- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Thu, 12 Jan 2023 13:59:28 +0000
Thanks to Mahmoud Alkhraishi and Our Robot Overlords and Mahmoud Alkhraishi and Benjamin Collins for scribing this week!
The transcript for the call is now available here:
https://w3c-ccg.github.io/meetings/2023-01-10-traceability/
Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:
https://w3c-ccg.github.io/meetings/2023-01-10-traceability/audio.ogg
----------------------------------------------------------------
Verifiable Traceability Task Force Transcript for 2023-01-10
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0022.html
Topics:
1. interop week
2. Vocab PRs
3. Issue Review
Action Items:
1. issue correction to mailing list to change next meeting date
to 21 Feb
2. update issue 457 with Orie's comments regarding warnings for
Azure
Organizer:
Orie Steele, Mike Prorock, Mahmoud Alkhraishi
Scribe:
Mahmoud Alkhraishi and Our Robot Overlords and Mahmoud Alkhraishi and Benjamin Collins
Present:
Orie Steele, Nis Jespersen , Paul Dietrich GS1, Benjamin Collins,
Mahmoud Alkhraishi, Chris Abernethy, TallTed // Ted Thibodeau
(he/him) (OpenLinkSw.com)
Mahmoud Alkhraishi is scribing.
Our Robot Overlords are scribing.
Mahmoud Alkhraishi is scribing.
Nis Jespersen : Welcome everyone and IPR Note.
Topic: interop week
Nis Jespersen : Announcement of 4 week of calls, break due to
CBP, this does not preclude our normal merging work etc. Proposal
to block until feb 14
Orie Steele: Starting 14, we would alternat evocab/interop calls
ACTION: issue correction to mailing list to change next meeting
date to 21 Feb
Mahmoud Alkhraishi: 14 Has VCWG in person, lets do it on 21.
Orie Steele: Consesnsus to push it to 21st, we should send out
announcement on the list.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/pulls
Mahmoud Alkhraishi: We should also update the CCG calendar
invite, will ping mike
Mahmoud Alkhraishi: I merged a typo fix, it was editorial only.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pulls
Topic: Vocab PRs
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/682
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/683
Nis Jespersen : 682, Plenty of approvals no issues, merging
Nis Jespersen : 683, Fixed all of issue 574, no objections,
will merge
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/684
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/685
No objections on 684, all approvals merging
Nis Jespersen : 685 Invoice/PO narrowing of organization.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/686
Orie Steele: I reviewed this, it just removes erroneous usage of
@types, alters RDF graph to not include type info.
Orie Steele: If you're using Identifiers from schema.org they
ahve their own opinions, this appears to just be removing
inconsistencies.
Chris Abernethy: Russel removed the incorrect usage, leaves the
correct implementation to future PRs.
Nis Jespersen : No objections, merging.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/687
Mahmoud Alkhraishi: 571 Needs to stay open, the others can be
closed.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/issues/572
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/issues/569
Orie Steele: We should identify on a case by case bases when
adding types, to make sure we have type interop on things that we
care about. In ecommerce for example, if you want the
Orie Steele: In context of ecommerce , if you want query interop
on knowledge graph then you want the context t odefine type in
the same way schema.org does, so you can query the graph
correctly.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-vocab/pull/689
Mahmoud Alkhraishi: It can wait a week, to merge as it isnt
critical.
Orie Steele: We should surface important issues on the list, but
give it a week for normal reviews.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc
Nis Jespersen : 17 Issues we can do this!
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/307
Benjamin Collins: Presentation Exchagne Oauth is still a valid
issue, as it does not have a readme, I will tackle it.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/438
Topic: Issue Review
Orie Steele: 438, Gave a presentation of our work to OWF, Linux
foundation is still sorting out their workstreams, it is looking
like they are close to taking code contributions, we have heard
that the VCAPI and data models associated with it, there are two
members who would be interested in at a minimum. Those are
Gen(Avast/Securekey) and Transmute
Orie Steele: The Test harness may be accepted as a code
contribution. When they have finished call time, we may spend
some call time to discuss what moving this to the Linux
foundation looks like and its benefits/drawbacks.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/453
Chris Abernethy: One of mine, modifies verifiableCredential
schema. right now it cannot be a string, some other
implementations make it a requirement. Should be ready-for-pr
Mahmoud Alkhraishi: To rephrase this is if a JWT was provided,
then it should be a valid option.
Nis Jespersen : Looks like its ready for PR.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/460
Chris Abernethy: this was to update respec doc to allow for
updates that were done in our docs to be reflected. We should
allow this to go on
Chris Abernethy: if no preferences/guidance it shoudl be good to
go.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/464
Nis Jespersen : 646, Workflow needs to be more generic rather
than US oriented.
