W3C home > Mailing lists > Public > public-credentials@w3.org > May 2022

[MINUTES] W3C CCG Verifiable Credentials API Call - 2022-05-10

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Tue, 10 May 2022 22:52:46 +0000
Message-ID: <E1noYig-0001Rv-TL@mimas.w3.org>
Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-05-10-vcapi/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-05-10-vcapi/audio.ogg

----------------------------------------------------------------
VC API Task Force Transcript for 2022-05-10

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022May/0022.html
Topics:
  1. Introductions, Relevant Community Updates
  2. VC EDU Interop Support
  3. VC-API interoperability test suites
  4. IssueCredentialResponse does not allow for metadata
Organizer:
  Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi
Scribe:
  Our Robot Overlords
Present:
  Manu Sporny, Markus Sabadello, Mike Varley, Sharon Leu, Andy 
  Miller, Logan Porter, Dave Longley, Kerri Lemoie, loganporter, 
  Kayode Ezike, Phil L (P1), Julien Fraichot, Mahesh Balan - 
  pocketcred.com, Troy Ronda, Dmitri Zagidulin, TallTed // Ted 
  Thibodeau (he/him) (OpenLinkSw.com), Marty Reed, Phil Long, Ted 
  Thibodeau

Our Robot Overlords are scribing.
Manu Sporny:  All right welcome everyone to the VC verifiable 
  credentials API call this is May 10th 2022 I'll go ahead and put 
  our agenda in here.
Manu Sporny:  So on the call today around the agenda today rather 
  we have agenda review introductions relevant Community updates 
  then we will talk a bit about the VC EDU call and how we might be 
  able to support interoperability for the VC edu work item in ccg 
  and of course broader ecosystem interoperability will talk a bit 
  about the operability test Suites that were...
Manu Sporny:  Announced two weeks ago provide some background on 
  those then we'll just start going into issue processing the main 
  one being something that is holding us up a bit on 
  interoperability testing when it coming when it comes to issuing 
  credentials hopefully they'll be a quick one to address and then 
  we've got some o arith Scopes and rar.
Manu Sporny:   Discussions there and then.
Manu Sporny:  Our issues as time permits does anyone have any 
  other additions or changes to the agenda anything else that they 
  would like to discuss today.

Topic: Introductions, Relevant Community Updates

Manu Sporny:  Okay if not let's go ahead and start off with me 
  one second with an agenda review introductions in relevant 
  Community updates so we put this in here as a Copic so 
  introductions relevant Community update so anyone neither the 
  call I know a couple of people or note a couple of people that 
  are new.
Manu Sporny:  Be shy where friendly Bunch if you haven't 
  introduced yourself to this particular group please introduce 
  yourself.
Manu Sporny:  Mahesh please go ahead.
Mahesh_Balan_-_pocketcred.com: Yeah my name is Mahesh pollen and 
  I'm new to this group but have been active in a few others like 
  the VCI initiative and so on and so forth I had that great you 
  know fortunate to meet Carrie in the recent iiw and I'm 
  interested in this whole area of verifiable credentials for 
  learner brackets so thank you.
Mahesh_Balan_-_pocketcred.com:  for having me.
Manu Sporny:  Wonderful welcome to the call we're very happy to 
  have you here anyone else needed to call that would like to 
  introduce yourself Julian please go ahead.
Julien_Fraichot: The site so yeah I've been you know the course 
  he do we see what the men we see chapter 12 and I guess I'm 
  interested there on the what this call discusses and not I mean 
  this similar time zone I'm not in Europe it's falling on a easier 
  time for me to join so I'm just gonna see if there's something 
  relevant for me here so.
Julien_Fraichot: Thank you for having me.
Manu Sporny:  Wonderful welcome to the call Fantastic questions 
  on the mailing list again please go ahead.
Manu Sporny:  Right welcome to the call Logan good to see you 
  here anyone else would like to introduce themselves.
Manu Sporny:  All right most of most of the rest are regulars 
  alright that's it for introductions welcome again let's talk a 
  bit about relevant Community updates as if you probably heard the 
  the verifiable credential to a working group Charter is out for 
  review there was an announcement made on the credentials 
  community group mailing.
Manu Sporny:  We have about 27 days is schleff tin the vote if 
  you are a w3c member Company please vote on the charter after 
  about a month we'll see where the vote stand if there are any you 
  know formal objections and all that kind of stuff hopefully not 
  and then the working group is expected to start up shortly there 
  after all.
Manu Sporny:  That means that there will be a face-to-face 
  meeting in Vancouver in September I believe at the w3c technical 
  plenary so that's a good time to kind of get together and meet a 
  lot of the people that that work in the ccg in things like that 
  other items of course things that are going on rebooting the web 
  of trust that Workshop which also has a lot of participation.
Manu Sporny:   I'm from this.
