- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Tue, 10 May 2022 22:52:46 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-05-10-vcapi/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-05-10-vcapi/audio.ogg ---------------------------------------------------------------- VC API Task Force Transcript for 2022-05-10 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2022May/0022.html Topics: 1. Introductions, Relevant Community Updates 2. VC EDU Interop Support 3. VC-API interoperability test suites 4. IssueCredentialResponse does not allow for metadata Organizer: Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi Scribe: Our Robot Overlords Present: Manu Sporny, Markus Sabadello, Mike Varley, Sharon Leu, Andy Miller, Logan Porter, Dave Longley, Kerri Lemoie, loganporter, Kayode Ezike, Phil L (P1), Julien Fraichot, Mahesh Balan - pocketcred.com, Troy Ronda, Dmitri Zagidulin, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Marty Reed, Phil Long, Ted Thibodeau Our Robot Overlords are scribing. Manu Sporny: All right welcome everyone to the VC verifiable credentials API call this is May 10th 2022 I'll go ahead and put our agenda in here. Manu Sporny: So on the call today around the agenda today rather we have agenda review introductions relevant Community updates then we will talk a bit about the VC EDU call and how we might be able to support interoperability for the VC edu work item in ccg and of course broader ecosystem interoperability will talk a bit about the operability test Suites that were... Manu Sporny: Announced two weeks ago provide some background on those then we'll just start going into issue processing the main one being something that is holding us up a bit on interoperability testing when it coming when it comes to issuing credentials hopefully they'll be a quick one to address and then we've got some o arith Scopes and rar. Manu Sporny: Discussions there and then. Manu Sporny: Our issues as time permits does anyone have any other additions or changes to the agenda anything else that they would like to discuss today. Topic: Introductions, Relevant Community Updates Manu Sporny: Okay if not let's go ahead and start off with me one second with an agenda review introductions in relevant Community updates so we put this in here as a Copic so introductions relevant Community update so anyone neither the call I know a couple of people or note a couple of people that are new. Manu Sporny: Be shy where friendly Bunch if you haven't introduced yourself to this particular group please introduce yourself. Manu Sporny: Mahesh please go ahead. Mahesh_Balan_-_pocketcred.com: Yeah my name is Mahesh pollen and I'm new to this group but have been active in a few others like the VCI initiative and so on and so forth I had that great you know fortunate to meet Carrie in the recent iiw and I'm interested in this whole area of verifiable credentials for learner brackets so thank you. Mahesh_Balan_-_pocketcred.com: for having me. Manu Sporny: Wonderful welcome to the call we're very happy to have you here anyone else needed to call that would like to introduce yourself Julian please go ahead. Julien_Fraichot: The site so yeah I've been you know the course he do we see what the men we see chapter 12 and I guess I'm interested there on the what this call discusses and not I mean this similar time zone I'm not in Europe it's falling on a easier time for me to join so I'm just gonna see if there's something relevant for me here so. Julien_Fraichot: Thank you for having me. Manu Sporny: Wonderful welcome to the call Fantastic questions on the mailing list again please go ahead. Manu Sporny: Right welcome to the call Logan good to see you here anyone else would like to introduce themselves. Manu Sporny: All right most of most of the rest are regulars alright that's it for introductions welcome again let's talk a bit about relevant Community updates as if you probably heard the the verifiable credential to a working group Charter is out for review there was an announcement made on the credentials community group mailing. Manu Sporny: We have about 27 days is schleff tin the vote if you are a w3c member Company please vote on the charter after about a month we'll see where the vote stand if there are any you know formal objections and all that kind of stuff hopefully not and then the working group is expected to start up shortly there after all. Manu Sporny: That means that there will be a face-to-face meeting in Vancouver in September I believe at the w3c technical plenary so that's a good time to kind of get together and meet a lot of the people that that work in the ccg in things like that other items of course things that are going on rebooting the web of trust that Workshop which also has a lot of participation. Manu Sporny: I'm from this. Manu Sporny: He is around I think two weeks before that and then we've got the second IW of the Year happening in November so three opportunities to go and meet people in the community any other announcements that we should be aware of community happenings. Topic: VC EDU Interop Support Manu Sporny: All right if there are none we can go to our second item which is what we can do to support the VC edu interop initiative that jmf through the Future Foundation just announced Sharon would you mind doing like a really quick introduction to the to the topic