Orie Steele: I think thats fair, we should be adding more
diverse flair rather than removing existing flair.
Mahmoud Alkhraishi: I like how concrete it currently is, we
shouldn't lose that, but we should increase diversity by adding
more workflows, if he is willing to help with that contribution,
then it is a positive.
Nis Jespersen : Will assign myself and look for some
suggestions.
Scribe-
Benjamin Collins is scribing.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/457
Chris Abernethy: 457 is a long conversation about azure AD for
OAuth, it is impossible for them to pass tests. Azure AD
require's scopes to follow a rigid naming format.
Chris Abernethy: The proposal is for the scope to be parameter
for the tests. Orie pointed out that this makes testing interop
impossible. I I agree with that, but unless we mandate that
everyone uses the Azure AD names, we can't take that approach.
Chris Abernethy: My suggestion is that we could mandate that all
implementations grant all scopes and give an optional parameter
to say the scope request must contain this string.
Chris Abernethy: Let me know if you have any questions
Orie Steele: I pinged my friends at Microsoft to weigh in on
this issue. I want a response from them before acting on this
issue.
Orie Steele: I think we want to say that if you're capable of
validating, you still get some coverage. We want to have some
security posture around that. And then we add a description to
the respec document around how scopes are handled in the profile
around interop.
Orie Steele: And then we would need to have some changes in the
tests so that people dont have to jump through hoops. So update
the respec document, and then add a flag to the tests to ignore
scopes for other OAuth implementations.
Chris Abernethy: Would you mind adding a comment to that effect?
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/454
ACTION: update issue 457 with Orie's comments regarding warnings
for Azure
Orie Steele: Sure, I'll copy it from the meeting minutes
Chris Abernethy: 454, this came out of the issue with some VC-API
testing around the options behavior.
Orie Steele: Okay, looking at the issue, `x-`prefix is not an
optional
Orie Steele: The intention here is to show support for data
integrity and JWT. And the reason headers came out, should we
have headers to opt-in to a feature to be able to show capability
to that. I think long-term we want to have body parameters to
define this functionality.
Chris Abernethy: So anyone who implements this without any tests,
with VC-API will fail these tests, or should we make the options
optional, or should we leave them as required?
Orie Steele: I prefer for options to be required to show
intention
Chris Abernethy: This could break interop with VC-API, are we
okay with that?
Orie Steele: I think we want to have specific options around
security, and rather than having implicit options that are known
to the caller, these should be exposed to the user.
Chris Abernethy: My main issue here was that it didn't seem to
match up with what they are doing. But I'm okay with the current
proposal.
Orie Steele: I think that's what we want to do.
Chris Abernethy: I will close with comments.
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/475
Nis Jespersen : I think this issue might be in the wrong repo,
this should probably be moved to trace-vocab
Orie Steele: Yes, you can move it to trace-vocab.
Chris Abernethy: Can we jump to 482?
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/482
Chris Abernethy: This is something Mike brought up with me.
Should we update to statuslist 2021?
Orie Steele: If we can't resolve the context, can we update?
Nis Jespersen : It looks like it's fixed, and was just fixed
now.
Orie Steele: I have been bit by implementing something that just
got moved to a working group. I would like to see something get
further a long in a working group before a working group as
published a FPWD on it.
Chris Abernethy: I don't know what FPWD
Orie Steele: First Published Working Draft. In order to become a
technical recommendation it need to start as a FPWD.
Paul: Is there a function that we want to have in interop which
would use this?
Nis Jespersen :
https://github.com/w3c-ccg/traceability-interop/issues/479
Orie Steele: This would allow for suspension and revocation, in
which there are a few. I think that we don't want to chase a
bleeding edge.
Chris Abernethy: In our spec, we have a bunch of examples that
contain proofs, but we changed the content, but didn't update the
proof. So it doesn't seem right to have invalid proofs.
Orie Steele: With respect to proofs, we might want to use a
respec plugin for proof signatures, to solve this problem
elegantly. And inclusively using JWT.
Chris Abernethy: Okay, sounds good. Can we move this to ready for
PR, or do we need more specific examples?
Orie Steele: I think it would apply to every example with a
proof in it. I will include a link and a comment.
Nis Jespersen : Does this apply to trace-vocab?
Orie Steele: It's weird that we're even talking about proofs in
this document.
Nis Jespersen : I think that means we mostly have a separate
similar issue on trace-vocab
Chris Abernethy: If you look at the specification, it will
contain a proof. And we want our spec to not perpetuate bias, as
well as the respec document.
Orie Steele: I have included a link for something Manu built to
help address that problem.
Nis Jespersen : Let's wrap this up, I'll see you Feb 21. Let's
keep on the progress. Thank you.
Scribe-
Received on Thursday, 12 January 2023 13:59:28 UTC