Manu Sporny:  He is around I think two weeks before that and then 
  we've got the second IW of the Year happening in November so 
  three opportunities to go and meet people in the community any 
  other announcements that we should be aware of community 
  happenings.

Topic: VC EDU Interop Support

Manu Sporny:  All right if there are none we can go to our second 
  item which is what we can do to support the VC edu interop 
  initiative that jmf through the Future Foundation just announced 
  Sharon would you mind doing like a really quick introduction to 
  the to the topic if you don't mind.
Sharon Leu:  No problem I was actually just gonna lurk but I'm 
  glad you brought this up so my name is Sharon Lou and I work at 
  an organization called jobs for the future which is a National 
  not-for-profit Organization I mean we focus on the ways that work 
  force in equities can be reduced and we've been thinking a lot 
  about this idea that credentials should demonstrate what 
  individuals can know and if they can be exchanged more fluidly 
  than people can potentially access greater opportunities.
Sharon Leu:  We're interested in verifiable credentials from.
Sharon Leu:  Next of education and employment records and we're 
  hoping that like with all of the new interest in digital 
  credentials and alternative credentials that they can actually be 
  in the VC formats so that individuals have more control over them 
  so we have decided to invest a little bit in sort of building up 
  this infrastructure we're going to a little bit copy the S VIP 
  interrupt plugfest but just I guess taking smaller steps in.
Sharon Leu:   In this process.
Sharon Leu:  It's many of the wallet vendors as well as the other 
  developers of you know the learning and employment Tech stack 
  will start to take heed and start to build things that align with 
  this so we are going to take our first baby step I guess 
  beginning now and hopefully start by I guess allowing wallet or 
  request I guess encouraging wallet developers to be able to 
  receive and display verify.
Sharon Leu:   Will credentials in the OB V.
Manu Sporny:  Awesome thank you Sharon for that update Carrie 
  Dimitri would either one of you like the say anything is kind of 
  part of the BCE to you you know as chairs there and how you see 
  kind of coordination around that activity happening.
Dmitri Zagidulin:  Sure okay let's go so couple of ways so the VC 
  edu on task force group has volunteered to use the vcg mailing 
  list for the cohort discussion helping the participants make a 
  couple of the technical decisions such as which.
Dmitri Zagidulin:  Which issuing protocols we support which 
  cryptography sweets what the shape of open badges version 3 
  credential will look like and some of the rules for the interim 
  fast so that's possibility one in general.
Dmitri Zagidulin:  In the VC agile work because the group is 
  involved in a number of live Pilots we were very much bumped up 
  against the sort of the limits of VC API and.
Dmitri Zagidulin:  I would love to coordinate both with this 
  group here and the verifiable credentials working group on a 
  number of the issues such as display such as refreshing 
  reassuring credentials which this group has done a lot of work on 
  and so on so highly recommend anybody who is in this group that 
  is also interested in the educational use case to a very early 
  sign up for the bcig mailing list which will.
Dmitri Zagidulin:   Right one and preferably.
Dmitri Zagidulin:  Do you want to add anything Kerri?
Kerri Lemoie:  I have this great to be tree I think I'm the only 
  thing to add is.
<phil_l_(p1)> It's equally applicable to the workforce interface 
  as well as workforce advancement.
Kerri Lemoie:  First I'll put them in a list and the chat for you 
  is that mind that we're going to try to issue open badges as part 
  of this and I think what's relevant to this group is the historic 
  knowledge and open badges have primarily issue been issued two 
  email addresses and we are looking to try and use dids as part of 
  this so it should be interesting to see how how we can make all 
  of this work.
Kerri Lemoie:   Thank you.
Manu Sporny:  Awesome thank you Dimitri thank you Carrie yeah so 
  that's that's all great and I think we're you know there's a lot 
  of interest in trying to demonstrate interop I think you know 
  people are signaling that they're very interested in 
  participating you know in some degree in this in this work so the 
  the main I think topic that we were going to explore is how can 
  this group help in.
Manu Sporny:   That interoperability.
<kerri_lemoie> VC-EDU Emailing list: 
  https://lists.w3.org/Archives/Public/public-vc-edu/
Manu Sporny:  The effort so for example you know we're not 
  necessarily working on wallet we're definitely not working on 
  display here right we are working on some subset of wallet 
  protocols here like there's some wallets that do use the PC API 
  as part of the wallet protocol so there's that but I think more 
  immediately you know if if there's a verifiable credential that 
  you want to issue.
Manu Sporny:   And it's an obvy.
<dmitri_zagidulin> (yeah, the VC display part would be of more 
  interest to general CCG and VC-WG)
Manu Sporny:  Three format which is a VC you know a valid BC 
  format we could utilize some of the apis and protocols that this 
  group is experimenting with to at least achieve some level of 
  interoperability so I think maybe we could start off by kind of 
  reviewing what we have today and how it could be applied to the 
  obv three spec and then.
Manu Sporny:   See if.
