- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 29 Jul 2019 22:44:46 +0900
- To: public-vc-wg@w3.org
available at: https://www.w3.org/2019/07/23-vcwg-minutes.html also as text below. Thanks a lot for taking these minutes, Amy and Brent! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - Verifiable Claims Working Group 23 Jul 2019 [2]Agenda [2] https://lists.w3.org/Archives/Public/public-vc-wg/2019Jul/0010.html Attendees Present Adrian_Gropper, Amy_Guy, Andrei_Sambra, Brent_Zundel, Dan_Burnett, David_Chadwick, Dmitri_Zagidulin, Ganesh_Annan, Joe_Andrieu, Kaz_Ashimura, Ken_Ebert, Matt_Stone, Sercan_Kum, Ted_Thibodeau, Yancy_Ribbens, Jonathan_Holt, Oliver_Terbu, David_Ezell, Dudley_Collinson, Dave_Longley, Manu_Sporny, Kaliya_Young, Drummond_Reed, Benjamin_Young Regrets Chair Matt_Stone, Dan_Burnett Scribe Amy, Brent Contents * [3]Topics 1. [4]Agenda 2. [5]PRs 3. [6]Issues 4. [7]Is the document ready for PR? 5. [8]PR Process 6. [9]pull request 707 7. [10]AOB * [11]Summary of Action Items * [12]Summary of Resolutions __________________________________________________________ Agenda <stonematt> [13]https://lists.w3.org/Archives/Public/public-vc-wg/2019Jul/0 010.html [13] https://lists.w3.org/Archives/Public/public-vc-wg/2019Jul/0010.html <rhiaro> scribenick: rhiaro stonematt: A key goal for the meeting is to begin a transition for second CR. That has some schedule implications ... our charter ends in September, the CR period is 28 days, and then we can transition to PR ... The CR is going to be very narrowly focussed on the JWT work ... Then we'll have a strategy discussion about PR ... We've got a few items on the agenda - outstanding pull requests, issues ... Anyone have anything else for the agenda? PRs manu: zero ... no new PRs, we're done Issues <stonematt> [14]https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is%3Ai ssue+is%3Aopen+-label%3Adefer+ [14] https://github.com/w3c/vc-data-model/issues?utf8= manu: there are really three issues that we should look at ... issue 526 is an admin thing ... the iat to nbf changes, I merged that PR in and marked it as seven day close. I merged it because regardless of which way we went it needed to be merged anyway ... and we had a wg resolution to close that issue and pull in the PR ... that should be closed soon <manu> [15]https://github.com/w3c/vc-data-model/issues/704 [15] https://github.com/w3c/vc-data-model/issues/704 manu: Ted and Joe raised issues in the last 24 hours which I haven't looked at ... 704, Ted saying it's editorial TallTed: There are two options, one is to have two blocks of code one with clean json, and one is to have a line to explain why it's not valid json ... It shouldn't be a json code block if we're including stuff that makes it syntatically invalid json manu: I'm agreeing we should put in language to say it's not valid json TallTed: that's the minimum, I don't like it, if we do take that route we should put it for every json block that has a comment line ... I know it's a pain stonematt: can we caption code blocks? manu: we tried captioning before and it did not.. there's too much to say ... I think it's fine every single code block, it's just the first two examples TallTed: I would have put in a PR, I only noticed it last night manu: I'm checking the other examples now, only examples 1 and 2 have annotations, every place else has a green highlight ... I feel strongly against taking the comments out, so lets highlight those examples it's not valid json. Example 30 has a comment too TallTed: I'm saying have another block that has them without. Keep the block with the comments, but also have a valid block without them for people who can copy and paste manu: I'm -0.4 for that because it's duplicating stuff ... the assumption is if you're working with json you'll know those lines are invalid ... so we can say this is invalid json, strip out the // ... it's a compromise TallTed: it's a question of whose life is easier. I'm not going to fight it ken: example 6 where it says proof: { ... } there's a comment there as well manu: that's all over the place ... all of the examples would be invalid in that case TallTed: if they've all got ... they shouldn't open with the curly brace ... if they're showing excerpts, showing { ... it could just as well open ... manu: there is structure around the ... to specify whether it's an array or an object ... the stuff around the ... is important for the example TallTed: right manu: we could make a statement early in the spec that says the examples are annotated in ways that make them invalid json,s pecifically we use // to annotate lines and we use ... to specify that there's other information in here where the contents are unimportant for the example ... we say that early on in the document, I don't