- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 16 Feb 2022 18:48:17 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/audio.ogg ---------------------------------------------------------------- VC API Task Force Transcript for 2022-02-15 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2022Feb/0052.html Topics: 1. Introductions, Relevant Community Updates 2. Improve Explanations for Exchanges 3. Multibase Transaction Identifiers 4. Discovery of Workflows/Exchanges/Services 5. Next Steps for VC API? Action Items: 1. Manu to articulate why transaction-id is an expression of a 128-bit number that is meaningful to the server, but opaque to the client, and how we might open up the range of values later. 2. Mike Varley to create a PR to address issue #259, group will review PR after it is raised. 3. Manu to fix Respec OAS renderer to render JSON Schema in a more compelling way. 4. Mike Prorock to put together a PR for rendering all the OAS files in a way that web developers will understand. Organizer: Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi Scribe: Our Robot Overlords Present: Manu Sporny, Justin Richer, Mike Prorock, Markus Sabadello, Mahmoud Alkhraishi, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Andy Miller, Mike Varley, Orie Steele, Eric Schuh, Kayode Ezike, PL, BrentZ, Brent Zundel, Dmitri Zagidulin, Ted Thibodeau Our Robot Overlords are scribing. Manu Sporny: Right welcome everyone to the February 15th 2022 verifiable credentials API call our agenda. Manu Sporny: On the agenda today we've got an agenda review introductions relevant Community updates followed by in trying to improve explanations for exchanges so PR take a look at that multi base transaction identifiers another PR to address some requests that or he had last time and then Mahmoud brought up a good question last time around. Manu Sporny: Covering and Mike Varley noted that secure key also had concerns around. Manu Sporny: Basically protocol interoperability if we're saying that you could there these other protocols that you can kind of speak across fee Capi how do we make sure that we. Manu Sporny: Interoperability type with those kinds of extensibility options and then any other issue processing as time allows so let's go ahead and get started but before we start are there any updates or changes to the agenda anything anyone wants changed. Topic: Introductions, Relevant Community Updates Manu Sporny: Alright then let's go to introductions in any relevant Community updates do we have anyone new on the call today. Andy Miller: My name is this is Andy Miller from I'm s I'm not new on the call but I don't think I've introduced myself before him up standards architect IMS Global. Manu Sporny: Awesome wonderful to have you here Andy that's great what's the what's the interest is it just kind of personal interest or is there IMS Global interest? Andy Miller: IMS Global interest we have digital credentials which we are now we've had quite a bit for quite a while actually starting with open badges that were verifiable credential like you know sort of based on sort of early talks about verifiable credentials and we're in the process now of updating them to be compliant with the verifiable. Andy Miller: Apple credentials data model. Manu Sporny: Wonderful that's great Indian in my my expectation knowing I'm as Global's work is that you know issuing holding verifying these credentials using apis is probably something that all of you are are concerned that you know just are interested in and concerned about and want to make sure happens the right way so great great to have you here welcome to the call anyone else knew I think everyone else on here has made. Manu Sporny: All right then let's move on to relevant Community updates any relevant Community updates that we should know about specifically relevant to the VC API work. Topic: Improve Explanations for Exchanges Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/261 Manu Sporny: All right if not let's go ahead and move into the first topic the first one up here is a PR PR let me get the link to 61 in PR 261 is about moving the non-normative text so we had a section around workflows. Manu Sporny: Go ahead and share my screen here. Manu Sporny: We had a non-normative section around workflows or sorry that we had a we had a section around workflows and during the last two calls we were able to converge the workflow apis and the kind of presentation apis that the traceability folks were using we now have two unified apis or two two endpoints that are unified now which is great great progress. Manu Sporny: There was some content. Manu Sporny: Workflows section this explanation so let me go ahead and get a preview of this thing that kind of talked about what the exchange would look like apologies the image isn't going to show up because the preview tool doesn't show images but the idea here was that we wanted to kind of explain what a protocol flow would look like using the data that was posted the HP endpoints and we have that now. Manu Sporny: Now I've gone through. Manu Sporny: Did all of the text to the new exchange language that we decided to use until something better comes along and so that's all this pull request does is it just moves that non-normative text from the workflow section to this section and then renames it to exchanges any questions concerns about this PR I think we've got multiple positive reviews on it it can probably be merged. Manu Sporny: Aged in after the call unless. <orie> we don't merge PRs on this call? Manu Sporny: Okay if that's good then we'll go ahead and merge that in after the call the next item up was the multi base encoded transaction identifiers so let me get. Topic: Multibase Transaction Identifiers Manu Sporny: A quick link for this channel. Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/258 <mprorock> i vote for live merging Manu Sporny: Okay so this is PR 258 hmm in the pr 258 basically let's see. Manu Sporny: It adds a it adds so I think the on the last call Orie suggested that. Manu Sporny: Well actually what happened or he suggested that one we pull this out and make it a parameter path parameter so that was done and then there was I think my Pro rock you said you'd be okay with it being having all their ways of expressing the identifier so we started out with uuid I know digital bizarre tends to like multi Pace in coded values but I think that there was just a general concept that this thing is like 128. Manu Sporny: But identifier and we. Manu Sporny: I mean white want to express it as different encodings uuid and then multi base and coded things so that's all this PR does Laurie I think we had a discussion about what transaction ID could be used for here so we might want to touch on that a bit and then I know that Marcus and Mike Varley both of you provided some concerns about like well why can't we. Manu Sporny: Why can't it be a little. Manu Sporny: Order so let me pause there or we would you like to kind of articulate your concerns over this PR first. Orie Steele: I mean I don't have any concerns regarding merging the PRI prove the pull request I have comments on the PR but I don't have any concerns with merging it as is. Mike Prorock: +1 Let's merge it and fix it after it is in Manu Sporny: Okay do you want to voice those comments now or do you want to. Orie Steele: Only if there's questions regarding them. Manu Sporny: I mean I don't have any questions I don't think I do think that there yeah it's kind of it hasn't ended yet I think most of the questions worry kind of shifted to like the domain Challenge and what to do with it. Orie Steele: Yeah which is again probably not well addressed on this particular poll request so I think conversation will continue on the pull request as long as it remains open but concrete change requests or approval should happen to the pull request and its current change set and we should probably limit our discussion on pull requests to the changes suggested and open issues if there's another. Orie Steele: We want to keep the conversation focused on the changes that are suggested not conversations about the entire ecosystem. Manu Sporny: Okay I'm good with that Mike Farley on the queue. Mike Varley: Yeah so I raised a concern on this one just because on the last call I heard an unanswered question from Brian as to why we were at the time I think last week it was just focused on uuid and now it's been expanded to something else so I want to make it clear that I'm not opposed to having a clear definition of what the transaction ID should be we should just wrap in Logic for. Mike Varley: Or decision process for making that choice so that it's clear to people coming to the API why that decision is made and is the way it is so it's more of an opportunity for those who who might have a reason to have a different type of transaction ID or have different plans for this transaction ID that don't currently fit in within the multi base encoding or the uuid format but it's an open window as far as I'm concerned but I'm ready to close. Mike Varley: Is it and say. Mike Varley: You know we've decided on on this format for a session ID for the following good reasons or you articulated them with your owasp you know input validation post so I'm good anybody else. Manu Sporny: Okay thanks Mike Marcus Europe. Markus Sabadello: Pretty much the same from from me I don't feel strongly about it so I'm also find leaving it the way it is I just thought that if transaction ID supposed to be opaque to the client right it doesn't mean anything to a client and on the server side different implementations may use that in different ways sometimes it might be a uuid sometimes it may be a sequential number and sometimes sometimes the server side image. <mprorock> there are cases where a client might use that - e.g. get me a list of my transactions from last 30 days, then let me get the details of one specific one Markus Sabadello: Should identifiers to encode state in the identifier itself right in some kind of format that we may not yet be be aware of and