Manu Sporny:  Others on the call have ideas about how we could 
  what else could we do what else could we leverage to help this 
  interoperability plugfest so let me go ahead and share my screen 
  really quickly there was an announcement that went out about you 
  know interoperability test Suites a bit ago and so the the test 
  Suites basically.
Manu Sporny:  An issuer so we have this thing called the issuer 
  API the verifiable credential issuer API it is defined actually I 
  should have done this before but let me see if I can pull up the 
  VC API really quickly so this is our specification in in our 
  specification we have a section on issuing here and so we have n 
  points protocol in points to issue and.
Manu Sporny:   Change this.
Manu Sporny:  And we have n points to verify credentials as well 
  verify credentials and presentations in the idea here is that 
  these can issue arbitrary verifiable credentials so like an OB V 
  3 formatted credential you should be able to plug that into this 
  API in theory in the various implementations should spit out a 
  valid verifiable credential this is.
Manu Sporny:   Some of the.
Manu Sporny:  All the work we did for the Silicon Valley 
  Innovation program utilized these apis okay so if we go back to 
  issuing and we look at kind of the issuers that we had in s VIP 
  you know we've got like six seven issuers so far in these tests 
  are actually run every Sunday so this is an active these are 
  active tests every week issuer infrastructure is tested.
Manu Sporny:   In every week.
Manu Sporny:  You know we get a fresh read on what's working and 
  what's not in things of that nature in these test Suites are 
  opt-in right so these these organizations here that are listed 
  have opted in to be tested against the test Suite the other 
  organizations have not opted in yet but we know that they've got 
  some variation of test suite and they'll opt in when they feel 
  the time is right for them but I think what we can show here is 
  that.
Manu Sporny:   Is that there's at least.
Kerri Lemoie: https://w3c-ccg.github.io/vc-api-issuer-test-suite/
Manu Sporny:  Up here we can show at least two organizations 
  interop engaging at some level this is for issuing verification 
  this is where we kind of are for verification although this is a 
  bit misleading we've got some new failures this week that we're 
  trying to chase down so all this green makes it look like it's 
  working but it's not because of these two things you know above 
  here but that's why we have test Suites and we do interrupt 
  testing.
Manu Sporny:   So we.
Manu Sporny:  Of test Suites for issuing this one's for 
  verification we have 14 Signature suites as well so testing very 
  specific cryptography sweets in we also have test Suites we did 
  this a while ago we have test Suites for very specific types of 
  credentials so this was way back in the middle of the pandemic or 
  in the early days of the pandemic we put together and then bye.
Manu Sporny:   A n test Suite.
Manu Sporny:  Been straight that we could do cross cross issuer 
  verifier interop for things like a vaccination certificate okay 
  so how can we bring these things to Bear for the the jmf 
  initiative or just the vce to you interop initiative in theory we 
  could create a test Suite like this that does n by n interop 
  testing between multiple issuers in multiple verifiers that 
  would.
Manu Sporny:   And of prove out.
Manu Sporny:  That at least at the data model level in the 
  cryptography Suite level we've got interop right on the 
  credentials themselves we could do it on crypto sweet so we've 
  got at least two organizations implementing this this crypto 
  sweet we think a couple of more could could pull this library in 
  and demonstrate you know broader interrupt their in we could you 
  know drive this stuff using the issuer and.
Manu Sporny:  Apis so we have some tools at our disposal now 
  granted this does not cover it doesn't cover the display stuff 
  it's doesn't really cover like wallet protocols at a super high 
  level unless you use a very I mean really new kind of bleeding 
  edge exchanges API that we have in the in the VC API 
  specification so we have this.
Manu Sporny:   Kind of.
Manu Sporny:  API that lets you exchange credentials back and 
  forth and you can communicate between a wallet and an issuer in a 
  verifier using that but it's really new and we don't have a test 
  suite for it and in all that kind of stuff so those are just some 
  ideas I'm wondering if anyone has any thoughts on those ideas so 
  I don't know it Dimitri I don't know if you've got any thoughts 
  Carrie Marcus.
<phil_l_(p1)> What about the VP layer?
Manu Sporny:   Mike Logan.
Manu Sporny:  Any any thoughts since y'all implement this layer.
Manu Sporny:  Go ahead Logan where you in the queue sorry let me 
  see sorry no thoughts on how we could use this tooling.
Dmitri Zagidulin:  So I've got a couple of thoughts one is you 
  might be really useful with manual wallet testing.
Dmitri Zagidulin:  I'm not sure if we could do it in an automated 
  fashion especially for things like mobile wallets for web wallets 
  this you kind of seen doing a puppeteer Webdriver test Suite that 
  actually virtually logs in and clicks buttons in a web-based 
  wallet and and does stuff.
Dmitri Zagidulin:  I think this.
Dmitri Zagidulin:  Having a VC API exchange example running on 
  somebody server would be really really helpful for people to test 
  against.
