- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 22 Mar 2023 03:43:08 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2023-03-21/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2023-03-21/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2023-03-21 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords Present: Bob Wyman, Harrison Tang, Greg Bernstein, Orie Steele, Stuart Freeman, Erica Connell, Jeff O - HumanOS, Patrick (IDLab), Mike Prorock, Andres Uribe, Geun-Hyung, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), David I. Lehn, Phil L (P1), Steve Magennis, Joe Andrieu, David Chadwick, Juan Caballero, James Chartrand, Kimberly Linson, Marty Reed, Nikos Fotiou, Manu Sporny, John Kuo, Chandi Cumaranatunge, Brent Zundel, Wendy Seltzer, BrentZ Our Robot Overlords are scribing. Mike Prorock: https://lists.w3.org/Archives/Public/public-credentials/2023Mar/0101.html Mike Prorock: All right all hello and welcome today we're going to be talking about verifiable credentials did web and actual practical useful stuff which is why I am sure the numbers are lighter since there's less room for generalized commentary and we actually are looking at grow real code that's the end of my snark and that's purely from a personal observation level so we love to talk to details. Mike Prorock: And just. Mike Prorock: https://www.w3.org/Consortium/cepc/ Mike Prorock: I can hear first and foremost want to talk about and mentioned that this meeting as with all meetings is covered under the w3c code of ethics professional conduct really have a good time here and never tend to have any issues with that but just in case it's a handy reminder one note that this meeting is a w3c community group meeting and as a result of that anyone can participate in these competitions. Mike Prorock: Calls they are open to the. Mike Prorock: https://www.w3.org/community/credentials/join Mike Prorock: Public however if you're going to do work if you're going to contribute into w3c work items at this community group you do need to be a member and you need that's primarily for I pr reasons right to prevent any potential intellectual property claims and nasty stuff that can come up down the line should work proceed from here where we incubate work into something like a working group we're working actually that gets finished and standardized so just a note there we do take meeting. Mike Prorock: Minutes as you are seeing go in the chat and those recordings do get posted. <mprorock> type “q+” to add yourself to the queue, with an optional Mike Prorock: In the chat you may type Q the letter q and the plus sign to add yourself to the queue or raise your hand that stuff is sync up also work and I are see if you are on the IRC channel for some reason. Mike Prorock: With that before we get into the main meeting do you want to pause and see if there are any new folks to the call that would like to introduce themselves. Patrick_(IDLab): Hey guys I see here oh yeah I'll just give a short introduction so I'm devops specialist I work for the digital identity laboratory of Canada than in the digital identity space for about two years now it's very very interesting so we as a independent entity we pride ourselves in being unbiased and really just observe the various. Patrick_(IDLab): us efforts that are being made. Patrick_(IDLab): Here in Canada and internationally currently we have a lot of interest a lot of traction and the hyper Ledger side of things with Aries and a non credentials and what provinces are doing in Canada for a digital identity which is interesting regarding w3c I've been attending the VC API calls for some time now with special focus on test. Patrick_(IDLab): sweets and testing and implementation. <orie> yay! did:web for testing is excellent Patrick_(IDLab): Ends and understanding how everything works I was particularly interested in this call today because I am sort of prototyping a proof of concept for a did web methods to manage and on creds credential the a non-credit credential has been made into its own sort of specification recently and we are exploring branching out to different did methods for. Patrick_(IDLab): very interested in. Patrick_(IDLab): Services parameters and also videos so hopefully it will be an interesting call today for me. Mike Prorock: Cool well great to have you and yeah we're definitely I'm particularly interested in the topic today as well because I think it's a good one let's see here with that I'm going to pause for any announcements or reminders for the from the broader Community here so anything relevant to ccg from the community before I start calling all the folks I am going to note that there's been a good thread that I think Manny might have started just given the fact that. Mike Prorock: That our GitHub is getting a little up in size and probably. Mike Prorock: Place to store a bunch of audio video Etc so there is some discussion of getting that stuff over to YouTube and possibly backed up to Archive org and some other options so chairs definitely will take that under consideration and it seems like there's broad Community Support so we will figure out some next steps there in our next chair meeting over the next two weeks so I'm going to be traveling next week so it'll probably be the week after. Mike Prorock: The with that. Mike Prorock: Any other announcements from the community side. Mike Prorock: Mr Manu. Manu Sporny: Hey oh geez I'm late and all Jesus was already discussed it was announcement on the or there was a question on the mailing list about whether or not we want to have a YouTube channel and upload like these recordings that we're doing well now to YouTube