yeah but I also understood or is comments about potential attack vectors this this opens up so I also just have a 1230 chelate this as a common without really having a strong opinion in a hurry. Manu Sporny: Okay yeah I mean this is good this is useful to get down in the transcription and so that we can refer to it later I think what we're saying is we're saying presently the only number you know the only thing that we seem to be considering is just a uuid or some 128-bit value to identify the transaction ID it's meaningful for the server. Manu Sporny: Not necessarily it's not meaningful at all to the client it's opaque to the client and what we're trying to do is we're not trying to create kind of an arbitrary field where you can just encode just about anything in it we're saying for now we are very specifically restricting it to different representations of 128-bit numbers and in the future if we find a use case or a reason. Manu Sporny: Kind of the the allowable alphabet to be larger or more diverse we can open that up later on so we're starting very strict and very narrow and in the future if we find out that there are other reasons to make it less narrow we can open up the aperture at that point does that feel like a logical stance for us to take at this point and then. Manu Sporny: We'll see what. <markus_sabadello> Sounds good Manu Sporny: Really owe me it would anyone object to that effectively being articulated in the spec as an explanation for. Manu Sporny: Action ID is the way it is. Manu Sporny: Okay no objections I will take an action on a to articulate why transaction ID is an expression 28 number that is. ACTION: Manu to articulate why transaction-id is an expression of a 128-bit number that is meaningful to the server, but opaque to the client, and how we might open up the range of values later. Manu Sporny: Meaningful to the server let go Pake to the client and how we might well we might open the range of values later. Manu Sporny: Okay I'll take that action so that probably means that this one is ready to be merged unless there are any last-minute objections to it. <mprorock> ha! Topic: Discovery of Workflows/Exchanges/Services Manu Sporny: Okay I will merge that after the call and I did mic Pro Rock and or I did see the support for doing life merging I'm just not doing it because I get distracted when the merge fails because there's some kind of merge conflict so once I get over that I'm happy to do life emerging on the call Discovery. Manu Sporny: A of workflows exchanges and. Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/259 Manu Sporny: Is okay this was the point that Mahmoud raised last week there is an issue for it issue 259 and if we pull up issue 259 my hood maybe you would like to give us an intro here and then Mike your thoughts as as well. Mahmoud Alkhraishi: Yeah so this came out of our thinking when we were talking about workflows being defined entities where they tell you the scope of the exchange basically if you have a workflow that is supposed to be a credential refresh it would be nice to know the general scope of you know you are expected to do XYZ steps or something on those lines right if that's defined somewhere then. Mahmoud Alkhraishi: It would be nice to know if. Mahmoud Alkhraishi: These API supports that workflow or it doesn't right and so what this issue is Raising is it's saying we need to way to know what are the workflows that are supported by this specific instance of the VC API. Manu Sporny: Got it thanks Mahmud Mike Varley. Mike Varley: Yeah so I agreed that this kind of Discovery is going to be very important for the open-world approach when a client wallet holder application is communicating with one of these servers around exchanges how is it supposed to know what to do in in other protocols when you have. Mike Prorock: +1 A GET /workflows will be very nice in practice - i am working on a PR with that kind of content Mike Varley: Open world or interpretation it can actually lead to a lack of interoperability because you know a very specific parameter you know as required by the server but you know the client doesn't support it even though they think they're they're speaking the same you know message structure so I think the this particular proposal on how a client can find out what the endpoints mean and maybe those. Mike Varley: Spec names as I think I'll illustrate it there or maybe their gamble files but then a client should be able to recognize those strings and say yes I know what that is head to toe or or know I don't so I won't call that endpoint and then and then I think this PR is also important to get in so we can also go to the next level in describing what those you know strings actually point to how. Mike Varley: They actually mean and how a client is supposed to. Mike Varley: Understand you know what do I do to need to support that protocol so Discovery is a very important topic for that open world where we don't want to just leave it to free-for-all we want to be we want to give the client clear guidance