- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Tue, 28 Feb 2023 21:26:32 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2023-02-28-vcapi/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2023-02-28-vcapi/audio.ogg ---------------------------------------------------------------- VC API Task Force Transcript for 2023-02-28 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2023Feb/0172.html Topics: 1. Introductions 2. Relevant Community Updates 3. Pull Requests 4. Presentation of VC API to OWF 5. Deep Dive on VC API Exchanges Organizer: Manu Sporny Scribe: Our Robot Overlords Present: Manu Sporny, Timothy Summers, Tom S, Greg Bernstein, John Henderson, Dave Longley, Joe Andrieu, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), PL/T3 ASU, Patrick (IDLab), Dmitri Zagidulin, John Kuo Our Robot Overlords are scribing. Manu Sporny: All right welcome everyone to the verifiable credentials API work item call this is Tuesday February 28th 2023 our agenda is here in the chat Channel. Manu Sporny: On the agenda today go ahead and screen share on the agenda today John I believe you wanted to chat a bit about presenting VC API at the open Wallet foundation so we should definitely pick that up and then the rest of the time we had set aside for talking about fee Capi exchanges in kind of discussing what that looks like. Manu Sporny: So I apologize that. Topic: Introductions Manu Sporny: These items here that I'm highlighting are not going to be this week unless there are any objections to you know changing our agenda before we get started we will also go over pull requests which were falling I am falling behind on unfortunately we usually start out by doing introductions reintroductions we do have someone new joining us today which is great Timothy would you mind just doing a quick. Timothy Summers: Sure sure thanks for the for that and you know really excited to be here with everyone I'm Timothy Summers I'm the executive director of third resident initiatives at ASU and founder and leader of a project that we have here called pocket and you know we're basically building a digital wallet and portfolio that enables Learners to capture their achievement and all kinds of things that they might want to. Timothy Summers: Capture like. Timothy Summers: And other things skills and knowledge so that's that's me in a nutshell and really excited to be here with the group. Manu Sporny: Awesome welcome Timothy great to have you here and as some of you know you know pocket and timotheus S you participated quite heavily in the jobs for the future plugfest number two and if I remember correctly if a long year with ASU as well right okay anyone else want to do introductions. Manu Sporny: Position changed his what you're working on changed any updates like that. Manu Sporny: Knox we will jump into relevant Community updates. Topic: Relevant Community Updates Manu Sporny: All right relevant Community updates let me Community let me bring up. Manu Sporny: Theory there so the verifiable credentials working group the 20 specification is entering feature freeze we will be at feature freeze by the end of March that's the cutoff date so the theory here is that after that date we will only be dealing with issues that are in the current issue tracker their eighty three of those we will only be working on specifications that will have been adopted by that point in we will start ratcheting down. Manu Sporny: On the group and getting ready to go into candidate recommendation. Manu Sporny: Which is when we actually start implementing the specification around the summer so again those dates are feature freeze for everything in the verifiable credentials to a working group by end of March so we have month and then Canada Trek which is we tell the implementers to start implementing the spec is stable around the summer at some point probably towards the end of the summer. Manu Sporny: To go ahead Patrick. Patrick_(IDLab): How's this going to work out like once V2 is out is it going to supersede V1 or they both going to live side by side meaning implementers could choose to issue V1 credential or is it going to be strongly recommended to migrate towards V2 or is the one going to be deprecated eventually. Manu Sporny: That's a great question I don't know the answer to that question typically typically v11 lives out there because you're already seeing the 11 be put into like legislation right and sometimes that gets like the European Union architecture reference you know thing has talks about P11 they will probably update it to V2 but that's not guaranteed so usually the signaling is those of you that are using the 11 you can keep using it it's totally fine. Manu Sporny: Fine you know. Manu Sporny: You can continue deploying on that and if you like V2 better you can use V2 and then of course the implementers are almost certainly going to be expected to support both V1 and V2 the good news there is that they're not horrible breaking changes between the two and so it's a fairly light lifts to support the one with Envy to at this point in time. Manu Sporny: But you know. Manu Sporny: As with the working groups going to do they might decide to do something totally different right I think it would be good for the whole ecosystem for us to basically strongly urge people to move over to be too it's better right but you know how that works you can't get 100% of the ecosystem to move versions if people have already deployed stuff. Manu Sporny: Okay so in order to be ready for candidate recommendation typically a working group it's a good idea usually it used to be like you'd go into candidate recommendation and then you'd like figure out what the test Suite is going to do but it's usually a good idea to have a test Suite well before you go into candidate recommendation so that in you have implementers so that you know