[MINUTES] W3C CCG Verifiable Credentials API Call - 2022-05-17

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-05-17/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-05-17/audio.ogg

----------------------------------------------------------------
VC API Task Force Transcript for 2022-05-17

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022May/0030.html
Topics:
  1. Introductions, Announcements
  2. Support for scopes/rars in OAS3.0
  3. Initial PR for exchange discovery
  4. Close: Should vc http api use PE Spec for query format?
  5. Linting CI/CD
  6. What happens when you delete a revocable credential?
Organizer:
  Manu Sporny, Orie Steele, Markus Sabadello, Mike Varley, Mahmoud Alkhraishi
Scribe:
  Our Robot Overlords
Present:
  Manu Sporny, Mahmoud Alkhraishi, Dmitri Zagidulin, bengo, Justin 
  Richer, Marty Reed, Markus Sabadello, Mike Varley, Andy Miller, 
  Eric Schuh, Joe Andrieu, BrentZ, Logan Porter, Julien Fraichot, 
  Brent Shambaugh, Brent Zundel, Phil L (P1), Brian

Our Robot Overlords are scribing.
Manu Sporny:  All right welcome everyone to the verifiable 
  credentials API call this is May 17th 2022 agenda in here.
Manu Sporny:  On our agenda today we've got this agenda review 
  introductions relevant Community updates and then we're going to 
  jump into issues we're going to talk about Scopes and r&r's and 
  support for those things in our OS files we there's a question on 
  whether or not we should.
Manu Sporny:  Close an issue I went to closed pending issues and 
  then I wasn't clear if we should close an issue so we're going to 
  talk a bit about that talk about linting see ICD what happens 
  when you delete a revocable credential and any other issues we 
  also need to cover to pull requests that have been out there for 
  a bit Mike Varley one of them is to nudge your PR Ford it seems 
  like it's you've responded to everyone and it's ready to merge 
  and so we just need to see if there any.
Manu Sporny:   Directions to merge.
Manu Sporny:  There's of course the mermaid diagrams that need to 
  be merged as well that's it for the agenda are there any updates 
  or additions to the agenda.