know exactly where.. ... Probably in the how to read this, the rfc must should text TallTed: that's a reasonable place to put it ... we could put the wordy warning in one place and do a link to the wordy warning at the other places manu: my only concern with that is we'd have to put it in every single example TallTed: I agree manu: grrr TallTed: it's a pain, I'm sorry manu: I don't think it actually helps, I think it's extra verbosity taht's not going to help people read it. An implementor will look at it and know that ... means something goes there dlongley: I was going to suggest we make a note in that same section at the beginning that talks about the examples, that says if you would like runnable exmaples please go to the implementation guide, and we can put some that people can copy and paste and run over there TallTed: it's viable to the extent that people read the implementation guide. People just read the spec. Yes JSON people should already understand this and recognise it when they see it. Not everyone is going to be a JSON person manu: it has to do with the audience for the document ... shoudl we work this out in the issue tracker? ... it seems like we have some idea of some things we could do and instead of using call time we can use the issue tracker <stonematt> ok dlongley <Zakim> dlongley, you wanted to suggest that if you run runnable examples go to the implementation guide? TallTed: fine with me. It's editorial, not normative manu: correct ... it is editorial <brent> +1 to editorial stonematt: How is it affecting the CR process and vote today? <brent> +1 to this not affecting CR or PR manu: shouldn't affect it all. It's editorial, we can make editorial changes when we go to PR. We can note that there will be stonematt: Then I'm +1 for tracking it in github <ken> +1 to editorial <manu> [16]https://github.com/w3c/vc-data-model/issues/705 [16] https://github.com/w3c/vc-data-model/issues/705 manu: Moving on. 705 is next ... Joe raised an issue 19 minutes ago ... Joe and Matt raised this.. ... Stating that the verification dfn is problematic and we should use another definition JoeAndrieu: it came up in the use cases, riiks wanted to see a distinction between verification and checking status ... as Matt and Tzviya and I were working through it, at first verify wasn't in the list (verification), and when mat tpointed out that definition, that's conformance with the spec but not what the rest of the document means with things like verificaiton method and what a verifier does etc manu: I just want to make sure we're not talking about validation? We defined that as a working group and I'm concerned that checking credential status for ?? is a validation step not a verification step ... verification is conformance to the data model JoeAndrieu: I don't think that's correct ... this is about what 'verifiable' means in a verifiable credential ... verification is the thing that makes these credentials different. We have to define that ... even if it's slightly off of the distinction you're making between verification and validation manu: I would disagree with that, I'm concerned about kicking off another discussion around .. let's just go with the text that you're suggesting and see if there's any disagreement <manu> [17]https://github.com/w3c/vc-data-model/pull/706 [17] https://github.com/w3c/vc-data-model/pull/706 JoeAndrieu: I put in a PR 5 minutes ago.. I tried to put some text in, I'm not fully happy with it ... because what I quote from elsewhere in the document, we say this elsewhere let's just use that, but when I put it as a full dfn it was wanting TallTed: we do have a bit of a rathole here and I don't think it's avoidable ... there needs to be a distinction between a structural validation (following the model) and a validity of this credential which is checking the signature and date and those things stonematt: the line we don't want to walk down is what's acceptable. That's the whole judgement subjectivity thing brent: we have in the terminologoy section verification and it's defined strictly as comparing with the data model. The validation definition seems to be what joe is wanting to make the new verification section JoeAndrieu: that's interesting brent: we have validation saying this is what the verifier cares about ... there's also another line somewhere saying this is necessary in order for a credential to be a verifiable credential stonematt: it has to do with the signature stuff manu: my biggest concern is we're opening up a big can of worms by having this discussion this late. I'm going to try to make an arguement that the thing we put in the spec - we had multiple wg meetings for this language, a ton of discussion - verification we were very careful int hat definition... whether a VC complies