you're going to survive candidate recommendation because if you have to remove a feature or change a feature during candidate recommendation you have to effectively. Manu Sporny: Give everyone enough. Manu Sporny: Effectively a minimum of a couple of weeks to do the rev in usually candidate recommendation you know it's like you're in there for like a minimum of three months run until at least every single feature that the working group wanted implementers to implement is is done so it's a huge pain to have to you know figure out the test Suite while you're you know in the pressure cooker of candidate recommendation so we try to get. Manu Sporny: The test Suite done. Manu Sporny: Um today we just proposed a test suite for verifiable credentials to 0 at the ccg because the process was was like we incubate stuff in the ccg we make sure that you know it's got buy-in and then once it gets by and then the verifiable credential working group decides whether or not they want to take on the work so earlier today I propose like hey here's a test Suite it's powered by the VC API because we already have. Manu Sporny: 13 Implementers. Manu Sporny: Able to demonstrate interoperability before jmf plugfest 3 and then the chairs were like no don't do this here just bring it straight to the verifiable credential working group so this is I think the chairs wanting us to just not do the incubation and ccg and just put it into the verifiable credentials working group directly so I think that's fine. Manu Sporny: They're so. Manu Sporny: That's that's happening the other thing is you know or we felt like it's not appropriate for the verifiable credentials working group to use the verifiable credentials API to do testing on the specification. Manu Sporny: I don't really understand where that's coming from but there it is and I think my Pro Rock one of the chairs is saying he would rather instead of using the VC API use Postman a human based tests which is what they've been using for the traceability or extreme so with that said Greg maybe you could add the add the color that you added at the beginning of the call. Greg Bernstein: Part of wood what I mean that is coming up with the test but then you need an interface to the test and VC API is the simplest interface available and we're not talking about the entire set of e c API we're talking about just some fundamental ways getting the VC's in so we can. Greg Bernstein: Test them because I'm working on. Greg Bernstein: Test vectors for some of the signing stuff and yeah I'm going to be running you know test Suites. Greg Bernstein: But how you get the day to end the test of a true you know and that's what's seems so good about using the VC API I do not know if they were thinking that I'm talking about the whole VC API or not so that was just my impression my my two cents worth. Manu Sporny: Thanks thanks Greg thank you very very helpful go ahead Dave and then. Dave Longley: Yeah I don't think anyone needs to get the impression that the anyone would be required to implement to this test Suite to be able to prove conformance this is just a test Suite that is one mechanism by which people can demonstrate that they're implementing the data model and whatever to whatever extent we need to make that more clear that would be great this doesn't preclude anyone else from developing their own test Suites and encouraging people to implement against those but this. Dave Longley: This is. Dave Longley: I've already done that we could use to leverage and provide some signals that some people have actually implemented the 20 demo. Manu Sporny: Thanks Dave Patrick. Patrick_(IDLab): Yeah just to follow the same Trend like if we look at the VC test with the first one you know there was the concept of a command line generator and so on and it was not so obvious how it could be run I think the way I read this is you're going to abstract this generator concept with the VC API which going to sort of act as your generator meaning it's just going to take an input and return a verifiable credential and I think that only. Patrick_(IDLab): Two routes the credentials issue and probably presentations prove which are very I don't know even the way I see it pretty simple and points and shouldn't be too complicated to implement so yeah I think it makes sense the second sort of parallel wanted to make so the air is Agent this or any as we have What's called the back Channel which is like a common API definition for different Frameworks to be able to be. Patrick_(IDLab): called by the test the test Suite. Patrick_(IDLab): This sort of parallel and it's a system that kind of makes sense and you can do modular test on this defined API and then people can decide which route they want to include and which tests they want to run so I think it's good my one of my question was I was looking that in the document is said to include your implementation and the VC test Suite alimentation so this test suite for VC point to is good is it going to become like another of the test suite for the VC API. Patrick_(IDLab): hi or it's going to be sort of this own thing that can leverage their beasts API. Manu Sporny: The second thing he said is the intent. Patrick_(IDLab): Right so it's going to be its own thing but can leverage specific endpoints of the VC API to yeah for me I think that makes it. Manu Sporny: Okay thanks Joe Europe. Manu Sporny: And you might be double muted. Joe Andrieu: Yep extra Hardware button can you hear me now so unfortunately I wasn't able to make the ccg call today they actually can't send it over to the VC WG and they actually also can't stop the work so I think one question is do we feel that this work will survive over 2v C WG in a better way than currently as its incubated. Manu Sporny: Yes hmm it's a good question. Joe Andrieu: He'll push back just like where you say hey don't