- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 1 May 2019 17:47:32 +0900
- To: public-vc-wg@w3.org
available at: https://www.w3.org/2019/04/30-vcwg-minutes.html also as text below. Thanks a lot for taking these minutes, Dave and Manu! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - Verifiable Claims WG Teleconference 30 Apr 2019 [2]Agenda [2] https://lists.w3.org/Archives/Public/public-vc-wg/2019Apr/0029.html Attendees Present Amy_Guy, Andrei_Sambra, Benjamin_Young, Brent_Zundel, Dan_Burnett, Dave_Longley, Dmitri_Zagidulin, Ganesh_Annan, Kaz_Ashimura, Ken_Ebert, Manu_Sporny, Matt_Stone, Sercan_Kum, Ted_Thibodeau, Yancy_Ribbens Regrets Chair Matt_Stone Scribe manu, dlongley Contents * [3]Topics 1. [4]Agenda and planning 2. [5]Issue Lightning Round 3. [6]Raising Issues for Common Issues 4. [7]Implementation Reports and Questions * [8]Summary of Action Items * [9]Summary of Resolutions __________________________________________________________ Agenda and planning <manu> scribe: manu stonematt: Quick Agenda review ... back to processing issues and PRs. ... We're dealing w/ churn of issues coming out from Tony from Microsoft... <dlongley> scribenick: dlongley burn: Every group does need to be able to say "We're moving on" (end of comment period), that doesn't mean you can ignore issues that are outstanding but there does need to be an end at some point. stonematt: We're trying to get to a point with integrity where we can say the window for comments is over and we can move on from here. manu: A lot of these issues really boil down to a couple of core philosophical disagreements. The first one has to do with whether or not JSON-LD processing is required, it is not. We should raise an issue for that. ... The second one has to do with making the specification purely an extension of JWTs. The group has decided not to do that, the VC data model is different from the JWT model. ... The third is extension points in the specification, whether or not the group was chartered to define the extension points or define how they would work that would delve into protocol. <burn> I think the JWT issue stems from interop concern, or is at least motivated by it manu: We can direct the current open issues at one of those three issues. burn: Every time that issue has come up (interop concern), the context has been, you guys have no interop, you need to pick something and the thing you need to pick is JWTs. ... The basis is to say that it is Tony's claim that it is the only technology that is sufficiently well developed to use to provide interop. ... Proof format, not technology. ... We could make three separate issues, but I'd definitely want to have a statement in that one that says that's our belief. manu: Yes, I could nitpick ... I'd rather have three topics. burn: That's fine, if it comes down to it, in a transition request we'll have to list the disagreements that are outstanding and I'm ok with those three and that those represent the sum total of the disagreements reflected across the sum total of the issues. manu: So, Dan, you'll write those three? burn: I'll write up drafts and run them by the two of you. stonematt: We can write them in a google doc and share the link. manu: +1 <dlongley> +1 burn: Not trying to hide anything, just trying to be efficient and a google doc is a great place to do it. manu: Bonus points for whomever creates a google doc and puts the link in IRC. stonematt: I can do that. ... Any other comments on this topic today? <ken> +1 Issue Lightning Round stonematt: We want to close the issues we can. Manu you've been leading this discussion and I'll hand it over to you. manu: We've got 15 issues to process today. ... I'll go back to one we weren't able to get closure on. <manu> [10]https://github.com/w3c/vc-data-model/issues/484 [10] https://github.com/w3c/vc-data-model/issues/484 manu: The issue submitter says the type system is the same as the one for JSON-LD and that we shouldn't be forced into JSON-LD and allow for JWTs and CWTs and there are many parsers out there for JWT/JWS, etc. <manu> [11]https://github.com/w3c/vc-data-model/issues/484#issuecommen t-479922835 [11] https://github.com/w3c/vc-data-model/issues/484#issuecomment-479922835 manu: The discussion goes on for a while and then at the very end the issue submitter says... This won't work without changes to the specification which is effectively no JSON-LD statements would be allowed, no `@context`, and JWT claims are allowed, JWS/E as proofs and there are other things that will need to be documented to allow JWT claims to be used. manu reads proposal for addressing the issue <manu> PROPOSED: The type system described in the specification does not require a JSON-LD processor to be used and the concerns raised in issue #484 have been demonstrated to be expressible in JWTs using the VC Data Model in a way that is both conformant with JWTs as well as other expression mechanisms. No technical examples have been