying
to start a discussion on what this time.
Justin Richer: Type of model would.
Justin Richer: If you actually click on the third of the long
web sequence diagram URLs that should bring up a picture yeah so
the idea here that I think that this work and the work that
Dimitri described is is there a way to use actual an actual piece
of the kidnap protocol itself inside of another protocol now
normally.
Justin Richer: And as a you know a separate security interaction
management layer the delegation protocol.
Justin Richer: But this does raise an interesting question
because this and other use case and a couple of other use cases
of that have been brought up have started to talk about this this
notion of well I'm off doing another API and I don't want to have
to throw on all of the brakes and go start a brand new
conversation with an authorization server because I already have
it all of the contacts that I need to kind of Kick this off so
how can I kick it off and how can I get it back.
Justin Richer: Back there hasn't been a lot.
Justin Richer: On the grab mailing list yet I would invite
everybody to in this group to join that conversation if this is
something that is interesting to you it's not something that I
think really wants a lot of discussion on this call here but I
wanted to make sure people were aware of that.
Manu Sporny: Great thank you thank you Justin yes all these
links will make him in make it into the minutes but that's a
really interesting that's a really interesting proposal and
thought in theory at least with the VPR thing you can bootstrap
into other protocols after every kind of HTTP back and forth that
you have with the VC API so you could you know start off with.
Manu Sporny: Jump to IDC credential provider and then jump to a
good nap and then jump back to an unmediated presentation thing
now that's crazy right I have no idea of doing something like
that would ever work but the philosophy and design of what we
have right now should allow for it so I think you know the next
step there might be someone trying it out and seeing or at least
doing it you know thinking through what all of the mess.
Manu Sporny: Judges would look like and.
Manu Sporny: If you've got a client that speaks one of these
interaction mechanisms as well as going to app in theory you
should be able to kind of hopscotch from one protocol to the
other and then back to the original protocol.
Justin Richer: Thank you but that is absolutely not the point
that I was trying to make so what you're describing if you go
back to that other thing and if you click if you go back 12 to
the email archive and click on the first message what you're
describing the the first of the web sequence diagram the URLs
well you're describing is as a much more sort of you know.
Justin Richer: Final way to you.
Justin Richer: These kinds of protocols alongside of each other
and that's that's so easy to do it's boring and not worth talking
about so what I was what I was describing is instead of waiting
to use really portions of the cannot protocol itself embedded
inside of a different protocols in and have that be defined as a
pattern so that every API doesn't come up with its own.
Justin Richer: The customized version of following that same
pattern so that's I think the much more interesting conversation
to have because it's you know talking to an API and saying oh I
need you to go do a security protocol that's that's fully defined
I mean that's we know how to do that we've been doing that for
decades that's what the dub-dub-dub authenticate header and basic
auth do and have been doing since.
Justin Richer: Since the early 90s.
Justin Richer: You know that's that's not interesting at all
what I think is more interesting is this notion of can I kick you
into a process part way through with enough context for you to
actually do something and importantly have a standardized way to
get you back.
Manu Sporny: So Justin if I'm understanding that correctly
you're saying they're Primitives and can app that the VC API
protocol might be able to reuse Primitives and patterns.
Justin Richer: Quite possibly yes and while I understand that
what's proposed in VC API is is not intended to be compatible
with can app you know that syntax is significantly different from
what's already been worked out in Kanab and I think that there
might be value in aligning that better.
Manu Sporny: Okay cool what what do you what do you need from us
to other than just engagement to do some experiments thought
experiments in that area.
Justin Richer: Um engage with the conversation in ideally in the
ietf working group to see if there is something that's worth
pulling out and then still the same thing that you had said
previously and that's somebody taking the time and sitting down
to see what those messages themselves would actually look like
like what what would you send back at each step and what types
and what does that mean for the.
Justin Richer: Code paths to the.
Justin Richer: Client software that needs to actually deal with
these kinds of things.
<mprorock> *if interested*
Manu Sporny: Got it okay all right well the action then is you
know someone someone from the group needs to do that kind of
engagement on the Gap mailing list and look in you know do do the
thinking around what common patterns there might be yes if
there's if there's interest as Mike peroxide okay I think Mike
Varley you have enough to.
Manu Sporny: Take a shot at a PR there.
<justin_richer> Yup -- standards only get written if someone
wants to write them :)
<mprorock> sleep allowed now?
<mprorock> /s :)
Topic: Next Steps for VC API?
