W3C home > Mailing lists > Public > public-credentials@w3.org > June 2022

[MINUTES] W3C CCG Verifiable Credentials API Call - 2022-06-28

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Tue, 28 Jun 2022 21:28:43 +0000
Message-ID: <E1o6IlE-006HIF-Vw@titan.w3.org>
Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-06-28-vcapi/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-06-28-vcapi/audio.ogg

----------------------------------------------------------------
VC API Task Force Transcript for 2022-06-28

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0051.html
Topics:
  1. Introductions and Relevant Community Updates
  2. Use Cases Update
  3. chapi.io and VC Issuer API
  4. Options for /presentations/verify
  5. Implementations for /credentials/derive and 
    /presentations/prove?
Organizer:
  Manu Sporny, Mike Varley
Scribe:
  Our Robot Overlords
Present:
  Manu Sporny, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), 
  Dmitri Zagidulin, Gregory Natran, Mike Varley, Andy Miller, 
  Justin Richer, Eric Schuh, Joe Andrieu, Charlie Fontana, Rolson 
  Quadras, Kayode Ezike, Marty Reed, Ted Thibodeau

Our Robot Overlords are scribing.
Manu Sporny:  Right welcome everyone to the June 28th 2022 
  verifiable credentials API call our agenda for the call is here.
Manu Sporny:  On the agenda today is just this agenda review 
  introductions relevant Community updates and then we're going to 
  keep going through the options questions we had from last week so 
  what kind of options do we want to be able to pass presentations 
  verify who is implementing credentials derive and presentations 
  proved and.
Manu Sporny:   Then options for.
Manu Sporny:  Credentials derive in presentations prove any other 
  updates or changes the agenda today anything else we should 
  cover.
Gregory_Natran: My name is Gregory I'm just checking to make sure 
  my mic is working.
Manu Sporny:  It is wonderful to hear your voice welcome to the 
  call.
Gregory_Natran: Sounds like it is thank you.

Topic: Introductions and Relevant Community Updates

Manu Sporny:  Okay if there are no additions to the agenda we 
  will jump into Productions and relevant Community updates anyone 
  new to the call or would like to reintroduce yourself to the call 
  today.
Gregory_Natran: Well it's Gregory that would probably be me since 
  I first time I started on this group although I've been 
  participating on the verifiable credentials working group for 
  about the last two years.
Gregory_Natran: I work for a company named Natasha cybertech and 
  we do a fair bit of work on identity Based Services particularly 
  in the public sector in Canada that's probably all you need to 
  know.
Manu Sporny:  Well when wonderful welcome to the call Gregory 
  wonderful to have you here.
Manu Sporny:  Anyone else knew or want to reintroduce yourself.
Manu Sporny:  Okay onto relevant Community updates I've got to to 
  kick us off and then yeah if anybody else has Community updates 
  would love to hear them the first one of course is that the 
  verifiable credentials working group The the 20 working group is 
  starting up.
Manu Sporny:  At 11 a.m. eastern time so if you are a w3c member 
  please join the group if you are not in don't have the funding to 
  do that you can do there's an option to join as an invited expert 
  all of our work happens largely in GitHub so you don't need to be 
  a w3c member or even a part of the community group or anything 
  to.
Manu Sporny:   I paint you can literally just.
Manu Sporny:  Walking off of the internet and start commenting on 
  issues and as long as you're making Salient points you know the 
  the group will will discuss those so plenty of opportunity to 
  engage if you'd like to do that.
Manu Sporny:  Announcement one the second announcement is around 
  chappie IO there was get the link here.
<manu_sporny> chapi.io announcement: 
  https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0055.html
Manu Sporny:  There's an announcement about chap EIEIO here eat 
  IO announcements and I was going to take a quick run through that 
  on the call just with some screen sharing for any kind of 
  questions and answers the relevance did this group specifically 
  is that we have plans to try and integrate the verifiable 
  credential API into the.
Manu Sporny:   The chap e-verify.
Manu Sporny:  Potential playground so that you can select an 
  issuer so when you have an example on the screen you can then 
  take that and package it up and send it to anyone that implements 
  the VC it's your API and have that issued so we'll go through a 
  quick demo on that as long as there are no objections to do that 
  right after this set of community.
Manu Sporny:  Any other community updates anything else that we 
  should know about.
Manu Sporny:  Okay our folks okay with taking a look at chappie I 
  owed you'll want to just jump into options any strong feelings 
  one way or the other.
Manu Sporny:  Joe's saying comes up.
Manu Sporny:   Go ahead.