provided that demonstrate that the type system used for the Verifiable Credentials Data Model either 1) requires a JSON-LD processor to <manu> process, or 2) causes any known JWT library to fail to process a JWT containing type information (or any other known markup used in the Verifiable Credentials specification). <manu> PROPOSED: The WG believes that the type system described in the specification does not require a JSON-LD processor to be used and the concerns raised in issue #484 have been demonstrated to be expressible in JWTs using the VC Data Model in a way that is both conformant with JWTs as well as other expression mechanisms. No technical examples have been provided that demonstrate that the type system used for the Verifiable Credentials Data Model either 1) requires a <manu> JSON-LD processor to process, or 2) causes any known JWT library to fail to process a JWT containing type information (or any other known markup used in the Verifiable Credentials specification). No changes should be made to the specification. <TallTed> +1 <dlongley> +1 <ken> +1 <stonematt> +1 <deiu> +1 RESOLUTION: The WG believes that the type system described in the specification does not require a JSON-LD processor to be used and the concerns raised in issue #484 have been demonstrated to be expressible in JWTs using the VC Data Model in a way that is both conformant with JWTs as well as other expression mechanisms. No technical examples have been provided that demonstrate that the type system used for the Verifiable Credentials Data Model either 1) requires a <manu> JSON-LD processor to process, or 2) causes any known JWT library to fail to process a JWT containing type information (or any other known markup used in the Verifiable Credentials specification). No changes should be made to the specification. <SercanK> +1 manu: Second proposal has to do with that list of things that the issue submitter wanted removed from the spec. <manu> PROPOSED: The WG has considered the proposals raised in Issue #484 and continues to support both JWTs and JSON-LD in the specification, continues to support the use of @context as it exists in the specification today, supports any valid JWT claim expressed in a JWT-based serialization, and supports the use of JWS with the specification. The WG has discovered no technical reason that JWE cannot also be used to encrypt data expressed in the specification. Issue <manu> #484 should be closed with no changes to the specification. <dlongley> +1 <TallTed> +1 <ken> +1 <SercanK> =1 <SercanK> +1 RESOLUTION: The WG has considered the proposals raised in Issue #484 and continues to support both JWTs and JSON-LD in the specification, continues to support the use of @context as it exists in the specification today, supports any valid JWT claim expressed in a JWT-based serialization, and supports the use of JWS with the specification. The WG has discovered no technical reason that JWE cannot also be used to encrypt data expressed in the specification. Issue <manu> #484 should be closed with no changes to the specification. <manu> [12]https://github.com/w3c/vc-data-model/issues/458 [12] https://github.com/w3c/vc-data-model/issues/458 Side note: Digital Bazaar is using JWE to encrypt VCs today! manu: This issue has to do with the refresh service. ... There are multiple PRs related to this. ... So we're just verifying that you were ok with the changes there, Ken. ken: There was a different PR that went in and I felt that the issue was done. manu: So you feel this issue is done. ken: Yeah, I wrote the other PR and got review and it was merged. manu: PR 501 was replaced by PR 544. brent: PR 540 was Ken's it got replaced by PR 544. manu: Based on all that, are you ok to close? I've got a proposal to close. manu reads proposal manu: Would you object to the proposal, Ken? <manu> PROPOSAL: Issue #458 is addressed by PR #544, which makes non-normative changes noting when it is and is not appropriate to use the refresh service. The PR has been approved by multiple parties and has been merged. Issue #458 should be closed. ken: Can I have a few minutes to review? manu: Yes, we'll mark that and come back to it. <manu> [13]https://github.com/w3c/vc-data-model/issues/470 [13] https://github.com/w3c/vc-data-model/issues/470 manu: This was raised by Justin. He said JWS examples use detached methods while JWT uses JWS, the detached serialization mechanism isn't mentioned in this doc or the linked LD proof docs. Dave Longley asked if it would be ok to add informative links after the examples and Justin said it would be sufficient. <manu> PROPOSAL: Issue #470 should be addressed by making a set of non-normative changes to the specification that adds a simple note after each RsaSignature2018 example with an informative reference to that spec and that mentions it used a JWS detached signature with an informative reference to the JWS spec. Issue #470 should be closed after the PR is merged. <TallTed> +1 manu: Justin