Weekly github digest (Weekly update on Verifiable Credentials WG activity) from W3C Webmaster via GitHub API on 2023-08-21 (public-credentials@w3.org from August 2023)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 21 Aug 2023 17:01:14 +0000
To: public-credentials@w3.org
Message-Id: <E1qY8HC-009k7X-QC@uranus.w3.org>
Issues
------
* w3c/vc-data-model (+5/-7/💬62)
  5 issues created:
  - N3 rendering of Verifiable Claims Examples raises some questions (by bblfish)
    https://github.com/w3c/vc-data-model/issues/1248 
  - Addressing Verifier Stored Data Vulnerabilities and Legal Compliance (by awoie)
    https://github.com/w3c/vc-data-model/issues/1247 [privacy-tracker] [security-tracker] [HorizontalReview] [privacy-needs-resolution] [security-needs-resolution] 
  - Security Concern: Strengthening Trust Boundaries for Holder Software in Verifiable Credential Processing (by awoie)
    https://github.com/w3c/vc-data-model/issues/1246 [privacy-tracker] [security-tracker] [HorizontalReview] [privacy-needs-resolution] [security-needs-resolution] 
  - Mitigating Location Correlation via Common Issuers (by awoie)
    https://github.com/w3c/vc-data-model/issues/1245 [privacy-tracker] [HorizontalReview] [privacy-needs-resolution] 
  - Address Metadata-Driven Correlation (by awoie)
    https://github.com/w3c/vc-data-model/issues/1244 [privacy-tracker] [HorizontalReview] [privacy-needs-resolution] 

  26 issues received 62 new comments:
  - #1248 N3 rendering of Verifiable Claims Examples raises some questions (1 by bblfish)
    https://github.com/w3c/vc-data-model/issues/1248 
  - #1243 Recommend that DIDs are used with VCs (5 by OR13, decentralgabe, iherman, jandrieu, selfissued)
    https://github.com/w3c/vc-data-model/issues/1243 [discuss] [post-CR] 
  - #1240 Address normative concept of VerifiableCredentialGraph (10 by OR13, iherman)
    https://github.com/w3c/vc-data-model/issues/1240 [before-CR] 
  - #1239 `expires` header for https://www.w3.org/2018/credentials/v1 is in the past (7 by OR13, iherman, msporny)
    https://github.com/w3c/vc-data-model/issues/1239 [post-CR] 
  - #1237 Add references to Sub-Resource Integrity (1 by iherman)
    https://github.com/w3c/vc-data-model/issues/1237 [editorial] [post-CR] 
  - #1235 Revert language change on the definition of Subject (3 by RieksJ, iherman, jandrieu)
    https://github.com/w3c/vc-data-model/issues/1235 [ready for PR] [before-CR] 
  - #1233 [VC-JWT] Reference is wrong (1 by iherman)
    https://github.com/w3c/vc-data-model/issues/1233 [pr exists] [before-CR] 
  - #1232 Revisit validation vs verification (2 by decentralgabe, iherman)
    https://github.com/w3c/vc-data-model/issues/1232 [before-CR] 
  - #1231 Minor change to validFrom requested (2 by iherman, msporny)
    https://github.com/w3c/vc-data-model/issues/1231 [ready for PR] [before-CR] 
  - #1227 Document the value of processing as JSON-LD (2 by OR13, iherman)
    https://github.com/w3c/vc-data-model/issues/1227 [before-CR] 
  - #1224 VCDM editors draft has incorrect link for published version (2 by brentzundel, iherman)
    https://github.com/w3c/vc-data-model/issues/1224 
  - #1214 Spec does not contain "name" and "description" terms in the context (3 by iherman, msporny, selfissued)
    https://github.com/w3c/vc-data-model/issues/1214 [ready for PR] [before-CR] 
  - #1206 Allowing expanded `type` values in conforming documents (2 by iherman, msporny)
    https://github.com/w3c/vc-data-model/issues/1206 [before-CR] 
  - #1205 Define Controller Documents in the Core Data Model (2 by decentralgabe, selfissued)
    https://github.com/w3c/vc-data-model/issues/1205 [before-CR] 
  - #1193 `validFrom` and `validUntil` fields need better specification of `dateTime` (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1193 [pr exists] [i18n-needs-resolution] [before-CR] 
  - #1177 Provide guidance for when hash values do not match specification text (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1177 [ready for PR] [before-CR] 
  - #1175 Ensure the base context doesn't constrain lower-maturity specifications (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1175 [ready for PR] [before-CR] 
  - #1157 Security and Privacy Self-Review Questionnaire (1 by awoie)
    https://github.com/w3c/vc-data-model/issues/1157 [privacy-tracker] [security-tracker] [HorizontalReview] [before-CR] 
  - #1150 Protected term errors when supporting v1 and v2 (1 by iherman)
    https://github.com/w3c/vc-data-model/issues/1150 [before-CR] 
  - #1126 Address "Credential" vs "VerifiableCredential" (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1126 [pr exists] [before-CR] 
  - #1105 How should we refer to the Securing specifications? (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1105 [editorial] [pr exists] [before-CR] 
  - #1089 Why does the Data Model context file define a DataIntegrityProof RDF class? (3 by brentzundel, iherman)
    https://github.com/w3c/vc-data-model/issues/1089 [pending close] [before-CR] 
  - #1010 `termsOfUse` is insufficiently specified (1 by David-Chadwick)
    https://github.com/w3c/vc-data-model/issues/1010 [conversation] [directory] [before-CR] 
  - #1009 Clarifying credential from verifiable credential (1 by msporny)
    https://github.com/w3c/vc-data-model/issues/1009 [editorial] [pr exists] [terminology] [before-CR] 
  - #995 [Terminology] claim (1 by iherman)
    https://github.com/w3c/vc-data-model/issues/995 [terminology] [post-CR] 
  - #870 Evidence extension point (was: Improve tests for Evidence) (6 by OR13, TallTed, iherman, longpd)
    https://github.com/w3c/vc-data-model/issues/870 [evidence] [before-CR] 