do the test Suite with the VC API so I'm not sure the VC w g is a. Joe Andrieu: Really going to accept the work. Manu Sporny: So let's play out that scenario might look like because we have a process here right so typically we bring it in front of the ccg the ccg chairs in the VC w g chair said they'd get together and figure out what to do there was a clear instruction from the VC WG chair that we should just bring it directly to the VC working group if for whatever reason it is rejected there and I think that. Manu Sporny: There's a sensitivity here that some in that group. Manu Sporny: At this would be the V CW G blessing the VC API as a valid way to do something and that it that that that could send the wrong signals in the market for the people that want like oid see to be the one you know protocol to movie seas around in I would imagine that that is probably the reason people might - one that because the all other are the. Manu Sporny: Reasons don't make a whole ton of sense as. Manu Sporny: Didn't saying but let's say that that happens in this is rejected this work items rejected from the VC WG then we just bring it back to the ccg and go the process is we have two people that want to work on it from independent organizations and we're going to do the work in the ccg then in if anyone wants to demonstrate interop we've got 13 implementers that are already doing it and we can just you know move them into the thing and then. Manu Sporny: Then you know and then we go from there right I mean as Dave. Manu Sporny: Had you know there doesn't have to be just one conformance test Suite they can be multiple especially if what they're doing is just looking at the conformance statements in the specification and writing test for that so you know if that's kind of although Joe I you know I think that's kind of a worst case scenario and I don't necessarily want to believe that people would act in bad faith in that way you know how a test Suite is implemented is entirely. Manu Sporny: E up to a working group and there's nothing that says that. Manu Sporny: Is the working group used a particular technology that their blessing that technology because that same argument would apply to postman and Newman like you know if we decide to do the tests instead of using the VC API using Postman and Newman then the then the group is blessing the use of Postman and Newman in you know the verifiable credentials ecosystem which we're not like that it's not doing that right it's just we've tried to reuse software infrastructure that we've invested in over the past. Manu Sporny: Two plus years I anyway that's my my two. Manu Sporny: Patrick you're up. Patrick_(IDLab): This I pathetic old that they will feel like this is superseding like oh I DC for VC R something like it's not based on misconception because this test we doesn't test like the delivery or the exchange is really just to test the data model so is that just a misconception of what the VCA Pi component really means in this test Suite. Manu Sporny: Correct it's a misconception but there's a question around if it's. Manu Sporny: You know if it's a if it's being done on purpose or if there is actually truly a misconception. Patrick_(IDLab): Right yeah okay. Manu Sporny: W I think we're entering into kind of tech industry politics at this point you know it's kind of like if they're people that don't want to see something happen they will find many reasons that sound technical to not do it but you know fundamentally it's because the vendor might be positioning for a certain solution to win in the market. Manu Sporny: So I think they're you know they're they're very strong technical Arguments for why makes a lot of sense for VC API and all that kind of stuff I just think we should clearly be aware that there are some vendors out there that view PC API as a threat to their you know business models or at least their techno technological solutions they're proposing to their customers. Manu Sporny: But all that said. Manu Sporny: Probably overthinking this let's just you know unless there are any objections you know we let's just take it to the VC working group and have the debate there and see you know if they're legitimate you know concerns technical concerns and then and then go from there I do think those of you that are in that working group need to help us to make sure that we keep the group focused on legitimate technical concerns and not like. Manu Sporny: Ends political arguments and things of that nature because that has kind of we've seen a little bit of an uptick in those sorts of arguments in the working group so would appreciate everyone's help to try and focus the concerns on technical concerns and things of that nature anything else with respect to relevant Community updates or anything else we should talk about. Topic: Pull Requests Manu Sporny: Okay we can cover pull request really quickly but the short of it is that I haven't had a chance to process a number of these pull requests apologies for that the feature freeze in the verifiable credentials working group is taking priority. Manu Sporny: https://github.com/w3c-ccg/vc-api/pulls Manu Sporny: Here's the link and here are the pull request so there is a new one which is Marcus has basically said that as a number of you know Marcus you know was one of the initial authors of the VC API and he hasn't had enough spare Cycles in the last few months to participate but he Danny attack continued will continue to implement VC API in their products so there's support. Manu Sporny: I hear but he's just like I really. Manu Sporny: I'm off of the off of the spec because I'm not able to participate he's also in Europe This is a late call for him so that's the only new pull request will process that after this this heads up to everyone else all the other PRS are just kind of waiting for people to