with the spec, includes checking credential status. Any time there's a must or may in the spec that's a part of verification <TallTed> maybe change "verification" to "verifiability" because it's not really verification that's described manu: Here's why putting that extra sentence in there opens a can of worms. there are some things w ecould argue into the ground as being verification or validation and there arguements for either side ... there's a grey area ... specifically the revocation of a credential is one of those things in the grey area ... some verifiers will look at it and go you know what, whether or not the crednetial was revoked is unimportant to me ... i can look at something as valid even though the credential has been revoked ... whereas others will say if it has been revoked it fails validation ... the problem with adding things to the dfn is it will force some of the things in the grey area into the verification bucket or the validation bucket which will kick off a whole bunch of disagreements ... the reason we picked the dfn that we did is because verification is if there's a must or should or may then it falls into the verification bucket ... validation has to do with your business logic <TallTed> "conformance with this spec" is not what's happening when you're evaluating revocation, nbf, expiration, etc. manu: if your business logic is different from someone else's business logic then it's a validation thing that's going on ... Ithinkw e can wordsmith it, we can use the issue tracker, but it's the wrong time to be doing this ... everyone's dfn of right is going to be slightly different ... happy to have the group try to revise as much as they can <Zakim> JoeAndrieu, you wanted to say its not that gray JoeAndrieu: +1 to taking it to the issue <TallTed> Right now we've got what looks to me like overlapping spiral definitions, not quite circular, but close. JoeAndrieu: I also am frustrated by the last minute bikeshedding which this feels like. But I don't think it's as black and white ... It hink VCs do something specific so you can verify them ... that's different that the business rules of the verifier <TallTed> I don't verify that I can verify. stonematt: the thing I'd recognise as a verifier is you can verify a credential that was valid at one time but isn't any more but you can still verify ... we're getting into the policy thing about revocation. I always get tripped up by revocation because the status has been withdrawn by the issuer vs the keys have changed and it's not trustable any more <Zakim> stonematt, you wanted to say so you can verify an invalid credential (one that's been revoked) stonematt: that's not the revocation discussion, that doesn't verify that the security/signature stuff is at riks, but the status is the thing we're focussed on here ken: in section 5.1 we talk about verification but we don't mention validation as a separate step they might take that is beyond the scope fo the spec ... we say where you shold verify which includes checking credential status, but once ?? not making that clear distinction in taht useage, our terminology is kind of loose in terms of verify vs validate <Zakim> manu, you wanted to comment on validation and move to issue tracker/PR... manu: next steps.. I'm heairng lets taking it back to the issue tracker and try to come to some sort of resolution there ... ken I note we have an entire appendix on validation. We're not clear you're right, we're not clear on purpose, we couldn't come to agreement, there were too many times where it was not clear whether something is verification or validation and it really came down to someone's viewpoint <TallTed> This spins far out of "data model" and into use... <brent> +1 manu: joe I hope you are right and it's not as grey as we think but we got to the dfns we have in the document because there was so much grey area and that's what we could get people to agree to <burn> +1 TallTed <Zakim> burn, you wanted to ask who call in user 4 (area code 615) is <brent> scribenick: brent dudley: I am CIO at university admissions center in australia ... we provide services across australia <gannan> I believe the website is [18]https://www.uac.edu.au/ [18] https://www.uac.edu.au/ dudley: real privilege to be hear, new field of technology stonematt: lots of +1s from this group ... PR and issue discussion is done for today Is the document ready for PR? stonematt: anything keeping us from PR, what is lurking in the shadows? burn: before we got here, I thought we were going to close off Issue 526. ... A vote to publish will have to have a "assuming this is pulled in" which is weaker. manu: we can try iat-nbf because oliver is here ... the administrative one is not resolved yet. burn: I thought we discussed this yesterday. I