if you don't mind. Sharon Leu: No problem I was actually just gonna lurk but I'm glad you brought this up so my name is Sharon Lou and I work at an organization called jobs for the future which is a National not-for-profit Organization I mean we focus on the ways that work force in equities can be reduced and we've been thinking a lot about this idea that credentials should demonstrate what individuals can know and if they can be exchanged more fluidly than people can potentially access greater opportunities. Sharon Leu: We're interested in verifiable credentials from. Sharon Leu: Next of education and employment records and we're hoping that like with all of the new interest in digital credentials and alternative credentials that they can actually be in the VC formats so that individuals have more control over them so we have decided to invest a little bit in sort of building up this infrastructure we're going to a little bit copy the S VIP interrupt plugfest but just I guess taking smaller steps in. Sharon Leu: In this process. Sharon Leu: It's many of the wallet vendors as well as the other developers of you know the learning and employment Tech stack will start to take heed and start to build things that align with this so we are going to take our first baby step I guess beginning now and hopefully start by I guess allowing wallet or request I guess encouraging wallet developers to be able to receive and display verify. Sharon Leu: Will credentials in the OB V. Manu Sporny: Awesome thank you Sharon for that update Carrie Dimitri would either one of you like the say anything is kind of part of the BCE to you you know as chairs there and how you see kind of coordination around that activity happening. Dmitri Zagidulin: Sure okay let's go so couple of ways so the VC edu on task force group has volunteered to use the vcg mailing list for the cohort discussion helping the participants make a couple of the technical decisions such as which. Dmitri Zagidulin: Which issuing protocols we support which cryptography sweets what the shape of open badges version 3 credential will look like and some of the rules for the interim fast so that's possibility one in general. Dmitri Zagidulin: In the VC agile work because the group is involved in a number of live Pilots we were very much bumped up against the sort of the limits of VC API and. Dmitri Zagidulin: I would love to coordinate both with this group here and the verifiable credentials working group on a number of the issues such as display such as refreshing reassuring credentials which this group has done a lot of work on and so on so highly recommend anybody who is in this group that is also interested in the educational use case to a very early sign up for the bcig mailing list which will. Dmitri Zagidulin: Right one and preferably. Dmitri Zagidulin: Do you want to add anything Kerri? Kerri Lemoie: I have this great to be tree I think I'm the only thing to add is. <phil_l_(p1)> It's equally applicable to the workforce interface as well as workforce advancement. Kerri Lemoie: First I'll put them in a list and the chat for you is that mind that we're going to try to issue open badges as part of this and I think what's relevant to this group is the historic knowledge and open badges have primarily issue been issued two email addresses and we are looking to try and use dids as part of this so it should be interesting to see how how we can make all of this work. Kerri Lemoie: Thank you. Manu Sporny: Awesome thank you Dimitri thank you Carrie yeah so that's that's all great and I think we're you know there's a lot of interest in trying to demonstrate interop I think you know people are signaling that they're very interested in participating you know in some degree in this in this work so the the main I think topic that we were going to explore is how can this group help in. Manu Sporny: That interoperability. <kerri_lemoie> VC-EDU Emailing list: https://lists.w3.org/Archives/Public/public-vc-edu/ Manu Sporny: The effort so for example you know we're not necessarily working on wallet we're definitely not working on display here right we are working on some subset of wallet protocols here like there's some wallets that do use the PC API as part of the wallet protocol so there's that but I think more immediately you know if if there's a verifiable credential that you want to issue. Manu Sporny: And it's an obvy. <dmitri_zagidulin> (yeah, the VC display part would be of more interest to general CCG and VC-WG) Manu Sporny: Three format which is a VC you know a valid BC format we could utilize some of the apis and protocols that this group is experimenting with to at least achieve some level of interoperability so I think maybe we could start off by kind of reviewing what we have today and how it could be applied to the obv three spec and then. Manu Sporny: See if. Manu Sporny: Others on the call have ideas about how we could what else could we do what else could we leverage to help this interoperability plugfest so let me go ahead and share my screen really quickly there was an announcement that went out about you know interoperability test Suites a bit ago and so the the test Suites basically. Manu Sporny: An issuer so we have this thing called the issuer API the verifiable credential issuer API it is defined actually I should have done this before but let me see if