fix them so that we can merge that's it for PR's any any questions concerns. Manu Sporny: About PR's before we move on. Topic: Presentation of VC API to OWF Manu Sporny: Okay let's see next topic is presentation of e c API to owf John Dee wanna take us through this one. John Henderson: Sure yeah thanks thanks menu. John Henderson: Start I can do it a brief intro of myself a re intro I'm a software engineer at energy web we are an organization a non-profit I using decentralized technology for the energy industry and we have a VC API implementation so what I'd like to introduce here is how we say pi and the open wallet. John Henderson: Good collaborator or what the link is there so I'm not really associated with the open world Foundation directly but I've been following them moderately closely for the past few months. Manu Sporny: https://openwallet.foundation/ John Henderson: https://www.youtube.com/watch?v=e1cdZ_Nzo_U&ab_channel=TheLinuxFoundation John Henderson: Maybe I can start with a 30-second background on the open world Foundation at thanks for calling it up manual for folks who aren't familiar with it so they have recently formally launched within the past week or so I have the link to their launch presentation handy and their focus areas are not governance not trust Frameworks. John Henderson: Words by writing code. John Henderson: So what they want to do as I understand is have a set of Open Source software components between that Implement some standards and and they're not looking to develop those standards and other looking to put out wallets to end users but rather just have the components. John Henderson: https://github.com/openwallet-foundation/architecture-task-force/wiki/2023-02-13-Meeting-Minutes John Henderson: https://github.com/openwallet-foundation/architecture-task-force/wiki/2023-02-20-Meeting-Minutes John Henderson: Wallace Foundation architecture task force which meets every Monday and they've had some presentations over the past few months I'd say and recently they had for example presentation from the did Cam community and I think those it lasts two weeks ago maybe it was one on the Aries Community or there is code. John Henderson: So I thought that maybe this would be a good time to reach out to the open Wallet Foundation architect your task force and potentially present VC API to them or introduce PCI emission dcpi in some way and I think it's it's important because like man you mentioned it's important to have an implementation is Avicii API and I think the open wall Foundation could be a notable fermentation of the Capi. John Henderson: And I didn't feel comfortable. John Henderson: Go into the open world Foundation as kind of a representative or really even saying too much will be C API because I don't feel as though I'm the most knowledgeable but about VC API and I want to duvet Capi Justice I think we can you can do better if I get support from the community. John Henderson: Maybe I can leave it there my objective is to discuss this and ideally come up with the next steps for how we can perceive get any thoughts. Manu Sporny: Excellent thank you John Patrick Europe. Patrick_(IDLab): Yeah so just a few things so when I said. Patrick_(IDLab): So I work sorry for just say who I am sorry I work in Canada I work for the digital identity laboratory of Canada so we helped to break adoption barriers to digital identity so it's a very broad scope we are involved with provinces here implementing the pan-canadian trust registry which is based on a very hyper Ledger Indian Aries so we are quite aware of the. Patrick_(IDLab): open Wallet found. Patrick_(IDLab): One question that was asked when I shared that the VIS API was to be presented to the open Wallet Foundation was why what's the purpose what's the goal of presenting this so I think that's probably one thing that should be kept in mind when presenting is why are you presenting this to the open Wallet Foundation my second point is most probably the focus should be made on. Patrick_(IDLab): change and how. Patrick_(IDLab): You see API would interface with a wallet or a holder component and yeah that's I think that's pretty much my comments I had. Manu Sporny: Great thank you Patrick totally agree with that I think that's exactly where we should potentially start out I mean one of the things hopefully I'll everyone can see this the the meetings that they've had so far have been fairly varied and wide in the types of things that they're you know talking about but I totally agree with you know Patrick we should probably focus on like what parts of the VC API could be used in. Manu Sporny: Digital wallets or. Manu Sporny: Being used in digital wallets today like the exchanges stuff. Patrick_(IDLab): Yeah we're like how could the VC API enabled it did come exchange of a credential for example or open or IDC for VC exchange of credential I think this would be an interesting point because the I mean you know the verifiable credential issuance like it's important but I think they are more going to be focused on how can they How could a wallet receive that credential. Patrick_(IDLab): I'll store it and present it. Patrick_(IDLab): This is done mostly by the holder side of thing or the exchange from what I understand on the VCR so far. Manu Sporny: Yep +12 that the other important thing in there is that we have that interact mechanism in in it's really in the verifiable presentation you know request/response spec but there's a section in there called interact where which allows you to bootstrap into other protocols so you know you get a request across but in the interact field you can have like a did Cam initiation message and oid for initiation message or. Manu Sporny: You know verifiable presentation you know. Manu Sporny: So there are other you know there are ways to kind of bootstrap and other protocols that