W3C home > Mailing lists > Public > public-credentials@w3.org > February 2022

[MINUTES] W3C CCG Verifiable Credentials API Call - 2022-02-15

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Wed, 16 Feb 2022 18:48:17 +0000
Message-ID: <E1nKPLY-0005Ne-Is@titan.w3.org>
Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-02-15-vcapi/audio.ogg

----------------------------------------------------------------
VC API Task Force Transcript for 2022-02-15

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022Feb/0052.html
Topics:
  1. Introductions, Relevant Community Updates
  2. Improve Explanations for Exchanges
  3. Multibase Transaction Identifiers
  4. Discovery of Workflows/Exchanges/Services
  5. Next Steps for VC API?
Action Items:
  1. Manu to articulate why transaction-id is an expression of a 
    128-bit number that is meaningful to the server, but opaque to 
    the client, and how we might open up the range of values later.
  2. Mike Varley to create a PR to address issue #259, group will 
    review PR after it is raised.
  3. Manu to fix Respec OAS renderer to render JSON Schema in a 
    more compelling way.
  4. Mike Prorock to put together a PR for rendering all the OAS 
    files in a way that web developers will understand.
Organizer:
  Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi
Scribe:
  Our Robot Overlords
Present:
  Manu Sporny, Justin Richer, Mike Prorock, Markus Sabadello, 
  Mahmoud Alkhraishi, TallTed // Ted Thibodeau (he/him) 
  (OpenLinkSw.com), Andy Miller, Mike Varley, Orie Steele, Eric 
  Schuh, Kayode Ezike, PL, BrentZ, Brent Zundel, Dmitri Zagidulin, 
  Ted Thibodeau

Our Robot Overlords are scribing.
Manu Sporny:  Right welcome everyone to the February 15th 2022 
  verifiable credentials API call our agenda.
Manu Sporny:  On the agenda today we've got an agenda review 
  introductions relevant Community updates followed by in trying to 
  improve explanations for exchanges so PR take a look at that 
  multi base transaction identifiers another PR to address some 
  requests that or he had last time and then Mahmoud brought up a 
  good question last time around.
Manu Sporny:  Covering and Mike Varley noted that secure key also 
  had concerns around.
Manu Sporny:  Basically protocol interoperability if we're saying 
  that you could there these other protocols that you can kind of 
  speak across fee Capi how do we make sure that we.
Manu Sporny:  Interoperability type with those kinds of 
  extensibility options and then any other issue processing as time 
  allows so let's go ahead and get started but before we start are 
  there any updates or changes to the agenda anything anyone wants 
  changed.

Topic: Introductions, Relevant Community Updates

Manu Sporny:  Alright then let's go to introductions in any 
  relevant Community updates do we have anyone new on the call 
  today.
Andy Miller:  My name is this is Andy Miller from I'm s I'm not 
  new on the call but I don't think I've introduced myself before 
  him up standards architect IMS Global.
Manu Sporny:  Awesome wonderful to have you here Andy that's 
  great what's the what's the interest is it just kind of personal 
  interest or is there IMS Global interest?
Andy Miller:  IMS Global interest we have digital credentials 
  which we are now we've had quite a bit for quite a while actually 
  starting with open badges that were verifiable credential like 
  you know sort of based on sort of early talks about verifiable 
  credentials and we're in the process now of updating them to be 
  compliant with the verifiable.
Andy Miller:   Apple credentials data model.
Manu Sporny:  Wonderful that's great Indian in my my expectation 
  knowing I'm as Global's work is that you know issuing holding 
  verifying these credentials using apis is probably something that 
  all of you are are concerned that you know just are interested in 
  and concerned about and want to make sure happens the right way 
  so great great to have you here welcome to the call anyone else 
  knew I think everyone else on here has made.
Manu Sporny:  All right then let's move on to relevant Community 
  updates any relevant Community updates that we should know about 
  specifically relevant to the VC API work.