Topic: Use Cases Update

Eric Schuh:  Oh yeah just wanted to give a quick use cases update 
  unfortunately don't have too much this week just so everyone 
  knows what's going on Joe and I use this program called visual 
  Paradigm to generate sequence diagrams and I've been struggling 
  to get our xmi to mermaid converter functioning in a way that 
  makes it easy for me to update the use cases so I think.
Eric Schuh:   In the last.
<andy_miller> Will vc 2.0 use the same repo as 1.x? 
  (https://github.com/w3c/vc-data-model)
Eric Schuh:  Our Joe and I identified what we need to do to get 
  that into something that means I don't have to manually delete a 
  bunch of new lines and add new line characters in a bunch of 
  places so next week we should have the PRS for all of our six 
  focal use cases we did get in a little bit of a reorganization PR 
  to the use cases repo moved R6 use cases to focal use cases and 
  removed some old diagrams.
Eric Schuh:   Just mostly minor formatting.
Eric Schuh:  So hopefully next week we'll have some more to talk 
  about in regards to use cases.
Manu Sporny:  Awesome great thank you for the update Eric the 
  struggle is real data data format conversion struggle is real but 
  thank you for continuing to work on that stuff and make it so 
  that those things can be converted easily in round-trip and 
  updated easily.
Manu Sporny:  Hindi you asked a question in the chat channel will 
  the verifiable credentials 20 spec use the same repo as the 1X 
  spec yes it will so we just need to track that one repo and we 
  will have a 1x in a 1:1 and a in a in the 2-0 branch will become 
  the main branch as long as that's what the group decides that 
  they want to do but highly likely that that is the path for 
  there.
Manu Sporny:   Any questions.
Manu Sporny:  It's about use cases for Eric or Joe before we move 
  on.