people have provide some feedback thanks for that I'm guessing we'll leave it open the question open for another week and then see what we want to do but if you have a. Manu Sporny: Please provide some input on the mailing list that's it. Mike Prorock: Yeah definitely in a maniac I just noted will probably sink up as chairs not this week coming up the following after there's been some more time for that to bake and we've got some good options but it looks like there's a rough consensus driving at least in a certain direction to get some stuff out there so thank you for starting that thread. Mike Prorock: Also many other announcements from. <orie> fediverse / peer tube! Mike Prorock: That impact ccg wise otherwise I'm going to turn the ball over to or a here I am a big fan of the federal workers as you know or a so. <bumblefudge> nic <bumblefudge> e Mike Prorock: All right well Ori I'm going to hand it to you topic of today is implementing did web for use with verifiable credentials just a lovely topic yeah. Orie Steele: Yeah and as I recall if I turn my video on servers melt right so maybe I don't turn the video. Mike Prorock: Screen share works great video I don't know so. Orie Steele: Right here how do I screen share in this thing there's the button. Orie Steele: Tire scream I'll see my entire screen. Mike Prorock: We can indeed. Orie Steele: All right so the structure of this is presentation I do have a demo at the end of it I can give that basically just Recaps what you've all seen I can't see the chat or anything actually I can make it so that I can see that though. Mike Prorock: I'll keep it monitored and yell if there's something crazy and then. Orie Steele: Hopefully hopefully yeah there's interrupt does we go love love for it to be more conversational given several talks on did web at this point so it's fairly boring topic to me and I'd rather take your questions and yeah it just just Dive Right In so the purpose of today's talk is to just focus on what do you if you're trying to. Orie Steele: Explore using did well. Orie Steele: What's a easy way to get started you know and how can you use d-did web when you're sort of first learning about decentralized identifiers and verifiable credentials it's it's not geared towards production and it's not even geared towards sort of safe testing environment it's geared more towards a local testing environment for developers giving them the tools they need to figure out what's going on. Orie Steele: So high-level agenda we're going to briefly recap what did web is going to talk about key generation and did document construction and hosting and then there's just a brief commentary on signing and verifying once you have added documents nice to do something with it and then there's technical details section which I imagine we spend a good amount of time and because there's lots of fun privacy and security. Orie Steele: Purity considerations when it comes to did web. Orie Steele: And questions at the end but of course questions along the way are welcome. Orie Steele: And I'll provide an export of these slides for folks so you know don't worry I'll get up to the chairs at the end so what did well well web is a way to use the centralized identifiers with web infrastructure DNS and https and certificate authorities another way of thinking about what did web is is its kind of an alternate representation of oid see issuer and all IDC you have a web origin and. Orie Steele: Well known open ID configuration and that. Orie Steele: Describes where to find signing keys for that web origin as an issuer and those documents are Json documents the configuration is a Json document that's not signed and it's served from a web server with with TLS and the well-known J W KS which contains public Keys is also not signed and is just a Json file that serve from a web server. Orie Steele: And so one way of sort of just. Orie Steele: That is you know these are ways to discover keys that are authoritative for a web origin and oh IDC has one way that they do that for open ID connect and did web is just a way to do that but for dids basically and then of course did web is not a blockchain so if you were excited to talk about blockchain here this is about web Technologies which have been around for quite some time. Orie Steele: And so. Orie Steele: There's no blockchain here. Orie Steele: At the bottom are a series of pictures that I found inspiring when thinking about what the web is. Orie Steele: Key generation the old-fashioned way. Orie Steele: If you if you want to if you want your did to be in any way useful you're going to need to generate some keys and you're going to want to keep the private key private and you're going to want to put the public key in your did document and most of what did create operation is in any did method is about that first date document construction and getting your first Keys into the document so here I've shown some excellent openssl commands for generating nist. Orie Steele: Compliant public and private keys. Orie Steele: Just a quick note you know with openssl you're going to get key formats like Pam and you're going to have to convert them into like a jwk format if you want to host them in your document and luckily there's like lots of really excellent tools that will do that for you because this is a problem that folks who have been using openssl have had for quite some time so converting between pain and jwk is relatively easy converting between pain and jwk and other more newer key. Orie Steele: Formats can be kind of tricky and when you're building your first did. <mprorock> wrong! Orie Steele: I would encourage you to think about