Manu Sporny: Market okay awesome okay great okay well so we're
through our agenda and 40 minutes great job everyone for being
efficient let's take a pause here and see if there are high
priority things people feel like we should focus on like there's
a huge Log Jam at X and we need to clear that clear that Log Jam.
<justin_richer> sleep is for the weak!
Manu Sporny: I start just randomly going into old issues and
picking issues that seem like they would be useful to talk about
does anyone feel like we really should be focusing on X right now
like Pro Rock go ahead.
Mike Prorock: Yeah I think now once we get these couple of
merges in and we see like the basic getter pattern with
pagination for like you know fetching a you know exchange right
or list of exchanges I think we probably need to take a pass and
go okay what clean up do we need to do so that a third party
looking at this doesn't go okay you guys are not sore you're off
base or.
Mike Prorock: Ever also with the.
Mike Prorock: Of easing you know PR 66 that I know impacts
kidnap I know what impacts this etcetera and the ability to
discuss that over in the VC working group and so I think the more
polished this is with a little more commercial support the better
we're looking for that kind of thing so that's just kind of like
mindful of time like that that core ability that we've discussed
here my like merging workflows right that covers a lot of you
know the would you know.
Mike Prorock: No exchanges / workflows Etc right making sure
this.
<tallted> Seeing that least-recently-updated issues takes us back
to Feb 2021, some issue churn would likely be useful.
Mike Prorock: We're doing on the trace side and the system to
system use cases that gets a lot of the core functionality stuff
in there that we kind of have to have and so it gives us a chance
to say okay now let's focus a little bit on clean up to try to
get this stuff into the actual work nerve itself because it all
may go away if it does you know won't well frankly if it doesn't
or if it does get in there it may still all go away depending on
how the work you know working group approaches it so I don't.
Mike Prorock: Want to be going in.
Mike Prorock: Making a pile of changes and stuff like that you
know and just having a you know just a huge amount of burn if we
know that some of the stuff is subject to adjust significantly
and I think all 10 also noted that there's a lot of like old
issues and stuff that probably just needs some cleanup so that's
my that's my read honestly is like let's try to get this stuff a
little bit more polished professional and I and focus on fixing
you know like PR's to clean stuff up could.
Mike Prorock: Correct language fill a gap in apa you know like.
Manu Sporny: All right great suggestions I did want to yeah and
plus 12 that I yeah I mean the reason I'm asking is I'm kind of
at a loss as to Big Rocks we need to move with the API it feels
like at least there's a good good core heart of the spec there at
this point that addresses I think everyone's use cases on the
call at least the major you know credential flow use cases in
presentation floaties cases.
Manu Sporny: One other aspect of this so yeah so I think we need
to make the spec a bit more pretty this stuff up here that Joe in
Eric you worked on I think it would be good to give that another
pass try and clear it up a bit or just clean it up a bit and item
wave I'm doing a giant hand wave there Eric I don't know.
Manu Sporny: You guys are thinking these days we don't have
conformance classes or terminology sections empty right now and
we have this massively ugly rendering of the Json schema stuff so
on my will take an action too.
ACTION: Manu to fix Respec OAS renderer to render JSON Schema in
a more compelling way.
Manu Sporny: Fix Respec OAS render to render Json schema in more
compelling way so their ways of displaying this data that doesn't
look as awful as it does right now so we should do that and then
they in the yeah and like the getter and the pagination stuff mic
Pro rock is also you know would be a good thing to put in there.
Manu Sporny: But yeah I mean a lot of it just feels like you
know it's clean up stuff not really big I mean you know it's like
there's no magic to pagination you know API or how you do
pagination we just need to pick something and go with it Eric you
were on the queue.
Eric Schuh: Yeah just wanted to give a quick I guess update from
the use cases team I just finished today a pass at sequence
diagrams for the six use cases that are currently in the GitHub
and the next steps were going to be to unify that with the
diagrams that I believe it was Joe and Mike Pro Rock did for the
Beast for the issuing and verification.
<mprorock> and orie!
Eric Schuh: And kind of out of that then get back to updating
these diagrams.
Eric Schuh: So yeah it's in there's one branch.
Eric Schuh: Let me get the link for you.
Eric Schuh: https://github.com/w3c-ccg/vc-api-use-cases
Manu Sporny: Thank you I was failing miserably at that alright
and which branch replace endpoints with diagrams.
Eric Schuh: Yeah that's the one so the index HTML has everything
but if you actually click if you scroll down just a tad and click
on the use cases link right there I currently have it set to
display this Branch I believe will there be able to see the
images of the diagrams and if you pull those out or open up in a
new tab they should be basically basically infinitely zoomable.