Topic: Improve Explanations for Exchanges

Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/261
Manu Sporny:  All right if not let's go ahead and move into the 
  first topic the first one up here is a PR PR let me get the link 
  to 61 in PR 261 is about moving the non-normative text so we had 
  a section around workflows.
Manu Sporny:  Go ahead and share my screen here.
Manu Sporny:  We had a non-normative section around workflows or 
  sorry that we had a we had a section around workflows and during 
  the last two calls we were able to converge the workflow apis and 
  the kind of presentation apis that the traceability folks were 
  using we now have two unified apis or two two endpoints that are 
  unified now which is great great progress.
Manu Sporny:   There was some content.
Manu Sporny:  Workflows section this explanation so let me go 
  ahead and get a preview of this thing that kind of talked about 
  what the exchange would look like apologies the image isn't going 
  to show up because the preview tool doesn't show images but the 
  idea here was that we wanted to kind of explain what a protocol 
  flow would look like using the data that was posted the HP 
  endpoints and we have that now.
Manu Sporny:   Now I've gone through.
Manu Sporny:  Did all of the text to the new exchange language 
  that we decided to use until something better comes along and so 
  that's all this pull request does is it just moves that 
  non-normative text from the workflow section to this section and 
  then renames it to exchanges any questions concerns about this PR 
  I think we've got multiple positive reviews on it it can probably 
  be merged.
Manu Sporny:   Aged in after the call unless.
<orie> we don't merge PRs on this call?
Manu Sporny:  Okay if that's good then we'll go ahead and merge 
  that in after the call the next item up was the multi base 
  encoded transaction identifiers so let me get.

Topic: Multibase Transaction Identifiers

Manu Sporny:  A quick link for this channel.
Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/258
<mprorock> i vote for live merging
Manu Sporny:  Okay so this is PR 258 hmm in the pr 258 basically 
  let's see.
Manu Sporny:  It adds a it adds so I think the on the last call 
  Orie suggested that.
Manu Sporny:  Well actually what happened or he suggested that 
  one we pull this out and make it a parameter path parameter so 
  that was done and then there was I think my Pro rock you said 
  you'd be okay with it being having all their ways of expressing 
  the identifier so we started out with uuid I know digital bizarre 
  tends to like multi Pace in coded values but I think that there 
  was just a general concept that this thing is like 128.
Manu Sporny:   But identifier and we.
Manu Sporny:  I mean white want to express it as different 
  encodings uuid and then multi base and coded things so that's all 
  this PR does Laurie I think we had a discussion about what 
  transaction ID could be used for here so we might want to touch 
  on that a bit and then I know that Marcus and Mike Varley both of 
  you provided some concerns about like well why can't we.
Manu Sporny:   Why can't it be a little.
Manu Sporny:  Order so let me pause there or we would you like to 
  kind of articulate your concerns over this PR first.
Orie Steele:  I mean I don't have any concerns regarding merging 
  the PRI prove the pull request I have comments on the PR but I 
  don't have any concerns with merging it as is.
Mike Prorock: +1 Let's merge it and fix it after it is in
Manu Sporny:  Okay do you want to voice those comments now or do 
  you want to.
Orie Steele:  Only if there's questions regarding them.
Manu Sporny:  I mean I don't have any questions I don't think I 
  do think that there yeah it's kind of it hasn't ended yet I think 
  most of the questions worry kind of shifted to like the domain 
  Challenge and what to do with it.
Orie Steele:  Yeah which is again probably not well addressed on 
  this particular poll request so I think conversation will 
  continue on the pull request as long as it remains open but 