maybe not trying to support all of the different cool key formats you've ever seen But focus on the ones that are going to help you quickly verify your hypothesis like why are you using did web what are you interested in doing you know try and use off-the-shelf key formats as much as possible and you know just because it's old does not mean it's socks or the newer stuff is better Star Trek next Generation is the best Star Trek still. Orie Steele: So making. <bumblefudge> here... here? <mprorock> TOS all the way Bob Wyman: Question: Please discuss relationship between did:web and WebFinger. What does did:web do that WebFinger can't? Are there use cases that would be well served by using both did:web and WebFinger in the same app? Orie Steele: Document and this is a this is where I introduce the spice they're part of this talk is going to be about a product called n grok which I've used for many years and it's a really great way of debugging network activity and opening tunnels to localhost and exploring and securing you know web services at the development phase so on the right hand side you can see an example of a did document and. Orie Steele: And I created this Json. Orie Steele: Basically starting the and grok web service and using its instrument apis to get the origin that it was but the tunnel is bound to and that's what goes into the did web identifier the public key also goes into the document and that public key comes from the openssl key generation there wasn't any cryptocurrency required there's no web 3 5 7 or 11. Orie Steele: Key formats although. Orie Steele: And if you were excited about experimenting with those actually think did web can be a great place to do that because you just add them as verification methods and it's Jason and it's very easy to use and in this case there isn't any need to add any other contexts or extensions if you're just trying to do Jason this vocabulary that's added at the top basically will automatically assign term definition so even the skull emoji and the fire Emoji have term. Orie Steele: Missions here and so I highly recommend doing this. Orie Steele: Because you will encounter all kinds of problems in your libraries that are processing your did document if it's not well formed json-ld so I always add a vocab to my did web documents so that those libraries don't explode and then I can look at you know a specific term assignments and I can decide whether I like those term assignments or not and I'll show you at the end a demo of a library that will definitely explode if it's not valid Json till date. Orie Steele: Library that I use a lot in terms of so thinking about what the shape of a json-ld to document looks like. Orie Steele: So hosting a did document it's not enough to just have a Json file has to go on to a web server and this is where n Gras comes in so the first line in the upper left-hand corner is basically saying I'm going to serve a folder with korres on localhost 3000 and normally that would only be accessible to you of your on localhost 3000 on the server that's running but what an grok will let you do. Orie Steele: Do is it'll let you bind a tunnel to that service. Orie Steele: See you know the in the end Rock Network diagram what it looks like when you don't have that web service up so it's green Up Until the End Rock agent and then it's red because your web service isn't running but then if you turn your web service on which is the first command in the upper left-hand corner you get did Resolute you get an actual did resolution for well it's not that resolution but it's the data web and point for that web origin resolved successfully. Orie Steele: And that's because the. Orie Steele: As has spun up in the tunnel is binding to localhost 3000 and its binding on this origin which is this you know hexadecimal string Dot and rock that app and we can talk more about that in the private in the sort of technical detail section because there's all kinds of privacy issues with doing this in a production environment but for testing there's a lot of benefits for this with did web and again you know this is just an example you probably know. Orie Steele: How to host Json files without using and rock I'm just showing and rock here for the. Orie Steele: Showing developers that this is a tool that's really useful when you're testing things with did well. Orie Steele: So on to sign and verify so if you're going to sign and verify you need to be able to get key material I've shown on the left hand side a little bash script that will use J Q2 which is a tool for processing Json responses so this bash script will work against any resolver that returns you know did documents in a reasonable form. Orie Steele: And basically. Orie Steele: You're going to want to do is you need to get the public key that you're going to use to verify the thing so whatever it is that's been sign you got to get the public key which means you have to talk to a resolver and in the context of did web you know you could Implement that resolved or locally or you could trust a third party resolver but one way or the other you're going to have to dereference to the public key material to check a signature. Orie Steele: See the key conversion piece at the bottom there you know if you resolve a key but it's not in the right format for your library that's going to check the signature you might need to deep Dukey conversion before you can really process that payload in a specific way. Orie Steele: Talking about creating the signature here if we still have the private key from the original key generation we can sign with that private key so we could sign choose to sign a file then