Topic: Introductions, Announcements

Manu Sporny:  All right so let's go on to introductions and 
  announcements is anyone new on the call today anyone want to give 
  an update on how they're doing their new job old job anything 
  like that anyone want to give an intro or re intro.
Manu Sporny:  I think it's a the regular crew here so we all know 
  each other.
<manu_sporny> Proposed W3C Charter: RDF Dataset Canonicalization 
  and Hash Working Group
Manu Sporny:  Announcements reminders please go ahead and put 
  yourself on the queue for that I've got a couple of announcements 
  this is mostly I'm sure some of you were on the call earlier 
  today the main weekly call there is a new proposed Charter for an 
  rdf data set and canonicalization working group and putting the 
  link in chat now this is so that we can canonicalize.
Manu Sporny:   He's Data before we.
Manu Sporny:  In it in a verifiable credentials primarily this 
  work is around linked data rdf data set canonicalization the 
  proposed Charter is linked to in that link I sent if you are w3c 
  member or you know w3c member you might want to urge them to vote 
  on that Charter Marcus here on the Queue go ahead.
Markus Sabadello:  Yes when you announce this to the list I 
  responded and I also want to quickly respond here and Echo what 
  you said to make everyone aware of that Charter and w3c member 
  then please vote on that I think it's funny a lot of people are 
  probably not aware of the fact that this part of the stack hasn't 
  actually been standardized yet a lot of us maybe take that for 
  granted the fact that we can canonicalize on.
<bengo> 😂
Markus Sabadello:  If data and then attach proofs but we need to 
  standardize it because of things depend on that so please have a 
  look if I find one part of the charter very interesting which 
  says that the the very fiber credential Charter right that's also 
  available right now and that says that the work on securing 
  linked data is primarily intended for verify with credentials.
Markus Sabadello:   It may also be used for.
Markus Sabadello:  And the same is true here for the katana 
  conversation and hashing so let's not underestimate the 
  importance of this giving some attention.
Manu Sporny:  Wonderful thank you for that Marcus and and some of 
  you might not know but Marcus is one of our fearless leaders in 
  that group Marcus you're one of the co-chairs along with Phil 
  Archer from gs1 which is wonderful and I and I and I know that 
  you and Phil are going to do a fantastic job navigating that 
  group through the through the standardization Waters it's always 
  an adventure.
Manu Sporny:  The other announcement of course is that the 
  verifiable credentials to a working group Charter is out there 
  for a vote as well please go and vote on that if you are w3c 
  member and if you know a w3c member make sure to poke them to 
  make sure that they vote and I think Brent sundel are other 
  fearless leader who has been leading that group for a long time 
  as chair is here.
Manu Sporny:   Here but I don't know if you have any words.
Manu Sporny:  To share about that Charter or the work.
BrentZ: I don't thank you for for advertising us we appreciate 
  all the support we've gotten so far folks who haven't jumped in 
  the more overwhelming the support the better I think we have at 
  this point you know the minimum number of approvals that that we 
  would need but the more we can get the better so please check it 
  out and vote.
Manu Sporny:  Thank you Bret Marcus you're back on the queue.
<manu_sporny> cool, didn't know about that one!
Markus Sabadello:  Yep just as I wanted to mention about two 
  weeks from now there will be a w3c workshop on data spaces and 
  semantic interoperability here in Vienna we don't have a slot on 
  the agenda because we didn't think client time but both Phil and 
  Phil Archer and myself we will be there and first connect with 
  the other participants and.
Markus Sabadello:  Get some treats.
Markus Sabadello:  On the works that we have with rdf data 
  canonicalization and passion also verify credentials we can after 
  that report back to the larger group.
https://www.trusts-data.eu/data-spaces-semantic-interoperability/
Manu Sporny:  Awesome thank you for that Marcus I had I had no 
  idea that wasn't in Vienna or that it was going on all right the 
  only other announcement right now is that a couple of weeks ago 
  we announced a number of test Suites around the verifiable 
  credentials API and crypto sweets and all that kind of.
<manu_sporny> Cross-vendor interop for Data Integrity and 
  Ed25519Signature2020 achieved: 
  https://lists.w3.org/Archives/Public/public-credentials/2022May/0034.html
Manu Sporny:  Um they were V Capi issuer verifier test Suites 
  there were test Suites for the Edwards signature 2020 crypto 
  sweet announced in the here we are three weeks later we've got a 
  demonstration of at least two independent vendor implementations 
  passing those preliminary test Suites I'll put the link to that 
  mail.
Manu Sporny:  The reason this particular things of relevance is 
  that one of the things that we have to do for the verifiable 
  credentials to a working group is to produce a test suite and get 
  enough implementations for some of the work items and you know 
  usually the minimum bar is two independent implementations the 
  good news here is that we have a test suite and we have 
  demonstrated that there are two.
Manu Sporny:   Her operable.
Manu Sporny:  Shins today surely these test Suites are going to 
  change when the group meets they will be refined they will be 
  come more rigorous but the fact that we're going into the working 
  group with test Suites and to interoperable implementations is a 
  really good sign so thank you a ton Demarcus and Dan UTech for 
  being one of the organization's to.
Manu Sporny:   Ask digital Bazaar is.
Manu Sporny:  The one right now and we're we've got cross vendor 
  interop going between both of our companies and we have I think I 
  know of at least four other companies that are actively 
  implementing to the test Suite right now so we should be in 
  pretty good good shape from a crypto sweet standpoint for the VC 
  to working group the announcement I did not get around to making 
  today was that we have the same thing for.
Manu Sporny:   Issue and verify.
Manu Sporny:  Here is that these are cross-industry test Suites 
  the traceability folks have been doing a great job of 
  interrupting between each other using the VC API for many months 
  now which is great the test Suites that that we're talking about 
  here are slightly different in that they're a little more generic 
  they're not super focused on traceability they're more 
  generalized VC API tests and more modular.
Manu Sporny:   In that fashion.
Manu Sporny:  So that's good news you know it's this is this is 
  good you know all the all the hard work that people have been 
  doing for a long time now is starting to kind of you know bear 
  fruit any other updates announcements anything of that nature.