Topic: chapi.io and VC Issuer API

Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0055.html
Manu Sporny:  Thank you for that update Eric much appreciated 
  okay next up happy IO and BC is sure sure API as some of you saw 
  there was a an announcement about chappie I owe this is the 
  credential Handler API it's a work item of the credentials 
  community group and is one mechanism that can be used to move 
  verifiable.
Manu Sporny:   Initials from.
Manu Sporny:  An issuer to a holder or from a holder to a 
  verifier another protocol that can be used is the VC API certain 
  aspects of the VC API can be used to do the same thing chappie is 
  typically used when you are in a browser setting and you need to 
  move data to a native app or to a web based app back in.
Manu Sporny:   Fourth there.
Manu Sporny:  And so this technology has existed since 2013 
  really 2015 is where it started to stabilize and we have been you 
  know maintaining the infrastructure ever since to make sure that 
  there are ways of moving credentials around when you're in the in 
  the browser okay so let me try and screen share here.
Manu Sporny:  Kinfolk see this this is just a standard Google 
  Chrome screen.
Manu Sporny:  Okay awesome thank you so happy I oh there's going 
  to be more documentation here and if you go to the polyfill 
  there's all the documentation about integrating this with digital 
  wallets and issuers and verifiers but really the big thing that 
  has happened is this chappie playground thing the playground is 
  basically a way to create a verifiable credential and put it at 
  any URL any json-based json-ld based.
Manu Sporny:  Um you can then pull that data into the issuer and 
  then issue it to a wallet so one of the first things that you 
  need is a wallet right now we have the various wallet is kind of 
  a demo so I'm just going to slide it up real quick.
Manu Sporny:  Can you can add like any number here.
Manu Sporny:  If you want a new account and then that basically 
  ends up creating a digital wallet for you so you've got a digital 
  wallet now and then to effectively use the chappie playground you 
  load this up by this I mean like you go to the playground site 
  that's linked off of the main page so if I go to chappie.
Manu Sporny:   P Dot.
Manu Sporny:  Takes me to the main playground site if I click 
  that link and then you can basically put in any URL here right as 
  long as you've got a well-formed verifiable credential here you 
  can use any URL but we have this default example which is the 
  alumni use case example when you click resolve it basically pulls 
  the credential into the.
Manu Sporny:   Round and so.
Manu Sporny:  Clay you know that's those of you that have been 
  that know about the the example in the VC data model we've got 
  the basic example out of the out of the BC data model and then 
  when you click store in wallet it will use chappy to invoke the 
  wallet that was just installed you can actually select from a 
  variety.
Manu Sporny:   Piety of different wallets hear anything.
Manu Sporny:  Any wallet that is registered and supports chappie 
  will work here so if I go back here this is kind of the wallet 
  selection screen if I had multiple wallets installed it would 
  show multiple wallets here this little checkbox is automatically 
  checked usually which basically you select a wall and you can 
  continue to use the wallet for that side so I select my wallet 
  the wallet pops up here and asked if I'd like to store these 
  credentials.
Manu Sporny:   All's I click.
Manu Sporny:  And that's it right that just that is basically 
  moved the credential from the playground into the wallet and if I 
  go to the wallet and I refresh the screen here you'll see the new 
  alumni credential in the digital wallet here I can click on that 
  take a look at the credential itself so the important part here 
  around the BC API is not really the wallet or any of that stuff 
  it's.
Manu Sporny:  Hope part what we really want to be able to do here 
  is to 1 be able to list multiple digital wallets here that 
  support chappie so if you've got a digital wallet and you want it 
  listed on this page we're going to have like kind of a listing of 
  wallets that people can sign up and use and then the other 
  important part here is we want to wire this verifiable credential 
  issuer up to different issue or back.
Manu Sporny:   Ends and that's where the VC API comes.
Manu Sporny:  We'd like the call to be made so you'll basically 
  have a raw credential here without a proof on it and then you can 