<dmitri_zagidulin> @Phil - the VP layer is assumed
Manu Sporny:  Great thanks the yeah thanks Dimitri thoughts on 
  the like the the data model testing is that a useful thing I mean 
  so I think Sharon one of the problems here is like when you do 
  data model testing there's nothing look at other than like a 
  green check mark to see that everything fail like you can look at 
  the credential here you can kind of see an N by n Matrix but it 
  doesn't make for a very compelling.
Manu Sporny:   And presentation tune on.
<dmitri_zagidulin> (meaning, the VC Exchange API deals in VPs 
  specifically)
Manu Sporny:  It's so what what would that be Sharon Kerry would 
  that be helpful to kind of show at least of the data model level 
  there's interop or is that not a really a goal for jmf in this.
Sharon Leu:  Okay so this is a really complicated question 
  because obviously you do need to part of the answer is yes like 
  this it's important for some people to know that there is 
  interoperability on this level one of the activities that we are 
  hoping to do as part of our plugfest is we have a number of I 
  think we have confirmed that there will be about 12 State teams 
  present and we want to do a very quick round of not like a I 
  guess what we'll call it it's not really a.
Sharon Leu:   A requirements Gathering.
Sharon Leu:  Just a an AMA on what information do you want from 
  this just to hear sort of directly from like the perspective who 
  we consider to be prospective clients of this I feel like that 
  will help us to inform how future stages of this are designed 
  with respect to the output.
Manu Sporny:  Round got it.
Sharon Leu:  So I didn't answer your question but I'm telling you 
  how I plan to know the answer soon.
Manu Sporny:  Okay alright so I mean what I'm gathering is we 
  just need to chat with those people or at least see you will chat 
  with them and try and determine what they're going to be capable 
  of is that.
Manu Sporny:  Part of it.
Sharon Leu:  It's part of it I think what it will be is we will 
  all collectively talk together and we will ask some very specific 
  questions about how how information should be displayed and what 
  information should be displayed in order for them to make 
  informed decisions.
Manu Sporny:  Okay yeah I know and that that kind of drives the 
  data that needs to go into that obb three thing go ahead Carrie.
Kerri Lemoie:  I just didn't realize if you hit the hand I put 
  you in the queue that's great I think I would also to I was 
  sharing his saying is what we're finding is that people are in 
  various stages of of issuing digital credentials and VC's in the 
  space and so we kind of need to do some information gathering to 
  see like you know where there are some intersections and plan 
  from there so I'm that that's just part of the considerations.
Manu Sporny:  Please got it is there an OB V 3 badge that like 
  isn't it is an example badge like at this point.
Kerri Lemoie:  Not yet but we can have one really quickly and I'm 
  trying to tie some of that up we do have a context file that we 
  can use or lean on anyway but we don't have example badge but we 
  will have one time.
Manu Sporny:  Okay great go ahead Andy.
Manu Sporny:  And you might be muted.
Andy Miller:  How about that I am.
<dmitri_zagidulin> we should have an example OBv3 badge in a day 
  or two.
Manu Sporny:  There we go.
Andy Miller:  For those of you don't know I work at IMs and I'll 
  work with the project groups on digital credentials including 
  open badges there is a simple example inside the draft it's not 
  an official draft but a sort of a pre-draft of the OB 30 standard 
  and that's that example.
Andy Miller:  Enhance its checked live because it's using the 
  respect or a fork of respect BC I think you're probably familiar 
  with that and and so it's because it has to calculate the 
  signatures on the Fly it's also doing essentially checking the 
  schema of those examples on the fly so it gets updated every time 
  the schema changes.
Andy Miller:   Has that is the example.
Andy Miller:  Gets updated it's not particularly robust right now 
  and it doesn't have a whole lot of information because I've been 
  trying to avoid breaking it every time they change the model but 
  there is an example there that was a long answer but it does we 
  do have an example.
<kerri_lemoie> Thanks @Andy!
Manu Sporny:  Okay that I mean that's that's super helpful so you 
  know with that example one of the things that we could do is we 
  could Fork one of these test Suites and I mean something simple 
  like the the crypto sweet test Suite potentially we need to talk 
  with Andruw Jones and Tashi they've been doing a lot of the test 
  Suite work but I would imagine that it wouldn't be a ton of work 
  to just.
Manu Sporny:  Fork that and.
Manu Sporny:  Push that credential in there if you So Into You 
  said you're using respec-vc to do that.
Andy Miller:  Yeah I'm using respect for you see to brander it 
  inside the spec document and.
Andy Miller:  Yes that's right.
Manu Sporny:  Yep okay all right well if you're using that tool 
  change I mean it's doing the signature and everything is that 
  right okay so if you're using that tool chain we already know 
  that it will work with at least one of the like digital bizarre 
  uses the same libraries and it's issuer so we know it'll work and 
  I would imagine that it would probably work with Danube tax issue 
  as well Marcus would you can you think of any reason why we 
  wouldn't.
Manu Sporny:   Be able to kind of throw that.