we've got we're working on here Patrick Europe. Patrick_(IDLab): And it just another idea I had based on what we're seeing earlier about the test Suite maybe maybe present how the VC API could also be used as a way to test wallets with some test Suites not sure if that would be a bit too early to tackle as a front but you know could be interesting. Manu Sporny: Yep plus one of that so John I mean um first of all thank you for bringing this up and I think you're you're right we want to tackle this as a community which means that we need you know a volunteer to put together a slide deck so that you know the rest of us can kind of review it and make sure it's communicating the thing that we think would be good and then of course we would probably want to show up to that call as a community to provide the support to. Manu Sporny: To whoever is presenting so I. Manu Sporny: We are right now is you know we'd need those volunteers to work on the slide deck put that together and do the presentation I'm I'm I I'm hesitating I'm not going to be able to do it because of where we are right now in the feature freeze you know Canada Trek phase for the profile credential working group lots and lots of work happening there so Patrick Europe you're on the Queue next and then John go ahead Pat. Patrick_(IDLab): Just get yes I know while the go like there was a presentation of this VC API to the VC working group maybe can have a look at how that was received what was done as a presentation and maybe use that to you know avoid maybe some mistakes that have been made because from what I understood it wasn't received so well that could be for a bunch of reasons but maybe that could be also used as a. Patrick_(IDLab): reference to how to present the beasts API. Manu Sporny: Thanks Patrick go ahead John. John Henderson: Sure yeah I'm glad to volunteer and help put together this slide Jack or at least coordinate some of the efforts there I didn't want to ask Patrick said will you mentioning that you had brought up you see API to the open world Foundation coordinators are you have it okay all right. Patrick_(IDLab): No no no no. John Henderson: Yeah well I'm like I said I'm glad to take this on maybe I will mention to the open wall and Foundation folks that were interested and just to get it on their radar and perhaps I can add a an upcoming you see I'm eating present a draft or we can coordinate via the the mailing list as well. Manu Sporny: Yep that sounds good that sounds like a good next step and then of course you know we can't move forward without that volunteer to put together the slide deck and do the presentation all that kind of stuff so Dimitri I don't want to put you on the spot I remember you Sammy volunteering for that but I don't know how much spare Cycles have. Manu Sporny: We miss Ruth misremembering so please tell me if I'm like no I did not. Dmitri Zagidulin: I did offer to help I probably. Dmitri Zagidulin: Don't want to be the primary point of contact so it'll be about but if somebody like emails Tracy and we got the go-ahead I'm happy to either I temples calls anyways I'm happy to either help answer questions on there or even present. Dmitri Zagidulin: Yeah I'm available to support and present shouldn't be relied upon to lead or create the blinds. Manu Sporny: Okay thanks Dimitri and thanks for you know being being able to be there in a supporting capacity so John we all keep asking for a volunteer to take lead through the next couple of weeks and then once we get that we'll go from there does that sound like a good next step to you. John Henderson: Sure yeah well I'm happy to start taking the lead on this item to put together apposite presentation outline and maybe even some slides. Manu Sporny: Yeah that'd be great if you're willing to do that do the work there that be fantastic and then we can provide some feedback and maybe if it's in a shared form we can we can you know all contribute a slide or two okay I think that's good good Next Step thanks again John for bringing that up in and we'll we'll ask again next week and see how things are going okay that's that. Manu Sporny: Mm the next item. Manu Sporny: Correct me if I'm getting this wrong is discussion around exchanges so deep dive on VC exchanges be Capi exchanges we have another topic that folks needed to cover today or is this the one is this the next one. Topic: Deep Dive on VC API Exchanges Manu Sporny: Okay I'm taking silence to be yes let's talk about API exchanges all right we over the past several weeks have been trying to figure out what end points belong where for the verifiable credentials API and we've gotten through a good we've gotten through good first passive that right so that needs to be turned into pull request but during all of our discussions around what you know bit. Manu Sporny: Of API belong on what services. Manu Sporny: Or on what components let me bring up this. Manu Sporny: This diagram here you know we were talking about which one of these components had which apis on it something some things would go on a you know issue or coordinator of the things would go on an issue or service we had those discussions questions came up about these two arrows here basically this present verifiable credentials receive verifiable credentials basically the exchanges aspect of what happens. Manu Sporny: He's in the VCA. Manu Sporny: The iso in the section on presenting in the spec today we have three API endpoints I'm going to do a little little bit of a vague hand wave over that you know you can classify these in different ways but we've got like some endpoints that we talked about with respect to X changes in we have this concept of initiating an exchange. Manu Sporny: Being in a. Manu Sporny: Change so initiating an exchange is can be viewed as an again I'm being I'm not I'm trying not to be too precise with my