  concrete change requests or approval should happen to the pull 
  request and its current change set and we should probably limit 
  our discussion on pull requests to the changes suggested and open 
  issues if there's another.
Orie Steele:  We want to keep the conversation focused on the 
  changes that are suggested not conversations about the entire 
  ecosystem.
Manu Sporny:  Okay I'm good with that Mike Farley on the queue.
Mike Varley:  Yeah so I raised a concern on this one just because 
  on the last call I heard an unanswered question from Brian as to 
  why we were at the time I think last week it was just focused on 
  uuid and now it's been expanded to something else so I want to 
  make it clear that I'm not opposed to having a clear definition 
  of what the transaction ID should be we should just wrap in Logic 
  for.
Mike Varley:  Or decision process for making that choice so that 
  it's clear to people coming to the API why that decision is made 
  and is the way it is so it's more of an opportunity for those who 
  who might have a reason to have a different type of transaction 
  ID or have different plans for this transaction ID that don't 
  currently fit in within the multi base encoding or the uuid 
  format but it's an open window as far as I'm concerned but I'm 
  ready to close.
Mike Varley:   Is it and say.
Mike Varley:  You know we've decided on on this format for a 
  session ID for the following good reasons or you articulated them 
  with your owasp you know input validation post so I'm good 
  anybody else.
Manu Sporny:  Okay thanks Mike Marcus Europe.
Markus Sabadello:  Pretty much the same from from me I don't feel 
  strongly about it so I'm also find leaving it the way it is I 
  just thought that if transaction ID supposed to be opaque to the 
  client right it doesn't mean anything to a client and on the 
  server side different implementations may use that in different 
  ways sometimes it might be a uuid sometimes it may be a 
  sequential number and sometimes sometimes the server side image.
<mprorock> there are cases where a client might use that - e.g. 
  get me a list of my transactions from last 30 days, then let me 
  get the details of one specific one
Markus Sabadello:  Should identifiers to encode state in the 
  identifier itself right in some kind of format that we may not 
  yet be be aware of and yeah but I also understood or is comments 
  about potential attack vectors this this opens up so I also just 
  have a 1230 chelate this as a common without really having a 
  strong opinion in a hurry.
Manu Sporny:  Okay yeah I mean this is good this is useful to get 
  down in the transcription and so that we can refer to it later I 
  think what we're saying is we're saying presently the only number 
  you know the only thing that we seem to be considering is just a 
  uuid or some 128-bit value to identify the transaction ID it's 
  meaningful for the server.
Manu Sporny:  Not necessarily it's not meaningful at all to the 
  client it's opaque to the client and what we're trying to do is 
  we're not trying to create kind of an arbitrary field where you 
  can just encode just about anything in it we're saying for now we 
  are very specifically restricting it to different representations 
  of 128-bit numbers and in the future if we find a use case or a 
  reason.
Manu Sporny:  Kind of the the allowable alphabet to be larger or 
  more diverse we can open that up later on so we're starting very 
  strict and very narrow and in the future if we find out that 
  there are other reasons to make it less narrow we can open up the 
  aperture at that point does that feel like a logical stance for 
  us to take at this point and then.
Manu Sporny:   We'll see what.
<markus_sabadello> Sounds good
Manu Sporny:  Really owe me it would anyone object to that 
  effectively being articulated in the spec as an explanation for.
Manu Sporny:  Action ID is the way it is.
Manu Sporny:  Okay no objections I will take an action on a to 
  articulate why transaction ID is an expression 28 number that is.