  7 issues closed:
  - `validFrom` and `validUntil` fields need better specification of `dateTime` https://github.com/w3c/vc-data-model/issues/1193 [pr exists] [i18n-needs-resolution] [before-CR] 
  - Clarifying credential from verifiable credential https://github.com/w3c/vc-data-model/issues/1009 [editorial] [pr exists] [terminology] [before-CR] 
  - How should we refer to the Securing specifications? https://github.com/w3c/vc-data-model/issues/1105 [editorial] [pr exists] [before-CR] 
  - Address "Credential" vs "VerifiableCredential" https://github.com/w3c/vc-data-model/issues/1126 [pr exists] [before-CR] 
  - [VC-JWT] Reference is wrong https://github.com/w3c/vc-data-model/issues/1233 [pr exists] [before-CR] 
  - Why does the Data Model context file define a DataIntegrityProof RDF class? https://github.com/w3c/vc-data-model/issues/1089 [pending close] [before-CR] 
  - VCDM editors draft has incorrect link for published version https://github.com/w3c/vc-data-model/issues/1224 

* w3c/vc-json-schema (+4/-4/💬8)
  4 issues created:
  - Formalize the jsonSchema property in the VCDM vocabulary? (by iherman)
    https://github.com/w3c/vc-json-schema/issues/206 
  - Encourage usage of OHTTP during schema resolution (by andresuribe87)
    https://github.com/w3c/vc-json-schema/issues/203 
  - Add guidance for wallets when using JsonSchemaCredential and selected disclosure (by andresuribe87)
    https://github.com/w3c/vc-json-schema/issues/202 
  - Add guidance on inclusion of unique tracking identifiers (by andresuribe87)
    https://github.com/w3c/vc-json-schema/issues/201 

