[MINUTES] W3C CCG Credentials CG Call - 2023-02-07

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2023-02-07/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2023-02-07/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2023-02-07

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Feb&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords
Present:
  Jennie Meier, Keith Kowal, Rebal, Harrison Tang, Jack, Sandy 
  Aggarwal, Bryan Luisana, Gregory Natran, Anil John, Kaliya Young, 
  Will, Erica Connell, Jeff O - HumanOS, Andres, Sharon Leu, Kerri 
  Lemoie, Andrew Whitehead, David I. Lehn, Stuart Freeman, John 
  Kuo, George Lund, Dmitri Zagidulin, Manu Sporny, Nate Otto, Marty 
  Reed, Phil L (P1), Christopher Allen, Brian Richter, Joe Andrieu, 
  Orie Steele, James Chartrand, Leo, Paul Dietrich GS1, Kayode 
  Ezike, Kimberly Linson, Bob Wyman, BrentZ, TallTed // Ted 
  Thibodeau (he/him) (OpenLinkSw.com), John Henderson, Brent 
  Shambaugh, Juan Caballero

<harrison_tang> We'll start in a minute
Our Robot Overlords are scribing.
Harrison_Tang: So thanks for attending everyone will start this 
  week's w3c ccg meeting today are we are pleased to invite the 
  Jack and rebel from tomomi Foundation to lead and present on the 
  topic of multi signature verifiable credentials and conditional 
  proofs but before we get to the main agenda just want to remind 
  everyone to couple.
<john_kuo> Could Rebal mute please?
Harrison_Tang: It's tough so the first thing is the code of 
  ethics of professional conduct just want to make sure that we 
  hold a respectful conversation and we pay respect respectful to 
  each other quick IP note anyone can participate in these calls 
  however all substantive contributions to any CG work items must 
  be members of the ccg with for IP our agreement signed make sure 
  you have a copy 3C account and if you encounter.
Harrison_Tang:  any issues feel free to contact me or any of the 
  colors.
Harrison_Tang: I will send you the link and the links are also 
  included in the email agendas I said every week.
Harrison_Tang: Quick call notes these are meetings are being 
  recorded and the meeting minutes are an audio recordings can be 
  found in our GitHub link and we usually get out these 
  transcriptions everything within the same week if you have any 
  questions on that just let me know.
Harrison_Tang:  we used to have.
Harrison_Tang: Uh GT chat to Q speakers so you have any questions 
  just typing cute plus to add yourself to the Q where Q - to 
  remove that and yes and you can do a Q&A question mark to see a 
  who is in the cube.
Harrison_Tang:  all right.
Harrison_Tang: That introductions and reintroduction so you're 
  new to the community or you haven't been active and once you 
  introduce yourself please feel free to unmute.
Harrison_Tang: Okay I'll call I'll leave about 23 minutes for at 
  the end of the meaning for introductions reintroductions as well.
Harrison_Tang: Any announcements were reminders.
Harrison_Tang: Haemon you please.
Manu Sporny:  Thanks Harrison I'm going to share a couple of 
  things so the first note is that the verifiable credentials 
  working group face-to-face meeting in Miami is now at capacity so 
  we can't take any more folks in person we were at the limit to 
  what the room can hold but you can still attend.
Manu Sporny:   Motely if you'd like.
Manu Sporny:  You just need to talk with the chairs to do that 
  the agenda has been published and this is this is the agenda 
  which is public we're going to be talking about holder binding 
  media types content types and how they recite we relate to VC J 
  WS cozy those kinds of things.
Manu Sporny:   We're going to be talking.
Manu Sporny:  Points like evidence status list rendering terms of 
  use we're going to be talking about terminology that's day 1 Day 
  2 will be verifiable credential data integrity and the crypto 
  sweets around that as well as VC jot and then some issue 
  processing and then day 3 will be a discussion around whether or 
  not at context is going to be optional or not some industry news 
  which will.
Manu Sporny:   More than likely.