  call different issue or back ends to issue the credential and 
  then you can click store in wallet and store it in in multiple 
  different wallets here okay so let me stop there to see if there 
  are any questions around the demo or how we intend to try to hook 
  this up to be Capi.
Manu Sporny:   Go ahead.
Manu Sporny:  Eric I think that's an old Q is that right.
Eric Schuh:  Yeah that's old for me.
Manu Sporny:  Go ahead to me tree.
Dmitri Zagidulin:  First of all this question is a design one 
  what was the.
Dmitri Zagidulin:  Pulling me in the credential Bo you're 
  well-versed a pep talk.
Manu Sporny:  That is just I think so let's let me let me try and 
  yeah good question so your audio is a little muffled Dimitri so I 
  think the question was why did you make this a URL and why didn't 
  you just put it in the site itself I think what we're trying to 
  do here is just provide the minimum tooling so that people can 
  kind of pull in the things that they would like to test with.
Manu Sporny:  Too opinionated about what goes in here so I think 
  what we're thinking here is that we may end up loading this list 
  or the set of credentials from the VC examples in the credentials 
  community group and so if people want to they can go to the VC 
  examples and then just add whatever examples they want in and 
  we'll be able to surface all of those examples in the credential 
  issuer but people don't want to use any of those and they want to 
  use their.
Manu Sporny:   Our own URL like.
Manu Sporny:  Kind of like testing stuff and they don't really 
  want to make it you know public to the community they can put it 
  out at a URL that they trust or I think in the future we'll have 
  just text input box to let you just copy and paste directly into 
  the end of the playground did that answer your question to me.
Dmitri Zagidulin:  Yeah yeah what was just curious if you had a 
  particular reservations about the text input box sounds like 
  roadmap items Punk right.
Manu Sporny:  No yeah it's a roadmap item in on and really if 
  there's like a strong feeling from any of you or anyone in the 
  community like please raise an issue or let us know on the 
  mailing list so that we can like hot put a higher priority on the 
  features people want to see versus like you know so if like 
  loading from URL you're like a that's not really useful to me 
  like give me a text input box then we can put a higher priority 
  on the text input box for example.
Manu Sporny:   Go ahead.
Gregory_Natran: Sorry this is probably a bit of a catch up 
  question but this is primarily focused on just getting a 
  credential into the wall and we don't care too much or at least 
  this doesn't seem to care too much about where credential 
  definitions and did documents reside or anything like that it's 
  just it just spits it out and gets it to the wallet.
Manu Sporny:  Yes that is that is correct in fact right now with 
  the URL base thing it doesn't even check for the validity of the 
  credential so you could just Jam anything you wanted to in here 
  and it would deliver that to the wallet and the wall it might 
  blow up the wallet might basically be like I don't know what that 
  is but again we were trying to not be opinionated here in so if 
  people wanted to you know put we put basically put anything in 
  here they can do that whether.
Manu Sporny:   Her or not the wallets will accept it or not is a 
  different question.
Gregory_Natran: Fair enough thanks.
Manu Sporny:  Right there's also so there's a question on like 
  you know do people want that restricted or do you want it to be 
  kind of left it open-ended like like for example I don't know if 
  VC jots I don't think these he jots are supported right now but 
  there's nothing that would prevent that from being submitted now 
  right like if you put a VC jot in here as in a URL it'll load it 
  and it will shove it across chappie.
Manu Sporny:   And then the.
Manu Sporny:  It's got to decide what to do with that so I think 
  we want to keep that in here right the same thing with like a z 
  cap but again like we didn't want to mention that on the site 
  because I think that kind of confuses would be more confusing to 
  people than than helpful.
Manu Sporny:  But yeah this is supposed to be really about just 
  how Jack chap he's a dumb pipe that will move data from one 
  location to another Without Really caring about what the data is.
Manu Sporny:  Yeah any other questions before we move on to our 
  main agenda.
<kayode_ezike> Neat tool 👌🏾