we're going to want to do this middle dereferencing piece which is what we're just looking at before and that's you know how do I get my public key that I need to do dereference I need to get this public key in order to verify signatures that are supposedly signed by it. Orie Steele: So dereferencing. <mprorock> w? Orie Steele: Is really important for using did web for anything like you need to get the keys verifying the signature or the openssl is at the bottom and that's easy and that's only possible because you've obtained that public key so you can basically use existing libraries like openssl as long as you have a clear and consistent way of moving from a did or a did URL to a public key and so the main point that I'm trying to make here is that. Orie Steele: Is that like dad's might be a new way to discover public keys. Orie Steele: The software that works with public and private keys still works it's great some of that software is empowering and securing major components of the internet for a very long time and so one way of thinking about your first you know experiments with dids might be how do I use all of the tools that I'm really familiar with and then just add bids as a tiny little extra step and that's really about key generation and dereferencing in my opinion so if you're interested in exploring. Orie Steele: Flooring Dead's I'd suggest start with what you know and try and add a. Orie Steele: As opposed to sort of starting with dids and then trying to figure out why you're spending any time with kids. Orie Steele: So technical details there are a bunch of privacy issues with with did web and I've included this excellent Anonymous picture here with Anonymous bearing the coffin of privacy a lot of folks have have pointed out that you know 40 IDC servers it might be acceptable to disclose public keys that are used to sign access tokens but that's because the server is represent a business. Orie Steele: You wouldn't really. Orie Steele: I do that same kind of thing if it was for individual like and human users or in particular human users that are highly vulnerable to disruption through a normal legal process or through State actions web infrastructure does have some kinds of security issues associated with censorship and. Orie Steele: Attacks on certain layers of the network infrastructure that powers the web are very easy for certain classes of attacker and they're pretty hard for other classes of attacker so depending on what your threat environment is did web might be really not the right method for you I tend to think of did web as being the right method for a lot of businesses probably a lot of individual developers but definitely not the best method for someone who's you know. Orie Steele: Really private. Orie Steele: A journalist or is a freedom fighter or terrorist like I don't think did web is a good it's good for those use cases at all I think they folks who are interested in you know truly immutable self Sovereign identity would be better off with other formats potentially ones that have no network observability at all. Orie Steele: So I purely deterministic. Orie Steele: Did not consent so one thing to think about you know with respect to did web is like well how can I trust the web server to not add new keys or change you know the public key that I've added and if you can't trust that web host service to not tamper with your regular content you should definitely not trust them to host your key material I'm so I used look GitHub to host a lot of did did web demos and I. Orie Steele: I generally trust GitHub to not. Orie Steele: Ten that I put in a web server I also trust GitHub to manage my version control for my software so I have a lot of trust built into that web origin already and if I feel comfortable with GitHub performing those operations then it follows maybe I feel comfortable with GitHub not altering my my did Json file which has the keys that I've added to it but you know other folks might feel differently about GitHub right so just be careful that you know with did. Orie Steele: You have to trust. Orie Steele: Service provider that's like an important part of using did web. Orie Steele: And you know in terms of the privacy issues associated with did what I'm about to show an example of exactly what I mean with respect to privacy but that did Jason well-known endpoint has to be resolved in order for did resolution on that did web to succeed so that origin is seeing resolutions and they might just be seeing resolutions for their single identifier but in a world where they're using the path based routing so not the well-known and point but but. Orie Steele: But many. Orie Steele: Origin and there's even more risk of privacy issues and having the did controller you know in the context of the hosting service provider have visibility into that it can be actually really big benefit for certain businesses but it also has privacy issues if those businesses are acting on behalf of individuals. Orie Steele: Again there's no blockchain here so web infrastructure has been shown to scale pretty well. Orie Steele: And then if you want to learn like a lot more of like the technical details behind what's really going on with did web I've included some scripts on the right hand side for analyzing a did web you know this is not black magic it's the Dig curl and traceroute commands but they can help start to sort of pique your curiosity regarding the security infrastructure that goes behind did web and whether or not you can trust content that you're looking at if you're doing. Orie Steele: Did resolution. Orie Steele: And the rest is appendix and so I can give a demo now