Manu Sporny:  Be off the Record so that people can share more 
  about around what's happening so that we can all hopefully 
  coordinate things that are going on and then.
<manu_sporny> VCWG F2F Agenda: 
  https://docs.google.com/spreadsheets/d/1c16F5VOwIFvCrZRPzwUHSw2LvpJQRQGFGJtDv2xC_OM/edit#gid=0
Manu Sporny:  You processing and then closing out with 
  deliverables the things that we believe we are going to be able 
  to accomplish so that's the agenda it's on the public mailing 
  list I can put the agenda here in the chat Channel b c WG F 2f 
  agenda so that's that and then second announcement is and give me 
  a second I've got to find a.
Manu Sporny:   Window that's going to be difficult.
Manu Sporny:  Apologies I've lost it.
Manu Sporny:  Has to do with the.
<christophera> @manu, is there any agenda on selective disclosure 
  (in particular hash-based like SD-JWT and JSON-LD Merkle?
Manu Sporny:  The announcements around like all the things that 
  are going on in the working group so basically every week we get 
  a list of things that the working group has been working on in as 
  you might have seen that list is getting longer and longer.
Manu Sporny:  So there is a lot that's going on in the verifiable 
  credentials working group right now we get a summary of meaning 
  meaning this this group gets a summary of what goes on there from 
  week to week but it's called the weekly you know digest here ago 
  I found it kind of crappy version of it.
Manu Sporny:   But as.
Manu Sporny:  You can see here they're like these are all the 
  concurrent conversations the pair of sorry the parallel 
  conversations that are happening right now in the verifiable 
  credentials working group so these are all like this is just last 
  week like these are just the items we talked about last week so 
  20 issues 52 comments in just you know the VC data model 
  repository with many more repositories have in common so it's.
Manu Sporny:   Getting highly likely that.
Manu Sporny:  Going to miss.
Manu Sporny:  To keep up keep up so I'm just letting you know 
  everyone know that keep your eyes peeled every Monday at around 
  12 p.m. this summary sent out in we are processing a lot of 
  issues in parallel in coming to resolution and doing PRS and 
  closing those issues so just be you know pay attention to that 
  going on that's it.
Harrison_Tang: Thanks Bonnie yeah look at that the VC working 
  group agenda it's a it's a basic it's like three days of good 
  conversation so I'm actually going to invite Oliver there's a 
  good thread around the holder binding the topic of The polder 
  Binding so we'll have Oliver and the authors of that paper to 
  actually be the discussion around holder by the the topic of all 
  the binding April and then at the end there's probably other good 
  topics in those agenda.
Harrison_Tang:  that we might want to invite them to.
Harrison_Tang: Those discussions and actually educate some some 
  of the folks here including myself on those issues cool any other 
  agenda any other announcement or reminders.
Harrison_Tang: So in the email I sent out there is a link to the 
  w3c calendar so we have the agenda actually schedule the topic 
  schedule until the mid April so if you have any other topics that 
  people want want us to kind of put into the schedule please feel 
  free to email any of the cultures.
Harrison_Tang: All right any questions on the work items or any 
  comments or things that people want to bring up in regards to the 
  work items.
Harrison_Tang: All right let's get to the main agenda so today we 
  are very pleased to have Jack and Gribble Fontenot Me Foundation 
  to present and lead a discussion on both highs signature 
  verifiable credentials and conditional proofs I think there was a 
  very interesting thread couple months ago in regards to this 
  topic and there are also other you know threats in regards to 
  what multi signature verifiable credentials and.
Harrison_Tang:  these kind of topics so I think it's.
Harrison_Tang: It to actually have a meeting and live discussion 
  on this topic so I'll kind of hint the end of floors to Jack and 
  rebel and let them kind of lead these these discussions thank you 
  Jeff.