Topic: Support for scopes/rars in OAS3.0

Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/219
Manu Sporny:  All right let's get into the agenda then the first 
  item up has been on our agenda for multiple weeks now it is 
  support for Scopes and regards in the OAS 30 files we haven't 
  talked about this in a while so we're going to come back and talk 
  about it let me go ahead and share my screen.
Manu Sporny:  I have not even looked at this in a while.
Manu Sporny:  So I guess Ori raise this Mike it's assigned to you 
  Mike I hate to put you on the spot or would you be able to talk 
  about this otherwise I can.
Mike Varley:  Yeah I think I can talk a little bit about it it's 
  it's around how we wanted to manage Scopes in the API and there 
  was a gist there is shows where or he's just using I think 
  structured Scopes you know so there's kind of a structure within 
  the string that server would have to parse.
Mike Varley:  And we have.
Mike Varley:  Come up with.
Mike Varley:  Plan Legacy you know: or Dash or whatever the point 
  is that there is a structured scope string and then the 
  suggestion from Justin was that there's there's a better way and 
  called rawr that and I see Justin's on the call so I'll let him 
  jump in on on explaining through how Roars but it's a structured 
  set up for your Scopes that allows you know a location the 
  permissions associated with that scope.
Mike Varley:   And then.
Mike Varley:  Looks like there's a data type field there as well 
  so it's a really flexible and structured way so between seems 
  kind of like opposites but they're you know in this way you can 
  you can you can get a lot of flexibility out of your structured 
  Scopes and it's something that's you know got aspect to it and 
  it's and it's portable across other implementation so you may get 
  Library support and all the other benefits I believe the pushback 
  was that the tooling that were using for defining the API.
Mike Varley:   AI does not support rar.
Mike Varley:  That would be a challenge to get the spec you know 
  the Swagger that were using to to specify it properly and sort of 
  two points there I think Justin has actually gone and engaged 
  with the open API Group to to involve some of those capabilities 
  within this back so there's some some activity there and also if 
  the group feels that you know structured Scopes are the right 
  thing to do.
Mike Varley:   Do then we shouldn't necessarily.
Mike Varley:  And Define a proper spec but we do have the 
  limitation where we would like to use open API for various good 
  reasons including test Suites and napi generation and Postman 
  scripts and so on and so on so I think it's still open for 
  discussion about what this group would like to do I am in favor 
  of the RAR approach but I recognize the tooling issue and with 
  that I think.
Mike Varley:  You're able to jump on then I think describing the 
  benefits of ride you did a presentation I'm going to say over six 
  months ago but that's only because my memory isn't very good but 
  but it was it was a while ago you did a presentation on R&R 
  structures so maybe just if there's a summary of that as the 
  benefits then maybe we could kick off from there.
Justin Richer:  Yeah sure / I mean Mike Mike covered most of it 
  and basically.
Justin Richer:  Our was invented because several people in the 
  past myself included developed specifications that required 
  structured Scopes and it's one of those things that seems like a 
  great idea on paper until you actually need to deploy it and use 
  it especially across any pi over time as you discover new and 
  different things that you want to do with that API and you find 
  your structures.
Justin Richer:  And adding new syntax and New Dimensions and all 
  of this other stuff that I'm sure people will swear to me up and 
  down that no that's not going to happen here because this time is 
  different well it's not it's I'm sorry it's just not it's this is 
  what has happened to every single time I've seen this invented 
  and what we're trying to do with RAR is create an actual 
  multi-dimensional structure for.
Justin Richer:   Describing exactly.
Justin Richer:  This kind of thing.
Justin Richer:  So the tooling is not available for R&R yet Mike 
  mentioned in linked to issues where I'm starting to engage with 
  the open API specification security subgroup about that I 
  encourage people to go read those strawman proposals and comment 
  on them and see if that even makes sense but quite frankly as I 
  demonstrated in a previous call.
Justin Richer:   .
<markus_sabadello> W3C workshop in Vienna: 
  https://www.trusts-data.eu/data-spaces-semantic-interoperability/
Justin Richer:  The tooling I'm sorry ball to I'm not sure where 
  that came from thanks transcriber but anyway as I demonstrated on 
  a previous call the tooling can in fact be.
Justin Richer:  Adapted in pretty much any way that we need to 
  describe what it is in the resultant spec because the.
Justin Richer:  Output of this group is not the OAS spec it's the 
  Respec document.
Justin Richer:  That fully describes the API and all of its peace 
  pieces so.
Justin Richer:  Any additional tooling that's needed for 
  processing that kind of stuff in that type of pluggable system I 
  think is a reasonable reach for this group but that's me I'm not 
  the one who has to write the tooling regardless structured Scopes 
  I can say definitively are not a good idea they feel like a good 
  idea you may have convinced yourself that they're a good idea.
Justin Richer:  Many years of experience and several versions of 