unless there's further questions. Patrick_(IDLab): I have a few questions I'm wondering if I should wait for the demo first or just go ahead. Orie Steele: And ask now. Patrick_(IDLab): All right so my first question so regarding the whole block chain thing in the did method so it's fair to assume that depending on the did method there is sort of infrastructure backing it and the case of did web it's obviously a lot more open handed but if you have like the did you PSI for example we know very well that there is a blockchain infrastructure behind it and this going to bring some sort of implicit. Patrick_(IDLab): Concepts to the documents that are. Patrick_(IDLab): Start there the most notably wand obviously availability is going to be a big one in youth ability and some kind of access control for writing on that server so parallel to that there's the concept of the verifiable data registry so how do you how would you explain the correlation between the verifiable data registry and the underlying infrastructure does a what I mean is does a verifiable data registry need. Patrick_(IDLab): to have certain security features and it. Patrick_(IDLab): Secret few key features are really just depending on the infrastructures on which it relies that that make sense. Orie Steele: Okay so the four when you create a did method you describe the identifier format so that's like you know what the identifier is going to look like and then you describe the operations create update resolved and deactivate and then you define security and privacy considerations. Orie Steele: In any did. Orie Steele: Lies on a verifiable data registry as a software component you usually have some treatment of the privacy and security considerations section for that component so if you use the theorem or Bitcoin your privacy and security considerations should say something like we used ethereum or Bitcoin for this it's a public permission list you know Ledger and anyone can write to it but everyone can read from it and there are other. Orie Steele: No security issues. Orie Steele: Blah you talk about the verifiable data registry in your privacy and security considerations section. Orie Steele: If you so if you're talking about the kind of the verifiable data registry as it was sort of more of an abstract concept. Patrick_(IDLab): But my concern is like how does the verifiable that urgency fit into did when I guess it's the my main question. Orie Steele: Yeah so yeah so the the what is the registry right the registry here is its DNS and it's a combination of DNS and HTTP and certificates it's not just you know one software component it's a slice across the web stack and adding each of those components up produces the consistent software experience that implementers rely on to build did web resolution or resolved. Orie Steele: All that. <bumblefudge> in terms of historical resolution/versionTime=, the registry is the Internet Archive 🌶️ Orie Steele: Resolve operation for did web you need to consume those layers of the web infrastructure how those layers are implemented could vary greatly right so you could have a scenario where you know one did web uses a specific web server and a specific web origin and another one uses a totally different you know top-level domain totally different web hosting infrastructure and those are different implementation details underneath the same verifiable data registry. Orie Steele: Does that make sense. Patrick_(IDLab): Yeah it does so the reliability of this VD R is going to really depend on the underlying implementation so you could have two implementation of did web one can be secured and the other one less secured yeah. Orie Steele: Yeah yeah and you haven't really said this directly but I hear maybe hear a hint of it and what you've mentioned before like what if you really like a blockchain and you want to use the blockchain to manage the did Json documents and then you just expose the did Json documents on a web origin then the web origin is still trusted to not tamper with the those documents but you're kind of using a really stronger database. Orie Steele: The store them instead of just putting files on a web server and. Orie Steele: You allowed to. Orie Steele: Do that but remember the trust is in the web origin because the web origin is the root and that's where tampering can occur. Patrick_(IDLab): Yeah so that there was something else I'm exploring is obviously with did web you could within some document you could reference other did methods so like object stored on other did methods so another question I would have is if me as my implementation I want to make an API that's meant to respond to did web request is that from the pain or. Patrick_(IDLab): is that fine. Patrick_(IDLab): Storing a document but I'm sort of responding a document dynamically. Orie Steele: No that's totally fine like so the file like the did Jason is like that the spec says this endpoint is what you must perform an HTTP resolution on to get the did document it does not tell you whether you have to implement the endpoint as a file or as a database query that talks to a blockchain or whatever you can do that however you like. Mike Prorock: Exactly there's a good degree of flexibility there and I'm just jumping in because I see Bob on the cue and I do want to make sure or he's able to get to demo as well but Bob fire up. <bumblefudge> controller property Juan Caballero: "Controller":"did:stronger-vdr:alice" Bob Wyman: Okay question okay give them the did web it relies on DNS it uses HTTP to fetch documents it doesn't rely or doesn't require any crypto and it exploits the dot well-known. Mike Prorock: You got it. Bob Wyman: A convention so the obvious question is is did web really just a profile on the use of webfinger and can we say right so so why why do we have why do we have did web as anything other than a profile on webfinger like when would I can did web do something that webfinger can't is there ever a case. Bob Wyman: I swear I would want both. Bob Wyman: And did wave in the same app like. Mike Prorock: https://www.rfc-editor.org/rfc/rfc7033 Orie Steele: Great great question so I'm webfinger is obviously useful as a building block in lots of other ecosystems like you know I think activity Pub or or Mastodon or one of one of those systems definitely uses it I've had to use it before. Bob Wyman: Macedonia is it although not very well and kind of in a silly way but anyway. Orie Steele: But the point basically there is that like the web server has a need to expose whether accounts exist on An Origin or not and that's kind of very strongly aligned with the did web path based identifiers approach format but it's not very well aligned with the raw origin did Web format so there's there's two primary ways to resolve a did web document one is the well-known did Jason and the other is a path based routing. Orie Steele: And I mean if you asking not. Orie Steele: In like it would be much better to just throw out everything that we have for did web and rebuild a profile on top of web finger. Orie Steele: But that's not how standards work like this thing has been around since basically the beginning of dids and it's evolved to have its shape based on the community contribution and feedback spec is under development at the ccg and it becomes very hard to change what a did method is over time and that's why it's great to be able to create new did methods that have the properties that you wish the other did methods have and then you know you can advocate for hey. Orie Steele: Guys like stop using did web start using did web finger or. Bob Wyman: Well what is it about. Bob Wyman: Did web that would need to change if one said it is a profile of wet finger. Orie Steele: You have to describe the read operation in the verifiable data registry in terms of the web finger standard. Orie Steele: That's just sentences in a document basically. Bob Wyman: Okay but other than changing sentences with anything semantically change. Bob Wyman: Like what any bits on The Wire have to change if one said that it was a webfinger profile. Orie Steele: I mean the content that you're getting from the in the response would be different but you know. Orie Steele: The overall approach that you're suggesting is one that can be explored and you know I encourage folks to just go make a new did method as a profile of webfinger and look at did web and look at the thing that you've got and you know show what the differences might be I think that sounds like a fun fun thing to do. Bob Wyman: Okay it just strikes me that. Bob Wyman: Frances between did web and potentially it did webfinger are so subtle that. Bob Wyman: Not doing ourselves a favor by having this variety of this kind of variety or these differences like. Bob Wyman: I mean this is is this ietf versus w3c is that what's going on here. Orie Steele: I don't really know what you're what you're getting at with that but the in at least in the context of like the approach that did spec Registries and did core you know first publication took the approach was to document requirements where we could get consensus as a working group and then to make it possible for people to really. Orie Steele: Explore the. Orie Steele: Space of did methods and we did that with the did method Registries so you it's very easy you can easily create a new did method and it could be 99.9% the same as an existing one and if you've made some small Improvement to it that justifies giving it a separate name great and no one can stop you from doing that right it would be a problem if You Were Somehow not able to do that because it would be evidence that the decentralization property of the specification was weekly implemented. Bob Wyman: I understand I understand that did webfinger would be trivial to spec and get registered but we didn't wasn't there just on the list there was recently a discussion about how flexibility ain't quite all its said to be. Mike Prorock: Yeah there's there's I mean there's a bunch of stuff in it honestly like Baba actually I like this kind of conversation because I think it's going down some interesting especially meta type like you know how can we improve things are we putting effort in the right places etcetera but but I'd say let's probably table it for now and take the conversation to the list just because I Seek You stacking up and I want to make sure or he has 10 minutes at least four. Mike Prorock: Demo followed by a question or two. Bob Wyman: Okay sorry if I go too far off track. Orie Steele: It's great is it ready. Mike Prorock: If that works for you oh yeah yeah no worries yeah it's a cool topic and that's why it's easy to go away who you know way deep in lots of different directions on this so many. Manu Sporny: Yeah just real quick to try and address Bob's concern the fundamental differences are the webfinger the the file that you get at the other side is a totally different data format from the from the did spec there's no compatibility with the rest of the did methods so you know it would be kind of a one-off you know for webfinger it was considered but you know webfinger was. Manu Sporny: Kind of you know. Manu Sporny: Specifier in webfinger it was just designed for kind of a different problem space you can step back and go like oh yeah I can see how there are more or less the