Manu Sporny:  Yes I have one so first first up this is this is 
  great like really really cool you know the whole concept of you 
  know verifiable signatures and kind of cryptographic circuits and 
  that sort of thing is great and totally got the use cases those 
  make a ton of sense as well I'm wondering is this formulated in 
  maybe I missed it earlier I saw the verification method and.
Manu Sporny:   And how they're all that kind of condition.
Manu Sporny:  Russians they're the signature itself I think is 
  what you're walking us through right now Rebel is is the 
  expression a single signature or is it like a modified JWT or is 
  it Ray of signatures what does the like I see this but is this 
  mean this means that you've basically your signature is a JWT.
Manu Sporny:   Duty and then it.
Manu Sporny:  Other jwt's within the signature structure is that 
  correct what is a signature look.
Harrison_Tang: Sorry Christopher has acquired question 
  Christopher.
Christopher Allen:  Yeah yeah one of my questions is increasingly 
  we're looking at scenarios that where there is a mixed of mCP 
  based thresholds which you don't actually know that the 
  thresholds are there do you have any way of marking hey you know 
  this is a single signature but it is in fact you know a you know 
  a threshold to of.
Christopher Allen:   Three you.
Christopher Allen:  You know ecdsa mCP or anything you know do 
  you deal with any of those types of issues thanks.
Christopher Allen:  It's a little more subtle to that but all may 
  be taken offline.
Christopher Allen:  It's so aggregate of all like frost there's 
  also one now for ecdsa that coinbase and other people are doing 
  we're basically you're doing you know you're doing signing 
  operations but at no point is there a single private key ever on 
  any single machine so it is a kind of multi.
Christopher Allen:  Computational process Frost is the one I like 
  to use but there's several of these.
Christopher Allen:  Okay just for your information they.
Christopher Allen:  Right but just the result is exactly the same 
  as a regular Fingal signature but in fact was created by multiple 
  keys so that's I just say it's more of a a you know how does an 
  organization know that that was done.
Harrison_Tang: Sorry I have a quick question so earlier you 
  mentioned is a nest is signature and I'm wondering can you 
  actually check and verify one of the nest of signatures or you 
  have to do it all check and verify all signatures out at once.
Harrison_Tang: Got it thanks.
Harrison_Tang: Yes but then you stash the case then the sequence 
  of the signatures quite important right you can actually get to 
  the bottom of the stack basically at first basically right.
Harrison_Tang: Got it and by the way I think still you have a 
  very on the in the speaker cue.
Phil_L_(P1): Right yeah can you hear me okay thankfully I had two 
  questions you just answered this the second one which is order is 
  not being checked and doesn't matter in this particular instance 
  but the first question is just practical question can you give 
  any sense as to how much additional size is a crude when you 
  start having four five six embedded signatures as part of the 
  process how much how much boat are you adding to the credential.
Phil_L_(P1): Renee right right great thank you that helps.
Harrison_Tang: Mommy in your in the queue like I think you have a 
  comment.
<orie> base64url No pad ; )
Manu Sporny:  Thanks yeah there there's effectively you know when 
  you Basics T4 in code something my presumption here is you're 
  doing Basics you for URL encoding when you Basics you for encode 
  something you have 33 percent bloat over the standard binary size 
  and then as you embed those things inside one another the bloat 
  kind of goes up so the more complex these signatures are just 
  purely because of the way John.
Manu Sporny:   It's work and they 64 encoding Works you're going.
Manu Sporny:  See you know a doubling you know and then a 33 
  percent overhead at every single nested level in and I you know I 
  should I think we should clearly outline that like this is not a 
  bad thing like if you need conditional signatures of this kind 
  and you want them to you know provide like fairly complex 
  scenarios you are probably okay with the signature sizes getting 
  very large.
Manu Sporny:  Roaches are mitigated with some of the techniques 
  that Christopher was talking about like they're near signature 
  formats that you know don't grow in size like this but again I 
  mean that requires you to step away from the Jaw tooling to take 
  advantage of those things and so it really it's really use case 
  dependent you know I don't think people should look at this as 
  like you know a terrible thing it's just you know one of the 
  costs of associating.