think the problem is with the spec manu: 526 is handled, in the PR and CR docs, I thought we were keeping it open until the TR is fixed as well burn: Either the link in the spec needs to be fixed, or the re-direct needs to happen. manu: both PR and CR have been updated to point to the appropriate palces. ... link to the documents in the current version assume sysrec is going to update the links when we publish. ... this should have been done months ago ... the title is wrong in TR space. ... maybe Dan can clarify this in the request. If we don't fix it now, it will be broken for a long time. burn: but the pointer to the date3d CR doc is fixed manu: but sysrec hasn't finished ... that link doesn't re-direct <Zakim> manu, you wanted to provide status update. burn: 7 days ago it did something, so now I'm confused. ... I will look into 526 again <manu> [19]https://github.com/w3c/vc-data-model/issues/667 [19] https://github.com/w3c/vc-data-model/issues/667 manu: that will stay open. Is oliver here? oliver: yes manu: are you and ted happy with the resolution to this issue? TallTed: I'm good with the PR oliver: I'm also good with the PR manu: we have confirmation and can close. Anyone else disagree? stonematt: we are deciding based on that confirmation to close this issue? <ken> +1 close TallTed: the thread of conversation we were just having says to me that everyone needs to read the spec again and make sure there is no protocol, no action ... this is what the field is for, not this is how you do it. Even the lifespan is problematic it is outside of bounds. This stuff happens during protocol activities <burn> I have closed issue #667 TallTed: feels problematic to put this out there that makes it seems like we have defined protocol when we have not stonematt: Joe and I stirred the pot. we have a lot of things in the use case document that is very much running ahead of the data model. ... we may have driven too much of that into the data model. which led to the question about verification ... Maybe this is more of a definition for the use cases TallTed: I think the terminology doc needs to be split manu: propose a way forward. we are trying very are to get a second CR. we have to decide on that today. ... same with the PR doc, we have to signal we are on a path to finish. <burn> +1 manu TallTed: we can't continue say process flow is the ruler because process flow is going to make this doc useless. manu: it is never done, only in various stages. we continue to work on it. question is, is it good enough for people to use. ... I think all of us agree these are editorial. <Zakim> manu, you wanted to propose a way forward. manu: we are working within the constraints of the W3C. I don't think the document is in a state where we should kill it. ... what I'd like to get to today is a signal to the director that they can move forward. ... we have roughly a month to figure it out. It would be a real shame to even suggest killing it. ... I'm hoping we can get to voting on CR and PR today. and mention we may make editorial changes. DavidC: question for clarification: Can we make editorial changes in the PR? manu: two classes of changes. First, we can make editorial changes during CR. ... we are going into a second CR. We can make editorial changes after that before PR. ... there are two changes that can be made during PR: one is editorial stuff, the other is additions from the director. ... we are at the end for version 1.0 ... we need to not derail the problems. DavidC: why can't we go right to PR? <Zakim> burn, you wanted to say that PR is final stonematt: the plan is to address these before PR burn: after PR, no changes. ... we have made a large number of non-substantive changes. ... we could go to PR if we didn't have iat->nbf change now we are going into another CR, so we can make some non-substantive changes. people love to make last minute comments scribe: we need to hold the line. No changes after PR. Non-substantive before PR, yes. stonematt: queue is clear ... based on that discussion, it seems we are moving to the discussion about the vote. <manu> +1 to talk about 2nd CR <oliver> +1 <ken> +1 <DavidC> +1 <deiu> +1 stonematt: anything else to bring up? ... manu, do you have a proposal? manu: I can provide the link, explain why we are doing this. If we remember the discussion from last week. ... there was a bug in the spec, so after making the change we need another CR. ... the good news is it only needs 28 days and we can seek comments only on this one small thing. ... because we already took comments on everything else. ... we need wide review on this one feature. <manu> [20]https://w3c.github.io/vc-data-model/CR/2019-07-25/ [20] https://w3c.github.io/vc-data-model/CR/2019-07-25/ manu: yes we are doing another CR, it