ACTION: Manu to articulate why transaction-id is an expression of 
  a 128-bit number that is meaningful to the server, but opaque to 
  the client, and how we might open up the range of values later.

Manu Sporny:  Meaningful to the server let go Pake to the client 
  and how we might well we might open the range of values later.
Manu Sporny:  Okay I'll take that action so that probably means 
  that this one is ready to be merged unless there are any 
  last-minute objections to it.
<mprorock> ha!

Topic: Discovery of Workflows/Exchanges/Services

Manu Sporny:  Okay I will merge that after the call and I did mic 
  Pro Rock and or I did see the support for doing life merging I'm 
  just not doing it because I get distracted when the merge fails 
  because there's some kind of merge conflict so once I get over 
  that I'm happy to do life emerging on the call Discovery.
Manu Sporny:   A of workflows exchanges and.
Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/259
Manu Sporny:  Is okay this was the point that Mahmoud raised last 
  week there is an issue for it issue 259 and if we pull up issue 
  259 my hood maybe you would like to give us an intro here and 
  then Mike your thoughts as as well.
Mahmoud Alkhraishi:  Yeah so this came out of our thinking when 
  we were talking about workflows being defined entities where they 
  tell you the scope of the exchange basically if you have a 
  workflow that is supposed to be a credential refresh it would be 
  nice to know the general scope of you know you are expected to do 
  XYZ steps or something on those lines right if that's defined 
  somewhere then.
Mahmoud Alkhraishi:  It would be nice to know if.
Mahmoud Alkhraishi:  These API supports that workflow or it 
  doesn't right and so what this issue is Raising is it's saying we 
  need to way to know what are the workflows that are supported by 
  this specific instance of the VC API.
Manu Sporny:  Got it thanks Mahmud Mike Varley.
Mike Varley:  Yeah so I agreed that this kind of Discovery is 
  going to be very important for the open-world approach when a 
  client wallet holder application is communicating with one of 
  these servers around exchanges how is it supposed to know what to 
  do in in other protocols when you have.
Mike Prorock: +1 A GET /workflows will be very nice in practice - 
  i am working on a PR with that kind of content
Mike Varley:  Open world or interpretation it can actually lead 
  to a lack of interoperability because you know a very specific 
  parameter you know as required by the server but you know the 
  client doesn't support it even though they think they're they're 
  speaking the same you know message structure so I think the this 
  particular proposal on how a client can find out what the 
  endpoints mean and maybe those.
Mike Varley:  Spec names as I think I'll illustrate it there or 
  maybe their gamble files but then a client should be able to 
  recognize those strings and say yes I know what that is head to 
  toe or or know I don't so I won't call that endpoint and then and 
  then I think this PR is also important to get in so we can also 
  go to the next level in describing what those you know strings 
  actually point to how.
Mike Varley:   They actually mean and how a client is supposed 
  to.
Mike Varley:  Understand you know what do I do to need to support 
  that protocol so Discovery is a very important topic for that 
  open world where we don't want to just leave it to free-for-all 
  we want to be we want to give the client clear guidance on how to 
  implement a protocol that it has discovered and this is this is 
  this is the right start I think for for doing that work and I 
  guess we have workflows here's but I don't know if that should be 
  exchanges but that's.
Mike Varley:   Kind of a side comment.
Manu Sporny:  Got it thanks Mike yeah their exchanges now but 
  that's a minor minor thing all good points Mike Pro Rock.
Mike Prorock:  Yeah I kind of concur here and I think obviously 
  exchanges workflows whatever the languages and I can say that use 
  case that I Envision like a particular scenario that we're 
  looking at right now and supporting to a degree is user build 
  interfaces on top of some of our apis and things like that right 
  so if you're saying hey let me get a list of all the exchanges 
  that I potentially support and in our case those are.
Mike Prorock:  You know business Process Management you know 
  definitions they could just get that list and then query each one 
  specifically so that they could put an appropriate UI or 
  integrated into existing tools for bpmn and so it's it's the kind 
  of thing that I think is a natural next extension as we've noted 
  with a lot of the kind of Getters you know that we talked about 
  where appropriate right whenever you have a collection of stuff 
  you kind of want to be able to get that collection or at least a 
  list of that.
Mike Prorock:   Collection to be able to get specific items out 
  of that.
Mike Prorock:  I d-- care about.
Manu Sporny:  I think these are all good points I'm going to I'm 
  going to kind of argue at it from the other side only just to try 
  to see if any of this resonates I'm now I'm totally fine with us 
  defining this and in putting it in the spec and trying it out 