  5 issues received 8 new comments:
  - #206 Formalize the jsonSchema property in the VCDM vocabulary? (3 by andresuribe87, decentralgabe, iherman)
    https://github.com/w3c/vc-json-schema/issues/206 [pre-cr] 
  - #201 Add guidance on inclusion of unique tracking identifiers (2 by andresuribe87, decentralgabe)
    https://github.com/w3c/vc-json-schema/issues/201 [privacy-needs-resolution] [pre-cr] 
  - #197 Clarify the usage of the `id` property in `credentialSubject` when using `JsonSchemaCredential` (1 by decentralgabe)
    https://github.com/w3c/vc-json-schema/issues/197 [pre-cr] 
  - #194 JSON schema's `type` and VC.context.JsonSchema.type (1 by decentralgabe)
    https://github.com/w3c/vc-json-schema/issues/194 [pre-cr] 
  - #167 Security and Privacy Self-Review Questionnaire (1 by andresuribe87)
    https://github.com/w3c/vc-json-schema/issues/167 [horizontal-review] 

  4 issues closed:
  - Support YAML schema representations https://github.com/w3c/vc-json-schema/issues/142 [pre-cr] 
  - Clarify the usage of the `id` property in `credentialSubject` when using `JsonSchemaCredential` https://github.com/w3c/vc-json-schema/issues/197 [pre-cr] 
  - JSON schema's `type` and VC.context.JsonSchema.type https://github.com/w3c/vc-json-schema/issues/194 [pre-cr] 
  - Add note about media types https://github.com/w3c/vc-json-schema/issues/157 [enhancement] [pre-cr] 

* w3c/vc-data-integrity (+4/-4/💬13)
  4 issues created:
  - Add normative guidance that @context files SHOULD be cached (by msporny)
    https://github.com/w3c/vc-data-integrity/issues/170 [before CR] 
  - Add Security Consideration to avoid key reuse (by msporny)
    https://github.com/w3c/vc-data-integrity/issues/169 [before CR] 
  - Add Privacy Consideration for previous signers in proof chains (by msporny)
    https://github.com/w3c/vc-data-integrity/issues/168 [during CR] 
  - Add reference back to VC Data Model Security and Privacy Considerations sections (by msporny)
    https://github.com/w3c/vc-data-integrity/issues/167 

  8 issues received 13 new comments:
  - #170 Add normative guidance that @context files SHOULD be cached (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/170 [before CR] 
  - #169 Add Security Consideration to avoid key reuse (3 by Wind4Greg, msporny)
    https://github.com/w3c/vc-data-integrity/issues/169 [security-needs-resolution] [during CR] 
  - #167 Add reference back to VC Data Model Security and Privacy Considerations sections (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/167 [privacy-needs-resolution] [security-needs-resolution] [during CR] 
  - #164 Is a another context required to express JsonWebKey or Multikey? (4 by OR13, msporny)
    https://github.com/w3c/vc-data-integrity/issues/164 [pending close (7 days)] [before CR] 
  - #161 Add sec:cryptosuiteString data type to vocabulary (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/161 [pr exists] [before CR] 
  - #120 Expand use of `previousProof` to allow an array, define in security vocabulary (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/120 [pr exists] [before CR] 
  - #87 Potential attacks on `previousProof` and algorithmic mitigations (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/87 [pr exists] [before CR] 
  - #78 Expiration Date (1 by msporny)
    https://github.com/w3c/vc-data-integrity/issues/78 [pr exists] [before CR] 

  4 issues closed:
  - Add sec:cryptosuiteString data type to vocabulary https://github.com/w3c/vc-data-integrity/issues/161 [pr exists] [before CR] 
  - Expand use of `previousProof` to allow an array, define in security vocabulary https://github.com/w3c/vc-data-integrity/issues/120 [pr exists] [before CR] 
  - Potential attacks on `previousProof` and algorithmic mitigations https://github.com/w3c/vc-data-integrity/issues/87 [pr exists] [before CR] 
  - Expiration Date https://github.com/w3c/vc-data-integrity/issues/78 [pr exists] [before CR] 

* w3c/vc-di-eddsa (+2/-0/💬0)
  2 issues created:
  - Highlight security/privacy trade-offs between RDF-CANON and JCS (by msporny)
    https://github.com/w3c/vc-di-eddsa/issues/58 
  - Point Privacy and Security Considerations section back to Data Integrity (by msporny)
    https://github.com/w3c/vc-di-eddsa/issues/57 [before CR] 