is focused on this one thing, but we may make editorial changes ... this is prepped to go out thursday ... so we need to vote today ... it is clear we are only taking feedback on the iat->nbf change ... does the group want to publish the linked docuement on this thirsday for a 28 day CR period ... chairs, is that in alignment with your plans? stonematt: yes. DavidC: oliver, verifiable presentation iss is the issuer, the verifiable presentation doesn't have an issuer. <burn> agree with Manu manu: this is the worst time to bring things up. <burn> Better now than later, but better not than now manu: at this point it feels like the JWT stuff is not ready to ship, if we're finding more bugs. oliver: basically, we have two options. Either we have a q- manu: this is really bad burn: yeah, manu is right. this is exceedingly bad. another group WebRTC had its first CR two-three years ago. they are still not done. ... the problem is, each tweak introduces other changes ... if there is something that absolutely must be fixed now and no chance anyone in the universe may object. ... but it is better to do nothing thatn something if there is any chance it could do this. <DavidC> Suggested solution is for VPs in JWT format, the iss field is mapped into holder in the VP oliver: I don't insist on this. don't insist on additional mapping. the spec allows adding the holder field <burn> It might be better to rip the JWT stuff out. If it really isn't ready it should be pulled out oliver: the spec as it is allows us to do what we need to . <Zakim> manu, you wanted to mark section at risk *again*, marked for removal if there is another bug that's found... DavidC: I'm not clear on the proposal oliver: my proposal was to use the holder attribute if we need to inside of the vp property if we need to stonematt: so we propose leaving the spec as is <burn> Agree with Manu that if we make this change we need to also mark JWT section as at risk again in case of another bug manu: checking to see if this is an editorial change ... iss must represent the issuer property <Zakim> manu, you wanted to mark section at risk *again*, marked for removal if there is another bug that's found... manu: what is the proposed change? DavidC: add that it is mapped to the holder. <oliver> +1 brent <dlongley> The spec says this today btw: "If a JWS is present, the digital signature either refers to the issuer of the verifiable credential, or in the case of a verifiable presentation, the holder of the verifiable credential." oliver: why is the spec wrong? we can use the holder field. DavidC: look at example 30. a JWT payload of a verifiable presentation. oliver: as far as I understand, we are talking about the iss field of a verifiable presentation. this is outside of the spec. ... i get your point. the way it should work is to add the holder attribute to the vp section of the JWT ... we could change the example. manu: here is what I'm proposing. We mark the whole JWT section as at risk. ... otherwise the whole spec is at risk. <Zakim> manu, you wanted to mark section at risk *again*, marked for removal if there is another bug that's found... <dlongley> +1 to marking JWT section at-risk; this is the last chance -- any failure and it gets removed and has to go into a different document, can't risk the rest of the document on it. manu: the JWT section to be moved into its own spec if additional changes need to be made after we go into CR. ... we will go into a second CR, mark the JWT section as at risk. ... we have to go into a proposal. <Zakim> burn, you wanted to explain about feature maturity (if Manu doesn't) burn: this happens. if there is a feature that isn't mature or implemented enough, groups do this and move things to their own spec because its not worth jeopardizing the rest of the spec. <TallTed> +1 JWT At Risk (and I think it will probably have to be pulled to a Note for this WG) burn: if we end up making a change along the lines of what david wants, which is a substantive change that others may nto agree on, we would have to remove it. DavidC: We go to the second CR with the whole section marked at risk. If anything else comes up that requires a normative change, we need to pull it out into its own spec. manu: If you can get some text that you and Oliver agree to on the call today, we might be able to move forwar, and the rest of the JWT developers need to agree. ... we mark the whole section at risk, and if anyone disagrees, we have to pull it out. ... please have text to propose by the end of the call. oliver: The text can also contain normative changes, i.e., making the iss field mean the holder in a presentation. manu: yes ... I suggest, do the normative thing if you need to address that burn: more prcisely: when you do another CR, you can make