was having a hard time tracking down which specs were being used and we need to point those out in an informative capacity. <dlongley> +1 <deiu> +1 RESOLUTION: Issue #470 should be addressed by making a set of non-normative changes to the specification that adds a simple note after each RsaSignature2018 example with an informative reference to that spec and that mentions it used a JWS detached signature with an informative reference to the JWS spec. Issue #470 should be closed after the PR is merged. stonematt: Hearing no objections, it is resolved. (Kaz joins) <manu> [14]https://github.com/w3c/vc-data-model/issues/474 [14] https://github.com/w3c/vc-data-model/issues/474 <manu> [15]https://github.com/w3c/vc-data-model/issues/474#issuecommen t-481693698 [15] https://github.com/w3c/vc-data-model/issues/474#issuecomment-481693698 manu: Raised by David Chadwick, he's asking whats the difference between using `credentialSchema` and the `@context` property. I outlined the changes we could make to the specification, he hasn't responded to that yet. My expectation is that he'd be ok with that. He had a list of changes he'd like to see and we need a PR to address those. Specifically... <manu> PROPOSAL: Issue #474 should be addressed by making a set of non-normative changes to the specification that clarifies the use of @context, the differences between it and the credentialSchema property, with appropriate references to more detailed explanations in the specification and other specifications. Issue #474 should be closed after the PR is merged. manu: For example, one of the things he wanted clarified is a JSON-LD thing and we can just point to that spec for that particular item. These are all non-normative changes to address his concerns and we need to write a PR for that. <dlongley> +1 <TallTed> +1 <deiu> +1 stonematt: Any objections? RESOLUTION: Issue #474 should be addressed by making a set of non-normative changes to the specification that clarifies the use of @context, the differences between it and the credentialSchema property, with appropriate references to more detailed explanations in the specification and other specifications. Issue #474 should be closed after the PR is merged. stonematt: No objections, proposal is resolved. <manu> [16]https://github.com/w3c/vc-data-model/issues/458 [16] https://github.com/w3c/vc-data-model/issues/458 <manu> PROPOSAL: Issue #458 is addressed by PR #544, which makes non-normative changes noting when it is and is not appropriate to use the refresh service. The PR has been approved by multiple parties and has been merged. Issue #458 should be closed. <Zakim> ken, you wanted to say that I can approve the resolution regarding PR#544 ken: I wanted to apologize to the WG for not keeping up with that but I can approve the resolution, it was well addressed. stonematt: Any objections? RESOLUTION: Issue #458 is addressed by PR #544, which makes non-normative changes noting when it is and is not appropriate to use the refresh service. The PR has been approved by multiple parties and has been merged. Issue #458 should be closed. stonematt: No objections, the proposal is resolved. <manu> [17]https://github.com/w3c/vc-data-model/issues/511 [17] https://github.com/w3c/vc-data-model/issues/511 manu: When you encode a VC in a JWT there is a processing step that says you use the `sub` field in the JWT and that it should mention the subject in the credential. A VC can be about multiple subjects and JWTs do not support multiple subjects. For example, marriage certificates. The discussion goes on for a little bit. ... I made a suggestion that notes that JWTs can only currently support single subjects and implementers should check the JWT claim registry for multiple subjects. Tony also suggested something else to reference and it's not a 1:1 mapping to the problem but Tony would like us to reference it. All we need to do, I believe, is create a PR for that. <manu> PROPOSAL: Issue #511 should be addressed by making a non-normative change to the specification noting that multiple subjects are not supported by JWTs and implementers should refer to the JWT registry for future multisubject properties or the yusef-nested-jwt specification. Issue #511 should be closed after the PR is merged. manu: So, whomever cares about that use case for JWTs will go out to IETF and create that extension it's not up to us. We'll just add some informative references and let people know this isn't supported by JWTs at the moment. <TallTed> +1 <dlongley> +1 <ken> +1 stonematt: Any objections? ... The proposal is resolved. RESOLUTION: Issue #511 should be addressed by making a non-normative change to the specification noting that multiple subjects are not supported by JWTs and implementers should refer to the JWT registry for future multisubject properties or the yusef-nested-jwt specification. Issue #511 should be closed after the PR is merged. <manu> [18]https://github.com/w3c/vc-data-model/issues/530 [18] https://github.com/w3c/vc-data-model/issues/530 manu: I raised this issue that we need a VC status registry and more than likely we need other registries and we need a combined registry, if no one else gets to it I'll take an action for it. <manu> PROPOSAL: Issue #530 should be addressed by creating a Verifiable Credentials Extension Registry in the W3C Credentials Community Group and requesting that the registry is adopted as an official W3C CCG Work Item. Issue #530 should be closed after the W3C CCG accepts the registry as a Work Item. ken: How does that work, after the CCG says they will take it on it becomes not our responsibility anymore? manu: Yes, if you want to add an extension to the registry you talk to the CCG. It's the same thing as doing, for example, a DID method spec. You create a spec and ask the CCG for inclusion into the registry and there's a lightweight process to add it and then it's there. ken: That's sufficient. <TallTed> +1 <ken> +1 <dlongley> +1 <gannan> +1 RESOLUTION: Issue #530 should be addressed by creating a Verifiable Credentials Extension Registry in the W3C Credentials Community Group and requesting that the registry is adopted as an official W3C CCG Work Item. Issue #530 should be closed after the W3C CCG accepts the registry as a Work Item. stonematt: No objections, it is resolved. <manu> [19]https://github.com/w3c/vc-data-model/issues/543 [19] https://github.com/w3c/vc-data-model/issues/543 <manu> PROPOSAL: Issue #543 should be addressed by providing informative references to detached JWS, LD-Proofs, LD-Signatures, and the RsaSignature2018 signature suite in sections 3.4, 3.7, and any other section where it is appropriate. Issue #543 should be closed after the PR is merged. manu: This is actually the same kind of issue that Justin raised in that other issue, it's to add references to 3.4 and 4.7, anywhere we talk about a full proof and to link to LD proofs and JWS detached, etc. Just to make non-normative references to those things if they care about implementing them. <dlongley> +1 <TallTed> +1 stonematt: Any objections? ... No objections, it is resolved. RESOLUTION: Issue #543 should be addressed by providing informative references to detached JWS, LD-Proofs, LD-Signatures, and the RsaSignature2018 signature suite in sections 3.4, 3.7, and any other section where it is appropriate. Issue #543 should be closed after the PR is merged. <manu> [20]https://github.com/w3c/vc-data-model/issues/545 [20] https://github.com/w3c/vc-data-model/issues/545 <brent> +1 to removing the disputes section to implementation guide <ken> +1 to what brent said manu: Let's modify the dispute section, talk about the loose intention there, the group didn't get to defining it fully but put it in the implementation guide. <manu> PROPOSAL: Issue #545 should be addressed by moving the majority of the Disputes section to the Implementation Guide and referring to that section from the Data Model specification. Issue #545 should be closed after the PR is merged. <ken> +1 stonematt: Any objections? TallTed: Does that change the section to non-normative? Let's be explicit ... "by moving the majority of the at-risk"... <manu> PROPOSAL: Issue #545 should be addressed by moving the majority of at risk Disputes section to the Implementation Guide and referring to that section from the Data Model specification, and making the Disputes section in the VC Data Model specification non-normative. Issue #545 should be closed after the PR is merged. <TallTed> +1 stonematt: Any objections? <dlongley> +1 <ken> +1 stonematt: It is resolved. RESOLUTION: Issue #545 should be addressed by moving the majority of at risk Disputes section to the Implementation Guide and referring to that section from the Data Model specification, and making the Disputes section in the VC Data Model specification non-normative. Issue #545 should be closed after the PR is merged. <manu> [21]https://github.com/w3c/vc-data-model/issues/549 [21] https://github.com/w3c/vc-data-model/issues/549 manu: Yancy raised this issue, we talked about it last week about how he'd be happy with changing this. The issue here is that Yancy is saying you have to download the JSON-LD `@context` and that's problematic. And the assertion is that "no you don't." ... You literally never have to go out to the Web. If you're using the credentials context. ... If the other context you're using doesn't say it's cached forever you may have to get it but it can also say that and that's an expectation that we will underscore in the best practices document. ... Wondering if we can flatten all the contexts, there are three, the VC one, the security v1 and security v2 context. That requires you to load multiple contexts [from disk, not required from the Web]. ... We would then refer to the context and provide a SHA-256 hash of that context in the spec. <rhiaro> *and* a human readable copy in the spec appendix right? because, for humans? manu: These are