language initiating an exchange is like me going hey I'd like to see this type of verifiable credential from you or hey I'd like you to do a did authentication and then continuing an exchange is a hey I'd like to see you know let's say you're at a car rental agency hey I'd like to see your. Manu Sporny: Driver's license to make sure you can drive and then. Manu Sporny: Continuing The Exchange would be okay now that I have your driver's license I would like this other credential from you so you could complete the the the car rental and I see if people have already raising their hands which means they probably got some aspect of this wrong let's go to the cube Patrick Europe then Dave's and Joe go ahead Pat. Patrick_(IDLab): So regarding and heat exchange is an exchange scope to the interaction or it could I initiate an exchange and then continue that exchange over the span of a month year or so on like let's say if I connect with this car dealership maybe a car dealerships a bad example because you're not going to go back to the car dealership over time but maybe you could like I connect with some kind of service and then I expect to have repeat operation with us. Patrick_(IDLab): service what I need to redo it issue. Patrick_(IDLab): Every time or how how would that work. Manu Sporny: It's great question Dave you're up next. Dave Longley: Sure with someone else on the Queue because I was I think what I can do is talk about how we're using how are companies using exchanges today and kind of give an overview of that and that might help other people. Manu Sporny: Okay so I'll put you behind Joe this at work. Dave Longley: Yeah that's fine. Joe Andrieu: Yeah my question might make more sense after Dave gives a walk through the main thing that's confusing to me is we seem to be using exchanges in at least three different ways and one of the ways I understood but the way this talks about it and you just now talked about Manu I did not who I and we were in these exchanges like who creates an exchange. Joe Andrieu: Change and in particular it seemed to be on a previous call I thought I had an aha that I believe Dave and dumitru both like yeah well I'm glad you finally got that because that's the whole point and that seemed to be about bundling a bunch of parameters and turn it into a short URL or a URL that's the exchange endpoint so that someone can just click on a link and all the information is there that might be needed to satisfy that exchange so. Joe Andrieu: So that made a lot of sense to me because it streamlines from processes. Joe Andrieu: It in that model you would create exchanges and again the you is part of the ambiguity here but someone who has the authority to would create an exchange and then give the URL for that exchange to someone to go execute that exchange that made sense to me but it seems to be if that's the pattern then the exchanges should just be a shortcut to an existing semantics and that's one of the places where I get confused because I hear oh you would just use an exchange for that as. Joe Andrieu: As if we don't need a Symantec endpoint because the exchange does the. Joe Andrieu: And that's where I get confused. Manu Sporny: Got it thank you for that explanation Joe I think we're your much we're much closer to understanding then. Manu Sporny: They're a couple of tweaks on what she said and we can get to full understanding but Dimitri is on the Queue and then Dave Longley to explain so Dimitri go ahead. Dmitri Zagidulin: Oh I think I'm on after Dave I was just going to mention how we use exchanges in d.c.. Manu Sporny: Okay Dave go ahead then Dimitri. Dave Longley: Okay sure so hopefully this will touch on some of Joe's concerns and we'll see so the main thing that we use exchanges for today is to facilitate a protocol between a user's client usually a wallet to distinguish it just from like a user agent so it's to facilitate a protocol between the users wallet and the issuer so the protocol involves wallet providing information in an exchange. Dave Longley: Change for issued verifiable. Dave Longley: It's so the exchange process might require one or more request responses between the parties and another useful way of thinking of exchanges I think is as a way to get a user that starts on a website like on an issuer coordinator website into a flow between their digital wallet and the issuer coordinator through sort of back-end services so our implementation in particular is such that an exchanger service there's an exchanger service that an issue. Dave Longley: Inator can use so ahead of any. Dave Longley: Losers some administrator for the issuer comes in and creates exchanger instances on this service and an exchanger is based on a configuration that includes access tokens to use an issuer service and a verifier service a set of steps to Define any exchange that's based on that exchanger and a set of templates to be populated with data that's received in and when an exchange is first created. Manu Sporny: Hey Dave could we point out in this diagram what things are involved in what you're kind of. Dave Longley: So the things that are that exist today in the diagram that are involved would be the issuer coordinator we did what we don't have on here is an exchange or service either the exchanger service could be integrated with the issuer coordinator so maybe just all fits in there are particular implementation as a way to abstract that out into its own risks that the eat that service or the issuer coordinator communicate with an issuer service and a verifier service and those are also on the those diagrams. Dave Longley: So the exchanger. Dave Longley: This needs the ability to be able to verify things and tissue things and it does that by accessing a verifier service entrance Door Service. Dave Longley: So once any one of these exchangers is created the issuer