on how to implement a protocol that it has discovered and this is this is this is the right start I think for for doing that work and I guess we have workflows here's but I don't know if that should be exchanges but that's. Mike Varley: Kind of a side comment. Manu Sporny: Got it thanks Mike yeah their exchanges now but that's a minor minor thing all good points Mike Pro Rock. Mike Prorock: Yeah I kind of concur here and I think obviously exchanges workflows whatever the languages and I can say that use case that I Envision like a particular scenario that we're looking at right now and supporting to a degree is user build interfaces on top of some of our apis and things like that right so if you're saying hey let me get a list of all the exchanges that I potentially support and in our case those are. Mike Prorock: You know business Process Management you know definitions they could just get that list and then query each one specifically so that they could put an appropriate UI or integrated into existing tools for bpmn and so it's it's the kind of thing that I think is a natural next extension as we've noted with a lot of the kind of Getters you know that we talked about where appropriate right whenever you have a collection of stuff you kind of want to be able to get that collection or at least a list of that. Mike Prorock: Collection to be able to get specific items out of that. Mike Prorock: I d-- care about. Manu Sporny: I think these are all good points I'm going to I'm going to kind of argue at it from the other side only just to try to see if any of this resonates I'm now I'm totally fine with us defining this and in putting it in the spec and trying it out there are like a the the sniff test at least to me couldn't have kind of smells a bit like soap in a bit like Hydra which is a which tend to be fairly kind of like. <orie> See https://www.markus-lanthaler.com/hydra/ Manu Sporny: Mine generic discoverability right how do you express this stuff in a way that allows a smart client to come along and figure out how it can interact with the HTTP and points so that's that's my only concern noting also that like many of the discovery conversations we've had before have not really resulted in in at least some of us doing Discovery a totally you know there are other there's like the you know the did endpoints. Manu Sporny: They're using on that does Discovery so I'm just raising the question of like who's who exactly is going to use this and for what use case so that's the first question the second kind of note is that with so for example with credential refresh the discovery mechanism is in the verifiable credential itself you issue a verifiable credential you give it to someone in they discover what the exchange endpoint is. Manu Sporny: In the verifiable credential itself so it's not post you know it's not done through a get to the server it's a it's a piece of data that you get and you carry around with you so that's another approach for you know discovery that I that I know we're going to be that isn't you know it's going to be implemented right so I'm wondering who's got the use cases that are going to do a get here and then. Manu Sporny: I'd I guess something to the user how does that. Manu Sporny: Work I'm not following how that works. Mike Varley: Yeah thanks so I wanted to Echo your your let's not reinvent soap comment was well I think that that's an excellent example of where Discovery got you know almost out of control and clients had to be you know so when you know deeply developed in order to accommodate all the the open world you know API discovery that it became just kind of quite difficult so the suggestion here is not to re you know. Mike Varley: Absolutely not reinvent that. Mike Varley: Let's stay away. Mike Varley: From that the use case is I think there needs to be some context around the exchange ID for example I have credential refresh in in that example that's just a string that that I could say credential refresh or credential refresher or credential refresh to what protocol is the client expected to engage with at that end point and to your. Mike Varley: In the credential itself for credential refresh their I think with service endpoints and you know there's a type field I think we are close to to having a mechanism for communicating how you know a client is supposed to communicate to that you know URL path but and I think it should be tightly controlled in that way so that it doesn't become just you know. Mike Varley: Discovery so maybe you know I do have a yam will file their the expectation is not necessarily that the client is going to build a compliant you know Epi on the fly but it should at least recognize the string and it know and you know as a developer you know where to go find the spec related to how to actually communicate with this endpoint and and I'll just point out that I think I've seen a couple variations on this endpoint already in different PR and I apologize I don't have. Mike Varley: Them in my fingertips one of them. Mike