  there are like a the the sniff test at least to me couldn't have 
  kind of smells a bit like soap in a bit like Hydra which is a 
  which tend to be fairly kind of like.
<orie> See https://www.markus-lanthaler.com/hydra/
Manu Sporny:  Mine generic discoverability right how do you 
  express this stuff in a way that allows a smart client to come 
  along and figure out how it can interact with the HTTP and points 
  so that's that's my only concern noting also that like many of 
  the discovery conversations we've had before have not really 
  resulted in in at least some of us doing Discovery a totally you 
  know there are other there's like the you know the did endpoints.
Manu Sporny:  They're using on that does Discovery so I'm just 
  raising the question of like who's who exactly is going to use 
  this and for what use case so that's the first question the 
  second kind of note is that with so for example with credential 
  refresh the discovery mechanism is in the verifiable credential 
  itself you issue a verifiable credential you give it to someone 
  in they discover what the exchange endpoint is.
Manu Sporny:  In the verifiable credential itself so it's not 
  post you know it's not done through a get to the server it's a 
  it's a piece of data that you get and you carry around with you 
  so that's another approach for you know discovery that I that I 
  know we're going to be that isn't you know it's going to be 
  implemented right so I'm wondering who's got the use cases that 
  are going to do a get here and then.
Manu Sporny:   I'd I guess something to the user how does that.
Manu Sporny:  Work I'm not following how that works.
Mike Varley:  Yeah thanks so I wanted to Echo your your let's not 
  reinvent soap comment was well I think that that's an excellent 
  example of where Discovery got you know almost out of control and 
  clients had to be you know so when you know deeply developed in 
  order to accommodate all the the open world you know API 
  discovery that it became just kind of quite difficult so the 
  suggestion here is not to re you know.
Mike Varley:  Absolutely not reinvent that.
Mike Varley:  Let's stay away.
Mike Varley:  From that the use case is I think there needs to be 
  some context around the exchange ID for example I have credential 
  refresh in in that example that's just a string that that I could 
  say credential refresh or credential refresher or credential 
  refresh to what protocol is the client expected to engage with at 
  that end point and to your.
Mike Varley:  In the credential itself for credential refresh 
  their I think with service endpoints and you know there's a type 
  field I think we are close to to having a mechanism for 
  communicating how you know a client is supposed to communicate to 
  that you know URL path but and I think it should be tightly 
  controlled in that way so that it doesn't become just you know.
Mike Varley:  Discovery so maybe you know I do have a yam will 
  file their the expectation is not necessarily that the client is 
  going to build a compliant you know Epi on the fly but it should 
  at least recognize the string and it know and you know as a 
  developer you know where to go find the spec related to how to 
  actually communicate with this endpoint and and I'll just point 
  out that I think I've seen a couple variations on this endpoint 
  already in different PR and I apologize I don't have.
Mike Varley:   Them in my fingertips one of them.
Mike Varley:  We're within the VP our language there's a there's 
  a way to you know present a verifier represent a presentation of 
  verifiable presentation and then get back a continuation method 
  with more information on how to continue but then I also saw you 
  know well maybe I'd like to do a post and provide some parameters 
  to that post which kicks off a VP our request and so on and and 
  that's where you know the hair on the back of my neck kind of 
  stood.
Mike Varley:  This is this is becoming more complicated than just 
  simply something we can handle and VPR and if that's what we want 
  to do we just need some way of indicating to clients if you're 
  going to call this endpoint that I've called you know Foo this is 
  what I mean and this and this is the spec that I'm talking about 
  and and you know you and as a developer you can go and find it if 
  your clients Frozen are that's my thinking path.
<justin_richer> huge +1 to not repeating the mistakes of WSDL and 
  relying to automated code generation and configuration
Manu Sporny:  Got it interesting so to compare contrast I mean I 
  feel like the the next step for this is a PR right I think we 
  should be you know it'll be much easier to talk about this with 
  the PO are who's going to write the pr and what do you need to 
  know from the group to write that PR.
Mike Varley:  I'm so sorry I'd maybe I'm jumping the queue I 
  could write the pr for for this endpoint and possibly for what 
  you would do when discovering you know / exchanges / credential 
  refresh.
Mike Varley:  I don't know what I don't know what I need for the 
  group maybe just throw eggs at what you see and we can go from 
  there.
<mprorock> I volunteer for egg throwing
Manu Sporny:  Great okay now I mean that's that's all we need 
  action like Varley to create a PR to address issue.