* w3c/vc-di-ecdsa (+4/-0/💬7)
  4 issues created:
  - Ensure to pass SHA-384 param and fetch verification method early to get key size (by dlongley)
    https://github.com/w3c/vc-di-ecdsa/issues/32 
  - Highlight security/privacy trade-offs between RDF-CANON and JCS (by msporny)
    https://github.com/w3c/vc-di-ecdsa/issues/30 [during CR] 
  - Point Privacy and Security Considerations section back to Data Integrity (by msporny)
    https://github.com/w3c/vc-di-ecdsa/issues/29 [before CR] 
  - Add normative guidance that Deterministic signatures SHOULD be used (by msporny)
    https://github.com/w3c/vc-di-ecdsa/issues/28 

  3 issues received 7 new comments:
  - #29 Point Privacy and Security Considerations section back to Data Integrity (1 by msporny)
    https://github.com/w3c/vc-di-ecdsa/issues/29 [privacy-needs-resolution] [security-needs-resolution] [before CR] [ready for pr] 
  - #26 Clarifying `publicKeyMultibase` encoding: `did:key` style with multicodec code, or not? (2 by bnewbold, msporny)
    https://github.com/w3c/vc-di-ecdsa/issues/26 [question] 
  - #22 Confirming `EcdsaSecp256r1VerificationKey2019` -> `Multikey` transition (4 by OR13, bnewbold, peacekeeper)
    https://github.com/w3c/vc-di-ecdsa/issues/22 [question] [during CR] 

* w3c/vc-jwt (+1/-0/💬2)
  1 issues created:
  - Define Controller Documents in the Core Data Model (by OR13)
    https://github.com/w3c/vc-jose-cose/issues/140 

  1 issues received 2 new comments:
  - #136 signature profiles (2 by OR13, TallTed)
    https://github.com/w3c/vc-jose-cose/issues/136 



Pull requests
-------------
* w3c/vc-data-model (+5/-4/💬44)
  5 pull requests submitted:
  - Vocabulary fixes — replacement of #1241 (by iherman)
    https://github.com/w3c/vc-data-model/pull/1253 
  - Add section about Names and Descriptions of credentials. (by msporny)
    https://github.com/w3c/vc-data-model/pull/1252 
  - Mitigate context risk when transitioning to Proposed Recommendation. (by msporny)
    https://github.com/w3c/vc-data-model/pull/1251 
  - Apply range requirements to validFrom/validUntil. (by msporny)
    https://github.com/w3c/vc-data-model/pull/1250 
  - Provide actionable guidance related to base context hash value. (by msporny)
    https://github.com/w3c/vc-data-model/pull/1249 

  11 pull requests received 44 new comments:
  - #1253 Vocabulary fixes — replacement of #1241 (2 by OR13, iherman)
    https://github.com/w3c/vc-data-model/pull/1253 
  - #1252 Add section about Names and Descriptions of credentials. (5 by aphillips, iherman, msporny)
    https://github.com/w3c/vc-data-model/pull/1252 
  - #1242 Add sd-jwt registered claim names to v2 context (14 by OR13, Sakurann, TallTed, brentzundel, iherman, msporny, peacekeeper)
    https://github.com/w3c/vc-data-model/pull/1242 
  - #1241 Vocabulary fixes (2 by iherman)
    https://github.com/w3c/vc-data-model/pull/1241 
  - #1238 Add language on mitm, replay, spoofing attacks (3 by decentralgabe, iherman)
    https://github.com/w3c/vc-data-model/pull/1238 
  - #1236 Added an SVG diagram of the vocabulary. (6 by iherman, msporny)
    https://github.com/w3c/vc-data-model/pull/1236 
  - #1234 Update links from VC-JWT to VC-JOSE-COSE (2 by iherman, msporny)
    https://github.com/w3c/vc-data-model/pull/1234 
  - #1212 Refer to VC-SPECS-DIR for proof types. (2 by iherman, msporny)
    https://github.com/w3c/vc-data-model/pull/1212 
  - #1211 Clarify the difference between a "credential" and a "verifiable credential" (4 by TallTed, dlongley, iherman, msporny)
    https://github.com/w3c/vc-data-model/pull/1211 
  - #1199 Add validation section regarding holder (1 by iherman)
    https://github.com/w3c/vc-data-model/pull/1199 
  - #1172 Add "author" and "party" to terminology, rewrite "claim" terminology (3 by RieksJ, TallTed, iherman)
    https://github.com/w3c/vc-data-model/pull/1172 