  inventing these in the past dictates otherwise.
Manu Sporny:  Great thanks Justin Mike Europe.
Mike Varley:  I sure thank you I would also like to consider how 
  Scopes structured or otherwise are seen to be used with our 
  exchanges and point which is kind of an extension piece so you 
  know we have the exchanges endpoint which enables a you know a 
  variety of functionality with credentials and how credentials can 
  be.
Mike Varley:  So I don't know if we need nuanced Scopes in order 
  to support the exchanges API that being there's an API or in 
  sorry an access token for one exchange is it scoped for exactly 
  one exchange or is it just kind of a access token which could be 
  used against many anyhow for those implementing the exchanges.
Mike Varley:  Maybe interesting to hear your perspective.
Mike Varley:  You want to control access to those exchanges or if 
  there's another mechanism.
Manu Sporny:  All right good questions Mike I put myself on the Q 
  let's see so.
Manu Sporny:  I think I mean we're in a position where we could 
  do we don't think anyone here thinks doing all of these things is 
  a good idea but at the same time I think each one of these ideas 
  might need time to breathe and I don't think it would harm 
  anything to start defining but for those that want to do these 
  things I think the group would you know look at PR s in pull PRS.
Manu Sporny:   In that enabled.
<justin_richer> question to Manu: does OAS3 support ZCAPs? If 
  not, how do you get it in there?
Manu Sporny:  Is of doing authorization to the API so today what 
  we have is we have people using oauth2 digital bazaars 
  implementation uses ecaps and we support some level of belonged 
  to I think we should also you know enable the RAR stuff to happen 
  I agree with Justin the tooling stuff is not a good reason to say 
  we can't do.
Manu Sporny:   Do it in.
<justin_richer> Thanks for clarifying
Manu Sporny:  Don't imagine the tooling is going to be that hard 
  to do just ask the question you know there's OAS3 support Z caps 
  it doesn't we just implemented it in the tests we enabled the 
  test Suite to test implementations that have z cap so Justin I 
  think the z cap stuff is in the same boat that the our stuff is 
  in which is that the OAS stuff doesn't support it.
Manu Sporny:   It so.
Manu Sporny:  We can we can enable it in the test Suite I don't 
  see any reason why we why we can't do that and so it's just a 
  matter of you know people putting in the time to do that work so 
  the concrete proposal on this item is that we are entertaining 
  PRS for any of these things you know I think Justin's right the 
  whole structured scope stuff is 0 it's severely problem.
Manu Sporny:   Attic that's one of the.
Manu Sporny:  That we're not happy with you know the oauth2 stuff 
  but the fact is the fact of the matter is there a lot of 
  implementers that are doing it anyway and so do we provide any 
  kind of guidance to them or is it a wild west right anyway I 
  guess all this to say that the concrete proposal is we are 
  accepting PRS for supporting all these different authorization 
  mechanisms certainly in the.
Manu Sporny:  That's just work that people can do and if people 
  don't want to implement you know particular type of authorization 
  they don't have to and you know let's try to see how what people 
  how people think we should integrate this into the spec so it 
  just yeah so so we're accepting PRS would there be any thoughts 
  concerns about that approach Mike you're on the queue.
Mike Varley:  Okay then yeah was just in first or was it was it 
  myself.
Manu Sporny:  I looked at the Q and you were there for question 
  on Z caps.
Mike Varley:  Okay I'll ask my question and then just maybe we 
  can follow up on the question on Z caps was just if you could 
  provide maybe a 30 second view on how the client obtains the the 
  original you nosy caps object and then and then how that 
  delegation may work only because I'm familiar with Z caps as a 
  data structure but not the messaging on how to you know get.
Mike Varley:   One or get a particular capability.
Mike Varley:  More narrowly so if there is a 30 second kind of 
  overview about how that happens that'd be great because it might 
  help Drive the roar Associated work thank you.
Manu Sporny:  I am afraid Mike that I would say the wrong thing I 
  would rather have our implementers on the call so they can say 
  how it happens today I have not yeah I can take a guess but it's 
  probably going to be wrong.
Mike Varley:  Richard different okay thank you no no no problem 
  no problem no thank you no problem.
Justin Richer: 
  https://datatracker.ietf.org/doc/draft-ietf-oauth-rar/
Justin Richer:  Yeah I just wanted to know to the group just so 
  that everybody knows pasting it in ietf data tracker link for 
  there are specification it is in the state publication requested 
  which in layman's terms means that it is out of the working group 
  and into sort of the higher areas of the ietf we're sort of The 
  Wider review is happening right now and it is this is.
Justin Richer:   Is kind of one of the final stages.
Justin Richer:  Publication for our FC.
Justin Richer:  The ietf process is complicated with many layers 
  but this is the second or third to the end it's very it's very 
  close.
Manu Sporny:  All right thanks I guess I'll just take that out a 
  quick thanks for that Dustin okay so are there any objections for 
  us basically saying we're looking for pull requests on Scopes 
  Roars C caps any of that stuff and then we'll review as a group 
  once those come in.
Justin Richer: +1 To PRs