Manu Sporny:  Kind of example that they have at your 
  infrastructure to issue and verify.
Markus Sabadello:  I agree with you I think it should work we 
  work this is this is Marcus by the way sorry I didn't introduce 
  myself and I wasn't able to join the VC do task force call but 
  but but we will also be very excited and participating in some 
  way and trying this out and our implementation is pretty 
  independent right it's it's in Java and we're always interested 
  in participating in these tests.
Markus Sabadello:  It's Aunt plugfest sand.
Markus Sabadello:  So yeah I would love to try it out and I think 
  it should probably work.
<kerri_lemoie> This is great
Manu Sporny:  Okay good good well I mean at least that's a that's 
  a base level of kind of interoperate they're just demonstrating 
  two different vendors you know issuing obv 3 and so maybe that's 
  where that's where we can focus in the beginning let's just issue 
  and verify in just make sure we've got that and then kind of 
  build from there so maybe we can once we get that kind of 
  operational.
Manu Sporny:   All we can talk about this.
Manu Sporny:  Again about alright so what's the what's the wallet 
  protocol look like right where how could we use the PC API 
  exchange stuff in a wallet protocol that might be the next step.
Manu Sporny:  Sharon carry Dimitri was that helpful as kind of 
  like a if that's our Target this at helping help in some useful 
  way.
Dmitri Zagidulin:  Yeah thank you.
Kerri Lemoie:  And I think it's great I think this is a great 
  first step I'm really excited that we have these thank you and 
  yeah well we can talk to the cohort and see you know about 
  protocols and things really gather their opinions on that but 
  this is the basis of what we really need to that's awesome money 
  thank you.
Manu Sporny:  Okay cool good glad glad that we can do something 
  to help Okay so let's wrap a bow on it on that particular part I 
  think we've got something that we can focus on in once we achieve 
  that kind of milestone in this group we can then talk about what 
  the next you know Milestone looks like okay that's that item 
  anything else.
Manu Sporny:  Do interop or the interoperability test Suites 
  before we go on.

Topic: VC-API interoperability test suites

Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0126.html
Manu Sporny:  Actually it might be useful to let me do all the 
  little bit more on the VC interop test Suites it did some screen 
  sharing on this the announcement about it is here but these 
  experimental test Suites exist now they run on a weekly basis 
  they are running against secure key now avast's infrastructure 
  they work against Daniel.
Manu Sporny:   Text in.
Manu Sporny:  And they work against digital bazaars 
  infrastructure and meaning that they are being actively called 
  every week against their infrastructure so when people roll out 
  new capabilities and features and whatever as long as that in 
  points still there it will you know continue to run against that 
  infrastructure and it's a good kind of live test weekly check-in 
  to make sure that everything we were interrupting on last week 
  we're still interrupting on this week.
Manu Sporny:  Very experimental the test Suites experimental 
  right in so it will change over the next couple of I mean will 
  continue to change right until we lock in the final standard for 
  each one of these items which is it's going to be a while before 
  we do that the good news here though is that we're ahead of the 
  curve for once on testing when it comes to standard so.
Manu Sporny:   All the data integrity.
Manu Sporny:  Testing that we're going to have to do in the 
  verifiable credential to working group we've already got that 
  infrastructure setup that usually doesn't happen for to you two 
  years like or sorry happens it happens usually like 18 months 
  after the working group starts so we're 18 months ahead of 
  schedule there which is really nice to finally be there after 
  like a decade of not not being there so so we are hoping.
Manu Sporny:   To utilize.
Manu Sporny:  That infrastructure to help us get through the 
  standards process a little faster in one of the side effects is 
  this infrastructure helps us when things like jmf pop-up right 
  it's infrastructure that we can lean on and utilize to do interop 
  you know interrupter demonstrations a bit faster for those of you 
  that were around in the S VIP program it took a year plus for 
  really concentrated effort to get there whereas now we kind of 
  have these.
Manu Sporny:   Structures that that weekend.
Manu Sporny:  Lean on and utilize when we need to interrupt 
  testing so all that to say the anyone can run their 
  infrastructure if you're if you implement the VC API let me go 
  ahead and share my screen here if you implement the VC API there 
  is a ccg repository called VC API test Suite implementations 
  we've tried very hard to make.
Manu Sporny:   In this process.
Manu Sporny: 
  https://github.com/w3c-ccg/vc-api-test-suite-implementations/tree/main/implementations
Manu Sporny:  Easy we expect that they're going to be 10 to 20 to 
  30 the 50 of these test Suites but there's only one place that 
  you need to register your implementation and that's here in the 
  VC a test Suite API implementations directory I'll put a link to 
  that in the chat and when you register your software I'll just 
  use us as an example you provide kind of the the things you tag 
  your resolvers and you're very.
Manu Sporny:   Fires in.