non-substantive changes to the specification and some shuffling. ... Amy is also asking another question we should address in the spec as well ... First question to Longley is can we flatten everything and it's fine? <rhiaro> but if *all* you have is the spec, you can still implement and hard code or cache your context in an implementation <rhiaro> isn't that what appendices are for? :) manu: Second question is can we put the human readable version in the spec ... and I say we shouldn't have to is because if the hash is there you can fetch it and check it. TallTed: I think including it makes various different kinds of sense. ... Moving it out is hard to argue. The consistent intro to this thread is "you literally never have to go out to the Web, unless, unless, unless" ... In the first iterations, no one is going to use a different context. Arguments that you never have to go anywhere to get anything are spurious. manu: In dev mode you ahve to do that and experiment, In production you are expected to freeze and we should put that in production. <manu> ken: Two questions - one about effect of squashing @context - does that have any interop problems? <rhiaro> +1 you have to get it at some point, and maybe this is a silly premise but if all you have is a printout of the spec you can still make an implementation compeltely offline and include it, if the context is in the spec. I also think i'ts just generally useful for people skimming this stuff <manu> ken: second, time to cache... is there a mechanism in production that you're not changing anymore and ok to cache forever. manu: Answer to the first question is that squashing doesn't have any interop issues, zero, no known issues. The time to cache issue can be done with an HTTP cache -- I believe there are some that are cache forever. ... In the spec it says you can cache forever. ... There are two ways to do that. ken: Is it that during development that the expectation that a context could change but at production it will not. ... Does that apply to the ones the WG has put together and also others? For specific schemas for those credentials? manu: That is up to whomever creates those, but we can put it in the best practices that you should absolutely do that. ... Dev mode it can change, but production it should never change. <manu> dlongley: First thing, code that we've written that uses VC stuff, and verification code... production code pulls all contexts from disk... people can write their code that way, no reason to go out to web in production mode. <manu> dlongley: Can we flatten the context, I think so, we should do it and see if there are implementation problems and if not, proceed that way. <manu> dlongley: We are currently writing implementations against that context, we can change the context in CR, once we move on from that, it'll be locked in. manu: Amy says "If all you have is a print out of the spec you can implement" ... so Ted and Amy are +1 for putting the context in the spec directly. <TallTed> retaining SHA-256 is still good ken: When you're squashing the contexts -- you're taking some things that have been standardized or written by another organization, is it clear that this chunk of the context came from this original source? manu: Yes, because we use URLs for everythin.g <rhiaro> and it isn't *that* big if it's just credentials and security v1 & v2 isn't it..? manu: That may not be the full answer to your question. The context we're using the security v1 and v2 stuff -- DB has been in control of those contexts until this WG took control. ... When we squash into the vc v1 context it's under the full control of this group, but we might call out to other vocabularies. ... We'll review to make sure all that stuff is safe to do. I did look through all the contexts and it did look doable before I wrote this proposal up. TallTed: I think keeping the SHA-256 is good. The file is at this URL and here's the SHA-256, put that in the appendix. <stonematt> +1 to keeping SHA-256 reference <ken> +1 to teds suggestion <yancy> +1 to SHA-256 ref <rhiaro> +1 also to the sha256 <manu> PROPOSAL: Issue #549 should be addressed by flattening all contexts that the specification depends on into [22]https://www.w3.org/2018/credentials/v1, adding the JSON-LD Context into an appendix in the spec along with its SHA-256 hash, all of which would be a non-substantive modification. Issue #549 should be closed after these actions are taken. [22] https://www.w3.org/2018/credentials/v1, <TallTed> +1 <dlongley> +1 <deiu> +1 <yancy> +1 <ken> +1 <rhiaro> +1 <bigbluehat> +1 (with necessary cautions) stonematt: Any objections? RESOLUTION: Issue #549 should be addressed by flattening all contexts that the specification depends on into [23]https://www.w3.org/2018/credentials/v1, adding the JSON-LD Context into an appendix in the spec along with its SHA-256 hash, all of which would be a non-substantive modification. Issue #549 should be closed after these actions