ACTION: Mike Varley to create a PR to address issue #259, group 
  will review PR after it is raised.

Manu Sporny:  Shoo 259 group will review PR after it is raised 
  okay awesome thank you like I wanted to touch on something 
  actually queue is empty I wanted to touch on something you said 
  Mike which I thought was really interesting that I did not get 
  from your comment here viable presentation request.
Manu Sporny:  He requests back we have these like these new 
  interaction types so if you wanted to bootstrap into another 
  protocol you can do that there right so the idea here is that in 
  the VPR when you get back a query of verifiable presentation 
  request you get back one or more ways to interact so this is very 
  much inspired by good nap I'm wondering Mike do you mean that the 
  the types could.
Manu Sporny:   Could basically be these.
Manu Sporny:  Types but listed here.
Mike Varley:  I think so I think that's what I mean.
<mprorock> that seems extremely sane
Manu Sporny:  Okay okay yeah no I mean I think that's that's 
  that's really interesting like that's definitely another way to 
  do it yeah that's cool I like that now keep in mind there's I 
  think you said you wanted them to be simple strings in some of 
  these cases like this did come messaging one you know I tried to 
  pick something straight out of the specs for for did Cam and you 
  may need more.
Manu Sporny:  But I mean I think that's just something for the 
  group to explore right once the pr is there just in your own you 
  can go ahead.
Justin Richer: 
  https://mailarchive.ietf.org/arch/msg/txauth/KNB3BJhwmAYyJ68y_m1VnnS2kQ4/
Justin Richer:  All right thanks money so Dimitri zag Dylan 
  presented this this part of the VC API proposal to the canal 
  working group a few weeks ago and I've started a thread on the 
  Kanab mailing list linking to the archive page in the chat right 
  now hopefully that makes it into the transcript but I were trying 
  to start a discussion on what this time.
Justin Richer:   Type of model would.
Justin Richer:  If you actually click on the third of the long 
  web sequence diagram URLs that should bring up a picture yeah so 
  the idea here that I think that this work and the work that 
  Dimitri described is is there a way to use actual an actual piece 
  of the kidnap protocol itself inside of another protocol now 
  normally.
Justin Richer:  And as a you know a separate security interaction 
  management layer the delegation protocol.
Justin Richer:  But this does raise an interesting question 
  because this and other use case and a couple of other use cases 
  of that have been brought up have started to talk about this this 
  notion of well I'm off doing another API and I don't want to have 
  to throw on all of the brakes and go start a brand new 
  conversation with an authorization server because I already have 
  it all of the contacts that I need to kind of Kick this off so 
  how can I kick it off and how can I get it back.
Justin Richer:   Back there hasn't been a lot.
Justin Richer:  On the grab mailing list yet I would invite 
  everybody to in this group to join that conversation if this is 
  something that is interesting to you it's not something that I 
  think really wants a lot of discussion on this call here but I 
  wanted to make sure people were aware of that.
Manu Sporny:  Great thank you thank you Justin yes all these 
  links will make him in make it into the minutes but that's a 
  really interesting that's a really interesting proposal and 
  thought in theory at least with the VPR thing you can bootstrap 
  into other protocols after every kind of HTTP back and forth that 
  you have with the VC API so you could you know start off with.
Manu Sporny:  Jump to IDC credential provider and then jump to a 
  good nap and then jump back to an unmediated presentation thing 
  now that's crazy right I have no idea of doing something like 
  that would ever work but the philosophy and design of what we 
  have right now should allow for it so I think you know the next 
  step there might be someone trying it out and seeing or at least 
  doing it you know thinking through what all of the mess.
Manu Sporny:   Judges would look like and.
Manu Sporny:  If you've got a client that speaks one of these 
  interaction mechanisms as well as going to app in theory you 
  should be able to kind of hopscotch from one protocol to the 
  other and then back to the original protocol.
Justin Richer:  Thank you but that is absolutely not the point 
  that I was trying to make so what you're describing if you go 
  back to that other thing and if you click if you go back 12 to 
  the email archive and click on the first message what you're 
  describing the the first of the web sequence diagram the URLs 
  well you're describing is as a much more sort of you know.
Justin Richer:   Final way to you.
Justin Richer:  These kinds of protocols alongside of each other 
  and that's that's so easy to do it's boring and not worth talking 
  about so what I was what I was describing is instead of waiting 
  to use really portions of the cannot protocol itself embedded 
  inside of a different protocols in and have that be defined as a 
  pattern so that every API doesn't come up with its own.
Justin Richer:  The customized version of following that same 
  pattern so that's I think the much more interesting conversation 
  to have because it's you know talking to an API and saying oh I 
  need you to go do a security protocol that's that's fully defined 
  I mean that's we know how to do that we've been doing that for 
  decades that's what the dub-dub-dub authenticate header and basic 
  auth do and have been doing since.
Justin Richer:   Since the early 90s.
Justin Richer:  You know that's that's not interesting at all 
  what I think is more interesting is this notion of can I kick you 
  into a process part way through with enough context for you to 
  actually do something and importantly have a standardized way to 
  get you back.
Manu Sporny:  So Justin if I'm understanding that correctly 
  you're saying they're Primitives and can app that the VC API 
  protocol might be able to reuse Primitives and patterns.
Justin Richer:  Quite possibly yes and while I understand that 
  what's proposed in VC API is is not intended to be compatible 
  with can app you know that syntax is significantly different from 
  what's already been worked out in Kanab and I think that there 
  might be value in aligning that better.
Manu Sporny:  Okay cool what what do you what do you need from us 
  to other than just engagement to do some experiments thought 
  experiments in that area.
Justin Richer:  Um engage with the conversation in ideally in the 
  ietf working group to see if there is something that's worth 
  pulling out and then still the same thing that you had said 
  previously and that's somebody taking the time and sitting down 
  to see what those messages themselves would actually look like 
  like what what would you send back at each step and what types 
  and what does that mean for the.
Justin Richer:   Code paths to the.
Justin Richer:  Client software that needs to actually deal with 
  these kinds of things.
<mprorock> *if interested*
Manu Sporny:  Got it okay all right well the action then is you 
  know someone someone from the group needs to do that kind of 
  engagement on the Gap mailing list and look in you know do do the 
  thinking around what common patterns there might be yes if 
  there's if there's interest as Mike peroxide okay I think Mike 
  Varley you have enough to.
Manu Sporny:   Take a shot at a PR there.
<justin_richer> Yup -- standards only get written if someone 
  wants to write them :)
<mprorock> sleep allowed now?
<mprorock> /s :)

Topic: Next Steps for VC API?