normative changes. ... if you want to go from CR to PR, you can't make a normative change unless you warn that a normative change may happen. ... marking a feature at risk allows us to remove it without requiring another CR. jonathan_holt: can I clarify the issue? I thought the holder was the jti. Does that not carry over to the presentation? <DavidC> oliver, here is my proposed changes <DavidC> change iss MUST represent the issuer property. to iss MUST represent the issuer property of a verifiable credential or the holder property of a verifiable presentation change iss is present, the value MUST be used to set the issuer property of the new JSON object. to iss is present, the value MUST be used to set the issuer property of the new JSON verifiable credential object or the holder property of the new JSON verifiable presentation object. <oliver> +1 DavidC stonematt: Kaz is on the queue? kaz: my comment is a general one, so can wait DavidC: can jonathan repeat his question? jonathan_holt: jti is used for holder, if present, doesn't that carry over to a verifiable presentation? oliver: the jti is the id of the credential itself. the id of the credential subject is something else. <TallTed> (non-normative but important) example(s) (#30, others?) will also need to change to match revised normative text. <stonematt> from DavidC <stonematt> change iss MUST represent the issuer property. to iss MUST represent the issuer property of a verifiable credential or the holder property of a verifiable presentation change iss is present, the value MUST be used to set the issuer property of the new JSON object. to iss is present, the value MUST be used to set the issuer property of the new JSON verifiable credential object or the holder property of the new JSON verifiable presentation object. stonematt: can we get clarity on this? or at least a straw poll vote? <oliver> +1 matt kaz: maybe I can jump in now. ... as already mentioned, there is specific process descri for CR and PR publication by the W3C Process Document. ... we need to identify which issue is really fatal (=which makes the current version spec unusable and need to be fixed)) for the VC data model version one, and which issues could be deferred to the next version stonematt: that's a good question to pose to our JWT colleagues. ... are you asserting that this is fatal to the spec if this doesn't go in? DavidC: what does "fatal" mean? stonematt: it makes the spec unusable. DavidC: no, this is a bug, it doesn't make the spec unusable oliver: i see it in the same way. DavidC: it is a simple editorial oversight. when you add the extra dimension of verifiable presentation, you need more in the text. burn: I think we are looping. as Manu said, oliver and david need to write the text in the channel before the end of the call. <oliver> +1 burn: there will be text that goes into the document nefore the end of the call stonematt: they have the text. manu: I don't think it is there. <burn> as i said, Manu, a PR, right now manu: we need something that can be copied and pasted into the spec ... we need the text that is going to go in the spec. TallTed: The best way is to raise a PR ... then we can just approve it. stonematt: oliver, is that something you can do? DavidC: I think I can stonematt: we have a few minutes while that goes through <Zakim> burn, you wanted to suggest that oliver and david hang up and work directly with each other burn: they need to do what they need to do, even if it means getting off this call and getting it done <Zakim> manu, you wanted to make the CR proposal. manu: here is the proposal ... presumes we will get concrete text ... any objections to this proposal? stonematt: those are ANDs? manu: correct stonematt: I think that is the path we have been walking down <manu> PROPOSAL: The VCWG approves the publication of a Second Candidate Recommendation based on the document available here [21]https://w3c.github.io/vc-data-model/CR/2019-07-25/ for publication on July 25th 2019, for a review period of 28 days from the date of publication with two additions 1) the JWT section continues to be marked as at risk for removal (publication in a separate document), and 2) text is inserted to clarify how the JWT iss/holder are related in [21] https://w3c.github.io/vc-data-model/CR/2019-07-25/ <manu> presentations. <manu> +1 <burn> +1 <deiu> +1 <stonematt> +1 to proposal <dlongley> +1 <ken> +1 <TallTed> +1 <rhiaro> +1 <yancy> +1 <dmitriz> +1 oliver: the feature at risk will be removed at the end of this month? <DavidC> +1 manu: correct <brent> +1 <oliver> +1 <drummond> +1 burn: as before, we need at least two implementations of the new feature and no substantive changes RESOLUTION: The VCWG approves the publication of a Second Candidate Recommendation based on the