  4 pull requests merged:
  - Added an SVG diagram of the vocabulary.
    https://github.com/w3c/vc-data-model/pull/1236 
  - Update links from VC-JWT to VC-JOSE-COSE
    https://github.com/w3c/vc-data-model/pull/1234 
  - Refer to VC-SPECS-DIR for proof types.
    https://github.com/w3c/vc-data-model/pull/1212 
  - Clarify the difference between a "credential" and a "verifiable credential"
    https://github.com/w3c/vc-data-model/pull/1211 

* w3c/vc-json-schema (+3/-4/💬7)
  3 pull requests submitted:
  - Encourage OHTTP to prevent linking schema requests (by andresuribe87)
    https://github.com/w3c/vc-json-schema/pull/207 
  - Updated the respec plugin version (by andresuribe87)
    https://github.com/w3c/vc-json-schema/pull/205 
  - Clarified the value of `credentialSchema` when type is JsonSchemaCredential (by andresuribe87)
    https://github.com/w3c/vc-json-schema/pull/204 

  4 pull requests received 7 new comments:
  - #205 Updated the respec plugin version (1 by OR13)
    https://github.com/w3c/vc-json-schema/pull/205 
  - #204 Clarified the value of `credentialSchema` when type is JsonSchemaCredential (1 by OR13)
    https://github.com/w3c/vc-json-schema/pull/204 
  - #200 Add OpenAPI/YAML Representation (4 by TallTed, decentralgabe)
    https://github.com/w3c/vc-json-schema/pull/200 
  - #199 Guidance on using JsonSchemaCredential (1 by decentralgabe)
    https://github.com/w3c/vc-json-schema/pull/199 

  4 pull requests merged:
  - Add OpenAPI/YAML Representation
    https://github.com/w3c/vc-json-schema/pull/200 
  - Guidance on using JsonSchemaCredential
    https://github.com/w3c/vc-json-schema/pull/199 
  - Media types for plain json schema, JWT, and SD-JWT
    https://github.com/w3c/vc-json-schema/pull/198 
  - Change plugin to one that supports vc-jose-cose with VCDM 2.0
    https://github.com/w3c/vc-json-schema/pull/196 

* w3c/vc-data-integrity (+5/-3/💬15)
  5 pull requests submitted:
  - Add section on Resource Integrity and `digestMultibase`. (by msporny)
    https://github.com/w3c/vc-data-integrity/pull/174 
  - Add section on "Other" Security and Privacy Considerations (by msporny)
    https://github.com/w3c/vc-data-integrity/pull/173 
  - Add guidance on context and URL caching in general (by msporny)
    https://github.com/w3c/vc-data-integrity/pull/172 
  - Updated the vocabulary and added a diagram (by iherman)
    https://github.com/w3c/vc-data-integrity/pull/171 
  - Fix basic requirements of `proof` (by TallTed)
    https://github.com/w3c/vc-data-integrity/pull/166 

  5 pull requests received 15 new comments:
  - #171 Updated the vocabulary and added a diagram (7 by dlongley, iherman)
    https://github.com/w3c/vc-data-integrity/pull/171 [before CR] 
  - #163 Adding domain and defined_by to revoked (1 by msporny)
    https://github.com/w3c/vc-data-integrity/pull/163 
  - #162 Add `cryptosuiteString` subtype for the `cryptosuite` property. (1 by msporny)
    https://github.com/w3c/vc-data-integrity/pull/162 
  - #155 Add text on difference between proof and VC validity periods. (4 by David-Chadwick, TallTed, msporny)
    https://github.com/w3c/vc-data-integrity/pull/155 
  - #145 Extended proof chain algorithms (2 by Wind4Greg)
    https://github.com/w3c/vc-data-integrity/pull/145 