Manu Sporny:  Market okay awesome okay great okay well so we're 
  through our agenda and 40 minutes great job everyone for being 
  efficient let's take a pause here and see if there are high 
  priority things people feel like we should focus on like there's 
  a huge Log Jam at X and we need to clear that clear that Log Jam.
<justin_richer> sleep is for the weak!
Manu Sporny:  I start just randomly going into old issues and 
  picking issues that seem like they would be useful to talk about 
  does anyone feel like we really should be focusing on X right now 
  like Pro Rock go ahead.
Mike Prorock:  Yeah I think now once we get these couple of 
  merges in and we see like the basic getter pattern with 
  pagination for like you know fetching a you know exchange right 
  or list of exchanges I think we probably need to take a pass and 
  go okay what clean up do we need to do so that a third party 
  looking at this doesn't go okay you guys are not sore you're off 
  base or.
Mike Prorock:   Ever also with the.
Mike Prorock:  Of easing you know PR 66 that I know impacts 
  kidnap I know what impacts this etcetera and the ability to 
  discuss that over in the VC working group and so I think the more 
  polished this is with a little more commercial support the better 
  we're looking for that kind of thing so that's just kind of like 
  mindful of time like that that core ability that we've discussed 
  here my like merging workflows right that covers a lot of you 
  know the would you know.
Mike Prorock:   No exchanges / workflows Etc right making sure 
  this.
<tallted> Seeing that least-recently-updated issues takes us back 
  to Feb 2021, some issue churn would likely be useful.
Mike Prorock:  We're doing on the trace side and the system to 
  system use cases that gets a lot of the core functionality stuff 
  in there that we kind of have to have and so it gives us a chance 
  to say okay now let's focus a little bit on clean up to try to 
  get this stuff into the actual work nerve itself because it all 
  may go away if it does you know won't well frankly if it doesn't 
  or if it does get in there it may still all go away depending on 
  how the work you know working group approaches it so I don't.
Mike Prorock:   Want to be going in.
Mike Prorock:  Making a pile of changes and stuff like that you 
  know and just having a you know just a huge amount of burn if we 
  know that some of the stuff is subject to adjust significantly 
  and I think all 10 also noted that there's a lot of like old 
  issues and stuff that probably just needs some cleanup so that's 
  my that's my read honestly is like let's try to get this stuff a 
  little bit more polished professional and I and focus on fixing 
  you know like PR's to clean stuff up could.
Mike Prorock:  Correct language fill a gap in apa you know like.
Manu Sporny:  All right great suggestions I did want to yeah and 
  plus 12 that I yeah I mean the reason I'm asking is I'm kind of 
  at a loss as to Big Rocks we need to move with the API it feels 
  like at least there's a good good core heart of the spec there at 
  this point that addresses I think everyone's use cases on the 
  call at least the major you know credential flow use cases in 
  presentation floaties cases.
Manu Sporny:  One other aspect of this so yeah so I think we need 
  to make the spec a bit more pretty this stuff up here that Joe in 
  Eric you worked on I think it would be good to give that another 
  pass try and clear it up a bit or just clean it up a bit and item 
  wave I'm doing a giant hand wave there Eric I don't know.
Manu Sporny:  You guys are thinking these days we don't have 
  conformance classes or terminology sections empty right now and 
  we have this massively ugly rendering of the Json schema stuff so 
  on my will take an action too.

ACTION: Manu to fix Respec OAS renderer to render JSON Schema in 
  a more compelling way.