Varley: We're within the VP our language there's a there's a way to you know present a verifier represent a presentation of verifiable presentation and then get back a continuation method with more information on how to continue but then I also saw you know well maybe I'd like to do a post and provide some parameters to that post which kicks off a VP our request and so on and and that's where you know the hair on the back of my neck kind of stood. Mike Varley: This is this is becoming more complicated than just simply something we can handle and VPR and if that's what we want to do we just need some way of indicating to clients if you're going to call this endpoint that I've called you know Foo this is what I mean and this and this is the spec that I'm talking about and and you know you and as a developer you can go and find it if your clients Frozen are that's my thinking path. <justin_richer> huge +1 to not repeating the mistakes of WSDL and relying to automated code generation and configuration Manu Sporny: Got it interesting so to compare contrast I mean I feel like the the next step for this is a PR right I think we should be you know it'll be much easier to talk about this with the PO are who's going to write the pr and what do you need to know from the group to write that PR. Mike Varley: I'm so sorry I'd maybe I'm jumping the queue I could write the pr for for this endpoint and possibly for what you would do when discovering you know / exchanges / credential refresh. Mike Varley: I don't know what I don't know what I need for the group maybe just throw eggs at what you see and we can go from there. <mprorock> I volunteer for egg throwing Manu Sporny: Great okay now I mean that's that's all we need action like Varley to create a PR to address issue. ACTION: Mike Varley to create a PR to address issue #259, group will review PR after it is raised. Manu Sporny: Shoo 259 group will review PR after it is raised okay awesome thank you like I wanted to touch on something actually queue is empty I wanted to touch on something you said Mike which I thought was really interesting that I did not get from your comment here viable presentation request. Manu Sporny: He requests back we have these like these new interaction types so if you wanted to bootstrap into another protocol you can do that there right so the idea here is that in the VPR when you get back a query of verifiable presentation request you get back one or more ways to interact so this is very much inspired by good nap I'm wondering Mike do you mean that the the types could. Manu Sporny: Could basically be these. Manu Sporny: Types but listed here. Mike Varley: I think so I think that's what I mean. <mprorock> that seems extremely sane Manu Sporny: Okay okay yeah no I mean I think that's that's that's really interesting like that's definitely another way to do it yeah that's cool I like that now keep in mind there's I think you said you wanted them to be simple strings in some of these cases like this did come messaging one you know I tried to pick something straight out of the specs for for did Cam and you may need more. Manu Sporny: But I mean I think that's just something for the group to explore right once the pr is there just in your own you can go ahead. Justin Richer: https://mailarchive.ietf.org/arch/msg/txauth/KNB3BJhwmAYyJ68y_m1VnnS2kQ4/ Justin Richer: All right thanks money so Dimitri zag Dylan presented this this part of the VC API proposal to the canal working group a few weeks ago and I've started a thread on the Kanab mailing list linking to the archive page in the chat right now hopefully that makes it into the transcript but I were trying to start a discussion on what this time. Justin Richer: Type of model would. Justin Richer: If you actually click on the third of the long web sequence diagram URLs that should bring up a picture yeah so the idea here that I think that this work and the work that Dimitri described is is there a way to use actual an actual piece of the kidnap protocol itself inside of another protocol now normally. Justin Richer: And as a you know a separate security interaction management layer the delegation protocol. Justin Richer: But this does raise an interesting question because this and other use case and a couple of other use cases of that have been brought up have started to talk about this this notion of well I'm off doing another API and I don't want to have to throw on all of the brakes and go start a brand new conversation with an authorization server because I already have it all of the contacts that I need to kind of Kick this off so how can I kick it off and how can I get it back. Justin Richer: Back there hasn't been a lot. Justin Richer: On the grab mailing list yet I would invite everybody to in this group to join that conversation if this is something that is interesting to you it's not something that I think really wants a lot of discussion on this call here but I wanted to make sure people were aware of that. Manu Sporny: Great thank you thank you Justin yes all