document available here [22]https://w3c.github.io/vc-data-model/CR/2019-07-25/ for publication on July 25th 2019, for a review period of 28 days from the date of publication with two additions 1) the JWT section continues to be marked as at risk for removal (publication in a separate document), and 2) text is inserted to clarify how the JWT iss/holder are related in [22] https://w3c.github.io/vc-data-model/CR/2019-07-25/ <manu> presentations. stonematt: seeing no negative votes <agropper> +1 <oliver> from before <oliver> no queue <Zakim> manu, you wanted to get something on the record for PR. manu: so, are we ready to discuss PR? stonematt: lets get on record about PR PR Process manu: the PR process, the assumption is we go through CR, it will end august 21 ... we will immediately roll into a PR ... because the timeline is so tight: we publish CR, make an unknown set of editorial changes ... when august 22 rolls around we will publish a PR. Done done with this, unless there are extreme things the director needs to deal with <manu> [23]https://w3c.github.io/vc-data-model/PR/2019-08-22/ [23] https://w3c.github.io/vc-data-model/PR/2019-08-22/ manu: the only updates we will make to the document are what we have already stated. ... removeing the feature at risk flag, or removing the JWT section if there is another bug. ... the proposal we are looking for today, the group feels (modulo the changes already discussed) as long as the only changes are editorial, then the PR will be published on August 21 <drummond> In favor <brent> yes <TallTed> +1 include JWT risk mention <burn> yes <ken> +1 to include JWT risk <drummond> +1 <ken> +1 <Sercan_K> +1 <brent> +1 manu: any objections? oliver: this external JWT document, what would this be like. Would it be normative? <DavidC> +1 <oliver> +1 manu: the only thing the group could do is publish it as a note, non-normative <manu> PROPOSAL: The VCWG approves the publication of a Proposed Recommendation based on the document available here [24]https://w3c.github.io/vc-data-model/PR/2019-08-22/ for publication on August 22nd 2019. Editorial changes to the document referenced may be made based on consensus decisions by the group. The only section that is marked at risk currently is the JWT section, and if removed, changes will be made to the specification to reference an external JWT VC document. [24] https://w3c.github.io/vc-data-model/PR/2019-08-22/ manu: we will send a transition request before CR is ended. kaz: we may need to wait until CR is over <manu> PROPOSAL: The VCWG approves the publication of a Proposed Recommendation based on the document available here [25]https://w3c.github.io/vc-data-model/PR/2019-08-22/ for publication on August 22nd 2019 (or the earliest possible date that the specification can enter Proposed Recommendation). Editorial changes to the document referenced may be made based on consensus decisions by the group. The only section that is marked at risk currently is the JWT section, and if [25] https://w3c.github.io/vc-data-model/PR/2019-08-22/ <manu> removed, changes will be made to the specification to reference an external JWT VC document. <TallTed> +1 <manu> +1 <dlongley> +1 <DavidC> PR#707 has just been published <burn> +1 <JoeAndrieu> +1 <deiu> +1 <yancy> +1 <drummond> +1 <rhiaro> +1 <stonematt> +1 <agropper> +1 <yancy> +1 <brent> +1 <ken> +1 <oliver> +1 <DavidC> <oliver> please take a look <DavidC> +1 <dmitriz> +1 RESOLUTION: The VCWG approves the publication of a Proposed Recommendation based on the document available here [26]https://w3c.github.io/vc-data-model/PR/2019-08-22/ for publication on August 22nd 2019 (or the earliest possible date that the specification can enter Proposed Recommendation). Editorial changes to the document referenced may be made based on consensus decisions by the group. The only section that is marked at risk currently is the JWT section, and if [26] https://w3c.github.io/vc-data-model/PR/2019-08-22/ <manu> removed, changes will be made to the specification to reference an external JWT VC document. stonematt: thank you everyone for those two items ... moving us toward getting the spec out pull request 707 <dlongley> [27]https://github.com/w3c/vc-data-model/pull/707 [27] https://github.com/w3c/vc-data-model/pull/707 stonematt: next let's look at the pull request <manu> [28]https://github.com/w3c/vc-data-model/pull/707/files [28] https://github.com/w3c/vc-data-model/pull/707/files DavidC: I'm not sure what the funny characters are, I removed something. TallTed: That's just saying those lines aren't shown ... this does not touch the non-normative examples They need to be changed. oliver: the vp example already has this in the example DavidC: correct TallTed: nothing in the other direction that needs to be changed? DavidC: the