Manu Sporny:  Your issuers with the types of tests that you are 
  opting in to test yourself against right so VC API is the issuer 
  verifier tests this one Edward signature 2020 is a crypto sweet 
  test we are working on status list 2021 for revocation and things 
  like that and suspension we're hoping to get that out into the 
  public soon and then we also.
Manu Sporny:   Provide z cap.
Manu Sporny:  Authorization or oauth2 or no authorization 
  whatsoever to hit the endpoint so all that to say that this is 
  the only file that you as an implementer have to modify to enable 
  new types of testing for your infrastructure okay so hopefully 
  the other implementers here you know see how easy it is to 
  integrate and if you have any questions of course we've got folks 
  kit that can help.
Manu Sporny:   You Andrew here.
Manu Sporny:  More team and Tashi can help you if you're having 
  any trouble integrating with the test Suites any questions 
  concerns about that before we move on to the next issue.

Topic: IssueCredentialResponse does not allow for metadata

Manu Sporny:  All right well that takes us out of our kind of 
  recap and then now into the actual issue processing the first 
  issue up is about the issue credential response that it does not 
  allow for metadata so let me go ahead and.
Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/291
Manu Sporny:  Share my screen again this is item for on the 
  agenda issue 291 click through to that so one of the one of the 
  problems that we hit when implementing the VC API test Suite is 
  that when you issue a credential let me find issue credential 
  response in here.
Manu Sporny:  Ryan hopefully people can read that issue 
  credential issue credential okay so this is the credentials 
  issuance and point and the thing that you get back you basically 
  post the credential you want to have issued like a no BB3 you 
  know credential and then you will get back this issue credential 
  response and if we look for issue.
Manu Sporny:   A response.
Manu Sporny:  It is just a verifiable credential and that was 
  fine probably in the first year but the challenge is that we 
  can't return back metadata from the issuance so you will just get 
  back a verifiable credential that's been digitally signed from 
  the endpoint but the problem is like what happens when you want 
  to attach metadata that doesn't go in the credential what happens 
  if you want to provide warnings that shouldn't go in the 
  credential what happens.
Manu Sporny:   If you want to do.
Manu Sporny:  Bug you know information Marcus you mentioned that 
  you had done some work here would you mind kind of going going 
  over that really quickly.
Markus Sabadello:  Yes so I completely agree this this would be 
  useful to be able to return not just verifiable credential but 
  also some metadata I think we have discussed this at some point 
  in this group already a while ago I don't quite remember what the 
  what the opinions were or why we didn't Implement that in the API 
  specification but.
Markus Sabadello:  I think it's definitely a good idea.
Markus Sabadello:  We have done that for a while already in our 
  implementation so we sort of have a proprietary extension you 
  could call it like that where the very fiber credential is 
  returned plus metadata but I would be very much in favor of 
  standardizing or putting that into the into the API definition 
  the way we approached it was similar to what we have in.
Markus Sabadello:   Indeed resolution.
Markus Sabadello:  So you know when you resolve teeth then you 
  also have an option if you just wanted the document or the detox 
  command + metadata.
Markus Sabadello:  So I see it a little bit similar to to that 
  and in our design we came up with two different pockets of 
  metadata one that's one that's more about the issuing of the 
  verifying process and one additional metadata pocket that would 
  be more about the documents or the very fiber credential but I 
  don't I don't feel strongly about how exactly to name.
Markus Sabadello:   Or model that but.
Markus Sabadello:  Are very much in favor of adding the ability 
  to return some form of metadata.
Manu Sporny:  Awesome thank you Marcus that's super helpful 
  Longley I'd like your thoughts you know on the different buckets 
  Marcus I'm wondering if I'm trying to think of what the pr pull 
  request would end up looking like the the easiest thing would 
  just basically be to say well just put it in verifiable 
  credential and then we can talk about issuer metadata and 
  document metadata or.
Manu Sporny:   Or we could see.
Manu Sporny:  The implementers are happy with just adding issuer 
  metadata and document metadata right now meaning the pr would 
  have the three outputs that you're talking about here so if 
  implementers would like to weigh in on this I'd like to 
  understand you know what what level of okayness there's another 
  word for that that that comfort.
Manu Sporny:   Kurt level of comfort people.
Manu Sporny:  Have with implementing these feels go ahead 
  Longley.
Dave Longley:  Yeah so I see this is two steps I think we we 
  should we should do it that way so we don't have to work so hard 
  getting consensus on both of them at the same time so Step One is 
  go ahead and make it so that we've returned verifiable credential 
  underneath that property to allow other properties to be present 
  in the response and then we can take our time figuring out 
  exactly what other properties we might want to add now or in the 
  future.
Dave Longley:  We make this first change otherwise we're just 
  going to continue to have more projects and demos and things 
  using the older version that we don't want to have to support.
Manu Sporny:  Right thank you Mike.
Mike Varley:  Thanks so actually I think it's just on Davis last 
  comment around older versions so is this change going to going to 
  impact the the API and then therefore the test Suites that we 
  just went through or do we need to do we need versioning before 
  we can do something like this.