Manu Sporny:   Of using these.
Manu Sporny:  Elegies and fundamentally it's probably not a big 
  cost given kind of the value that you're getting out of the 
  signature.
Manu Sporny:   That's it.
Harrison_Tang: Thank you Mom you Bob I think you're in the queue.
Bob Wyman:  Yeah simple question my apologies if it's dumb but 
  question is is there anything inherent in the design that would 
  prevent you from adding ordering conditions like a condition 
  after will say that required weapon used some other some other 
  signatures having been.
Bob Wyman:  Okay I just wanted to check if there was anything 
  that would prevent it.
Bob Wyman:  Prevent one from say having a condition app.
Harrison_Tang: Bonnie you have a comment.
Manu Sporny:  Yeah Bob if your question is around like can you 
  determine if the sequence of signatures happen in a certain way 
  there are other Cryptids sweets that you know provide that so for 
  example like the data Integrity stuff that's going through the 
  verifiable credential working group right now has the concept of 
  set signatures like a set of signatures where you don't really 
  care it's just you you want to make sure that there were like 
  five signatures on this verifiable credential for whatever 
  reason.
Manu Sporny:   So set.
Manu Sporny:  Are supported just with base data Integrity stuff 
  and then chained signatures so you have a chain of signatures or 
  a series of signatures that have to follow a specific order 
  that's a part of just kind of the Baseline data Integrity 
  mechanism as well so there could be ways of combining like what 
  we're looking at here with those other more.
Manu Sporny:   Or lower level.
Manu Sporny:  Primitives that are available in the data Integrity 
  stuff to get to what you're what you're you know asking about and 
  those things are going to be through you know this the standards 
  process there are Global standards track features at this point.
Harrison_Tang: Right we will take one more question and we'll 
  that Jack and we're both like move out with the rest of the 
  presentation the Christopher you have the for.
Christopher Allen: 
  https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Multisig.md
https://docs.google.com/presentation/d/13jaeireCRFoI1jFPFkbwBhTMQgUG7zEHRjmq0PWz-CI/edit?usp=sharing
Christopher Allen:  Right thank you yeah I think one of the 
  things that we discovered when we were working on some similar 
  stuff I put a link into the chat for document on how to design 
  multisig thresholds and quorums and things of that nature and is 
  that then to be able to do the kind of next operation then you 
  need to be able to have Smart signature operations that can 
  refer.
Christopher Allen:   Two smart.
Christopher Allen:  In a prior object because these things are 
  when you were you talking about this particular structure is 
  great for evaluating this this you know these things are all kind 
  of signed at the same time of the same data but when you're 
  trying to verify use a signature to verify that another signature 
  was valid was valid you have this sort of layer problem because 
  you're basically having to create.
Christopher Allen:   Eight code that then looks at another 
  signature.
Christopher Allen:  Looking at the paint those the payload so 
  it's a lot harder to do those and I also am a little concerned I 
  mean we ended up not we found a way of doing it with threshold 
  signatures instead so we ended up not doing that particular 
  function because it was we had some questions about its security 
  but it's hard creating Court quick creating thresholds and 
  quorums and all that kind of stuff in ways that address all the 
  needs that's it.
<christophera> BTW, there is a transcript of that video at 
  http://diyhpl.us/wiki/transcripts/blockchain-protocol-analysis-security-engineering/2018/2018-01-24-christopher-allen-smart-signatures/
<christophera> The slides are at 
  https://www.slideshare.net/ChristopherA/smart-signaturesexperiments-in-authentication-stanford-bpase-2018-final
<orie> Seems like did web can support that specific type...
<orie> and you don't need to make a new did method.
Harrison_Tang: Thanks Jack thanks though Rebel oh yeah I think 
  you have a comment on the earlier Jack's question.
<orie> I'm not in Q :)
Harrison_Tang: I Keith you're in the queue.
<harrison_tang> haha, sorry, Orie
<orie> I think this was mentioned earlier... 
  https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/
Keith Kowal:  Thanks for this it looks really amazing I I think 
  the challenge I've had with these types of schemes threshold 
  signatures and multisig is not So Much from the implementation at 
  the graphic layer but in the region like how you you organize 
  like multiple collecting wallets from multiple signatures or even 
  like presenting to a signatory like what it is they're signing 
  out maybe this probably not your scope of work but I wonder if 
  you had any thoughts about this.
Keith Kowal:   About how you kind of implement this in.
Keith Kowal:  Real life products.
Keith Kowal:  Or how you collect like if you if you need like 
  three signatures how you how you organize wallets to go collect 
  them.
Keith Kowal:  Cool thank you yeah I think that to me has been the 
  challenge and this and how that that part of it is implemented 
  but yeah thank you.
Harrison_Tang: Christopher you're next in queue.
Christopher Allen: 
  https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Multisig.md
Harrison_Tang: Christopher do you have any comments or questions.
Christopher Allen:  Yes I just put into the chat the again that 
  multisig scenario design thing yes there to answer the previous 
  question a little there is a lot of design that is required and 
  how to assemble and you know for instance you'll run into 
  situations that are not reflected in the conditions but where 
  somebody wants to be the last finer but the fact that they're the 
  last signer is not relevant.
Christopher Allen:   Went to verification it's.
Christopher Allen:  Lay in the process of signing all the others 
  in some kind of partial form along the way so you might have you 
  know you know Joe and Ken are the primary signers and you know 
  the the the the the steel the co only signs after they the first 
  two primary signers have signed so that there's a quorum.
Christopher Allen:  You know that so there's some some things 
  that can happen in the in the process of signings of processes 
  there that really aren't reflect don't need to be reflected in 
  the final conditions because the final condition says hey you 
  know it's there's three of The Five People You know it's valid or 
  two or three or whatever it happens to be so there is a lot of 
  variance there I happen to be a big fan of you know nested 
  thresholds 2 of 2 of.
Christopher Allen:   32 Of Threes is effectively a for of.
Christopher Allen:  But you know it can have a lot of additional 
  properties in the sense of you know emergency signers you know 
  this is often important say with a verifiable credential by an 
  institution where the you really want to have a distributed find 
  any kind of scenario where you know if New York is down.
Christopher Allen:   Or is on vacation.
Christopher Allen:  Station or whatever things business processes 
  can still proceed so you know if you're interested in talking 
  more about these types of things you know this is a topic that 
  blockchain Commons has been doing research on and we'd be glad to 
  to do more thanks.
Harrison_Tang: And Bob I think you are next in queue.
Bob Wyman:  Yeah I'm just curious I know that Focus here is on 
  the technology but have you all given much thought to how a user 
  interface might present a particularly an incomplete signature to 
  a user to an end user not a programmer.
Bob Wyman:   You know so that.
<christophera> There are a lot of good lessons on "partial 
  signatures" in bitcoin's PSBT standard, which has evolved. We 
  (Blockchain Commons) have discovered a number of policy 
  (pre-signature) problems as well.
Harrison_Tang: Call any other questions.
Harrison_Tang: Right well thank you thank you Jack thank you for 
  both thank you for by actually Christopher you have a question.
Christopher Allen:  Well it's more of a trying to respond to the 
  last one the user side of this for the you know for signing 
  things is a is a lot harder than a lot of people think because 
  you end up having to express a signing policy in ways that are 
  you know complex so for instance you know Joe you know.
Christopher Allen:   Oh is the.
Christopher Allen:  Initiate or of a you know again the pre 
  signing kind of phase of the policy and he needs to explain why 
  you know other parties might need to sign it or why they're 
  you're taking advantage of an emergency signer or or you know why 
  an emergency signers required and and you know that there is a 
  flow of things sometimes people want to be the last sign or they 
  don't want to be the first signer.
Christopher Allen:   Etc so it turns out it's a lot.
Christopher Allen:  A hard problem there have been some good 
  lessons in Bitcoins partially signed Bitcoin transactions from 
  the very first version of it which had really no made a data to 
  later versions that allows for more metadata to be put into it so 
  there's some lessons there I imagine other cryptocurrency work on 
  Multi signatures may also you know give you some UI tips there 
  but you know my my biggest.
Christopher Allen:   The thing is that the the.
Christopher Allen:  Anything is actually a lot harder you xy's 
  and you might think it is that's it.
Harrison_Tang: You Christopher Keith yeah before.
Keith Kowal:  Yeah I just want to follow on from that comment 
  yeah I mean I totally agree I think if you have like a back-end 
  let's say like a work day that how already has those kind of 
  orchestration features available as part of their bread and 
  butter then it's fairly like system like you know it got big H HR 
  System can do that but it's like how do you do in a decentralized 
  way I would suggest like we maybe need like like new parameters 
  which basically like the purpose that you're asking someone to 
  sign or things like that that would have to be populated so.
Keith Kowal:   Yeah it's just an echo it's a really tough problem 
  and in the decentralized world and.
Keith Kowal:  Always back to having to build an orchestration 
  and.
Harrison_Tang: Cool I have a question for Christopher so what's 
  the trade-off between the like the complexity flexibility of the 
  business logic versus like performance payload and things like 
  that like for example earlier you mentioned about thresholds 
  signatures I think it sounds it sounds cool but what's the how 
  much complexity like payload and performance trade-offs are 
  there.
Christopher Allen:  Well for this particular approach to it the 
  conditionals which I'm at by the way a big fan of just because of 
  its Simplicity is yeah you know the objects get bigger and it you 
  know it it can be kind of painful and in that regards but I don't 
  think from a computational perspective that it's particularly 
  challenging.
Christopher Allen:   You know some of the.
Christopher Allen:  The other threshold Technologies and stuff 
  are you know sometimes don't run on small devices in particular 
  small signing devices so for instance we had a whole conversation 
  last week at the Silicon Salon that we host on how to accelerate 
  you know some of those types of operations on new emerging chips.
Christopher Allen:   Soooo so.
Christopher Allen:  You know there's some issues with some of the 
  more advanced cryptographic operations but one of the things I 
  another kind of point I really want to emphasize with people is 
  that you know this in almost all of the language around this we 
  are talking about people signing my gut feel is that these things 
  types of things are going to be deployed you're going to have 
  people who sign things you're going to have come you know.
<orie> How big is too big?... Are there any limits on document 
  size of inputs?
Christopher Allen:  That's fine things that you know have their 
  own policies for how they sign it so one person may be actually 
  represented by a quorum you know it's like it's his ring it's his 
  phone and it's you know his company cloud service and the all 
  those are the three you know three signatures but it's one person 
  I also think that you might have signatures where you know this 
  is not valid unless the accounting server says the budget is 
  available has been approved.
Christopher Allen:   Moved for it and.
Christopher Allen:  Put in the budget and what the budget numbers 
  are and all that kind of stuff into the conditional you just 
  simply say Hey you know it requires a you know you know some 
  Quorum of accounting Surfers to say yes it you know it meets the 
  budget and it there is no they can't sign by themselves because 
  there's a different threshold that is the personal approval all 
  they're doing with their threshold is dealing with the you know 
  yes it has met you no sir.
Christopher Allen:   In kinds of non you know human conditions.
Christopher Allen:  So there's a richness there that I think is 
  going to emerge.
Harrison_Tang: Well thank you thank you Christopher we're we have 
  two more minutes so we'll take two last comments or questions and 
  then if you have to drop just want to give a quick note for next 
  Tuesday we'll have Korea to talk about the ca California vital 
  records all right pop you're next.
Bob Wyman:  Yeah I just wanted to support what I think it was 
  Keith had said about purpose the reason I asked the question 
  about presentation was it seems to me that as these conditions 
  become more and more complex.
Christopher Allen: +1
Bob Wyman:  Really complex bullion's here it'll be important to 
  have some way to carry along some non machine data that explains 
  to people why their signatures may be required a particular 
  points and why they're you know why the lodge why the structure 
  is the way it is and I just think it's important that we remember 
  that in order to present this stuff to people.
Bob Wyman:   Well we are.
Bob Wyman:  Have to explain to them have something other than the 
  raw signature code to explain to them what they need to do and 
  why they need to do it.
<christophera> …And, some of these prelim metadata will need to 
  be signed, but not included in final conditional.
Harrison_Tang: Thanks and Jack I think you can close the today's 
  that discussion and presentation thanks.
<christophera> If there are those interested in the pre/partial 
  signing policy use cases & requirements, contact me.
Harrison_Tang: Yes so I think first of all in regards to getting 
  more people involved like if you could send send me the links 
  then I can or you can just reply back to the the the agenda that 
  I sent out where I can stand on no set up for you to the ccg 
  mailing list in regards to the question about how to represent 
  conditional proof PID method I think Corey earlier made a comment 
  that you.
Harrison_Tang:  might not need to create a new method you.
Harrison_Tang: You can just use the web GID method and then 
  lastly in regards to update the name and merge the pull request I 
  can know talk to Mike unfortunately he cannot make it today I can 
  talk to Mike and then maybe manyu and then we can if there's no 
  objections I don't think so there's no objections we can actually 
  just do it.
Harrison_Tang: Actually I think Bumble fudgy I think you have a 
  comment to make during the Q.
<orie> I can merge PRs at DIF.
Juan Caballero:  I was just going to say I don't know I think 
  those are dormant work items that diff so I'm not even sure who 
  you talk to about merging them in I think the I'm not sure if any 
  companies are currently going to bump those 2 V 2 when when the 
  VC working group has a stable feet.
Juan Caballero:   To draft of the.
Juan Caballero:  Did we UT and I think they will need to I think 
  those different pose might be very V 1 or V 1 Point 1 so 0 or he 
  says he's he's happy to help I would say that you know it's would 
  be good to combine with a general refresh of those libraries if 
  anyone wants to do that was on was my only suggestion.
Brent Shambaugh: 
  https://github.com/decentralized-identity/did-jwt 
<orie> Yes, those libraries are v1.1 "compliant"
<orie> but with notable problems regarding JSON-LD.
Juan Caballero:  I just meant that if your well or is or is 
  saying in the chat that these libraries are for V 1.1 of the of 
  the VC and the JWT expression or proofing mechanism is changing a 
  lot.
Juan Caballero:   Lot in V2.
<orie> "instead of... vs in addition to... for example"
Juan Caballero:  Avicii so if you wanted to.
Juan Caballero:  So the VC spec itself is changing so if this if 
  did JWT and digital TV see wanted to support or migrate to or 
  have a future version that supports V2 J WT V CS.
Juan Caballero:  Would be a big undertaking and that might be a 
  good time to include this multisig stuff it might you know be a 
  Cooperative thing if you wanted to incorporate.
<christophera> BTW, if SD-JWT comes along, this will also have a 
  huge effect on this, as signers may need raw details that are not 
  available as they selectively disclosed in the VC they sign.
<orie> probably you want to an IETF RFC for this kind of "JWT 
  extension".
Juan Caballero:  Sorry yeah ooh ooh sorry I meant for those 
  libraries I mean I'm saying that if you wanted some you know like 
  a dialogue and cooperation with a company with sorry with any 
  organization or group of people bumping those specs to the newer 
  to have interoperability with V2 conformant JWT systems it would 
  be a good opportunity to.
Juan Caballero:  In this whole teasing stuff.
Brent Shambaugh: https://github.com/mirceanis from Veramo is the 
  primary maintainer of did-jwt
Juan Caballero:  Or you know.
<orie> seems like an IETF thing to extend JWTs, similar to how 
  SD-JWT is at IETF.
<orie> and DPOP is at IETF.
<christophera> (We've been thinking various issues of 
  signing/not-signing elided data in Gordian Envelopes)
Juan Caballero:  There's there's sort of like I've raised to get 
  kind of circumspectly but what I'm saying is I don't know who is 
  actively working on those libraries so I don't think anyone will 
  say no if you put in a non-breaking change that lets additional 
  signature types work but if what you're looking for is more 
  cooperation or checking each other's work then it might you might 
  have to wait till someone bumps that lat.
Juan Caballero:   Prairie to V2.
Juan Caballero:  Or just message me or shh or just message me or 
  said directly.
Christopher Allen:  It is is diff going to be doing FD job 
  because that also has huge implications with all of this.
<orie> I don't think DIF is going to do an item for that, its 
  currently a work item of the OAuth WG at IETF.
Christopher Allen:  The Selective disclosure jot version because 
  basically you have now this problem where you know for various 
  information is being selectively disclosed dust you know the 
  signers may need access to information that is not available in 
  the actual final verifiable credential which makes the multisig 
  complicated I mean we ran into this with gordian envelopes.
<orie> (re SD-JWT)
Christopher Allen:  Give very clear warnings that you know you 
  know information has been delighted that you're signing and so 
  maybe you don't want to sign it but there are cases where you 
  need to sign stuff that is you know that is alighted for specific 
  use cases so again it's you know it if I if there's one thing you 
  guys learned from all of this is that there is a whole different 
  preflighting before signing you know.
Christopher Allen:   Policy process thing that we need to be able 
  to.
Christopher Allen:  And some of these Technologies cause you know 
  we need to articulate the requirements for the policies which is 
  very separate from okay you know here is this final conditional 
  signature that reflects after all the policies have been 
  implemented that you know that you should continue did you can 
  you can rely on this.
Juan Caballero:  So to answer your question on whether that's a 
  work item at diff I haven't heard anyone at differing on it I 
  know that the sum.
Juan Caballero:   SD jail.
Juan Caballero:  T work and the what's called dang it not jwp 
  work the Json web proofs work which was originally incubated at 
  diff has I think they'd both been in been accepted to work in 
  groups or he said in the chat that the oauth working group at ICF 
  is working on SD J WT so I think that might be.
Juan Caballero:   Sort of.
<orie> JOSE WG at IETF was recently re-chartered, and they have 
  asked for I-Ds to be submitted for IETF 116.
<orie> seems like exactly the kind of thing that belongs in JOSE 
  WG at IETF.
Juan Caballero:  But I can't c-diff would necessarily I can't 
  imagine if organizations wanting to incorporate that in general 
  purpose sort of public option Library if they're moving Target 
  and you know I think diff diff folks would probably wait until 
  ATF has a version of it to implement a library and even then it 
  would probably get implemented by one company and donated rather 
  than.
Juan Caballero:   Co-developed in death.
Christopher Allen:  I mean as I understand it St John is based on 
  mobile driver's licenses selective disclosure so it's an 
  important competitive feature.
Juan Caballero:  Yeah it might happen but I haven't heard of 
  anyone doing it at that for donating it sad if it may well be 
  just companies that go to market with that but I don't know.
Harrison_Tang: Jack does that answer your question.
Harrison_Tang: I think we might have lost Jack Jack.
Harrison_Tang: Yes it does that answer your question earlier.
<bumblefudge> mircea
Brent Shambaugh: https://github.com/mirceanis
<bshambaugh> open an issue
<bshambaugh> ?
<bshambaugh> on did-jwt
Harrison_Tang: Yep so I think you have.
<christophera> Ciao!
Harrison_Tang: If you need any help for to connect people from 
  different communities just let me know.
Harrison_Tang: Thank you thanks a lot.
Harrison_Tang: Thanks have a good one.

Received on Tuesday, 7 February 2023 19:20:32 UTC