I can pull up the VC API really quickly so this is our specification in in our specification we have a section on issuing here and so we have n points protocol in points to issue and. Manu Sporny: Change this. Manu Sporny: And we have n points to verify credentials as well verify credentials and presentations in the idea here is that these can issue arbitrary verifiable credentials so like an OB V 3 formatted credential you should be able to plug that into this API in theory in the various implementations should spit out a valid verifiable credential this is. Manu Sporny: Some of the. Manu Sporny: All the work we did for the Silicon Valley Innovation program utilized these apis okay so if we go back to issuing and we look at kind of the issuers that we had in s VIP you know we've got like six seven issuers so far in these tests are actually run every Sunday so this is an active these are active tests every week issuer infrastructure is tested. Manu Sporny: In every week. Manu Sporny: You know we get a fresh read on what's working and what's not in things of that nature in these test Suites are opt-in right so these these organizations here that are listed have opted in to be tested against the test Suite the other organizations have not opted in yet but we know that they've got some variation of test suite and they'll opt in when they feel the time is right for them but I think what we can show here is that. Manu Sporny: Is that there's at least. Kerri Lemoie: https://w3c-ccg.github.io/vc-api-issuer-test-suite/ Manu Sporny: Up here we can show at least two organizations interop engaging at some level this is for issuing verification this is where we kind of are for verification although this is a bit misleading we've got some new failures this week that we're trying to chase down so all this green makes it look like it's working but it's not because of these two things you know above here but that's why we have test Suites and we do interrupt testing. Manu Sporny: So we. Manu Sporny: Of test Suites for issuing this one's for verification we have 14 Signature suites as well so testing very specific cryptography sweets in we also have test Suites we did this a while ago we have test Suites for very specific types of credentials so this was way back in the middle of the pandemic or in the early days of the pandemic we put together and then bye. Manu Sporny: A n test Suite. Manu Sporny: Been straight that we could do cross cross issuer verifier interop for things like a vaccination certificate okay so how can we bring these things to Bear for the the jmf initiative or just the vce to you interop initiative in theory we could create a test Suite like this that does n by n interop testing between multiple issuers in multiple verifiers that would. Manu Sporny: And of prove out. Manu Sporny: That at least at the data model level in the cryptography Suite level we've got interop right on the credentials themselves we could do it on crypto sweet so we've got at least two organizations implementing this this crypto sweet we think a couple of more could could pull this library in and demonstrate you know broader interrupt their in we could you know drive this stuff using the issuer and. Manu Sporny: Apis so we have some tools at our disposal now granted this does not cover it doesn't cover the display stuff it's doesn't really cover like wallet protocols at a super high level unless you use a very I mean really new kind of bleeding edge exchanges API that we have in the in the VC API specification so we have this. Manu Sporny: Kind of. Manu Sporny: API that lets you exchange credentials back and forth and you can communicate between a wallet and an issuer in a verifier using that but it's really new and we don't have a test suite for it and in all that kind of stuff so those are just some ideas I'm wondering if anyone has any thoughts on those ideas so I don't know it Dimitri I don't know if you've got any thoughts Carrie Marcus. <phil_l_(p1)> What about the VP layer? Manu Sporny: Mike Logan. Manu Sporny: Any any thoughts since y'all implement this layer. Manu Sporny: Go ahead Logan where you in the queue sorry let me see sorry no thoughts on how we could use this tooling. Dmitri Zagidulin: So I've got a couple of thoughts one is you might be really useful with manual wallet testing. Dmitri Zagidulin: I'm not sure if we could do it in an automated fashion especially for things like mobile wallets for web wallets this you kind of seen doing a puppeteer Webdriver test Suite that actually virtually logs in and clicks buttons in a web-based wallet and and does stuff. Dmitri Zagidulin: I think this. Dmitri Zagidulin: Having a VC API exchange example running on somebody server would be really really helpful for people to test against. <dmitri_zagidulin> @Phil - the VP layer is assumed Manu Sporny: Great thanks the yeah thanks Dimitri thoughts on the like the the data model testing is that a useful thing I mean so I think Sharon one of the problems here is like when you do data model testing there's nothing look at other than like a green check mark to see that everything fail like you can look at the credential here you can kind of see an N by n Matrix but it doesn't make for a very compelling. Manu Sporny: And presentation tune on. <dmitri_zagidulin> (meaning, the VC Exchange API deals in VPs specifically) Manu Sporny: It's so what what would that be Sharon Kerry would that be helpful to kind of show at least of the data model level there's interop or is that not a really a goal for jmf in this. Sharon Leu: Okay so this is a really complicated question because obviously you do need to part of the answer is yes like this it's important for some people to know that there is interoperability on this level one of the activities that we are hoping to do as part of our plugfest is we have a number of I think we have confirmed that there will be about 12 State teams present and we want to do a very quick round of not like a I guess what we'll call it it's not really a. Sharon Leu: A requirements Gathering. Sharon Leu: Just a an AMA on what information do you want from this just to hear sort of directly from like the perspective who we consider to be prospective clients of this I feel like that will help us to inform how future stages of this are designed with respect to the output. Manu Sporny: Round got it. Sharon Leu: So I didn't answer your question but I'm telling you how I plan to know the answer soon. Manu Sporny: Okay alright so I mean what I'm gathering is we just need to chat with those people or at least see you will chat with them and try and determine what they're going to be capable of is that. Manu Sporny: Part of it. Sharon Leu: It's part of it I think what it will be is we will all collectively talk together and we will ask some very specific questions about how how information should be displayed and what information should be displayed in order for them to make informed decisions. Manu Sporny: Okay yeah I know and that that kind of drives the data that needs to go into that obb three thing go ahead Carrie. Kerri Lemoie: I just didn't realize if you hit the hand I put you in the queue that's great I think I would also to I was sharing his saying is what we're finding is that people are in various stages of of issuing digital credentials and VC's in the space and so we kind of need to do some information gathering to see like you know where there are some intersections and plan from there so I'm that that's just part of the considerations. Manu Sporny: Please got it is there an OB V 3 badge that like isn't it is an example badge like at this point. Kerri Lemoie: Not yet but we can have one really quickly and I'm trying to tie some of that up we do have a context file that we can use or lean on anyway but we don't have example badge but we will have one time. Manu Sporny: Okay great go ahead Andy. Manu Sporny: And you might be muted. Andy Miller: How about that I am. <dmitri_zagidulin> we should have an example OBv3 badge in a day or two. Manu Sporny: There we go. Andy Miller: For those of you don't know I work at IMs and I'll work with the project groups on digital credentials including open badges there is a simple example inside the draft it's not an official draft but a sort of a pre-draft of the OB 30 standard and that's that example. Andy Miller: Enhance its checked live because it's using the respect or a fork of respect BC I think you're probably familiar with that and and so it's because it has to calculate the signatures on the Fly it's also doing essentially checking the schema of those examples on the fly so it gets updated every time the schema changes. Andy Miller: Has that is the example. Andy Miller: Gets updated it's not particularly robust right now and it doesn't have a whole lot of information because I've been trying to avoid breaking it every time they change the model but there is an example there that was a long answer but it does we do have an example. <kerri_lemoie> Thanks @Andy! Manu Sporny: Okay that I mean that's that's super helpful so you know with that example one of the things that we could do is we could Fork one of these test Suites and I mean something simple like the the crypto sweet test Suite potentially we need to talk with Andruw Jones and Tashi they've been doing a lot of the test Suite work but I would imagine that it wouldn't be a ton of work to just. Manu Sporny: Fork that and. Manu Sporny: Push that credential in there if you So Into You said you're using respec-vc to do that. Andy Miller: Yeah I'm using respect for you see to brander it inside the spec document and. Andy Miller: Yes that's right. Manu Sporny: Yep okay all right well if you're using that tool change I mean it's doing the signature and everything is that right okay so if you're using that tool chain we already know that it will work with at least one of the like digital bizarre uses the same libraries and it's issuer so we know it'll work and I would imagine that it would probably work with Danube tax issue as well Marcus would you can you think of any reason why we wouldn't. Manu Sporny: Be able to kind of throw that. Manu Sporny: Kind of example that they have at your infrastructure to issue and verify. Markus Sabadello: I agree with you I think it should work we work this is this is Marcus by the way sorry I didn't introduce myself and I wasn't able to join the VC do task force call but but but we will also be very excited and participating in some way and trying this out and our implementation is pretty independent right it's it's in Java and we're always interested in participating in these tests. Markus Sabadello: It's Aunt plugfest sand. Markus Sabadello: So yeah I would love to try it