Manu Sporny:  That is an excellent question so yeah that's that 
  those are those are excellent questions I think one of the things 
  we've kind of suggested here is that hey this is an experimental 
  API anything can change at any in any point in that argument has 
  worked in the past leaving but we've changed things and in so 
  like the trace.
Manu Sporny:  It's a good.
Manu Sporny:  Sample of this traceability cohort is locked to a 
  different version of the VC API then the latest bleeding edge and 
  they did version it and they put it under version URL in given 
  that the implementers can opt in to a what's the word the the 
  implementers of the ones that provide the endpoints and so we 
  could in add a tag that.
Manu Sporny:   That's a version.
Manu Sporny:  Tag whenever we make breaking.
Manu Sporny:  She has to the API as well as a way of managing it 
  noting that if we have two version things we may end up if we 
  have two version things it'll slow us down right so I guess 
  they're the big question is there a couple of couple of points 
  here right so we are not in a position where anyone's said that 
  the.
Manu Sporny:   Apis lockdown.
Dave Longley: -1 To an official versioning tag, it's too hard to 
  get interop
Manu Sporny:  It's experimental we could introduce a versioning 
  tag the concern there of course is that when we do that all of a 
  sudden we're going to have probably maybe less interoperability 
  over the long term because everyone's going to be locked 
  different versions and so we could use.
Manu Sporny:   Use it.
Manu Sporny:  So anyway Mike you're on the Queue and Dave's - 1D 
  versioning thing so please go go go ahead Mike.
Mike Varley:  Okay so I just wanted to fully agree and 
  acknowledge that this is an experimental API under development 
  and subject to change and so there shouldn't be I believe at this 
  time an expectation of versioning because our versioning would 
  probably run very out of control I mean the only it would 
  probably be closer to versioning by date rather than anything 
  else but so fully acknowledge that my I guess my concern.
Mike Varley:   Concern stems from now that.
Mike Varley:  Test Suite when and we need we need to be free to 
  make changes to the API in order to move it forward.
Mike Varley:  How do we then how do we then coordinate this with 
  the test Suite I think is the real question so it could be things 
  like actually I don't even have his I don't know that I have a 
  practical suggestion but you know as PRS get accepted there's 
  there's you know the previous version or Janna three months or 
  something that here's where we were but here's what we're going 
  and companies are catching up my only concern is the reason why I 
  think.
Mike Varley:   It matters is that if it.
Mike Varley:  He's constantly showing everyone read only because 
  we're making progress on the API you know what's what are we what 
  are we achieving so that's my concern II think we need to iterate 
  on the API I think we need to move forward I just maybe we need a 
  plan around the test Suite to make sure that we're not constantly 
  breaking ourselves that's all.
Manu Sporny:  Yes excellent points go ahead Dave.
Dave Longley:  Yeah I agree with Mike I think it's important that 
  we get we have a common understanding of what the test Suite is 
  testing and and figure out how that works I think it would be 
  disastrous to introduce some kind of official versioning 
  mechanism into what is it an experimental API this point in time 
  and would make it that much harder for us to make sure that we're 
  getting implementers on any particular one of those versions We 
  don't want to say that any of the.
Dave Longley:  When you do.
Dave Longley:  It's sort of like saying well any one of these 
  versions where was using them it's okay to be using that version 
  as part of the official what we want to become the official 
  standard and official standards going to have one version so we 
  don't want to bake this concept of different things into that 
  official version and have different people implementing different 
  versions of those so the test Suite should track whatever the 
  latest version of the spec is and then we'll have to try and 
  address these concerns route around that Mike brought up with 
  seeing.
Dave Longley:   Red X's all the time.
Manu Sporny:  Yeah plus one did that.
Manu Sporny:  Sorry I'm getting confused about the Q you have 
  plus one that I was I was going to suggest you know a process 
  that hopefully addresses Mike's concerns and in Dave's concerns 
  so what if our process is when a PR is merged into the 
  specification there is permission to change the test suite at 
  that point in time and that will.
<dave_longley> "last passing date" could be some meta data in the 
  test suite for a given implementation and test
Manu Sporny:  Implementations go red we can always coordinate on 
  these calls but it feels like if as might you said if we're 
  making progress we're going to be breaking the tests and we don't 
  want anyone to really implement the older versions of the apis 
  because those older versions are not going to be the thing that 
  standardized at some point in time there may come a point.
Manu Sporny:   Point though.
Manu Sporny:  Where are we.
<kayode_ezike> My thoughts exactly @Dave
Manu Sporny:  I do want to basically say you know what let's cut 
  a version like let's say six months from now or something like 
  that right we say okay this is version 0.8 and no one should ever 
  ship this into production but it's fairly stable meaning that 
  meaning that we have the option of setting and a version at some 
  point in the future if for whatever reason we guess get a slew 
  of.
Manu Sporny:   Objections to.