these links will make him in make it into the minutes but that's a really interesting that's a really interesting proposal and thought in theory at least with the VPR thing you can bootstrap into other protocols after every kind of HTTP back and forth that you have with the VC API so you could you know start off with. Manu Sporny: Jump to IDC credential provider and then jump to a good nap and then jump back to an unmediated presentation thing now that's crazy right I have no idea of doing something like that would ever work but the philosophy and design of what we have right now should allow for it so I think you know the next step there might be someone trying it out and seeing or at least doing it you know thinking through what all of the mess. Manu Sporny: Judges would look like and. Manu Sporny: If you've got a client that speaks one of these interaction mechanisms as well as going to app in theory you should be able to kind of hopscotch from one protocol to the other and then back to the original protocol. Justin Richer: Thank you but that is absolutely not the point that I was trying to make so what you're describing if you go back to that other thing and if you click if you go back 12 to the email archive and click on the first message what you're describing the the first of the web sequence diagram the URLs well you're describing is as a much more sort of you know. Justin Richer: Final way to you. Justin Richer: These kinds of protocols alongside of each other and that's that's so easy to do it's boring and not worth talking about so what I was what I was describing is instead of waiting to use really portions of the cannot protocol itself embedded inside of a different protocols in and have that be defined as a pattern so that every API doesn't come up with its own. Justin Richer: The customized version of following that same pattern so that's I think the much more interesting conversation to have because it's you know talking to an API and saying oh I need you to go do a security protocol that's that's fully defined I mean that's we know how to do that we've been doing that for decades that's what the dub-dub-dub authenticate header and basic auth do and have been doing since. Justin Richer: Since the early 90s. Justin Richer: You know that's that's not interesting at all what I think is more interesting is this notion of can I kick you into a process part way through with enough context for you to actually do something and importantly have a standardized way to get you back. Manu Sporny: So Justin if I'm understanding that correctly you're saying they're Primitives and can app that the VC API protocol might be able to reuse Primitives and patterns. Justin Richer: Quite possibly yes and while I understand that what's proposed in VC API is is not intended to be compatible with can app you know that syntax is significantly different from what's already been worked out in Kanab and I think that there might be value in aligning that better. Manu Sporny: Okay cool what what do you what do you need from us to other than just engagement to do some experiments thought experiments in that area. Justin Richer: Um engage with the conversation in ideally in the ietf working group to see if there is something that's worth pulling out and then still the same thing that you had said previously and that's somebody taking the time and sitting down to see what those messages themselves would actually look like like what what would you send back at each step and what types and what does that mean for the. Justin Richer: Code paths to the. Justin Richer: Client software that needs to actually deal with these kinds of things. <mprorock> *if interested* Manu Sporny: Got it okay all right well the action then is you know someone someone from the group needs to do that kind of engagement on the Gap mailing list and look in you know do do the thinking around what common patterns there might be yes if there's if there's interest as Mike peroxide okay I think Mike Varley you have enough to. Manu Sporny: Take a shot at a PR there. <justin_richer> Yup -- standards only get written if someone wants to write them :) <mprorock> sleep allowed now? <mprorock> /s :) Topic: Next Steps for VC API? Manu Sporny: Market okay awesome okay great okay well so we're through our agenda and 40 minutes great job everyone for being efficient let's take a pause here and see if there are high priority things people feel like we should focus on like there's a huge Log Jam at X and we need to clear that clear that Log Jam. <justin_richer> sleep is for the weak! Manu Sporny: I start just randomly going into old issues and picking issues that seem like they would be useful to talk about does anyone feel like we really should be focusing on X right now like Pro Rock go ahead. Mike Prorock: Yeah I think now once we get these couple of merges in and we see like the basic getter pattern with pagination for like you know fetching a you know exchange right or list of exchanges I think we probably need to take a pass and go