out and I think it should probably work. <kerri_lemoie> This is great Manu Sporny: Okay good good well I mean at least that's a that's a base level of kind of interoperate they're just demonstrating two different vendors you know issuing obv 3 and so maybe that's where that's where we can focus in the beginning let's just issue and verify in just make sure we've got that and then kind of build from there so maybe we can once we get that kind of operational. Manu Sporny: All we can talk about this. Manu Sporny: Again about alright so what's the what's the wallet protocol look like right where how could we use the PC API exchange stuff in a wallet protocol that might be the next step. Manu Sporny: Sharon carry Dimitri was that helpful as kind of like a if that's our Target this at helping help in some useful way. Dmitri Zagidulin: Yeah thank you. Kerri Lemoie: And I think it's great I think this is a great first step I'm really excited that we have these thank you and yeah well we can talk to the cohort and see you know about protocols and things really gather their opinions on that but this is the basis of what we really need to that's awesome money thank you. Manu Sporny: Okay cool good glad glad that we can do something to help Okay so let's wrap a bow on it on that particular part I think we've got something that we can focus on in once we achieve that kind of milestone in this group we can then talk about what the next you know Milestone looks like okay that's that item anything else. Manu Sporny: Do interop or the interoperability test Suites before we go on. Topic: VC-API interoperability test suites Manu Sporny: https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0126.html Manu Sporny: Actually it might be useful to let me do all the little bit more on the VC interop test Suites it did some screen sharing on this the announcement about it is here but these experimental test Suites exist now they run on a weekly basis they are running against secure key now avast's infrastructure they work against Daniel. Manu Sporny: Text in. Manu Sporny: And they work against digital bazaars infrastructure and meaning that they are being actively called every week against their infrastructure so when people roll out new capabilities and features and whatever as long as that in points still there it will you know continue to run against that infrastructure and it's a good kind of live test weekly check-in to make sure that everything we were interrupting on last week we're still interrupting on this week. Manu Sporny: Very experimental the test Suites experimental right in so it will change over the next couple of I mean will continue to change right until we lock in the final standard for each one of these items which is it's going to be a while before we do that the good news here though is that we're ahead of the curve for once on testing when it comes to standard so. Manu Sporny: All the data integrity. Manu Sporny: Testing that we're going to have to do in the verifiable credential to working group we've already got that infrastructure setup that usually doesn't happen for to you two years like or sorry happens it happens usually like 18 months after the working group starts so we're 18 months ahead of schedule there which is really nice to finally be there after like a decade of not not being there so so we are hoping. Manu Sporny: To utilize. Manu Sporny: That infrastructure to help us get through the standards process a little faster in one of the side effects is this infrastructure helps us when things like jmf pop-up right it's infrastructure that we can lean on and utilize to do interop you know interrupter demonstrations a bit faster for those of you that were around in the S VIP program it took a year plus for really concentrated effort to get there whereas now we kind of have these. Manu Sporny: Structures that that weekend. Manu Sporny: Lean on and utilize when we need to interrupt testing so all that to say the anyone can run their infrastructure if you're if you implement the VC API let me go ahead and share my screen here if you implement the VC API there is a ccg repository called VC API test Suite implementations we've tried very hard to make. Manu Sporny: In this process. Manu Sporny: https://github.com/w3c-ccg/vc-api-test-suite-implementations/tree/main/implementations Manu Sporny: Easy we expect that they're going to be 10 to 20 to 30 the 50 of these test Suites but there's only one place that you need to register your implementation and that's here in the VC a test Suite API implementations directory I'll put a link to that in the chat and when you register your software I'll just use us as an example you provide kind of the the things you tag your resolvers and you're very. Manu Sporny: Fires in. Manu Sporny: Your issuers with the types of tests that you are opting in to test yourself against right so VC API is the issuer verifier tests this one Edward signature 2020 is a crypto sweet test we are working on status list 2021 for revocation and things like that and suspension we're hoping to get that out into the public soon and then we also. Manu Sporny: Provide z cap. Manu Sporny: Authorization or oauth2 or no authorization whatsoever to hit the endpoint so all that to say that this is the only file that you as an implementer have to modify to enable new types of testing for your infrastructure okay so hopefully the other implementers here you know see how easy it is to integrate and if you have any questions of course we've got folks kit that can help. Manu Sporny: You Andrew here. Manu Sporny: More team and Tashi can help you if you're having any trouble integrating with the test Suites any questions concerns about that before we move on to the next issue. Topic: IssueCredentialResponse does not allow for metadata Manu Sporny: All right well that takes us out of our kind of recap and then now into the actual issue processing the first issue up is about the issue credential response that it does not allow for metadata so let me go ahead and. Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/291 Manu Sporny: Share my screen again this is item for on the agenda issue 291 click through to that so one of the one of the problems that we hit when implementing the VC API test Suite is that when you issue a credential let me find issue credential response in here. Manu Sporny: Ryan hopefully people can read that issue credential issue credential okay so this is the credentials issuance and point and the thing that you get back you basically post the credential you want to have issued like a no BB3 you know credential and then you will get back this issue credential response and if we look for issue. Manu Sporny: A response. Manu Sporny: It is just a verifiable credential and that was fine probably in the first year but the challenge is that we can't return back metadata from the issuance so you will just get back a verifiable credential that's been digitally signed from the endpoint but the problem is like what happens when you want to attach metadata that doesn't go in the credential what happens if you want to provide warnings that shouldn't go in the credential what happens. Manu Sporny: If you want to do. Manu Sporny: Bug you know information Marcus you mentioned that you had done some work here would you mind kind of going going over that really quickly. Markus Sabadello: Yes so I completely agree this this would be useful to be able to return not just verifiable credential but also some metadata I think we have discussed this at some point in this group already a while ago I don't quite remember what the what the opinions were or why we didn't Implement that in the API specification but. Markus Sabadello: I think it's definitely a good idea. Markus Sabadello: We have done that for a while already in our implementation so we sort of have a proprietary extension you could call it like that where the very fiber credential is returned plus metadata but I would be very much in favor of standardizing or putting that into the into the API definition the way we approached it was similar to what we have in. Markus Sabadello: Indeed resolution. Markus Sabadello: So you know when you resolve teeth then you also have an option if you just wanted the document or the detox command + metadata. Markus Sabadello: So I see it a little bit similar to to that and in our design we came up with two different pockets of metadata one that's one that's more about the issuing of the verifying process and one additional metadata pocket that would be more about the documents or the very fiber credential but I don't I don't feel strongly about how exactly to name. Markus Sabadello: Or model that but. Markus Sabadello: Are very much in favor of adding the ability to return some form of metadata. Manu Sporny: Awesome thank you Marcus that's super helpful Longley I'd like your thoughts you know on the different buckets Marcus I'm wondering if I'm trying to think of what the pr pull request would end up looking like the the easiest thing would just basically be to say well just put it in verifiable credential and then we can talk about issuer metadata and document metadata or. Manu Sporny: Or we could see. Manu Sporny: The implementers are happy with just adding issuer metadata and document metadata right now meaning the pr would have the three outputs that you're talking about here so if implementers would like to weigh in on this I'd like to understand you know what what level of okayness there's another word for that that that comfort. Manu Sporny: Kurt level of comfort people. Manu Sporny: Have with implementing these feels go ahead Longley. Dave Longley: Yeah so I see this is two steps I think we we should we should do it that way so we don't have to work so hard getting consensus on both of them at the same time so Step One is go ahead and make it so that we've returned verifiable credential underneath that property to allow other properties to be present in the response and then we can take our time figuring out exactly what other properties we might want to add now or in the future. Dave Longley: We make this first change otherwise we're just going to continue to have more projects and demos and things using the older version that we don't want to have to support. Manu Sporny: Right thank you Mike. Mike Varley: Thanks so actually I think it's just on Davis last comment around older versions so is this change going to going to impact the the API and then therefore the test Suites that we just went through or do we need to do we need versioning before we can do something like this. Manu Sporny: That is an excellent question so yeah that's that those are those are excellent questions I think one of the