Topic: Options for /presentations/verify

Manu Sporny:  Alright then I will stop sharing and then let's 
  move on to the next item which is options for presentation verify 
  so.
Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/292
Manu Sporny:  Then we are in shoe to 92.
Manu Sporny:  And let me go ahead and share my screen here.
Manu Sporny:  You see if.
Manu Sporny:  This helps okay so last week we had a lot of 
  discussion around various options that we were sending two 
  endpoints like credentials verify in credentials issue we came to 
  a number of conclusions last week like Joe mentioned that we 
  really.
Manu Sporny:   Need a disguise.
Manu Sporny:  For each endpoint that lists which components it's 
  expected to be attached to so for example for the credentials 
  issue in point is that something that's supposed to be exposed on 
  the issue or a poor the issue or service or both and so on and so 
  forth so for example the correct credentials issue is something 
  that's Exposed on the shore service will stop right so we need to 
  go and Mark all of the endpoints with that information we also 
  decided to remove change.
Manu Sporny:   Challenge domain and.
Manu Sporny:  Potential status from the list of settable options 
  for the credential issue and point it didn't seem like anybody 
  was well Challenge and domain don't make sense and then 
  credential status is typically configured on an endpoint by 
  endpoint basis we also wanted to clarify that that options are 
  not mandatory like you don't have to set any options options are 
  truly optional.
Manu Sporny:  So you can completely omit the options object when 
  you call these endpoints and everything should continue to 
  function we also had a discussion on something that Dimitri 
  raised which was a good point here noting that one we needed 
  steps for verification using normative language we needed to 
  change.
Manu Sporny:   Check to make sure.
Manu Sporny:  Verification specifically so we made a we had a 
  conversation about verification versus validation verification 
  specifically means that you check the structure of the verifiable 
  credential to see that it's valid so it's like a syntactically 
  well-formed thing you if the credential scheme has defined you 
  check that because that will give you a very clear yes it passes 
  the Json schema or no it does not pass the Json schema.
Manu Sporny:  You check to make sure that the verification method 
  has not been revoked.
Manu Sporny:  You check the credential status to make sure that 
  the credential has not been revoked.
Manu Sporny:  And I thought we decided not to do the current time 
  is between issue and state and expiration.
Manu Sporny:  Date because that's a validation rule am I miss 
  remembering that Joe I remember you having a.
Manu Sporny:  Ocean about this.
Joe Andrieu:  Yeah I think that particular boundary felt like 
  sometimes it's a business rule but I think it's a it's a fair 
  debate as to whether or not that should be part of every occasion 
  or should be treated as a part of validation because sometimes 
  the fact that it's expired does not mean that it is unusable for 
  your use case.
Gregory_Natran: It's great remember having these discussions on 
  the vert the working group as well.
Gregory_Natran: Of whether a time-stamped one is still valid for 
  use cases.
<kayode_ezike> Sounds like something to take up in VCWG
Manu Sporny:  Yep yeah okay so how about this will create an 
  issue marker to note that checking current time checking whether 
  current time is between nations and expiration date is still up 
  for debate with respect to whether that is a check that's done 
  during verification ordering.
Joe Andrieu: +1 @Kayoda for raising this in VCWG
<joe_andrieu> @kayode
Manu Sporny:  Okay all right and then finally Dimitri that all 
  that was all discussions that we had while debating the concept 
  that Dimitri raised but Dimitri also said hey it would be good to 
  have an events log which is an optional value it's not mandatory 
  that provides the checks that the verifier performed by default 
  it is turned off so you will not get an.
Manu Sporny:  Log on things.
Manu Sporny:  At work checked the presumption there is that we 
  may need some identifiers for things that were checked like 
  syntax credential schema verification method revocation 
  credential status things like that right but I think in general 
  everyone believed that that was a good feature to have okay.
Manu Sporny:   Okay that's.
Joe Andrieu:  Hold on man I had one comment on that I think it 
  was the event log in the case of a successful verification is 
  optional but in the case of a failed verification then the entire 
  event log by default should be shared.
Joe Andrieu:  So if it succeeds you get a short quick answer if 
  it fails you get the details as to what actually failed.
Manu Sporny:  Got it yep I remember that vaguely as well it does 
  anyone object to that recollection of last week's discussion.
Manu Sporny:  Okay by default that's turned off and successful 
  verification.
Manu Sporny:  However the event log is provided on failed 
  verification.
Manu Sporny:  Is that it doesn't capture everything you said Joe.