Manu Sporny:  Fix Respec OAS render to render Json schema in more 
  compelling way so their ways of displaying this data that doesn't 
  look as awful as it does right now so we should do that and then 
  they in the yeah and like the getter and the pagination stuff mic 
  Pro rock is also you know would be a good thing to put in there.
Manu Sporny:  But yeah I mean a lot of it just feels like you 
  know it's clean up stuff not really big I mean you know it's like 
  there's no magic to pagination you know API or how you do 
  pagination we just need to pick something and go with it Eric you 
  were on the queue.
Eric Schuh:  Yeah just wanted to give a quick I guess update from 
  the use cases team I just finished today a pass at sequence 
  diagrams for the six use cases that are currently in the GitHub 
  and the next steps were going to be to unify that with the 
  diagrams that I believe it was Joe and Mike Pro Rock did for the 
  Beast for the issuing and verification.
<mprorock> and orie!
Eric Schuh:  And kind of out of that then get back to updating 
  these diagrams.
Eric Schuh:  So yeah it's in there's one branch.
Eric Schuh:  Let me get the link for you.
Eric Schuh: https://github.com/w3c-ccg/vc-api-use-cases
Manu Sporny:  Thank you I was failing miserably at that alright 
  and which branch replace endpoints with diagrams.
Eric Schuh:  Yeah that's the one so the index HTML has everything 
  but if you actually click if you scroll down just a tad and click 
  on the use cases link right there I currently have it set to 
  display this Branch I believe will there be able to see the 
  images of the diagrams and if you pull those out or open up in a 
  new tab they should be basically basically infinitely zoomable.
Manu Sporny:  Okay that's great so should we put some call time 
  aside to review these okay or do you feel like.
Eric Schuh:  I haven't had a chance to go over them with Joe and 
  one quite yet so I think we were going to do that next week so 
  probably in the next week or two well we'll be asking for some 
  call time I would I would expect.
Manu Sporny:  Okay all right that sounds good okay and these are 
  great thank you very much for continuing to work on these awesome 
  mic Pro Rock Europe.
Mike Prorock:  Yeah only note I was going to make is is and I 
  think this is a question for the group I think they're I think 
  there is strong value in making sure that if we're doing an open 
  API specification that that is presented via Swagger redoc you 
  know something that you know or you know couldn't take your front 
  end of choice right because that's largely configurable.
Mike Prorock:  To be able to go.
Mike Prorock:  With those apis from the spec itself right open 
  API spec itself and largely because that also double-check sits 
  on conformance with that stuff and things like that right it 
  makes sure that that tooling you know that they actual to like it 
  validates that stuff is passing right so it's a good sanity check 
  for us it does not mean that there's not value and possibly 
  rendering some of that stuff in line right but I think there's a 
  variety of you know ways of a.
Mike Prorock:   Attacking that like a we could potentially.
Mike Prorock:  To assume you know respect side of this where it's 
  like yep here's these endpoints we've defined here some example 
  you know here's our data types we have defined and allowed you 
  know credentials but as far as like double checking to make sure 
  our way s is actually saying like there's a right way to do it 
  and we risk breaking ourselves if we don't do it the right way 
  right with you know validation so.
Mike Prorock:  It was exactly yeah.
Manu Sporny:  Yeah plus one that I mean I there's a I mean 
  there's I think there's a strong argument for rendering OS files 
  in ways that the industry is used to write the respect thing is 
  just because we needed you know if we're going to do this at only 
  33 we need its back but that's not what most web developers are 
  used to working with when they're dealing with OS files right so 
  yeah plus 1 we should have a rendering and we can't you know we 
  don't want it we do.
Manu Sporny:   Right like if you go to issue or not HTML.
Manu Sporny:  Like there's your rendering right and that's live 
  against whatever's in the repo right now.
<orie> its ancient
Manu Sporny:  Um yeah I don't know where it came from I've just 
  been you know keeping it up-to-date.
<orie> probably want to update
<mahmoud_alkhraishi> needs to be updated
Mike Prorock:  Yeah that's right I forgot that was still in there 
  because I think that was based on I think the stuff I initially 
  dumped in there right waving here yeah yeah yeah I'm good with 
  that we just may want to make sure that it actually rolls 
  everything up not just method by Method right so yep.
Manu Sporny:  A dip so well I so who's who wants the action for 
  that.
<orie> and maybe turn on servers... for testing.
<orie> not volunteering
Mike Prorock:  I can either take the action of compiling combo 
  unless or he wants to he and I argue over what's the better way 
  of rendering that stuff all the time so if he doesn't volunteer 
  all you know fight him for it to make him irritated.
Manu Sporny:  Ori do you want this not volunteering all right 
  it's you Mike.
Mike Prorock:  You're not getting live testing against multiple 
  servers if you don't volunteer.
Orie Steele:  I've done it like three or four times now it was 
  originally the spec was split and it was combined and it was 
  split again I'm not touching it again.
Manu Sporny:  Okay all right so might be your at might be to put 
  together PR for rendering the all the.
Mike Prorock:  I think I did it last time just to get it off the 
  broken version of swagger that we were all actually.
Manu Sporny:  Yeah so let's see all the other rendering all the 
  0s files way that web Developers.

ACTION: Mike Prorock to put together a PR for rendering all the 
  OAS files in a way that web developers will understand.

Manu Sporny:  And that basically is giving you free rein my to do 
  what you believe is the best thing to do and then the group will 
  take a look at it and say yeah your nay okay is there anything 
  else we wanted to cover today we can let people go nine minutes 
  early if there's nothing else.
Manu Sporny:  Alright I think that's it we should talk about 
  testing I know we've talked and we've touched on testing before 
  but there are now test Suites that are being created that are 
  driven by the VC API in Horry that might get a bit to your live 
  testing like testing against live servers thing I know that a few 
  of us a few of the implementers are setting up have already set 
  up live implementations of the VC.
<mprorock> orie doing some magick
Manu Sporny:  I have and I know that as a community we want to 
  get to live testing just nightly testing okay that's it for the 
  call today thank you everyone for joining we will have another 
  call next week just as a heads up I might be 5 to 10 minutes late 
  for that call so if someone else could start the call I would 
  appreciate it I'll send out an agenda on Sunday this Sunday.
<mprorock> Mahmoud volunteered to run it
Manu Sporny:  Recall again great progress today thank you we'll 
  chat next week bye.
<mprorock> i heard him
<manu_sporny> *lol* :P
Received on Wednesday, 16 February 2022 18:48:17 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC