[MINUTES] W3C CCG Verifiable Credentials API Call - 2023-02-28

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2023-02-28-vcapi/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2023-02-28-vcapi/audio.ogg

----------------------------------------------------------------
VC API Task Force Transcript for 2023-02-28

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2023Feb/0172.html
Topics:
  1. Introductions
  2. Relevant Community Updates
  3. Pull Requests
  4. Presentation of VC API to OWF
  5. Deep Dive on VC API Exchanges
Organizer:
  Manu Sporny
Scribe:
  Our Robot Overlords
Present:
  Manu Sporny, Timothy Summers, Tom S, Greg Bernstein, John 
  Henderson, Dave Longley, Joe Andrieu, TallTed // Ted Thibodeau 
  (he/him) (OpenLinkSw.com), PL/T3 ASU, Patrick (IDLab), Dmitri 
  Zagidulin, John Kuo

Our Robot Overlords are scribing.
Manu Sporny:  All right welcome everyone to the verifiable 
  credentials API work item call this is Tuesday February 28th 2023 
  our agenda is here in the chat Channel.
Manu Sporny:  On the agenda today go ahead and screen share on 
  the agenda today John I believe you wanted to chat a bit about 
  presenting VC API at the open Wallet foundation so we should 
  definitely pick that up and then the rest of the time we had set 
  aside for talking about fee Capi exchanges in kind of discussing 
  what that looks like.
Manu Sporny:   So I apologize that.

Topic: Introductions

Manu Sporny:  These items here that I'm highlighting are not 
  going to be this week unless there are any objections to you know 
  changing our agenda before we get started we will also go over 
  pull requests which were falling I am falling behind on 
  unfortunately we usually start out by doing introductions 
  reintroductions we do have someone new joining us today which is 
  great Timothy would you mind just doing a quick.
Timothy Summers:  Sure sure thanks for the for that and you know 
  really excited to be here with everyone I'm Timothy Summers I'm 
  the executive director of third resident initiatives at ASU and 
  founder and leader of a project that we have here called pocket 
  and you know we're basically building a digital wallet and 
  portfolio that enables Learners to capture their achievement and 
  all kinds of things that they might want to.
Timothy Summers:   Capture like.
Timothy Summers:  And other things skills and knowledge so that's 
  that's me in a nutshell and really excited to be here with the 
  group.
Manu Sporny:  Awesome welcome Timothy great to have you here and 
  as some of you know you know pocket and timotheus S you 
  participated quite heavily in the jobs for the future plugfest 
  number two and if I remember correctly if a long year with ASU as 
  well right okay anyone else want to do introductions.
Manu Sporny:  Position changed his what you're working on changed 
  any updates like that.
Manu Sporny:  Knox we will jump into relevant Community updates.

Topic: Relevant Community Updates

Manu Sporny:  All right relevant Community updates let me 
  Community let me bring up.
Manu Sporny:  Theory there so the verifiable credentials working 
  group the 20 specification is entering feature freeze we will be 
  at feature freeze by the end of March that's the cutoff date so 
  the theory here is that after that date we will only be dealing 
  with issues that are in the current issue tracker their eighty 
  three of those we will only be working on specifications that 
  will have been adopted by that point in we will start ratcheting 
  down.
Manu Sporny:   On the group and getting ready to go into 
  candidate recommendation.
Manu Sporny:  Which is when we actually start implementing the 
  specification around the summer so again those dates are feature 
  freeze for everything in the verifiable credentials to a working 
  group by end of March so we have month and then Canada Trek which 
  is we tell the implementers to start implementing the spec is 
  stable around the summer at some point probably towards the end 
  of the summer.
Manu Sporny:  To go ahead Patrick.
Patrick_(IDLab): How's this going to work out like once V2 is out 
  is it going to supersede V1 or they both going to live side by 
  side meaning implementers could choose to issue V1 credential or 
  is it going to be strongly recommended to migrate towards V2 or 
  is the one going to be deprecated eventually.
Manu Sporny:  That's a great question I don't know the answer to 
  that question typically typically v11 lives out there because 
  you're already seeing the 11 be put into like legislation right 
  and sometimes that gets like the European Union architecture 
  reference you know thing has talks about P11 they will probably 
  update it to V2 but that's not guaranteed so usually the 
  signaling is those of you that are using the 11 you can keep 
  using it it's totally fine.
Manu Sporny:   Fine you know.
Manu Sporny:  You can continue deploying on that and if you like 
  V2 better you can use V2 and then of course the implementers are 
  almost certainly going to be expected to support both V1 and V2 
  the good news there is that they're not horrible breaking changes 
  between the two and so it's a fairly light lifts to support the 
  one with Envy to at this point in time.
Manu Sporny:  But you know.
Manu Sporny:  As with the working groups going to do they might 
  decide to do something totally different right I think it would 
  be good for the whole ecosystem for us to basically strongly urge 
  people to move over to be too it's better right but you know how 
  that works you can't get 100% of the ecosystem to move versions 
  if people have already deployed stuff.
Manu Sporny:  Okay so in order to be ready for candidate 
  recommendation typically a working group it's a good idea usually 
  it used to be like you'd go into candidate recommendation and 
  then you'd like figure out what the test Suite is going to do but 
  it's usually a good idea to have a test Suite well before you go 
  into candidate recommendation so that in you have implementers so 
  that you know you're going to survive candidate recommendation 
  because if you have to remove a feature or change a feature 
  during candidate recommendation you have to effectively.
Manu Sporny:   Give everyone enough.
Manu Sporny:  Effectively a minimum of a couple of weeks to do 
  the rev in usually candidate recommendation you know it's like 
  you're in there for like a minimum of three months run until at 
  least every single feature that the working group wanted 
  implementers to implement is is done so it's a huge pain to have 
  to you know figure out the test Suite while you're you know in 
  the pressure cooker of candidate recommendation so we try to get.
Manu Sporny:   The test Suite done.
Manu Sporny:  Um today we just proposed a test suite for 
  verifiable credentials to 0 at the ccg because the process was 
  was like we incubate stuff in the ccg we make sure that you know 
  it's got buy-in and then once it gets by and then the verifiable 
  credential working group decides whether or not they want to take 
  on the work so earlier today I propose like hey here's a test 
  Suite it's powered by the VC API because we already have.
Manu Sporny:   13 Implementers.
Manu Sporny:  Able to demonstrate interoperability before jmf 
  plugfest 3 and then the chairs were like no don't do this here 
  just bring it straight to the verifiable credential working group 
  so this is I think the chairs wanting us to just not do the 
  incubation and ccg and just put it into the verifiable 
  credentials working group directly so I think that's fine.
Manu Sporny:   They're so.
Manu Sporny:  That's that's happening the other thing is you know 
  or we felt like it's not appropriate for the verifiable 
  credentials working group to use the verifiable credentials API 
  to do testing on the specification.
Manu Sporny:  I don't really understand where that's coming from 
  but there it is and I think my Pro Rock one of the chairs is 
  saying he would rather instead of using the VC API use Postman a 
  human based tests which is what they've been using for the 
  traceability or extreme so with that said Greg maybe you could 
  add the add the color that you added at the beginning of the 
  call.
Greg Bernstein:  Part of wood what I mean that is coming up with 
  the test but then you need an interface to the test and VC API is 
  the simplest interface available and we're not talking about the 
  entire set of e c API we're talking about just some fundamental 
  ways getting the VC's in so we can.
Greg Bernstein:   Test them because I'm working on.
Greg Bernstein:  Test vectors for some of the signing stuff and 
  yeah I'm going to be running you know test Suites.
Greg Bernstein:  But how you get the day to end the test of a 
  true you know and that's what's seems so good about using the VC 
  API I do not know if they were thinking that I'm talking about 
  the whole VC API or not so that was just my impression my my two 
  cents worth.
Manu Sporny:  Thanks thanks Greg thank you very very helpful go 
  ahead Dave and then.
Dave Longley:  Yeah I don't think anyone needs to get the 
  impression that the anyone would be required to implement to this 
  test Suite to be able to prove conformance this is just a test 
  Suite that is one mechanism by which people can demonstrate that 
  they're implementing the data model and whatever to whatever 
  extent we need to make that more clear that would be great this 
  doesn't preclude anyone else from developing their own test 
  Suites and encouraging people to implement against those but 
  this.
Dave Longley:   This is.
Dave Longley:  I've already done that we could use to leverage 
  and provide some signals that some people have actually 
  implemented the 20 demo.
Manu Sporny:  Thanks Dave Patrick.
Patrick_(IDLab): Yeah just to follow the same Trend like if we 
  look at the VC test with the first one you know there was the 
  concept of a command line generator and so on and it was not so 
  obvious how it could be run I think the way I read this is you're 
  going to abstract this generator concept with the VC API which 
  going to sort of act as your generator meaning it's just going to 
  take an input and return a verifiable credential and I think that 
  only.
Patrick_(IDLab): Two routes the credentials issue and probably 
  presentations prove which are very I don't know even the way I 
  see it pretty simple and points and shouldn't be too complicated 
  to implement so yeah I think it makes sense the second sort of 
  parallel wanted to make so the air is Agent this or any as we 
  have What's called the back Channel which is like a common API 
  definition for different Frameworks to be able to be.
Patrick_(IDLab):  called by the test the test Suite.
Patrick_(IDLab): This sort of parallel and it's a system that 
  kind of makes sense and you can do modular test on this defined 
  API and then people can decide which route they want to include 
  and which tests they want to run so I think it's good my one of 
  my question was I was looking that in the document is said to 
  include your implementation and the VC test Suite alimentation so 
  this test suite for VC point to is good is it going to become 
  like another of the test suite for the VC API.
Patrick_(IDLab):  hi or it's going to be sort of this own thing 
  that can leverage their beasts API.
Manu Sporny:  The second thing he said is the intent.
Patrick_(IDLab): Right so it's going to be its own thing but can 
  leverage specific endpoints of the VC API to yeah for me I think 
  that makes it.
Manu Sporny:  Okay thanks Joe Europe.
Manu Sporny:  And you might be double muted.
Joe Andrieu:  Yep extra Hardware button can you hear me now so 
  unfortunately I wasn't able to make the ccg call today they 
  actually can't send it over to the VC WG and they actually also 
  can't stop the work so I think one question is do we feel that 
  this work will survive over 2v C WG in a better way than 
  currently as its incubated.
Manu Sporny:  Yes hmm it's a good question.
Joe Andrieu:  He'll push back just like where you say hey don't 
  do the test Suite with the VC API so I'm not sure the VC w g is 
  a.
Joe Andrieu:  Really going to accept the work.
Manu Sporny:  So let's play out that scenario might look like 
  because we have a process here right so typically we bring it in 
  front of the ccg the ccg chairs in the VC w g chair said they'd 
  get together and figure out what to do there was a clear 
  instruction from the VC WG chair that we should just bring it 
  directly to the VC working group if for whatever reason it is 
  rejected there and I think that.
Manu Sporny:   There's a sensitivity here that some in that 
  group.
Manu Sporny:  At this would be the V CW G blessing the VC API as 
  a valid way to do something and that it that that that could send 
  the wrong signals in the market for the people that want like oid 
  see to be the one you know protocol to movie seas around in I 
  would imagine that that is probably the reason people might - one 
  that because the all other are the.
Manu Sporny:   Reasons don't make a whole ton of sense as.
Manu Sporny:  Didn't saying but let's say that that happens in 
  this is rejected this work items rejected from the VC WG then we 
  just bring it back to the ccg and go the process is we have two 
  people that want to work on it from independent organizations and 
  we're going to do the work in the ccg then in if anyone wants to 
  demonstrate interop we've got 13 implementers that are already 
  doing it and we can just you know move them into the thing and 
  then.
Manu Sporny:   Then you know and then we go from there right I 
  mean as Dave.
Manu Sporny:  Had you know there doesn't have to be just one 
  conformance test Suite they can be multiple especially if what 
  they're doing is just looking at the conformance statements in 
  the specification and writing test for that so you know if that's 
  kind of although Joe I you know I think that's kind of a worst 
  case scenario and I don't necessarily want to believe that people 
  would act in bad faith in that way you know how a test Suite is 
  implemented is entirely.
Manu Sporny:   E up to a working group and there's nothing that 
  says that.
Manu Sporny:  Is the working group used a particular technology 
  that their blessing that technology because that same argument 
  would apply to postman and Newman like you know if we decide to 
  do the tests instead of using the VC API using Postman and Newman 
  then the then the group is blessing the use of Postman and Newman 
  in you know the verifiable credentials ecosystem which we're not 
  like that it's not doing that right it's just we've tried to 
  reuse software infrastructure that we've invested in over the 
  past.
Manu Sporny:   Two plus years I anyway that's my my two.
Manu Sporny:  Patrick you're up.
Patrick_(IDLab): This I pathetic old that they will feel like 
  this is superseding like oh I DC for VC R something like it's not 
  based on misconception because this test we doesn't test like the 
  delivery or the exchange is really just to test the data model so 
  is that just a misconception of what the VCA Pi component really 
  means in this test Suite.
Manu Sporny:  Correct it's a misconception but there's a question 
  around if it's.
Manu Sporny:  You know if it's a if it's being done on purpose or 
  if there is actually truly a misconception.
Patrick_(IDLab): Right yeah okay.
Manu Sporny:  W I think we're entering into kind of tech industry 
  politics at this point you know it's kind of like if they're 
  people that don't want to see something happen they will find 
  many reasons that sound technical to not do it but you know 
  fundamentally it's because the vendor might be positioning for a 
  certain solution to win in the market.
Manu Sporny:  So I think they're you know they're they're very 
  strong technical Arguments for why makes a lot of sense for VC 
  API and all that kind of stuff I just think we should clearly be 
  aware that there are some vendors out there that view PC API as a 
  threat to their you know business models or at least their techno 
  technological solutions they're proposing to their customers.
Manu Sporny:   But all that said.
Manu Sporny:  Probably overthinking this let's just you know 
  unless there are any objections you know we let's just take it to 
  the VC working group and have the debate there and see you know 
  if they're legitimate you know concerns technical concerns and 
  then and then go from there I do think those of you that are in 
  that working group need to help us to make sure that we keep the 
  group focused on legitimate technical concerns and not like.
Manu Sporny:  Ends political arguments and things of that nature 
  because that has kind of we've seen a little bit of an uptick in 
  those sorts of arguments in the working group so would appreciate 
  everyone's help to try and focus the concerns on technical 
  concerns and things of that nature anything else with respect to 
  relevant Community updates or anything else we should talk about.

Topic: Pull Requests

Manu Sporny:  Okay we can cover pull request really quickly but 
  the short of it is that I haven't had a chance to process a 
  number of these pull requests apologies for that the feature 
  freeze in the verifiable credentials working group is taking 
  priority.
Manu Sporny: https://github.com/w3c-ccg/vc-api/pulls
Manu Sporny:  Here's the link and here are the pull request so 
  there is a new one which is Marcus has basically said that as a 
  number of you know Marcus you know was one of the initial authors 
  of the VC API and he hasn't had enough spare Cycles in the last 
  few months to participate but he Danny attack continued will 
  continue to implement VC API in their products so there's 
  support.
Manu Sporny:   I hear but he's just like I really.
Manu Sporny:  I'm off of the off of the spec because I'm not able 
  to participate he's also in Europe This is a late call for him so 
  that's the only new pull request will process that after this 
  this heads up to everyone else all the other PRS are just kind of 
  waiting for people to fix them so that we can merge that's it for 
  PR's any any questions concerns.
Manu Sporny:   About PR's before we move on.

Topic: Presentation of VC API to OWF

Manu Sporny:  Okay let's see next topic is presentation of e c 
  API to owf John Dee wanna take us through this one.
John Henderson:  Sure yeah thanks thanks menu.
John Henderson:  Start I can do it a brief intro of myself a re 
  intro I'm a software engineer at energy web we are an 
  organization a non-profit I using decentralized technology for 
  the energy industry and we have a VC API implementation so what 
  I'd like to introduce here is how we say pi and the open wallet.
John Henderson:  Good collaborator or what the link is there so 
  I'm not really associated with the open world Foundation directly 
  but I've been following them moderately closely for the past few 
  months.
Manu Sporny: https://openwallet.foundation/
John Henderson: 
  https://www.youtube.com/watch?v=e1cdZ_Nzo_U&ab_channel=TheLinuxFoundation
John Henderson:  Maybe I can start with a 30-second background on 
  the open world Foundation at thanks for calling it up manual for 
  folks who aren't familiar with it so they have recently formally 
  launched within the past week or so I have the link to their 
  launch presentation handy and their focus areas are not 
  governance not trust Frameworks.
John Henderson:   Words by writing code.
John Henderson:  So what they want to do as I understand is have 
  a set of Open Source software components between that Implement 
  some standards and and they're not looking to develop those 
  standards and other looking to put out wallets to end users but 
  rather just have the components.
John Henderson: 
  https://github.com/openwallet-foundation/architecture-task-force/wiki/2023-02-13-Meeting-Minutes
John Henderson: 
  https://github.com/openwallet-foundation/architecture-task-force/wiki/2023-02-20-Meeting-Minutes
John Henderson:  Wallace Foundation architecture task force which 
  meets every Monday and they've had some presentations over the 
  past few months I'd say and recently they had for example 
  presentation from the did Cam community and I think those it 
  lasts two weeks ago maybe it was one on the Aries Community or 
  there is code.
John Henderson:  So I thought that maybe this would be a good 
  time to reach out to the open Wallet Foundation architect your 
  task force and potentially present VC API to them or introduce 
  PCI emission dcpi in some way and I think it's it's important 
  because like man you mentioned it's important to have an 
  implementation is Avicii API and I think the open wall Foundation 
  could be a notable fermentation of the Capi.
John Henderson:   And I didn't feel comfortable.
John Henderson:  Go into the open world Foundation as kind of a 
  representative or really even saying too much will be C API 
  because I don't feel as though I'm the most knowledgeable but 
  about VC API and I want to duvet Capi Justice I think we can you 
  can do better if I get support from the community.
John Henderson:  Maybe I can leave it there my objective is to 
  discuss this and ideally come up with the next steps for how we 
  can perceive get any thoughts.
Manu Sporny:  Excellent thank you John Patrick Europe.
Patrick_(IDLab): Yeah so just a few things so when I said.
Patrick_(IDLab): So I work sorry for just say who I am sorry I 
  work in Canada I work for the digital identity laboratory of 
  Canada so we helped to break adoption barriers to digital 
  identity so it's a very broad scope we are involved with 
  provinces here implementing the pan-canadian trust registry which 
  is based on a very hyper Ledger Indian Aries so we are quite 
  aware of the.
Patrick_(IDLab):  open Wallet found.
Patrick_(IDLab): One question that was asked when I shared that 
  the VIS API was to be presented to the open Wallet Foundation was 
  why what's the purpose what's the goal of presenting this so I 
  think that's probably one thing that should be kept in mind when 
  presenting is why are you presenting this to the open Wallet 
  Foundation my second point is most probably the focus should be 
  made on.
Patrick_(IDLab):  change and how.
Patrick_(IDLab): You see API would interface with a wallet or a 
  holder component and yeah that's I think that's pretty much my 
  comments I had.
Manu Sporny:  Great thank you Patrick totally agree with that I 
  think that's exactly where we should potentially start out I mean 
  one of the things hopefully I'll everyone can see this the the 
  meetings that they've had so far have been fairly varied and wide 
  in the types of things that they're you know talking about but I 
  totally agree with you know Patrick we should probably focus on 
  like what parts of the VC API could be used in.
Manu Sporny:   Digital wallets or.
Manu Sporny:  Being used in digital wallets today like the 
  exchanges stuff.
Patrick_(IDLab): Yeah we're like how could the VC API enabled it 
  did come exchange of a credential for example or open or IDC for 
  VC exchange of credential I think this would be an interesting 
  point because the I mean you know the verifiable credential 
  issuance like it's important but I think they are more going to 
  be focused on how can they How could a wallet receive that 
  credential.
Patrick_(IDLab):  I'll store it and present it.
Patrick_(IDLab): This is done mostly by the holder side of thing 
  or the exchange from what I understand on the VCR so far.
Manu Sporny:  Yep +12 that the other important thing in there is 
  that we have that interact mechanism in in it's really in the 
  verifiable presentation you know request/response spec but 
  there's a section in there called interact where which allows you 
  to bootstrap into other protocols so you know you get a request 
  across but in the interact field you can have like a did Cam 
  initiation message and oid for initiation message or.
Manu Sporny:   You know verifiable presentation you know.
Manu Sporny:  So there are other you know there are ways to kind 
  of bootstrap and other protocols that we've got we're working on 
  here Patrick Europe.
Patrick_(IDLab): And it just another idea I had based on what 
  we're seeing earlier about the test Suite maybe maybe present how 
  the VC API could also be used as a way to test wallets with some 
  test Suites not sure if that would be a bit too early to tackle 
  as a front but you know could be interesting.
Manu Sporny:  Yep plus one of that so John I mean um first of all 
  thank you for bringing this up and I think you're you're right we 
  want to tackle this as a community which means that we need you 
  know a volunteer to put together a slide deck so that you know 
  the rest of us can kind of review it and make sure it's 
  communicating the thing that we think would be good and then of 
  course we would probably want to show up to that call as a 
  community to provide the support to.
Manu Sporny:   To whoever is presenting so I.
Manu Sporny:  We are right now is you know we'd need those 
  volunteers to work on the slide deck put that together and do the 
  presentation I'm I'm I I'm hesitating I'm not going to be able to 
  do it because of where we are right now in the feature freeze you 
  know Canada Trek phase for the profile credential working group 
  lots and lots of work happening there so Patrick Europe you're on 
  the Queue next and then John go ahead Pat.
Patrick_(IDLab): Just get yes I know while the go like there was 
  a presentation of this VC API to the VC working group maybe can 
  have a look at how that was received what was done as a 
  presentation and maybe use that to you know avoid maybe some 
  mistakes that have been made because from what I understood it 
  wasn't received so well that could be for a bunch of reasons but 
  maybe that could be also used as a.
Patrick_(IDLab):  reference to how to present the beasts API.
Manu Sporny:  Thanks Patrick go ahead John.
John Henderson:  Sure yeah I'm glad to volunteer and help put 
  together this slide Jack or at least coordinate some of the 
  efforts there I didn't want to ask Patrick said will you 
  mentioning that you had brought up you see API to the open world 
  Foundation coordinators are you have it okay all right.
Patrick_(IDLab): No no no no.
John Henderson:  Yeah well I'm like I said I'm glad to take this 
  on maybe I will mention to the open wall and Foundation folks 
  that were interested and just to get it on their radar and 
  perhaps I can add a an upcoming you see I'm eating present a 
  draft or we can coordinate via the the mailing list as well.
Manu Sporny:  Yep that sounds good that sounds like a good next 
  step and then of course you know we can't move forward without 
  that volunteer to put together the slide deck and do the 
  presentation all that kind of stuff so Dimitri I don't want to 
  put you on the spot I remember you Sammy volunteering for that 
  but I don't know how much spare Cycles have.
Manu Sporny:  We miss Ruth misremembering so please tell me if 
  I'm like no I did not.
Dmitri Zagidulin:  I did offer to help I probably.
Dmitri Zagidulin:  Don't want to be the primary point of contact 
  so it'll be about but if somebody like emails Tracy and we got 
  the go-ahead I'm happy to either I temples calls anyways I'm 
  happy to either help answer questions on there or even present.
Dmitri Zagidulin:  Yeah I'm available to support and present 
  shouldn't be relied upon to lead or create the blinds.
Manu Sporny:  Okay thanks Dimitri and thanks for you know being 
  being able to be there in a supporting capacity so John we all 
  keep asking for a volunteer to take lead through the next couple 
  of weeks and then once we get that we'll go from there does that 
  sound like a good next step to you.
John Henderson:  Sure yeah well I'm happy to start taking the 
  lead on this item to put together apposite presentation outline 
  and maybe even some slides.
Manu Sporny:  Yeah that'd be great if you're willing to do that 
  do the work there that be fantastic and then we can provide some 
  feedback and maybe if it's in a shared form we can we can you 
  know all contribute a slide or two okay I think that's good good 
  Next Step thanks again John for bringing that up in and we'll 
  we'll ask again next week and see how things are going okay 
  that's that.
Manu Sporny:   Mm the next item.
Manu Sporny:  Correct me if I'm getting this wrong is discussion 
  around exchanges so deep dive on VC exchanges be Capi exchanges 
  we have another topic that folks needed to cover today or is this 
  the one is this the next one.

Topic: Deep Dive on VC API Exchanges

Manu Sporny:  Okay I'm taking silence to be yes let's talk about 
  API exchanges all right we over the past several weeks have been 
  trying to figure out what end points belong where for the 
  verifiable credentials API and we've gotten through a good we've 
  gotten through good first passive that right so that needs to be 
  turned into pull request but during all of our discussions around 
  what you know bit.
Manu Sporny:   Of API belong on what services.
Manu Sporny:  Or on what components let me bring up this.
Manu Sporny:  This diagram here you know we were talking about 
  which one of these components had which apis on it something some 
  things would go on a you know issue or coordinator of the things 
  would go on an issue or service we had those discussions 
  questions came up about these two arrows here basically this 
  present verifiable credentials receive verifiable credentials 
  basically the exchanges aspect of what happens.
Manu Sporny:   He's in the VCA.
Manu Sporny:  The iso in the section on presenting in the spec 
  today we have three API endpoints I'm going to do a little little 
  bit of a vague hand wave over that you know you can classify 
  these in different ways but we've got like some endpoints that we 
  talked about with respect to X changes in we have this concept of 
  initiating an exchange.
Manu Sporny:  Being in a.
Manu Sporny:  Change so initiating an exchange is can be viewed 
  as an again I'm being I'm not I'm trying not to be too precise 
  with my language initiating an exchange is like me going hey I'd 
  like to see this type of verifiable credential from you or hey 
  I'd like you to do a did authentication and then continuing an 
  exchange is a hey I'd like to see you know let's say you're at a 
  car rental agency hey I'd like to see your.
Manu Sporny:   Driver's license to make sure you can drive and 
  then.
Manu Sporny:  Continuing The Exchange would be okay now that I 
  have your driver's license I would like this other credential 
  from you so you could complete the the the car rental and I see 
  if people have already raising their hands which means they 
  probably got some aspect of this wrong let's go to the cube 
  Patrick Europe then Dave's and Joe go ahead Pat.
Patrick_(IDLab): So regarding and heat exchange is an exchange 
  scope to the interaction or it could I initiate an exchange and 
  then continue that exchange over the span of a month year or so 
  on like let's say if I connect with this car dealership maybe a 
  car dealerships a bad example because you're not going to go back 
  to the car dealership over time but maybe you could like I 
  connect with some kind of service and then I expect to have 
  repeat operation with us.
Patrick_(IDLab):  service what I need to redo it issue.
Patrick_(IDLab): Every time or how how would that work.
Manu Sporny:  It's great question Dave you're up next.
Dave Longley:  Sure with someone else on the Queue because I was 
  I think what I can do is talk about how we're using how are 
  companies using exchanges today and kind of give an overview of 
  that and that might help other people.
Manu Sporny:  Okay so I'll put you behind Joe this at work.
Dave Longley:  Yeah that's fine.
Joe Andrieu:  Yeah my question might make more sense after Dave 
  gives a walk through the main thing that's confusing to me is we 
  seem to be using exchanges in at least three different ways and 
  one of the ways I understood but the way this talks about it and 
  you just now talked about Manu I did not who I and we were in 
  these exchanges like who creates an exchange.
Joe Andrieu:  Change and in particular it seemed to be on a 
  previous call I thought I had an aha that I believe Dave and 
  dumitru both like yeah well I'm glad you finally got that because 
  that's the whole point and that seemed to be about bundling a 
  bunch of parameters and turn it into a short URL or a URL that's 
  the exchange endpoint so that someone can just click on a link 
  and all the information is there that might be needed to satisfy 
  that exchange so.
Joe Andrieu:   So that made a lot of sense to me because it 
  streamlines from processes.
Joe Andrieu:  It in that model you would create exchanges and 
  again the you is part of the ambiguity here but someone who has 
  the authority to would create an exchange and then give the URL 
  for that exchange to someone to go execute that exchange that 
  made sense to me but it seems to be if that's the pattern then 
  the exchanges should just be a shortcut to an existing semantics 
  and that's one of the places where I get confused because I hear 
  oh you would just use an exchange for that as.
Joe Andrieu:   As if we don't need a Symantec endpoint because 
  the exchange does the.
Joe Andrieu:  And that's where I get confused.
Manu Sporny:  Got it thank you for that explanation Joe I think 
  we're your much we're much closer to understanding then.
Manu Sporny:  They're a couple of tweaks on what she said and we 
  can get to full understanding but Dimitri is on the Queue and 
  then Dave Longley to explain so Dimitri go ahead.
Dmitri Zagidulin:  Oh I think I'm on after Dave I was just going 
  to mention how we use exchanges in d.c..
Manu Sporny:  Okay Dave go ahead then Dimitri.
Dave Longley:  Okay sure so hopefully this will touch on some of 
  Joe's concerns and we'll see so the main thing that we use 
  exchanges for today is to facilitate a protocol between a user's 
  client usually a wallet to distinguish it just from like a user 
  agent so it's to facilitate a protocol between the users wallet 
  and the issuer so the protocol involves wallet providing 
  information in an exchange.
Dave Longley:   Change for issued verifiable.
Dave Longley:  It's so the exchange process might require one or 
  more request responses between the parties and another useful way 
  of thinking of exchanges I think is as a way to get a user that 
  starts on a website like on an issuer coordinator website into a 
  flow between their digital wallet and the issuer coordinator 
  through sort of back-end services so our implementation in 
  particular is such that an exchanger service there's an exchanger 
  service that an issue.
Dave Longley:   Inator can use so ahead of any.
Dave Longley:  Losers some administrator for the issuer comes in 
  and creates exchanger instances on this service and an exchanger 
  is based on a configuration that includes access tokens to use an 
  issuer service and a verifier service a set of steps to Define 
  any exchange that's based on that exchanger and a set of 
  templates to be populated with data that's received in and when 
  an exchange is first created.
Manu Sporny:  Hey Dave could we point out in this diagram what 
  things are involved in what you're kind of.
Dave Longley:  So the things that are that exist today in the 
  diagram that are involved would be the issuer coordinator we did 
  what we don't have on here is an exchange or service either the 
  exchanger service could be integrated with the issuer coordinator 
  so maybe just all fits in there are particular implementation as 
  a way to abstract that out into its own risks that the eat that 
  service or the issuer coordinator communicate with an issuer 
  service and a verifier service and those are also on the those 
  diagrams.
Dave Longley:   So the exchanger.
Dave Longley:  This needs the ability to be able to verify things 
  and tissue things and it does that by accessing a verifier 
  service entrance Door Service.
Dave Longley:  So once any one of these exchangers is created the 
  issuer coordinator is given access to use it.
Dave Longley:  Create specific exchanges based on it so when do 
  you create an exchange and whose you use the issuer coordinator 
  so when does an issuer coordinator create an exchange whenever a 
  user comes and visits the issuer coordinator website that 
  websites back end the the issuer coordinator creates an exchange 
  based on one of these configured exchangers I just mentioned the 
  creation of that exchange includes any initial information that 
  might be obtained from the user this might be data that's going 
  to go into a VCS.
Dave Longley:   For example.
Dave Longley:  Or maybe something else and when that exchange 
  gets created it gets its own capability URL that is to be shared 
  with the user The Exchange in our implementation can be created 
  it can be set up to allow the users client to either use the VC 
  API to complete the exchange or oid for for Vis 0 ID for VC.
Dave Longley:   And obviously other protocols.
Dave Longley:  He added into this the capability URL can either 
  be shared on its own with the users client if the users client 
  knows it's a VC API or it could be shared via a VP are we using 
  the interact field it could also be represented as an open ID 
  initiate issuance URL for oid for VC and that URL could be given 
  directly could be given via QR code or could go on the VP are 
  again throughout and Rockfield all of those things.
Dave Longley:   These are possibilities to communicate this 
  capability you are.
Dave Longley:  Her to the client so we can start doing this 
  delivery this exchange and delivery of VCS so the after the users 
  client has this exchange URL it either posts an empty body to the 
  URL to get the VPR or if it already had the VP are they post 
  their BPR response to the url url The Exchange URL then either 
  responds back with another VPR for more information is needed or 
  with a VP that includes the issued credentials.
Dave Longley:   And that that's a rundown.
Dave Longley:  Annotation works and and how these pieces are 
  abstract or part.
Manu Sporny:  Thanks Dave I think it might help if we used a 
  concrete use case to walk through all of that because you know 
  folks aren't familiar with all those pieces I think it may be 
  difficult for them to have followed that Dimitri you're up next.
Joe Andrieu:  Dimitri can you talk a little bit louder.
Joe Andrieu:  Okay that might help thanks.
Dmitri Zagidulin:  I agree with your comment Dave I think I can 
  great use case such as using the exchanges for refresh would work 
  but so before I get into how easily these yeah before actually 
  hold on let me switch to different heads that one second it's 
  better.
Dmitri Zagidulin:  How's this is this better.
Joe Andrieu:  That's much better.
Patrick_(IDLab): This is very good.
Dmitri Zagidulin:  Okay so before I get into how we use it I did 
  you see I want to say a few couple of high-level words so the 
  main use case that the exchange API serve that I had at the time 
  differentiated VC API from the other two protocols did come and 
  open it to connect but since the appearing of the exchange.
Dmitri Zagidulin:  Protocol the of both the opening to connect 
  sorry oh I open energy for verify presentations and ID for 
  issuance and did come adopted this same mechanism informed by 
  what we did here at DC API endpoint so so all three communities 
  saw the the need for this primitive and an adopted at once they 
  saw that we we did it here.
Dmitri Zagidulin:   And I believe that's.
Dmitri Zagidulin:  Data point because it shows that it's a just 
  shows the demand for it so specifically the need for multi-step 
  interactive issuing so nausea because at the moment VC API 
  defines a very low-level back-end service issue which should 
  really be termed sign something rather than issue whereas would 
  exchange tends to be used for is.
Dmitri Zagidulin:   Actually issuing.
Dmitri Zagidulin:  Interactive way where it's the wallet talks to 
  the issuer to the issue coordinator and and through that gets 
  gets credentials so specifically I will be using it the C-4 is.
Dmitri Zagidulin:  The Varsity could I have my diploma or can I 
  have my course completion credential no you cannot in order to do 
  that I would like the following list of prerequisites send me 
  this this this information before I can hand you before I can 
  issue this credential and the wallet looks in its in its storage 
  hands over the credentials with with the users consent and then 
  receives the the credential so that's our use case specifically 
  but that.
Dmitri Zagidulin:   That pattern the.
Dmitri Zagidulin:  The interact service in the in the response 
  from the VC API is is a crucial one I think that's it.
Manu Sporny:  Great thanks to me tree John you're on the Queue 
  next.
John Henderson:  Thanks is just a quick question for Dave for you 
  when you said you create the exchange so that I think was the 
  coordinator creates the district coordinator greatest Exchange in 
  your example is that done via the initiate exchange and point in 
  your implementation or is is it when you say create exchange you 
  mean it's done prior to initiate Exchange.
Manu Sporny:  Joey on the Q next and Dave.
Joe Andrieu:  I can come back if they've has a quick answer that 
  question.
Dave Longley:  Yeah sure the quick answer is the exchange is 
  created before the open I if you're referring to open ID initiate 
  issuance is is done so you create the exchange storing any 
  information about the user that the you might have gotten in 
  their interaction with the website that creates a URL and all of 
  the open ID for BC stuff that you need to be able to run.
Dave Longley:   That protocol and.
Dave Longley:  That creates a URL that is fed into or it creates 
  the parameters and things that you need to build the open ID 
  issue initiate issuance URL and then you pass that URL to a 
  wallet.
<john_henderson> No, by initiate exchange, I'm referring to this 
  endpoint https://w3c-ccg.github.io/vc-api/#initiate-exchange
Dave Longley:  So it's set it sets up all of the state and 
  everything that the wallets going to need to be able to interact 
  with and it gives it an address at this URL that you then passed 
  to the to the wallet.
Manu Sporny:  John did that answer your question.
John Henderson:  No I don't think so but that's all right.
Manu Sporny:  Okay Joe you're up next.
<dave_longley> oh, the VC API "initial-exchange" ... creating an 
  exchange creates that URL.
<dave_longley> then the user is able to hit it.
Joe Andrieu:  Cat I'm still struggling it feels like a pretty 
  huge feature creep especially with the the detail that this can 
  be a front-end to open ID for VC and any other protocol that we 
  might want to put in here it seems to me that the fundamental use 
  case of hey we have a complicated set of interactions where we 
  may need to go get multiple different things.
Joe Andrieu:   Maybe multiple vpr's.
Joe Andrieu:  It feels like we have a mechanism to do that with 
  the interact response and so any requests into the system can 
  process the interact and go to the next step in the process and I 
  can appreciate that the there are exchanges that or that there is 
  a value in an exchange of setting up that capability URL so that 
  you can trigger a fairly complicated data operation with just a 
  URL.
Joe Andrieu:  At that my question that I have around that is and 
  it was sort of answered with open ID but that's why I feel it's 
  feature creep are their semantics with regard to VC exchange and 
  I mean that more broadly not the exchanges mechanism but the 
  setting VCS back and forth that do the exchanges point to 
  anything that is not one of.
Joe Andrieu:   Of our endpoints.
Joe Andrieu:  I guess that's why they put the question.
Joe Andrieu:  In other words is this capability URL designed to 
  simplify accessing other endpoints to find in the VC API or are 
  there new semantics that you can only do with an exchange with 
  the exception of setting up the capability in point like I think 
  I get that.
Joe Andrieu:  The capability URL.
Manu Sporny:  Okay thanks Joe I think the answer is the latter 
  Joe that they are new semantics where you can't just point to 
  existing apis like the issue credential or presentation prove or 
  things like that that might be an important distinction.
Joe Andrieu:  Yeah and what would those be then because that's 
  not that's what I'm not understanding.
Manu Sporny:  Got it okay so we should dig into that Patrick 
  you're up next on the.
Patrick_(IDLab): Yeah just so we got anyone to meet you explain 
  from that very interesting tidbit of information especially the 
  parallel to the come and IDC for VCI more familiar with Dead Calm 
  and it's interesting because reading to whether it's like a pie 
  or different doctors you know here and there some mention of the 
  VC API sprinkled from some time and place someone implemented 
  something regarding the state of the VC API now regarding.
Patrick_(IDLab):  change and did come and why DC.
Patrick_(IDLab): And I might gear that question towards you 
  Dimitri do cut could we say that did come is a type of exchange 
  or is an exchange really its own thing like how would that 
  translate to other thing like if I want to have a VC API that has 
  a certain exchange that is basically a Dead Calm issue credential 
  V2 could I enable that flowed through exchanges or are they 
  separate things or.
Dmitri Zagidulin:  All right question let's see can I thank you.
Manu Sporny:  Yeah you can yeah you're next.
Dmitri Zagidulin:  Are we skipping Joe though.
Manu Sporny:  Jill Worley was that a previous Q okay.
Joe Andrieu:  Yeah I suppose that's good.
Dmitri Zagidulin:  Great question so let's take that in the 
  reverse order I can can one switch over to did Cam using the 
  exchange endpoint yes I think so as Dave mentioned they're doing 
  switching over to the open ID connect protocol using the exchange 
  any point I can imagine similar thing could be done with a the 
  come do I think that did come is like what do you think the how.
Dmitri Zagidulin:   Workers or what the relationship is to The 
  Exchange I.
Dmitri Zagidulin:  Sadiq Khan protocol is fundamentally 
  exchange-based it specifically the design decision that was 
  present was for each Colin reply for each endpoint we're gonna 
  we're gonna allow the in Iraq the the responses to be 
  asynchronous so basically it's not that.
Dmitri Zagidulin:   I think.
Dmitri Zagidulin:  Did the subset of the exchange and point it is 
  a super sided it does it does more stuff than exchange endpoint 
  but.
Dmitri Zagidulin:  You you could say that the exchange any point 
  in this API takes the did Cam asynchronous interact approach and 
  bring and applies it to the rest of the.
Dmitri Zagidulin:  The rest of the DC API endpoints and just to 
  correct what I said it's less it's not that did come added they 
  interact mechanism after this API it's specifically the 
  presentation exchange specification which did come uses that 
  added the interact okay that's it for me.
Manu Sporny:  Go ahead Dave.
<dmitri_zagidulin> that's a great summary of it! crossing trust 
  boundaries
Dave Longley:  Yeah that one of the quick points I wanted to make 
  is that I think one of the key features that exchanges provides 
  is that enables the use of protocols that crossed trust 
  boundaries so it's interactions between the you know the holder 
  the user in the client interactions between the guess I'll just 
  said the wallet and these other services and I think that's an 
  important part of the exchange process.
Manu Sporny:  First one that I'm on the QT and the call this has 
  been a good discussion but clearly it is not over we definitely 
  need to spend more time on this so we will schedule more time to 
  talk about exchanges on next week's call with that thank you 
  everyone for the Lively discussion today and each of your 
  attention really appreciate it have a great rest of the week and 
  we will chat again next week take care.

Received on Tuesday, 28 February 2023 21:26:32 UTC