Manu Sporny:  Where people are like do not break that absolutely 
  no way maybe at that point we can we can you know talk about 
  versioning again go ahead Dimitri or on the key.
Dmitri Zagidulin:  So I absolutely agree with what you said about 
  maybe earnings in the future for the moment let's just break the 
  test Suites the only thing I was going to suggest is so what 
  we're trying to the reason that breaking a test Suites is a 
  problem is we're trying to prevent.
<mike.varley> tests are in git - maybe we can use git tags to 
  help here?
Dmitri Zagidulin:  A change in this back and then everybody else 
  failing this back because we change something fundamental as such 
  as nesting the credential One More Level like what we're 
  proposing right now and to address that would go a long way to 
  just have an explanatory paragraph at the bottom of the.
Dmitri Zagidulin:  Drop test Suite results facts the judge says 
  hey everybody showing red because on such and such a date we 
  broke this back we made a breaking change the stuck.
Dmitri Zagidulin:  Just a couple of sentences of explanation will 
  go a long way towards allaying people's fears I think.
<tallted> Some semblance of semantic versioning with pre v1.0 
  during experimental phase can be useful... Implementations that 
  happen pre v1.0 are inherently experimental, and can be usefully 
  labeled as "targeting v0.75" or whatever for interop (e.g., 
  "targeting 0.4" may not be expected to interop with "targeting 
  0.75").
Manu Sporny:  So and and we can do that I think we have you know 
  the templates all the test Suites have templates that allow us to 
  put in advisory information like that I believe so yeah plus 1/2 
  that's okay so if our process if our process is effectively we 
  discussed breaking changes here there PRS that are put forward if 
  there are no objections and the.
Manu Sporny:   ER is merged the test Suite implementers have.
Manu Sporny:  The go-ahead to change the test suite and break 
  things and if we see massive breakage across implementations 
  those test Suite implementers need to put a warning to say hey 
  things are just temporarily broken because we made a change two 
  weeks ago we expect these tests to go all green you know in the 
  next couple of weeks weeks to months not at not a big deal we're 
  on it if that's our process which is.
Manu Sporny:  Everyone evaluates the pr the pr gets merged the 
  test Suite gets changed with warnings would there be any 
  objections to that being the way we operate in make breaking 
  changes in the specification.
Mike Varley: +1 To text that explains the experimental nature of 
  the API/development and implementors have to 'catch up'.
Manu Sporny:  Okay I'm not hearing any objections Mike's going 
  plus 12 text that explains the experimental nature of the API in 
  that implementers have to catch up Dimitri's plus wanting.
Manu Sporny:   All right.
Manu Sporny:  I'm not hearing any.
Dave Longley: +1 And maybe have "last date passed" in test 
  results
Manu Sporny:  Objections so that can be our operating model.
Manu Sporny:  As well Longley the last date pass thing is a might 
  be difficult to implement we've got to put memory into the test 
  Suites to do that but that's a good idea when you can talk to 
  Andrew and Tashi to see if they would support that okay all right 
  great so so then rolling back to the actual issue at hand.
Manu Sporny:  See the new process is raise a PR that makes a 
  breaking change to the VC API ensure there are no objections to 
  the breaking change and then merge if the change brakes 
  implementations worn in the.
Manu Sporny:  Let's put in the in the test Suite output that 
  implementations are catching up.
Manu Sporny:  The new DC API implement.
<mike.varley> Maybe tests, rather than implementations, can have 
  the "last updated" tag...
Manu Sporny:  Process breaking changes is not version yet okay 
  for that's the discussion today with that in place is this ready 
  for a PR would there be any objections to adding the verification 
  credential thing as the top-level item when when you issue a 
  credential you'll get back.
Manu Sporny:  Application sorry verifiable credential at the top 
  level are that's the first PR that will be raised and then Marcus 
  we can decide to raise these other PR es en on a separate date we 
  certainly won't make it illegal to do this kind of stuff so your 
  implementation Marcus would be able to continue doing this all 
  the other implementations would need to catch up and do this 
  thing instead any objections to doing that.
Manu Sporny:  Okay so that means that we will create a PR Next 
  Step create a PR that adds the verifiable verifiable potential 
  property to the top-level Json object when issuing a VC.
Manu Sporny:  All right so this needs ready for PR.
<sharon_leu> Thanks, all!
<kerri_lemoie> Thanks!
Manu Sporny:  And it's signed me I can write that p r okay and I 
  think that's that's it for the call today we've got three minutes 
  till the top of the hour thank you everyone for joining thank you 
  for helping out with the VC edu brainstorming about how we can 
  support the BCD you folks with the API in for working through 
  this issue this will make it much easier to suggest.
Manu Sporny:   Potential breaking changes.
Manu Sporny:  All right thanks everyone have a great rest of the 
  week see you next week bye.
Markus Sabadello:  Recording has stopped.
Received on Tuesday, 10 May 2022 22:52:46 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 10 May 2022 22:52:47 UTC