Topic: Initial PR for exchange discovery

Manu Sporny:  All right there we go we'll put it as ready for PR 
  and not is that item um my apologies Mike I totally forgot about 
  processing pull request so let's do yours next yours is the 
  initial PR for exchange Discovery if you would like to give us 
  actually please give us.
Manu Sporny:  On this PR and its current state.
Manu Sporny: https://github.com/w3c-ccg/vc-api/pull/268
Mike Varley:  Yep absolutely so when we were defining the 
  exchanges capability of the API where the API was able to support 
  workflows for obtaining credentials and verifying credentials.
Mike Varley:  It was noted that it may be the case where some of 
  those exchanges have protocol rules like username and password 
  has to be handed in or some other authentication token has to be 
  handed in at the time that the exchange in point is accessed and 
  then at which point the the VP our data structure might specify 
  what the protocol is to obtain.
Mike Varley:   In the credential and and.
Mike Varley:  Bull is revocation or sorry not revocation refresh 
  Prudential refresh 2020 or 2021 so the trouble there is that as a 
  client application calling the calling an exchange endpoint I 
  likely need some information before I call the endpoint to know 
  what I'm supposed to be doing in order to be successful and with 
  that in mind.
Mike Varley:  Respect out on exchanges Discovery and point so you 
  would make a call to the just top of the exchanges tree a get 
  call and you would receive a list of the endpoints available and 
  then the associated protocols just as a string value or a URI 
  that was implemented on those exchange and points and the 
  assumption is that if the client understood what that.
Mike Varley:   String meant then it was it would be able to.
Mike Varley:  Kate with the endpoint and if not then it can throw 
  an error right away saying sorry I unsupported to the person 
  using the API or to the other system used using the API as a 
  client and you know and so and then there was a request to 
  enhance the API for pagination and and some other you know 
  structured issues which have been addressed I believe.
Mike Varley:   The open.
Mike Varley:  So I believe the pr has addressed all the immediate 
  issues requested however there may be some discussion around 
  whether Discovery is even necessary or if the structure of the VP 
  our protocol supported by this this API sort of has enough 
  built-in that Discovery is redundant.
Mike Varley:   And no one would.
Mike Varley:  It's more that second question that I put to the 
  group do we still think discoveries necessary do we want to 
  support more than just VPR or do we is can we can we achieve 
  everything just with the VP R-Spec language and finally if there 
  is no answer to that second question today now or discussion we 
  can always add we can always accept the.
Mike Varley:   ER and then.
Mike Varley:  And later that Discovery is not necessary we could 
  we could remove it because it's fairly independent of the rest of 
  the API it's just an endpoint which returns a list of n points 
  and protocols so if we decide it's useless and maybe we could 
  remove it but that's the current state the pr itself is probably 
  ready to go there's sort of an open discussion as to whether we 
  still want discovery.
Manu Sporny:  Awesome thank you for that Mike yeah I mean my read 
  on the pr is that Mike is answered all the questions all the 
  requests in the group have been answered in yes there's an open 
  question on whether or not discoveries needed or not the digital 
  bizarre doesn't use Discovery for the exchange endpoints but it 
  is very possible that we're just not seeing the same use cases 
  that.
Manu Sporny:   Avast is see.
Manu Sporny:  Um in you know +12 merging I mean you know we're 
  still in an experimental state in the API lets Define this and 
  see if people find it useful or if people want to iterate on it 
  and then as Mike said if implementation experiences we don't need 
  this then then it can be taken out at a later point in time so 
  I'm a plus-one to merge Justin you're on the.
Justin Richer:  Yeah so also a plus one to merge and I wanted to 
  just raise the often forgotten point that even in protocols where 
  Discovery is not strictly necessary it can be a very useful 
  Dynamic optimization for different systems so good nap for 
  example is written from the start as a protocol that does not 
  need a discovery phase.
Justin Richer:  We still Define Discovery documents and end 
  points so that self-configuring clients can optimize their 
  interconnection with the server based on the Discovery 
  information now is that step strictly required absolutely not an 
  app is designed to allow for live negotiation and sort of a 
  back-and-forth to kind of find the bits that you need as you go 
  however there is no reason to disallow a.
Justin Richer:   Client to optimize itself.
Justin Richer:  In this particular way so I also support merging 
  this.
Manu Sporny:  Thanks Justin anyone else in the queue queue is 
  empty are there any objections to merging the pr.
Manu Sporny:  All right I'm not hearing any objections Mike it's 
  been a while since the pr has been updated means moved on their 
  conflicts would you mind fixing the conflicts and as soon as 
  those are fixed we can merge it in.
Mike Varley:  Okay will do can't guarantee what will happen today 
  but yes we'll fix the conflicts and then we can then just get 
  approvals for emerge.
Manu Sporny:  Okay sounds good and thank you for putting the pr 
  together the only other one that's out there is this sequence 
  diagram mermaid Respec sequence diagram stuff I was just going to 
  merge it it just adds it converts the static PNG images to 
  mermaid diagrams where we can actually hand edit them a hand edit 
  the user flow diagram so that'll that'll go in shortly as well we 
  just forgot to merge that in.
Manu Sporny:  PRS back to the issues Next Issue up.