same thing and that's true but the problems come in when you go to implement right lawyer where you go to implement key formats and file layout and yeah exactly that's where everything kind of falls apart that's it. Mike Prorock: Yeah compliance with the data model itself and stuff like that yeah yeah yeah cool yeah awesome thanks man who and or you want to dive into demo and then we can take a few questions here. Orie Steele: Sure so I have running in this tab that web server command. <smagennis> zoom in please Orie Steele: This MPX serve of the WW origin and that's what is meaning this localhost pieces up here and then over here I have the an grok binding and you can see these you know server logs are reporting to me every time a resolution occurs so if I go to a resolver like this resolver processes did documents that are well formed json-ld and it makes you this like. Orie Steele: Little graph. Orie Steele: So you can you know look at the different components and pull them around zoom in and out of them in 3D space or whatever I was I made this resolver to basically highlight the cool part of json-ld and the did course back you can see you know all of these different relationships here for this one particular key and then you know you can see other details about that particular key you can see blank note identifiers Everyone likes to look at those. Mike Prorock: https://lucid.did.cards/ <manu_sporny> Very cool demo! :) Orie Steele: Like you know this particular format this only works because this is a well-formed json-ld document and every time you know I refresh this you can see another resolution so I'm tracking my own resolutions on my did basically here and if I look to another resolver so different web origin and I resolved again it's going to trigger another one of these here. Orie Steele: Inside of an grok. Orie Steele: Deeper at these so this is like their minimal interface that they provide but they have full request response introspection available here which can be really helpful if you're debugging something detailed but the important thing to note here is that this is just the well-known did Jason so I don't know what the user is trying to do with the did document like I don't know if they're trying to look at a specific verification method there's only one verification method good chance that that's what they're looking. Orie Steele: For here. Orie Steele: I have hundreds in here and then I wouldn't necessarily know which key they were trying to use and for what purpose and similarly for service you know endpoints like there aren't any service and points in this particular did document but if there were I would just see resolutions of the did Jason I wouldn't know exactly what they're trying to do here but just having that timing information can be a big problem like if you imagine this wasn't me self-hosting but instead this is me. Orie Steele: Me and to some degree and rock is still seeing some of this transaction. Orie Steele: So if I you know if this weren't you know for development and testing purposes maybe I'm concerned I'm leaking did resolutions to and rock because they can see each did resolution that's happening as a result of this well-known did Jason but again this is for one origin and this is me self-hosting that's very different than if you look at the server logs for this resolved or here where this resolver is going to have resolution logs for every did method that's resolved through it. Orie Steele: So the point here is you know if you. Orie Steele: If you want to use did web and grok and a Json file and a simple web server is really really easy way to get started and if you want you know to take the entire thing down you just killed it and Iraq instance and when you go to resolve it not going to resolve on any resolvers anymore and the wet local webservers up but the tunnel is down and like that's that's the whole sort of Point like you you were basically adding in these. Orie Steele: These layers to serve Json files and that lets you easily update the. Orie Steele: Machine you don't have to. Orie Steele: Push anywhere you just change the file and it's going to change the behavior on the web server. Orie Steele: That's it. Mike Prorock: Cool thank you sir Patrick I see you on the queue. Patrick_(IDLab): Yes I usually have a few questions try to be sensible of time sometime I get over myself this is it was very interesting I've been looking at did web for the last two weeks or so like I mentioned beginning I'm trying to do like some prototype proof of concept implementation for the an incred specification so without going into too many details there's a requirement. Patrick_(IDLab): to sort of. Patrick_(IDLab): Serve other type of documents than a did Json documents mostly just Json structure that are necessary to process the type of credentials that are issued and verified and upon my research I came to the conclusion that the best way to do that would be to use services in the documents and so more specifically I think. Patrick_(IDLab): think like a sort of a file storage. Patrick_(IDLab): Service that would resolve these document so my first question is how I can. Orie Steele: Yeah so you can't you can't just take did web and get the behavior you want there because what you're really asking is I need a resolver that knows how to handle related resources in the URLs right. <bumblefudge> nginx rules? Orie Steele: Yeah so you need a resolver to do that and resolver might be able to process the path component of the did URL or process query parameters in a did URL and that resolution process would usually the way that it works it would resolve the did document