okay what clean up do we need to do so that a third party looking at this doesn't go okay you guys are not sore you're off base or. Mike Prorock: Ever also with the. Mike Prorock: Of easing you know PR 66 that I know impacts kidnap I know what impacts this etcetera and the ability to discuss that over in the VC working group and so I think the more polished this is with a little more commercial support the better we're looking for that kind of thing so that's just kind of like mindful of time like that that core ability that we've discussed here my like merging workflows right that covers a lot of you know the would you know. Mike Prorock: No exchanges / workflows Etc right making sure this. <tallted> Seeing that least-recently-updated issues takes us back to Feb 2021, some issue churn would likely be useful. Mike Prorock: We're doing on the trace side and the system to system use cases that gets a lot of the core functionality stuff in there that we kind of have to have and so it gives us a chance to say okay now let's focus a little bit on clean up to try to get this stuff into the actual work nerve itself because it all may go away if it does you know won't well frankly if it doesn't or if it does get in there it may still all go away depending on how the work you know working group approaches it so I don't. Mike Prorock: Want to be going in. Mike Prorock: Making a pile of changes and stuff like that you know and just having a you know just a huge amount of burn if we know that some of the stuff is subject to adjust significantly and I think all 10 also noted that there's a lot of like old issues and stuff that probably just needs some cleanup so that's my that's my read honestly is like let's try to get this stuff a little bit more polished professional and I and focus on fixing you know like PR's to clean stuff up could. Mike Prorock: Correct language fill a gap in apa you know like. Manu Sporny: All right great suggestions I did want to yeah and plus 12 that I yeah I mean the reason I'm asking is I'm kind of at a loss as to Big Rocks we need to move with the API it feels like at least there's a good good core heart of the spec there at this point that addresses I think everyone's use cases on the call at least the major you know credential flow use cases in presentation floaties cases. Manu Sporny: One other aspect of this so yeah so I think we need to make the spec a bit more pretty this stuff up here that Joe in Eric you worked on I think it would be good to give that another pass try and clear it up a bit or just clean it up a bit and item wave I'm doing a giant hand wave there Eric I don't know. Manu Sporny: You guys are thinking these days we don't have conformance classes or terminology sections empty right now and we have this massively ugly rendering of the Json schema stuff so on my will take an action too. ACTION: Manu to fix Respec OAS renderer to render JSON Schema in a more compelling way. Manu Sporny: Fix Respec OAS render to render Json schema in more compelling way so their ways of displaying this data that doesn't look as awful as it does right now so we should do that and then they in the yeah and like the getter and the pagination stuff mic Pro rock is also you know would be a good thing to put in there. Manu Sporny: But yeah I mean a lot of it just feels like you know it's clean up stuff not really big I mean you know it's like there's no magic to pagination you know API or how you do pagination we just need to pick something and go with it Eric you were on the queue. Eric Schuh: Yeah just wanted to give a quick I guess update from the use cases team I just finished today a pass at sequence diagrams for the six use cases that are currently in the GitHub and the next steps were going to be to unify that with the diagrams that I believe it was Joe and Mike Pro Rock did for the Beast for the issuing and verification. <mprorock> and orie! Eric Schuh: And kind of out of that then get back to updating these diagrams. Eric Schuh: So yeah it's in there's one branch. Eric Schuh: Let me get the link for you. Eric Schuh: https://github.com/w3c-ccg/vc-api-use-cases Manu Sporny: Thank you I was failing miserably at that alright and which branch replace endpoints with diagrams. Eric Schuh: Yeah that's the one so the index HTML has everything but if you actually click if you scroll down just a tad and click on the use cases link right there I currently have it set to display this Branch I believe will there be able to see the images of the diagrams and if you pull those out or open up in a new tab they should be basically basically infinitely zoomable. Manu Sporny: Okay that's great so should we put some call time aside to review these okay or do you feel like. Eric Schuh: I haven't had a chance to go over them with Joe and one quite yet so I think we were going to do that next week so probably in the next week or two well we'll be asking for some call time I would I would expect. Manu Sporny: Okay all right that sounds good okay and these are great thank you very