<kayode_ezike> Even that event log is optional though, correct?
Manu Sporny:  I think it does.
<kayode_ezike> I remember David Chadwick expressed a desire for 
  that
Manu Sporny:  Okay so we've got multiple PR's that need to go in 
  for that one.
Manu Sporny:  Okay so today we are picking up let's see 
  presentations verify for the patient and verify options in let me 
  bring up this look like me see.
Manu Sporny:  Okay so verifying a presentation.
Manu Sporny:  Provides you basically provide a challenge in a 
  domain in the options object.
Manu Sporny:  And that is because typically when there's a 
  presentation there is a challenge at domain that's supplied.
Manu Sporny:  So that seems right to me any thoughts or concerns 
  about this.
Manu Sporny:  About where where the spec is today I think it's 
  right.
Manu Sporny:  These are optional right you don't have to specify 
  them.
Manu Sporny:  See David it's David Chadwick on the call today.
Joe Andrieu:  Are we suggesting that if challenge our domain is 
  stripped by the verifier it just won't do that check.
Manu Sporny:  I think so here's my concern so so let's say that 
  you know this is a VC jot that's coming in or some other type of 
  you know thing that's got a wrapper around it I don't know what 
  some of the vcg people are doing when it comes to challenge you 
  know challenging domain.
Manu Sporny:  Because I mean like you audiences used sometimes 
  you know in those sorts of protocols so the question is are the 
  VC job folks handling this in different ways anyone is anyone 
  implementing VC jots on the call.
Manu Sporny:   And you.
Manu Sporny:  The VC API to do it.
<mike_varley> Avast plans to but has not started...
Manu Sporny:  So maybe what we should do is we should check okay 
  so Mike you're saying of as plans to but has not started.
Manu Sporny:  Do you have any inkling on what you would do with 
  Challenge and dumaine Mike.
Mike Varley:  It's a good question so no we haven't looked that 
  closely at it although I think we're all seams on the call to so 
  maybe you can correct me but I think the point is we will be 
  trying to implement that so we should be able to provide Insight 
  when we get there we're not there yet.
Manu Sporny:  Okay so we know that they plan on implementing but 
  have no.
Mike Varley:  Current Insight yes or migrant suggestions.
Manu Sporny:  Kurt Kurt Kurt suggestion.
Joe Andrieu:  So so right this is for.
Manu Sporny:  Yep that's right it's for the presentation.
Joe Andrieu:  So our presumption here did we have other language 
  that establishes that verifying a presentation includes checking 
  domain and challenge.
Manu Sporny:  No we I don't think we had there's any normative 
  anything yet because that's protocol land and I think people have 
  been doing it but we don't have concrete spec text about I don't 
  think I don't think the PC data model specifies well you know I 
  say that.
Joe Andrieu:  It feels like validation to me but if there's 
  already been consensus established that verifying the 
  presentation includes that.
Manu Sporny:  Checking Challenge and domain.
Joe Andrieu:  Right as part of verification as opposed to 
  validation.
Manu Sporny:  I don't think there's consensus.
Joe Andrieu:  In other words is this the right party seems like 
  what you're checking at least with the domain.
Joe Andrieu:  The challenges for the person in the middle defense 
  but.
Manu Sporny:  Yeah I'm wondering if it's in the data Integrity 
  spec I'm trying to figure out I'm trying to remember where this 
  is I know it's in the security vocabulary oh and uh.
Manu Sporny:  Yeah it's nice I don't think it's anywhere it's 
  just it's a tribal knowledge at this point so I would imagine we 
  should bring this up in the VC to you know working group but yeah 
  the whole reason challenging domain is there is the domain is 
  effectively audience and challenges to prevent replay when you're 
  doing presentations.
Manu Sporny:  Noted that both challenge in.
Manu Sporny:  Challenge and Main are not specified or not 
  normatively specified anywhere in these.
Manu Sporny:  Birdies are cry all knowledge point.
Manu Sporny:  And is the assertion here that this is a part of 
  verification the challenge in domain is part of I mean it's 
  really really supportive validations.
Joe Andrieu:  I actually think it's better line with validation.
Manu Sporny:  Yeah I think you're right.
Joe Andrieu:  Because the question of who is this is to me the 
  same as you know is this a good issuer.
Joe Andrieu:  So the sweet like business rules rather than 
  cryptographically or procedurally verifiable facts.
Manu Sporny:  Nothing man create an issue marker noting that 
  challenge and domain.
Manu Sporny:  And are not normatively defined that presents 
  should be unknown which spec they should go into VC data model.
Manu Sporny:  Yeah the VC dated well let's but should be 
  discussed in the VC data model at the.
Manu Sporny:  At the very least the protocol specification 
  normatively.
Manu Sporny:  Okay okay I think that's it for options for 
  presentations verify anything else on presentations verify before 
  we move on to the next item.