then it would use the did document to resolve the relative resource or external resource and it would do that by processing the other components of the. Orie Steele: Did your El. Patrick_(IDLab): Exactly so let's say I have a service which is my resolver which is I think what you're referring to. Patrick_(IDLab): If I if in my did document I use one of the service let's say I want to one of the examples like a shimmering so I need to publish some scare Maya is like a defined data model so I have one of my services could be like Shimmer resolver let's just pretend. Orie Steele: Yep wait but you need that web service that knows how to handle did your Ells that point to resources that aren't in documents at web service is a resolver and resolvers are not standardized so you know you have the whole you can read the did resolution spec it's a draft in the ccg you know it's going to handle that one way other people can Implement other ways to handle did urls. Orie Steele: Yes and this is its. Orie Steele: With did core like this is an area of the working group wanted to do more but you know our Charter forbid us from making this easy. Juan Caballero: https://github.com/w3c-ccg/did-method-web/issues/61#issuecomment-1201181499 <bumblefudge> ^ This might help Patrick_(IDLab): Okay because at the moment my way of thinking was to use like it did web URL with query you know parameters with the service and the relative reference I think it's called it's not pretty you know and I'm wondering what's the point of this service query the service parameter if it points in the did document to. Patrick_(IDLab): like that. <bumblefudge> but orie's right on the resolution side Patrick_(IDLab): Fragment could I just use the fragment directly instead of a service parameter. Orie Steele: So usually the fragments are for referring to sub resources in the document that you resolved with a specific media type so they're not really great for identifying external resources that's not their primary use there to there to identify sub resources in a result document the purpose of the service parameter and the relative ref you know features and these are extensions too. Orie Steele: Decor that are in the did Speck Registries was to give. Orie Steele: There's a way to create did URLs for resources that they are in control of without binding to a specific location so I could have an ipfs Gateway that I use to host ipfs content and I can make did relative ref did URLs for ipfs hashes and then if that Gateway service provider goes away I just change their service and point out and all the did URLs are still the same but the ipfs Gateway that's. Orie Steele: Used to resolve is no different. Mike Prorock: Yeah Brent I see you on the call so I'm going to put you on the spot because I know at least At Last he pack some discussion came up around standardizing some of the resolution side and things like that to get at these issues and what's your sense of where things would be going possibly in the future from a did working group reformation and you know potential work. BrentZ: So did working group right now is you know on extension while we work on a draft of the new Charter the primary work in the new Charter is to maintain the did course back there was conversation around some possibly additional things did methods and did resolution primary amongst them even if the did working group Charter in ends up including. BrentZ: those things. BrentZ: It wouldn't result in a normative specification within the next couple of years most likely it would be for the group after the next group to more formally address those as part of the did work. Orie Steele: But just to be clear on the point I think the current did working group can work on documents of a pre candidate recommendation draft status that would be related to standardizing specific did methods or standardizing specific did resolution processes that correct. BrentZ: It is proposed that the next did working group would have that in its Charter yes. Orie Steele: Right yeah the charter is Charter text has recently received a pull request that emerged that and the charter text is not yet been voted on I think right. BrentZ: Write the next step is presenting it to the AC and having a conversation with the rest of w3c around how they feel about our proposed new chart. Mike Prorock: I am sure that will go flawlessly and perfectly smooth. Orie Steele: And I guess you'd have to be on the AC members list to participate in that conversation because it'll it won't be open. BrentZ: It is formally a conversation amongst AC representatives for w3c member organizations. Mike Prorock: Cool well with that I see we're coming up towards the top of the hour there's been a goal for us to not run this meeting much Beyond 5 minutes to the top of the hour since everything seems to be running back to back these days I am going to just check the queue and see if there's any kind of final questions comments and otherwise I'm going to let already closed down and thank him for his time because this was extremely helpful and a nice thorough Deep dive. Orie Steele: Awesome thanks always fun to present on something technical I'll give a PDF of the slides to the chairs for the for the list notes and if you have any questions their repository with all the code for the demo is public and it's linked in the slides and feel free to file issues their message me in the dip Slack. <harrison_tang> thank you, Orie ! <manu_sporny> Great presentation, thanks Orie! Mike Prorock: Awesome thank you so much mr. orry with that everyone please have a wonderful day and we will close.
Received on Wednesday, 22 March 2023 03:43:08 UTC