actual verifiable presentation isn;t shown, only the JWT representation stonematt: any other comments on this pr? ... oliver and david, if you step back out the weeds, how would other JWT developers respond to this? <gannan> your line is quite quiet david DavidC: is this in the text suite? does it test vp as well as vc for JWT? manu: It was tested for a credential, not for a presentation DavidC: that explains why the bug wasn't found manu: We should add a new test ... but the test suite is not normative <TallTed> I don't know enough JWT to judge whether the PR is sufficient. Which is part of my reason to keep "At Risk". Definitely support adding new test (less time critical, but still needs be fast). manu: it should be done today ... and you need to contact all the other JWT developers and have them re-run the suite after the new test is in. ... do we need a proposal? <oliver> +1 stonematt: we need to get a decision on this pr. I assume david agrees, oliver? <oliver> yes stonematt: any other objections? <manu> [29]https://github.com/w3c/vc-data-model/pull/707 [29] https://github.com/w3c/vc-data-model/pull/707 stonematt: no objections, let's pull this in. Do we need a resolution? manu: yes <manu> PROPOSAL: The issue concerning the JWT iss/holder relationship is resolved by PR #707, which makes a substantive change to the specification. The text should be included in the 2nd Candidate Recommendation publication along with a section marking the JWT feature as at-risk. <manu> +1 <brent> +1 <dlongley> +1 <drummond> +1 <deiu> +1 <stonematt> +1 <ken> +1 <agropper> +1 <burn> +1 <JoeAndrieu> +1 <yancy> +1 <oliver> +1 <gannan> +1 <Sercan_K> +1 <TallTed> +1 stonematt: hoping to see olver and davidc vote <DavidC> +1 RESOLUTION: The issue concerning the JWT iss/holder relationship is resolved by PR #707, which makes a substantive change to the specification. The text should be included in the 2nd Candidate Recommendation publication along with a section marking the JWT feature as at-risk. stonematt: thank you everyone ... we are 7 minutes out. limited time for anything new ... salient item out of these changes are: need new test that represents this vp vs vc nuance ... who would create that? dmitriz: I look to oliver oliver: I will provide the test cases ... this week <DavidC> <oliver> thanks stonematt: thank you ... last order of business: heads up, one of our deliverables is the use case document. we are feature complete, we believe, but need an editorial review ... we will ask the groups consensus at some point to publish ... not looking for new use cases, but raise issues for editorial changes AOB stonematt: anything else today? DavidC: heads up, very soon I am going to be working with the mobile driving license group ... not a very large change to them. helping to swing this so that mobile driving licenses conform to our data model would be big ... If they want to be involved, send me an email. ... I can request they be added as invited experts stonematt: anything else? ... this was a tricky and challenging call. Good to get to CR, even with the caveats. <drummond> Congrats to the whole WG stonematt: now we need to stay on schedule. thanks for staying heads down on required changes ... talk to you next week <stonematt> bye all <kaz> [adjourned] Summary of Action Items Summary of Resolutions 1. [30]The VCWG approves the publication of a Second Candidate Recommendation based on the document available here https://w3c.github.io/vc-data-model/CR/2019-07-25/ for publication on July 25th 2019, for a review period of 28 days from the date of publication with two additions 1) the JWT section continues to be marked as at risk for removal (publication in a separate document), and 2) text is inserted to clarify how the JWT iss/holder are related in 2. [31]The VCWG approves the publication of a Proposed Recommendation based on the document available here https://w3c.github.io/vc-data-model/PR/2019-08-22/ for publication on August 22nd 2019 (or the earliest possible date that the specification can enter Proposed Recommendation). Editorial changes to the document referenced may be made based on consensus decisions by the group. The only section that is marked at risk currently is the JWT section, and if 3. [32]The issue concerning the JWT iss/holder relationship is resolved by PR #707, which makes a substantive change to the specification. The text should be included in the 2nd Candidate Recommendation publication along with a section marking the JWT feature as at-risk. [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [33]scribe.perl version 1.154 ([34]CVS log) $Date: 2019/07/29 13:41:30 $ [33] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [34] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 29 July 2019 13:45:53 UTC