Topic: Close: Should vc http api use PE Spec for query format?

Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/174
Manu Sporny:  Is should we close question on whether or not we 
  should use the presentation exciting exchange spec as as a query 
  format.
Manu Sporny:  Let's see I think Mike you had asked a question we 
  were going to wait was pending close and then we asked secure key 
  if you were the only one that was interested in implementing 
  presentation exchange we said we would you know close the issue 
  until they was more interest and then there was also mentioned 
  that VPR could could potentially support it so Mike why don't you 
  cover your.
Manu Sporny:   Response here in the.
Manu Sporny:  Here is are you okay with closing this or should we 
  keep it open.
Mike Varley:  Thank you so my comment was a question just to see 
  if any other implementers were interested in utilizing those 
  other protocols presentation exchange did come Etc from our 
  position we were happy to close it out if there was no immediate 
  need and and then.
Mike Varley:  Then Buckner jumped in and said hey we do that and 
  so I think that there are some I think there is some Community 
  interest and other protocols but I don't know how serious that is 
  was close block actually intend to use this API with presentation 
  exchange and.
Mike Varley:  And we like presentation exchanging with and we'll 
  use it with whatever we're doing I heard to say so but there were 
  some other community members who were asking questions about it 
  so from my perspective I'm still okay to say it looks like for 
  now it's a VP are based API but I believe we should reach out to 
  Dan.
Mike Varley:   I don't know if.
Mike Varley:  He's actually going to implement pecs transmute 
  rather anyway we should we should just kind of ping and say PR's 
  welcome or we're going to close this until we get a PR like I'm 
  not sure what you do with that kind of a hanging issue like that.
Manu Sporny:  Yeah that's a good question Mike my suggestion is 
  PR's welcome right at this point you know of assets you know 
  about secure key Avast has signaled that there they have interest 
  block has signaled they have interest in so the next thing is to 
  put put forward a PR on what those types of flows would look like 
  if we have presentation Exchange in here currently it is VP our 
  base like the whole a.
Manu Sporny:   API and and is VPR based I think.
Manu Sporny:  Well I won't speak for Ori but so yeah I think you 
  know PR's welcome let's let's see what a proposal would look like 
  go ahead Mike.
Mike Varley:  I'll just note that I believe that in the sample in 
  the linked issue ad presentation exchange example we are using 
  the VPR outer structure and then the inner structure you know 
  because there's a type it says type presentation exchange and 
  then the inner structure is the presentation exchange so again 
  that's not a PR it's just saying here's how you could do it I 
  don't know if anyone.
Mike Varley:  Into the idea of oh yes let's do that so.
Manu Sporny:  Is this the example you're talking about my where 
  the interact service points out.
Mike Varley:  No no it's you have to click on the on the link 
  tissue it's actually part of the message.
Manu Sporny:  This one add presentation exchange example okay.
Mike Varley:  So if you click on that you'll just see there you 
  go so see it says it's type presentation exchange credential 
  carry and then in there you have so it's kind of nested within 
  the the VPR rap group but again so there's multiple approaches 
  here not a lot of active discussion on how presentation exchange 
  would actually be leveraged I know presentation exchange and 
  credential manifest our.
Mike Varley:   Part of the.
Mike Varley:  Open ID work and you know they're being discussed 
  in diff so I just don't know that.
Mike Varley:  There's there's activity for this API to support it 
  and again maybe it maybe there's maybe there's a way to add it in 
  later I can't say I just don't I don't know what other people's 
  intentions are.
Manu Sporny:  Yeah I mean it certainly would be able to be put 
  into the the query type right the PPR type and and credential 
  query that would be one way of doing integration but you're right 
  I mean I think what we need here is again this is kind of a PR's 
  welcome.
Mike Varley: +1 To PRs welcome
Manu Sporny:  Right if there are two companies that want to 
  interop or one company wants to propose how we would integrate 
  presentation exchange we should try to it is certainly a very 
  good it's a it in the very worst case it's a really great thought 
  exercise to determine whether or not we can actually use 
  different query mechanisms different protocols over the VC API.
Manu Sporny:   So like Chappy's.
Manu Sporny:  All agnostic sorry it chappies message agnostic and 
  so the intent was the VC API was supposed to be message agnostic 
  in some cases and so can we actually achieve that or not and 
  doing a presentation exchange using pecs and did come would be 
  one way of trying to see if that's actually true.
Manu Sporny:  So Mike is that the suggestion then it's like can 
  we.
Mike Varley:  So I would yep say PR's welcome I would all my 
  sorry that's my stuff my anxiety there is that the more protocols 
  we want to enable makes it more difficult for interoperability 
  and you know coverage clients suddenly have to expect.
Mike Varley:   That maybe it's a VP.
Mike Varley:  Our base protocol or a presentation exchange based 
  protocol again leading to you know as a client what code do I 
  need to write to talk to this server challenges and it so that's 
  that's why I feel like I'd really like to narrow it down so we 
  could get it working but he ours welcome.
Manu Sporny:  Okay great are there any objections to suggesting 
  people submit PR's for this so that the group can explore that 
  space.
Manu Sporny:  Okay we will say it's ready for its not finding 
  clothes it's ready for PR.
<mike.varley> sorry I have to drop early today. thx.
Manu Sporny:  Come on GitHub ready here we go all right it's 
  ready for PR and we'll move on from that okay next item up is 
  linting and CI CD from OAS or for OAS.