Topic: Implementations for /credentials/derive and /presentations/prove?

Manu Sporny:  All right so the next item is is basically asking 
  the question has anybody implemented credentials derive or 
  presentations.
Manu Sporny:  So well let's let's take credentials to arrive 
  first I think credentials derive was put in there to do BBS style 
  derivation go ahead and like.
Mike Varley:  I'm just jumping on the cue to say that we've 
  implemented the derive and point exactly for BBS Plus.
Manu Sporny:  In implementing it did you was there a question 
  around whether or not that was the right endpoint or if it was a 
  presentations derivation or a credentials derivation.
Mike Varley:  Um so no we just kind of followed the follow the 
  Herd on that on that decision so it may not be the right place 
  for that but we did implement it as it's currently defined and I 
  apologize I have to drop and I gotta run but I think role since 
  on the call so if there's other questions maybe he could take 
  over.
Mike Varley:   Sorry there thanks.
Manu Sporny:  Okay thanks Mike no problem no problem thanks Mike 
  Okay so.
Manu Sporny:  Asked if anyone had implemented last implemented 
  but noted that the endpoint might not be in the right place any 
  other thoughts on credentials derive or presentations derive it 
  has anyone else implemented it.
Manu Sporny:  I think this came from I think Cory put this in 
  here initially and I'm wondering who else has implemented 
  derivation but primarily because the BBS plus 2020 stuff was 
  found to have a security vulnerability in it in that has been 
  kind of moved away from in the new stuff I don't think is out 
  there quite yet roll.
Manu Sporny:   Listen any any.
Manu Sporny:  Like what the timeline is for implementing 
  derivation in the VC API for Avast.
Rolson_Quadras: Hey man so currently the implemented this class 
  to ICT Comics me of 2021 right when it was initially defined and 
  what was tearing the spec we implemented and after that to be 
  honest right we have haven't cooked attic.
Manu Sporny:  And we had residue meaning vegetables are had 
  reservations about the endpoint in the options and that kind of 
  thing so we do agree that we probably do need an endpoint for 
  this but it's not clear if what's being done here is.
Manu Sporny:   Doing a.
Manu Sporny:  Angel derivation or doing a presentation of a set 
  of credentials or what in I think to really understand what that 
  looks like we would need.
Manu Sporny:  To look at how signature derivation looks like for 
  multiple different types of.
Manu Sporny:  Credentials sorry multiple different types of 
  digital proofing mechanisms all right so what options do you send 
  them what do you send up what do you get back that kind of thing 
  any other input on this this endpoint.
Manu Sporny:  I guess what I'm what I'm wondering is should we 
  even discuss this right now until you know we'd sorry should we.
Manu Sporny:  We mark this as an issue noting that we don't have 
  an active implementation that's happening right now around 
  selective disclosure or BBS plus you know pairing base crypto 
  derivation and just leave it there and not talk about this until 
  we get to the point of implementing this stuff again should we 
  take it out of the spec thoughts.
Rolson_Quadras: I think I can talk about the why we implemented 
  so we had we reason with the API and we had issuer and the 
  verified we didn't have any holder apis that time right and it 
  was bit hard to test like without using choppy or browser so I 
  think that chemicals question was around how to define hold a 
  repair right two things one is the sign presentation API and the 
  derive and it was mainly that motivation right to test.
Rolson_Quadras:  just like end-to-end using Epi see implemented 
  these things.
Rolson_Quadras: On that question maybe my opinion probably I'll 
  defer that to Mike he would have a better idea I've got your 
  roadmap.
Manu Sporny:  Okay that that's helpful and I think that's the 
  same reason I believe or he said that that was the same reason 
  they implemented it is because they wanted to demonstrate and 
  then flows and they had no holder API to derive a credential in 
  so they created this to meet that use case.
Manu Sporny:  I feel like we should warn people that it's a more 
  than likely will have something like this but it's not being 
  actively developed at this point right in maybe in the time that 
  it starts becoming active to actively developed is when we have 
  you know some BBS plus spec pairing base crypto spec to work 
  against is that the right timing well so does anyone object to 
  putting that kind of issue mark.
Manu Sporny:   You're in the spec right now.
Manu Sporny:  Is not under active development and it will become 
  under active development once we have an updated BBS plus 
  specification and then we can basically ask matter on what their 
  expected timeline there is.
<kayode_ezike> Looks like Manu was booted
Manu Sporny:  Start that back up alright and screen share.
Manu Sporny:  Okay so we will need an issue marker for the 
  credentials derive and note that it's not being actively 
  developed and provide a timeline where.
Manu Sporny:  Online when we feel real.
Manu Sporny:  Drew development again.
Manu Sporny:  Okay so there's that.
Manu Sporny:  Okay well that's for credentials derive round 
  presentations prove although did we take that out.
Manu Sporny:  And apologies I'm looking at this kind of.
Manu Sporny:  Presentations prove and the exchanges stuff.
Manu Sporny:  Is effectively the same thing so / presentation / 
  prove in the posting to initiate an exchange is effectively the 