things we've kind of suggested here is that hey this is an experimental API anything can change at any in any point in that argument has worked in the past leaving but we've changed things and in so like the trace. Manu Sporny: It's a good. Manu Sporny: Sample of this traceability cohort is locked to a different version of the VC API then the latest bleeding edge and they did version it and they put it under version URL in given that the implementers can opt in to a what's the word the the implementers of the ones that provide the endpoints and so we could in add a tag that. Manu Sporny: That's a version. Manu Sporny: Tag whenever we make breaking. Manu Sporny: She has to the API as well as a way of managing it noting that if we have two version things we may end up if we have two version things it'll slow us down right so I guess they're the big question is there a couple of couple of points here right so we are not in a position where anyone's said that the. Manu Sporny: Apis lockdown. Dave Longley: -1 To an official versioning tag, it's too hard to get interop Manu Sporny: It's experimental we could introduce a versioning tag the concern there of course is that when we do that all of a sudden we're going to have probably maybe less interoperability over the long term because everyone's going to be locked different versions and so we could use. Manu Sporny: Use it. Manu Sporny: So anyway Mike you're on the Queue and Dave's - 1D versioning thing so please go go go ahead Mike. Mike Varley: Okay so I just wanted to fully agree and acknowledge that this is an experimental API under development and subject to change and so there shouldn't be I believe at this time an expectation of versioning because our versioning would probably run very out of control I mean the only it would probably be closer to versioning by date rather than anything else but so fully acknowledge that my I guess my concern. Mike Varley: Concern stems from now that. Mike Varley: Test Suite when and we need we need to be free to make changes to the API in order to move it forward. Mike Varley: How do we then how do we then coordinate this with the test Suite I think is the real question so it could be things like actually I don't even have his I don't know that I have a practical suggestion but you know as PRS get accepted there's there's you know the previous version or Janna three months or something that here's where we were but here's what we're going and companies are catching up my only concern is the reason why I think. Mike Varley: It matters is that if it. Mike Varley: He's constantly showing everyone read only because we're making progress on the API you know what's what are we what are we achieving so that's my concern II think we need to iterate on the API I think we need to move forward I just maybe we need a plan around the test Suite to make sure that we're not constantly breaking ourselves that's all. Manu Sporny: Yes excellent points go ahead Dave. Dave Longley: Yeah I agree with Mike I think it's important that we get we have a common understanding of what the test Suite is testing and and figure out how that works I think it would be disastrous to introduce some kind of official versioning mechanism into what is it an experimental API this point in time and would make it that much harder for us to make sure that we're getting implementers on any particular one of those versions We don't want to say that any of the. Dave Longley: When you do. Dave Longley: It's sort of like saying well any one of these versions where was using them it's okay to be using that version as part of the official what we want to become the official standard and official standards going to have one version so we don't want to bake this concept of different things into that official version and have different people implementing different versions of those so the test Suite should track whatever the latest version of the spec is and then we'll have to try and address these concerns route around that Mike brought up with seeing. Dave Longley: Red X's all the time. Manu Sporny: Yeah plus one did that. Manu Sporny: Sorry I'm getting confused about the Q you have plus one that I was I was going to suggest you know a process that hopefully addresses Mike's concerns and in Dave's concerns so what if our process is when a PR is merged into the specification there is permission to change the test suite at that point in time and that will. <dave_longley> "last passing date" could be some meta data in the test suite for a given implementation and test Manu Sporny: Implementations go red we can always coordinate on these calls but it feels like if as might you said if we're making progress we're going to be breaking the tests and we don't want anyone to really implement the older versions of the apis because those older versions are not going to be the thing that standardized at some point in time there may come a point. Manu Sporny: Point though. Manu Sporny: Where are we. <kayode_ezike> My thoughts exactly @Dave Manu Sporny: I do want to basically say you know what let's cut a version like let's say six months from now or something like that right we say okay this is version 0.8 and no one should ever ship this into production but it's fairly stable meaning that meaning that we have the option of setting and a version at some point in the future if