Topic: Linting CI/CD

Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/221
Manu Sporny:  So I think the status here like had to drop the 
  status here is basically me grab this is we just need someone to 
  do the work so Lin ping happens right now on the OAS files when 
  the Respec spec is rendered so if the OS is broken in any way the 
  spec will refuse to render in you have to go to the console.
Manu Sporny:   Soul and look to see what what.
Manu Sporny:  OAS wenting error was thrown that said it would be 
  really good to have linting as it just a part of the regular 
  process that runs we just need someone to do the work.
<mahmoud_alkhraishi> happy to do it
Manu Sporny:  Would there be any volunteers to do the work on 
  oasc ICD linting should be a quick one my moods volunteering 
  awesome thank you so much my hood let's see discussed this on 
  the.
Manu Sporny:  Yes no that's not the year 2020 2517 Helicon 
  volunteered to is that as a GitHub action from mood.
<mahmoud_alkhraishi> yes
Manu Sporny:  Thank you volunteer dad to get Hub action to lint 
  the specification the event b os files you PRS are raucous 
  whatever only go as far as okay alright there we go I'm going to 
  assign it to you I'm good.
Manu Sporny:  And take money off of that and that is up to you to 
  raise a PR to do that thank you very much for all and tearing to 
  do that.

Topic: What happens when you delete a revocable credential?