much for continuing to work on these awesome mic Pro Rock Europe. Mike Prorock: Yeah only note I was going to make is is and I think this is a question for the group I think they're I think there is strong value in making sure that if we're doing an open API specification that that is presented via Swagger redoc you know something that you know or you know couldn't take your front end of choice right because that's largely configurable. Mike Prorock: To be able to go. Mike Prorock: With those apis from the spec itself right open API spec itself and largely because that also double-check sits on conformance with that stuff and things like that right it makes sure that that tooling you know that they actual to like it validates that stuff is passing right so it's a good sanity check for us it does not mean that there's not value and possibly rendering some of that stuff in line right but I think there's a variety of you know ways of a. Mike Prorock: Attacking that like a we could potentially. Mike Prorock: To assume you know respect side of this where it's like yep here's these endpoints we've defined here some example you know here's our data types we have defined and allowed you know credentials but as far as like double checking to make sure our way s is actually saying like there's a right way to do it and we risk breaking ourselves if we don't do it the right way right with you know validation so. Mike Prorock: It was exactly yeah. Manu Sporny: Yeah plus one that I mean I there's a I mean there's I think there's a strong argument for rendering OS files in ways that the industry is used to write the respect thing is just because we needed you know if we're going to do this at only 33 we need its back but that's not what most web developers are used to working with when they're dealing with OS files right so yeah plus 1 we should have a rendering and we can't you know we don't want it we do. Manu Sporny: Right like if you go to issue or not HTML. Manu Sporny: Like there's your rendering right and that's live against whatever's in the repo right now. <orie> its ancient Manu Sporny: Um yeah I don't know where it came from I've just been you know keeping it up-to-date. <orie> probably want to update <mahmoud_alkhraishi> needs to be updated Mike Prorock: Yeah that's right I forgot that was still in there because I think that was based on I think the stuff I initially dumped in there right waving here yeah yeah yeah I'm good with that we just may want to make sure that it actually rolls everything up not just method by Method right so yep. Manu Sporny: A dip so well I so who's who wants the action for that. <orie> and maybe turn on servers... for testing. <orie> not volunteering Mike Prorock: I can either take the action of compiling combo unless or he wants to he and I argue over what's the better way of rendering that stuff all the time so if he doesn't volunteer all you know fight him for it to make him irritated. Manu Sporny: Ori do you want this not volunteering all right it's you Mike. Mike Prorock: You're not getting live testing against multiple servers if you don't volunteer. Orie Steele: I've done it like three or four times now it was originally the spec was split and it was combined and it was split again I'm not touching it again. Manu Sporny: Okay all right so might be your at might be to put together PR for rendering the all the. Mike Prorock: I think I did it last time just to get it off the broken version of swagger that we were all actually. Manu Sporny: Yeah so let's see all the other rendering all the 0s files way that web Developers. ACTION: Mike Prorock to put together a PR for rendering all the OAS files in a way that web developers will understand. Manu Sporny: And that basically is giving you free rein my to do what you believe is the best thing to do and then the group will take a look at it and say yeah your nay okay is there anything else we wanted to cover today we can let people go nine minutes early if there's nothing else. Manu Sporny: Alright I think that's it we should talk about testing I know we've talked and we've touched on testing before but there are now test Suites that are being created that are driven by the VC API in Horry that might get a bit to your live testing like testing against live servers thing I know that a few of us a few of the implementers are setting up have already set up live implementations of the VC. <mprorock> orie doing some magick Manu Sporny: I have and I know that as a community we want to get to live testing just nightly testing okay that's it for the call today thank you everyone for joining we will have another call next week just as a heads up I might be 5 to 10 minutes late for that call so if someone else could start the call I would appreciate it I'll send out an agenda on Sunday this Sunday. <mprorock> Mahmoud volunteered to run it Manu Sporny: Recall again great progress today thank you we'll chat next week bye. <mprorock> i heard him <manu_sporny> *lol* :P
Received on Wednesday, 16 February 2022 18:48:17 UTC