for whatever reason we guess get a slew of. Manu Sporny: Objections to. Manu Sporny: Where people are like do not break that absolutely no way maybe at that point we can we can you know talk about versioning again go ahead Dimitri or on the key. Dmitri Zagidulin: So I absolutely agree with what you said about maybe earnings in the future for the moment let's just break the test Suites the only thing I was going to suggest is so what we're trying to the reason that breaking a test Suites is a problem is we're trying to prevent. <mike.varley> tests are in git - maybe we can use git tags to help here? Dmitri Zagidulin: A change in this back and then everybody else failing this back because we change something fundamental as such as nesting the credential One More Level like what we're proposing right now and to address that would go a long way to just have an explanatory paragraph at the bottom of the. Dmitri Zagidulin: Drop test Suite results facts the judge says hey everybody showing red because on such and such a date we broke this back we made a breaking change the stuck. Dmitri Zagidulin: Just a couple of sentences of explanation will go a long way towards allaying people's fears I think. <tallted> Some semblance of semantic versioning with pre v1.0 during experimental phase can be useful... Implementations that happen pre v1.0 are inherently experimental, and can be usefully labeled as "targeting v0.75" or whatever for interop (e.g., "targeting 0.4" may not be expected to interop with "targeting 0.75"). Manu Sporny: So and and we can do that I think we have you know the templates all the test Suites have templates that allow us to put in advisory information like that I believe so yeah plus 1/2 that's okay so if our process if our process is effectively we discussed breaking changes here there PRS that are put forward if there are no objections and the. Manu Sporny: ER is merged the test Suite implementers have. Manu Sporny: The go-ahead to change the test suite and break things and if we see massive breakage across implementations those test Suite implementers need to put a warning to say hey things are just temporarily broken because we made a change two weeks ago we expect these tests to go all green you know in the next couple of weeks weeks to months not at not a big deal we're on it if that's our process which is. Manu Sporny: Everyone evaluates the pr the pr gets merged the test Suite gets changed with warnings would there be any objections to that being the way we operate in make breaking changes in the specification. Mike Varley: +1 To text that explains the experimental nature of the API/development and implementors have to 'catch up'. Manu Sporny: Okay I'm not hearing any objections Mike's going plus 12 text that explains the experimental nature of the API in that implementers have to catch up Dimitri's plus wanting. Manu Sporny: All right. Manu Sporny: I'm not hearing any. Dave Longley: +1 And maybe have "last date passed" in test results Manu Sporny: Objections so that can be our operating model. Manu Sporny: As well Longley the last date pass thing is a might be difficult to implement we've got to put memory into the test Suites to do that but that's a good idea when you can talk to Andrew and Tashi to see if they would support that okay all right great so so then rolling back to the actual issue at hand. Manu Sporny: See the new process is raise a PR that makes a breaking change to the VC API ensure there are no objections to the breaking change and then merge if the change brakes implementations worn in the. Manu Sporny: Let's put in the in the test Suite output that implementations are catching up. Manu Sporny: The new DC API implement. <mike.varley> Maybe tests, rather than implementations, can have the "last updated" tag... Manu Sporny: Process breaking changes is not version yet okay for that's the discussion today with that in place is this ready for a PR would there be any objections to adding the verification credential thing as the top-level item when when you issue a credential you'll get back. Manu Sporny: Application sorry verifiable credential at the top level are that's the first PR that will be raised and then Marcus we can decide to raise these other PR es en on a separate date we certainly won't make it illegal to do this kind of stuff so your implementation Marcus would be able to continue doing this all the other implementations would need to catch up and do this thing instead any objections to doing that. Manu Sporny: Okay so that means that we will create a PR Next Step create a PR that adds the verifiable verifiable potential property to the top-level Json object when issuing a VC. Manu Sporny: All right so this needs ready for PR. <sharon_leu> Thanks, all! <kerri_lemoie> Thanks! Manu Sporny: And it's signed me I can write that p r okay and I think that's that's it for the call today we've got three minutes till the top of the hour thank you everyone for joining thank you for helping out with the VC edu brainstorming about how we can support the BCD you folks with the API in for working through this issue this will make it much easier to suggest. Manu Sporny: Potential breaking changes. Manu Sporny: All right thanks everyone have a great rest of the week see you next week bye. Markus Sabadello: Recording has stopped.
Received on Tuesday, 10 May 2022 22:52:46 UTC