coordinator is given access to use it. Dave Longley: Create specific exchanges based on it so when do you create an exchange and whose you use the issuer coordinator so when does an issuer coordinator create an exchange whenever a user comes and visits the issuer coordinator website that websites back end the the issuer coordinator creates an exchange based on one of these configured exchangers I just mentioned the creation of that exchange includes any initial information that might be obtained from the user this might be data that's going to go into a VCS. Dave Longley: For example. Dave Longley: Or maybe something else and when that exchange gets created it gets its own capability URL that is to be shared with the user The Exchange in our implementation can be created it can be set up to allow the users client to either use the VC API to complete the exchange or oid for for Vis 0 ID for VC. Dave Longley: And obviously other protocols. Dave Longley: He added into this the capability URL can either be shared on its own with the users client if the users client knows it's a VC API or it could be shared via a VP are we using the interact field it could also be represented as an open ID initiate issuance URL for oid for VC and that URL could be given directly could be given via QR code or could go on the VP are again throughout and Rockfield all of those things. Dave Longley: These are possibilities to communicate this capability you are. Dave Longley: Her to the client so we can start doing this delivery this exchange and delivery of VCS so the after the users client has this exchange URL it either posts an empty body to the URL to get the VPR or if it already had the VP are they post their BPR response to the url url The Exchange URL then either responds back with another VPR for more information is needed or with a VP that includes the issued credentials. Dave Longley: And that that's a rundown. Dave Longley: Annotation works and and how these pieces are abstract or part. Manu Sporny: Thanks Dave I think it might help if we used a concrete use case to walk through all of that because you know folks aren't familiar with all those pieces I think it may be difficult for them to have followed that Dimitri you're up next. Joe Andrieu: Dimitri can you talk a little bit louder. Joe Andrieu: Okay that might help thanks. Dmitri Zagidulin: I agree with your comment Dave I think I can great use case such as using the exchanges for refresh would work but so before I get into how easily these yeah before actually hold on let me switch to different heads that one second it's better. Dmitri Zagidulin: How's this is this better. Joe Andrieu: That's much better. Patrick_(IDLab): This is very good. Dmitri Zagidulin: Okay so before I get into how we use it I did you see I want to say a few couple of high-level words so the main use case that the exchange API serve that I had at the time differentiated VC API from the other two protocols did come and open it to connect but since the appearing of the exchange. Dmitri Zagidulin: Protocol the of both the opening to connect sorry oh I open energy for verify presentations and ID for issuance and did come adopted this same mechanism informed by what we did here at DC API endpoint so so all three communities saw the the need for this primitive and an adopted at once they saw that we we did it here. Dmitri Zagidulin: And I believe that's. Dmitri Zagidulin: Data point because it shows that it's a just shows the demand for it so specifically the need for multi-step interactive issuing so nausea because at the moment VC API defines a very low-level back-end service issue which should really be termed sign something rather than issue whereas would exchange tends to be used for is. Dmitri Zagidulin: Actually issuing. Dmitri Zagidulin: Interactive way where it's the wallet talks to the issuer to the issue coordinator and and through that gets gets credentials so specifically I will be using it the C-4 is. Dmitri Zagidulin: The Varsity could I have my diploma or can I have my course completion credential no you cannot in order to do that I would like the following list of prerequisites send me this this this information before I can hand you before I can issue this credential and the wallet looks in its in its storage hands over the credentials with with the users consent and then receives the the credential so that's our use case specifically but that. Dmitri Zagidulin: That pattern the. Dmitri Zagidulin: The interact service in the in the response from the VC API is is a crucial one I think that's it. Manu Sporny: Great thanks to me tree John you're on the Queue next. John Henderson: Thanks is just a quick question for Dave for you when you said you create the exchange so that I think was the coordinator creates the district coordinator greatest Exchange in your example is that done via the initiate exchange and point in your implementation or is is it when you say create exchange you mean it's done prior to initiate Exchange. Manu Sporny: Joey on the Q next and Dave. Joe Andrieu: I can come back if they've has a quick answer that question. Dave Longley: Yeah sure the quick answer is the exchange is created before the open I if you're referring to open ID initiate issuance is is done so you create the exchange storing any information about the user that the you might have gotten in their interaction with the website that creates a URL and all of the open ID for BC stuff that you need to be able to run. Dave Longley: That protocol and. Dave Longley: That creates a URL that is fed into or it creates the parameters and things that you need to build the open ID issue initiate issuance URL and then you pass that URL to a wallet. <john_henderson> No, by initiate exchange, I'm referring to this endpoint https://w3c-ccg.github.io/vc-api/#initiate-exchange Dave Longley: So it's set it sets up all of the state and everything that the wallets going to need to be able to interact with and it gives it an address at this URL that you then passed to the to the wallet. Manu Sporny: John did that answer your question. John Henderson: No I don't think so but that's all right. Manu Sporny: Okay Joe you're up next. <dave_longley> oh, the VC API "initial-exchange" ... creating an exchange creates that URL. <dave_longley> then the user is able to hit it. Joe Andrieu: Cat I'm still struggling it feels like a pretty huge feature creep especially with the the detail that this can be a front-end to open ID for VC and any other protocol that we might want to put in here it seems to me that the fundamental use case of hey we have a complicated set of interactions where we may need to go get multiple different things. Joe Andrieu: Maybe multiple vpr's. Joe Andrieu: It feels like we have a mechanism to do that with the interact response and so any requests into the system can process the interact and go to the next step in the process and I can appreciate that the there are exchanges that or that there is a value in an exchange of setting up that capability URL so that you can trigger a fairly complicated data operation with just a URL. Joe Andrieu: At that my question that I have around that is and it was sort of answered with open ID but that's why I feel it's feature creep are their semantics with regard to VC exchange and I mean that more broadly not the exchanges mechanism but the setting VCS back and forth that do the exchanges point to anything that is not one of. Joe Andrieu: Of our endpoints. Joe Andrieu: I guess that's why they put the question. Joe Andrieu: In other words is this capability URL designed to simplify accessing other endpoints to find in the VC API or are there new semantics that you can only do with an exchange with the exception of setting up the capability in point like I think I get that. Joe Andrieu: The capability URL. Manu Sporny: Okay thanks Joe I think the answer is the latter Joe that they are new semantics where you can't just point to existing apis like the issue credential or presentation prove or things like that that might be an important distinction. Joe Andrieu: Yeah and what would those be then because that's not that's what I'm not understanding. Manu Sporny: Got it okay so we should dig into that Patrick you're up next on the. Patrick_(IDLab): Yeah just so we got anyone to meet you explain from that very interesting tidbit of information especially the parallel to the come and IDC for VCI more familiar with Dead Calm and it's interesting because reading to whether it's like a pie or different doctors you know here and there some mention of the VC API sprinkled from some time and place someone implemented something regarding the state of the VC API now regarding. Patrick_(IDLab): change and did come and why DC. Patrick_(IDLab): And I might gear that question towards you Dimitri do cut could we say that did come is a type of exchange or is an exchange really its own thing like how would that translate to other thing like if I want to have a VC API that has a certain exchange that is basically a Dead Calm issue credential V2 could I enable that flowed through exchanges or are they separate things or. Dmitri Zagidulin: All right question let's see can I thank you. Manu Sporny: Yeah you can yeah you're next. Dmitri Zagidulin: Are we skipping Joe though. Manu Sporny: Jill Worley was that a previous Q okay. Joe Andrieu: Yeah I suppose that's good. Dmitri Zagidulin: Great question so let's take that in the reverse order I can can one switch over to did Cam using the exchange endpoint yes I think so as Dave mentioned they're doing switching over to the open ID connect protocol using the exchange any point I can imagine similar thing could be done with a the come do I think that did come is like what do you think the how. Dmitri Zagidulin: Workers or what the relationship is to The Exchange I. Dmitri Zagidulin: Sadiq Khan protocol is fundamentally exchange-based it specifically the design decision that was present was for each Colin reply for each endpoint we're gonna we're gonna allow the in Iraq the the responses to be asynchronous so basically it's not that. Dmitri Zagidulin: I think. Dmitri Zagidulin: Did the subset of the exchange and point it is a super sided it does it does more stuff than exchange endpoint but. Dmitri Zagidulin: You you could say that the exchange any point in this API takes the did Cam asynchronous interact approach and bring and applies it to the rest of the. Dmitri Zagidulin: The rest of the DC API endpoints and just to correct what I said it's less it's not that did come added they interact mechanism after this API it's specifically the presentation exchange specification which did come uses that added the interact okay that's it for me. Manu Sporny: Go ahead Dave. <dmitri_zagidulin> that's a great summary of it! crossing trust boundaries Dave Longley: Yeah that one of the quick points I wanted to make is that I think one of the key features that exchanges provides is that enables the use of protocols that crossed trust boundaries so it's interactions between the you know the holder the user in the client interactions between the guess I'll just said the wallet and these other services and I think that's an important part of the exchange process. Manu Sporny: First one that I'm on the QT and the call this has been a good discussion but clearly it is not over we definitely need to spend more time on this so we will schedule more time to talk about exchanges on next week's call with that thank you everyone for the Lively discussion today and each of your attention really appreciate it have a great rest of the week and we will chat again next week take care.
Received on Tuesday, 28 February 2023 21:26:32 UTC