Manu Sporny: Okay that's great so should we put some call time
aside to review these okay or do you feel like.
Eric Schuh: I haven't had a chance to go over them with Joe and
one quite yet so I think we were going to do that next week so
probably in the next week or two well we'll be asking for some
call time I would I would expect.
Manu Sporny: Okay all right that sounds good okay and these are
great thank you very much for continuing to work on these awesome
mic Pro Rock Europe.
Mike Prorock: Yeah only note I was going to make is is and I
think this is a question for the group I think they're I think
there is strong value in making sure that if we're doing an open
API specification that that is presented via Swagger redoc you
know something that you know or you know couldn't take your front
end of choice right because that's largely configurable.
Mike Prorock: To be able to go.
Mike Prorock: With those apis from the spec itself right open
API spec itself and largely because that also double-check sits
on conformance with that stuff and things like that right it
makes sure that that tooling you know that they actual to like it
validates that stuff is passing right so it's a good sanity check
for us it does not mean that there's not value and possibly
rendering some of that stuff in line right but I think there's a
variety of you know ways of a.
Mike Prorock: Attacking that like a we could potentially.
Mike Prorock: To assume you know respect side of this where it's
like yep here's these endpoints we've defined here some example
you know here's our data types we have defined and allowed you
know credentials but as far as like double checking to make sure
our way s is actually saying like there's a right way to do it
and we risk breaking ourselves if we don't do it the right way
right with you know validation so.
Mike Prorock: It was exactly yeah.
Manu Sporny: Yeah plus one that I mean I there's a I mean
there's I think there's a strong argument for rendering OS files
in ways that the industry is used to write the respect thing is
just because we needed you know if we're going to do this at only
33 we need its back but that's not what most web developers are
used to working with when they're dealing with OS files right so
yeah plus 1 we should have a rendering and we can't you know we
don't want it we do.
Manu Sporny: Right like if you go to issue or not HTML.
Manu Sporny: Like there's your rendering right and that's live
against whatever's in the repo right now.
<orie> its ancient
Manu Sporny: Um yeah I don't know where it came from I've just
been you know keeping it up-to-date.
<orie> probably want to update
<mahmoud_alkhraishi> needs to be updated
Mike Prorock: Yeah that's right I forgot that was still in there
because I think that was based on I think the stuff I initially
dumped in there right waving here yeah yeah yeah I'm good with
that we just may want to make sure that it actually rolls
everything up not just method by Method right so yep.
Manu Sporny: A dip so well I so who's who wants the action for
that.
<orie> and maybe turn on servers... for testing.
<orie> not volunteering
Mike Prorock: I can either take the action of compiling combo
unless or he wants to he and I argue over what's the better way
of rendering that stuff all the time so if he doesn't volunteer
all you know fight him for it to make him irritated.
Manu Sporny: Ori do you want this not volunteering all right
it's you Mike.
Mike Prorock: You're not getting live testing against multiple
servers if you don't volunteer.
Orie Steele: I've done it like three or four times now it was
originally the spec was split and it was combined and it was
split again I'm not touching it again.
Manu Sporny: Okay all right so might be your at might be to put
together PR for rendering the all the.
Mike Prorock: I think I did it last time just to get it off the
broken version of swagger that we were all actually.
Manu Sporny: Yeah so let's see all the other rendering all the
0s files way that web Developers.
ACTION: Mike Prorock to put together a PR for rendering all the
OAS files in a way that web developers will understand.
Manu Sporny: And that basically is giving you free rein my to do
what you believe is the best thing to do and then the group will
take a look at it and say yeah your nay okay is there anything
else we wanted to cover today we can let people go nine minutes
early if there's nothing else.
Manu Sporny: Alright I think that's it we should talk about
testing I know we've talked and we've touched on testing before
but there are now test Suites that are being created that are
driven by the VC API in Horry that might get a bit to your live
testing like testing against live servers thing I know that a few
of us a few of the implementers are setting up have already set
up live implementations of the VC.
<mprorock> orie doing some magick
Manu Sporny: I have and I know that as a community we want to
get to live testing just nightly testing okay that's it for the
call today thank you everyone for joining we will have another
call next week just as a heads up I might be 5 to 10 minutes late
for that call so if someone else could start the call I would
appreciate it I'll send out an agenda on Sunday this Sunday.
<mprorock> Mahmoud volunteered to run it
Manu Sporny: Recall again great progress today thank you we'll
chat next week bye.
<mprorock> i heard him
<manu_sporny> *lol* :P
Received on Wednesday, 16 February 2022 18:48:17 UTC