  exact same it's the exact same thing here right any thoughts on 
  this about this duplication should we remove it we keep it.
Joe Andrieu:  Sure I don't understand what proving is so when you 
  say it's the same as initiate exchange find that very confusing.
Manu Sporny:  Yeah I agree this was I think presentation proved 
  was presentations proved was put in here by or E2 again for the 
  same kind of thing they needed kind of a bunch of holder apis and 
  how do you check to see.
Joe Andrieu:  So we lost Humanity or I did.
<kayode_ezike> Yeah, he disconnected again
<kayode_ezike> Hahaha
<marty_reed> yup, lost Manu
Joe Andrieu:  We lost Humanity that we just lost Manu.
Manu Sporny:  Am I am I going again.
Joe Andrieu:  Yes you are.
<marty_reed> he's back!
Manu Sporny:  Wait wait but you can hear me.
Eric Schuh:  Are you just came back you were gone.
Manu Sporny:  Okay yeah sorry I guess my.
Manu Sporny:  Internet stuff is going in and out what what do we 
  what language do we use for creating a presentation it's create 
  isn't it.
Manu Sporny:  Does anyone remember.
Joe Andrieu:  Yeah that's a good question.
Manu Sporny:  Generate verifiable presentations share well what 
  now but present is it's the step before you present you've got to 
  create it in the first place right this is literally signing the 
  the the object I think that's what presentations prove was 
  supposed to be.
Joe Andrieu:  Prove prove is supposed to be the act of creating 
  the VP.
Manu Sporny:  Yes correct I believe that's the case.
Manu Sporny:  You issue a credential what do you do to a 
  presentation.
Manu Sporny:  Rate a verifiable presentation.
Joe Andrieu:  Yeah I think we only specify that you present it 
  not what you do to create it before you present it.
Manu Sporny:  Yep so that word whatever that word is is probably 
  what should go in this API endpoint.
Joe Andrieu:  Seems like it should be issue.
Manu Sporny:  Yep so we.
<andy_miller> Or "present"
Gregory_Natran: But but would you sorry man you would you not be 
  issuing before you got to the presentation stage.
Manu Sporny:  You would issue a go ahead Joe sorry.
Joe Andrieu:  I think we're going to say the same thing a 
  credential is definitely issued by the issuer of that credential.
Joe Andrieu:  But then I believe when the holder is preparing to 
  present it.
Joe Andrieu:  You in the presentation seems to be most symmetric 
  with regarding API.
Gregory_Natran: You should get but that makes sense.
Manu Sporny:  Okay well one thing's for sure we need to get 
  buy-in from the be cwg on what this word is I can't believe we 
  got through an entire spec without having to define this word.
Manu Sporny:   Well maybe.
Manu Sporny:  I do believe it because we weren't focused on 
  protocols and presentation.
Manu Sporny:  Okay so how about this PC data model.
Manu Sporny:  Issues new issue what is the word what is the 
  action associated associated with.
Manu Sporny:  She doing creating a viable correctly.
Manu Sporny:  When creating to create a verifiable credential 
  press keys.
Manu Sporny:  And chill you issue the.
Manu Sporny:  To create a verifiable presentation View.
Manu Sporny:  What is the word that be like to use for the.
Gregory_Natran: Just just a suggestion man who and what is the 
  verb that the working group would want.
Manu Sporny:  Thank you what is the verb we would like to use for 
  the creation of the presentation that is unblinking the malignant 
  one or more PCS to a presentation and then generating a proof on 
  that presentation is.
Manu Sporny:  Hold ER hold ER Bud like one of my reasons rather 
  than generating proof that presentation okay so that is and I can 
  take that action to do that okay so going back there was concern 
  over the word prove not being the right verb to use in this 
  situation.
Manu Sporny:  This were create issue proof options discussed 
  included great issue in prove any other verbs people want to 
  throw in here while we're here.
Manu Sporny:  The one repair.
Manu Sporny:  You say sign.
Manu Sporny:  Okay this was raised as.
Manu Sporny:  Yep yep alright that down as well.
Gregory_Natran: Ramona I'm just going to put out a suggestion 
  since I know that proved prepare and all that has been used what 
  about assemble since you're taking multi you could be taking 
  multiple credentials could things you're just assembling it up 
  into a package and shoving it out based on Tuesdays and I and I 
  don't think assemble will be conflicting with anything else we've 
  used.
Manu Sporny:  Yep agreed okay all right I put the all those and 
  there's options I'm sure the V CW G will discuss it and pick 
  something and then that will influence probably what we end up 
  calling this thing here okay we are at the top of the hour thank 
  you everyone very much for the engagement on these issues we are 
  still going through the options but this is important because 
  like they were.
Manu Sporny:   Are actually covering options for the entire.
Manu Sporny:  API surface so it will take a bit to get through it 
  okay so we will cover credentials derive in presentations prove 
  options well we we will skip credentials derive because we've got 
  no input right now on it no one's actively developing there and 
  we'll talk about presentations prove and a variety of other 
  things that.
Manu Sporny:  We need to.
Manu Sporny:  Easy API anything else before we go.
Manu Sporny:  Okay with that thank you everyone for the call 
  today have a great week in we will see you next week thanks all.
Received on Tuesday, 28 June 2022 21:28:43 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 28 June 2022 21:28:44 UTC