  3 pull requests merged:
  - Adding domain and defined_by to revoked
    https://github.com/w3c/vc-data-integrity/pull/163 
  - Add `cryptosuiteString` subtype for the `cryptosuite` property.
    https://github.com/w3c/vc-data-integrity/pull/162 
  - Add text on difference between proof and VC validity periods.
    https://github.com/w3c/vc-data-integrity/pull/155 

* w3c/vc-di-eddsa (+1/-1/💬1)
  1 pull requests submitted:
  - Simplify language that warns of invalid examples (by seabass-labrax)
    https://github.com/w3c/vc-di-eddsa/pull/59 

  1 pull requests received 1 new comments:
  - #55 Cryptosuite Naming: Update example 3 and data integrity test vectors (1 by msporny)
    https://github.com/w3c/vc-di-eddsa/pull/55 

  1 pull requests merged:
  - Cryptosuite Naming: Update example 3 and data integrity test vectors
    https://github.com/w3c/vc-di-eddsa/pull/55 

* w3c/vc-di-ecdsa (+3/-1/💬7)
  3 pull requests submitted:
  - Add pointers back to Data Integrity Privacy and Security Considerations sections (by msporny)
    https://github.com/w3c/vc-di-ecdsa/pull/33 
  - Simplify language that warns of invalid examples (by seabass-labrax)
    https://github.com/w3c/vc-di-ecdsa/pull/31 
  - Update selective disclosure functions and their use in ecdsa-sd sign, derive, verify. (by dlongley)
    https://github.com/w3c/vc-di-ecdsa/pull/27 

  2 pull requests received 7 new comments:
  - #27 Update selective disclosure functions and their use in ecdsa-sd sign, derive, verify. (6 by TallTed, Wind4Greg, dlongley)
    https://github.com/w3c/vc-di-ecdsa/pull/27 
  - #24 Change poison graph mitigation into advisement (1 by msporny)
    https://github.com/w3c/vc-di-ecdsa/pull/24 

  1 pull requests merged:
  - Change poison graph mitigation into advisement
    https://github.com/w3c/vc-di-ecdsa/pull/24 

* w3c/vc-jwt (+3/-2/💬3)
  3 pull requests submitted:
  - Update examples (by OR13)
    https://github.com/w3c/vc-jose-cose/pull/139 
  - Editorial clean up (by OR13)
    https://github.com/w3c/vc-jose-cose/pull/138 
  - Add section on wallets / clients (by OR13)
    https://github.com/w3c/vc-jose-cose/pull/137 

  2 pull requests received 3 new comments:
  - #137 Add section on wallets / clients (1 by OR13)
    https://github.com/w3c/vc-jose-cose/pull/137 
  - #123 Address Ambiguity Regarding Multiple Structured Suffixes (2 by OR13, Sakurann)
    https://github.com/w3c/vc-jose-cose/pull/123 

  2 pull requests merged:
  - Editorial clean up
    https://github.com/w3c/vc-jose-cose/pull/138 
  - Address Ambiguity Regarding Multiple Structured Suffixes
    https://github.com/w3c/vc-jose-cose/pull/123 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/vc-data-model
* https://github.com/w3c/vc-test-suite
* https://github.com/w3c/vc-imp-guide
* https://github.com/w3c/vc-use-cases
* https://github.com/w3c/vc-json-schema
* https://github.com/w3c/vc-data-integrity
* https://github.com/w3c/vc-di-eddsa
* https://github.com/w3c/vc-di-ecdsa
* https://github.com/w3c/vc-di-bbs
* https://github.com/w3c/vc-jwt
* https://github.com/w3c/vc-status-list-2021


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 21 August 2023 17:01:18 UTC