Manu Sporny: https://github.com/w3c-ccg/vc-api/issues/276
Manu Sporny:  Okay that's that one next item up this one's going 
  to be an interesting one what happens when you delete a revocable 
  credential so this and then here's issue 276.
Manu Sporny:  All right so Ori ask the question specifically when 
  you delete a revocable credential what happens the status bits 
  anyone have any thoughts.
Manu Sporny:  Go ahead Joe.
Joe Andrieu:  What component is this for.
Manu Sporny:  The issuer I would imagine can you even delete 
  credentials do we have that we I don't think we have that.
Joe Andrieu:  Yeah I also added a similar note 2268 I wasn't up 
  to speed with it when you asked if there were objections I also 
  don't know how that's supporting the breaking out a different 
  components but yeah we deleting a credential like it matters very 
  much which component you're calling that a pi on I can someone 
  else delete a.
Joe Andrieu:  The holder app.
Joe Andrieu:  Very different than if you're deleting a credential 
  that are verifiers already received if you're deleting a 
  credential that an issuer has issued like I really can't even 
  understand the question without understanding which component 
  it's related to.
Manu Sporny:  That is an excellent point are there any 
  assumptions that you could make that would allow you to answer 
  that question.
Joe Andrieu:  Well who's I mean.
Manu Sporny:  Let's let's let's say it's the issuer is an issue 
  or allowed to delete a credential that they have issued and if so 
  what happens to the status bits when that.
Joe Andrieu:  Where is the so the issuers calling it and they're 
  calling it on the holder app.
Joe Andrieu:  Right so the issuer app is calling it on the issue 
  or service.
Manu Sporny:  Now they're calling it on their issuer correct yes.
Joe Andrieu:  So I don't know why the issuer service would 
  retaining credentials so I don't expect the issuer service to be 
  a data storage of credentials other people might but I think 
  that's it that's it that's a good.
Joe Andrieu:   While the issue are.
Joe Andrieu:  I may need to hold credentials the issuer service I 
  would not expect to.
Joe Andrieu:  People do I think it's a fair debate I think it's a 
  good debate about should the issuer API enables automatic storage 
  of VCS upon issuance but I think it's probably not a good idea I 
  think these were app that's the website that's interacting with 
  the service I think it's fair game for that issue or distorted.
Manu Sporny:  Right and taking notes any other thoughts on this 
  item.
<andy_miller> Is a "revocable credential" a VC with a 
  "credentialStatus" property?
Joe Andrieu:  And while you're typing that out man in Andy Miller 
  to your question I think that is correct I think that's what 
  people mean by a revocable credentials that there is a mechanism 
  to check the status which is in the credential status property.
Andy Miller:  So if the credential status property points at a 
  credential status service the service might be holding the 
  credential to.
Andy Miller:  Maybe what Orion was asking was let's say the 
  credential status service only actually maintains the I don't 
  know which rarely method they've implemented but let's say if 
  some method but which just keeps a bit flag and for a credential 
  so deleting it might mean just.
Andy Miller:  Deleting that flag and it's no longer holding it.
Joe Andrieu:  That's right I think I think if the delete it could 
  be interpreted as unrwa voguing is what you're saying if the 
  component is the refresh status service I'm sorry not reefer I 
  always mess that up a lot the credential status property the 
  service that that points to.
Manu Sporny:  So let me die with a half half taking notes half 
  listening are we saying basically the the whatever's handling the 
  status bit for that credential needs to flip the bit where we 
  saying something else.
Manu Sporny:  Like if you delete a credential it's automatically 
  revoked.
Manu Sporny:  If you if you're holding it if you like well yeah I 
  guess the credential status - yeah.
Joe Andrieu:  I think Andy supposition was that hey maybe Ori 
  meant that the act of deleting is how you you revoke.
Joe Andrieu:  I think it comes back to what's what's the 
  component that you're calling it on and who's calling it.
Manu Sporny:  Okay so we kind of need more information Logan go 
  ahead.
Joe Andrieu:  Yeah I mean for example if it's if the credentials 
  already in my wallet then who gets to delete that except the 
  holder me so I'm thinking there may be a more sophisticated use 
  case that I'm just not picking up on.
Manu Sporny:  I guess it's not clear what the word delete means 
  here either.
Manu Sporny:  I think we need more information to actually answer 
  the question what is not able to have a bit of discussion around 
  the question because it was not clear which component of the ecos 
  co system was doing the deletion.
Manu Sporny:  It's also not.
Manu Sporny:  It's not clear what be delete HTTP verb meant.
Manu Sporny:  Different aspects of the system delete on a 
  potential in a holder wallet semantically different then delete 
  on a credential in N sure app in or service.
Manu Sporny:  Components identified and the semantics around the 
  delete operation lied in order to make progress on this issue 
  does that sound like a reasonable.
Joe Andrieu:  Yeah when one thing you might add is also the color 
  like.
Manu Sporny:  It means the component the the caller caller the 
  component and the semantics around the delete operation there we 
  go.
Joe Andrieu:  Yeah I think what by the way just this sort of a 
  medic comment but I think this the lack of the color component is 
  also part of why I think we've struggled about authorization 
  mechanisms.
Manu Sporny:  Yes that would agree with that.
Joe Andrieu:  Like you gets to delete or who gets to create 
  that's the authorization question.
<joe_andrieu> /s/Like you gets/Like who gets/
Manu Sporny:  Yep absolutely I'm praying to figure out how we 
  roll that into a future conversation that feels like it would 
  provide some clarity to a number of the questions that have been 
  raised all right we have two ish minutes left in the call let's 
  go ahead and end the call here are there any other comments 
  concerns or things that we should be aware of over the next week 
  before we meet again.

Received on Tuesday, 17 May 2022 21:47:34 UTC