are taken. [23] https://www.w3.org/2018/credentials/v1 stonematt: No objections, resolved. <manu> [24]https://github.com/w3c/vc-data-model/issues/556 [24] https://github.com/w3c/vc-data-model/issues/556 manu: Raised by Ted, about identifiers, asked him to raise a PR and I reviewed, no substantive changes. <manu> PROPOSAL: Issue #556 should be addressed by applying the non-substantive changes requested by the issuer submitter. Issue #556 should be closed after the PR is merged. TallTed: As I noted in the PR, there is a neighboring definition and these two chunks of text overlap a bit and I'm not sure what the best text is to deal with that. manu: I'll take a look. TallTed: It's somewhat clumsy but I don't think there's disagreement between the two. manu: I'll see what I can do with my next editorial pass. ... Any disagreements with this proposal? ken: Are those are normative language changes? <yancy> I can work on a PR for 549 manu: There are changes to normative language that are non-substantive, it is a clarification, it won't change implementations at all. TallTed: Implementers would change nothing if they understood the wording correctly in the first place. ken: Just wanted to deal with CR issues. manu: If anyone complains they'll have to defend it -- it's very clear. stonematt: Any objections? ... No objections, resolved. RESOLUTION: Issue #556 should be addressed by applying the non-substantive changes requested by the issuer submitter. Issue #556 should be closed after the PR is merged. <manu> [25]https://github.com/w3c/vc-data-model/issues/552 [25] https://github.com/w3c/vc-data-model/issues/552 manu: Thanks, Yancy for volunteering, might need review from Dave Longley. ... I tried to clarify what I thought this JWT encoding section meant. <manu> [26]https://github.com/w3c/vc-data-model/pull/583 [26] https://github.com/w3c/vc-data-model/pull/583 manu: Ted made a PR to address. ... Ted, anything else you want to add? TallTed: I'm fine with the things I wrote. :) <manu> PROPOSAL: Issue #552 should be addressed by making a non-normative clarification related to the various ways the data model can be encoded using a JWT. Issue #552 should be closed after the PR is merged. <yancy> I'm having phone issues. Will run PR by dlongley. stonematt: Hearing no objections, resolved. <brent> +1 <ken> +1 RESOLUTION: Issue #552 should be addressed by making a non-normative clarification related to the various ways the data model can be encoded using a JWT. Issue #552 should be closed after the PR is merged. <ken> +1 <manu> [27]https://github.com/w3c/vc-data-model/issues/557 [27] https://github.com/w3c/vc-data-model/issues/557 manu: This is about the `@context` being an ordered set. ... Making it not an ordered set would argue against the point of avoiding a JSON-LD processor, so we added PRs about the order being important. <manu> PROPOSAL: Issue #557 is addressed by PR #546 which made non-substantive changes to explain why @context is an ordered set. PR #546 has been merged and issue #557 should be closed. <dlongley> +1 <bigbluehat> +1 TallTed: Not an objection per se, there's an open comment on 546. manu: I'll ask David Chadwick about that. ... For him to open a new issue if needed. <TallTed> +1 manu: Ted, I'm asking David to open a new issue if that's really important to him. TallTed: That's fair. stonematt: Any objections to the proposal? RESOLUTION: Issue #557 is addressed by PR #546 which made non-substantive changes to explain why @context is an ordered set. PR #546 has been merged and issue #557 should be closed. stonematt: No objections, proposal is resolved. manu: Two more to go. <manu> [28]https://github.com/w3c/vc-data-model/issues/558 [28] https://github.com/w3c/vc-data-model/issues/558 manu: This has to do with processing contexts, also raised by Tony. ... He's saying that it is recommended that dereferencing the URIs in the spec and that that text should be removed and that it can be large security attack vector to dereference documents on the Web. ... That's not what the text says, it says "only if you dereference it should you get a machine readable doc", you don't have to do that and we have additional text now saying you don't have to go out to the Web for the VC context and we'll add text to the best practices doc to say not to dereference in production. <manu> PROPOSAL: Dereferencing a value in the @context property should result in a document containing machine-readable information about the context. Issue #558 should be closed with no change to the specification. <dlongley> +1 <ken> no further change to the specification? <manu> PROPOSAL: Dereferencing a value in the @context property should result in a document containing machine-readable information about the context. Non-normative clarification text should be added to the specification to underscore that dereferencing machine-readable @contexts is optional. Issue #558 should be closed with no change to the specification. <manu> PROPOSAL: Dereferencing a value in the @context property should result in a document containing machine-readable information about the context. Non-normative clarification text should be added to the specification to underscore that dereferencing machine-readable @contexts is optional. Issue #558 should be closed when the PR #564 is merged. <ken> +1 <dlongley> +1 <TallTed> +1 <gannan> +1 stonematt: Any objections? RESOLUTION: Dereferencing a value in the @context property should result in a document containing machine-readable information about the context. Non-normative clarification text should be added to the specification to underscore that dereferencing machine-readable @contexts is optional. Issue #558 should be closed when the PR #564 is merged. stonematt: No objections, resolved. <manu> [29]https://github.com/w3c/vc-data-model/issues/559 [29] https://github.com/w3c/vc-data-model/issues/559 manu: This is about verifiable presentations. Tony is saying VPs are non-normative because there's no interop on VPs. This is the same thing that has been raised multiple times where his claim is that you can't create specs with extension points without defining any extensions and protocols themselves. ... He says we introduce VPs in a non-normative fashion that everything about them should be non-normative, but that makes no sense. Often specs introduce concepts in an informative way because no normative statements are made and then those are made later. ... We meant to mark the introduction as non-normative and the part where it talks about the presentation in the data model as normative. <manu> PROPOSAL: It is common practice, both at W3C and IETF, to introduce concepts in a non-normative fashion and then provide normative statements in the more technical parts of the specification. Readers are urged to note whether sections are marked as non-normative and should not assume that other sections discussing the same concept are non-normative as well. Issue #559 should be closed with no changes to the specification. <TallTed> +1 <dlongley> +1 <ken> +1 <gannan> +1 RESOLUTION: It is common practice, both at W3C and IETF, to introduce concepts in a non-normative fashion and then provide normative statements in the more technical parts of the specification. Readers are urged to note whether sections are marked as non-normative and should not assume that other sections discussing the same concept are non-normative as well. Issue #559 should be closed with no changes to the specification. stonematt: Hearing no objections, resolved. manu: Thank you everyone, that is the last issue I have -- and the last one I have in the issue tracker as of this morning... Ted raised another one but that's fine. ... We may have 2-4 CR issues remaining to still process, but this is the majority of the CR issues. We need to get PRs in for a lot of these resolutions. I really need help doing that. If there is a CR issue that has a "Needs PR" tag on it (search for that) and you feel that you can create a PR for it, please please help. ... That will make things go much faster. Thank you very much to Ted for helping with a ton of editorial changes moving things forward, thanks to Brent, and Ken, and David Chadwick as well -- if we can more of your help and help from others in the group then we can very quickly close up to 48 of these issues. <stonematt> Thanks to all who have been contributing PRs this month manu: That's it. Back over to Matt. Raising Issues for Common Issues <stonematt> [30]https://docs.google.com/document/d/1U4Krhjl1dMK294JFp9JuIz_ zmom2zh2CN94Sc0yPpxU/edit [30] https://docs.google.com/document/d/1U4Krhjl1dMK294JFp9JuIz_zmom2zh2CN94Sc0yPpxU/edit stonematt: Thank you. I want to come back to the common issue thread. We will try to come to together around some fundamental philosophical issues where we see duplication across a variety of open issues. ... We opened a google doc to draft text for addressing that. ... We will raise 2-3 common issues and Dan Burnett will take lead on writing that. I won't say don't contribute, but he'll lead. ... For issues that are essentially just duplicates of those fundamental issues we'll reference that. ... Keep your eyes peeled for changes to that doc. Implementation Reports and Questions stonematt: We want to open the floor -- we have 20 minutes left on the call today, we can use as much of it as we need to open the implementation report discussion/. <Zakim> manu, you wanted to ask about vc-js implementation report, and updates to test suite... dmitriz ? manu: Where's the vc-js implementation report and test suite status? dmitriz: There's a pending PR to the test suite that adds a couple more changes that we put in for CR. Some more fields have become required since before CR. ... That updates the test suite with those changes and there's an implementation report from DB's vc-js library. ... Look early and often for changes, we should be good on our end. ... In response to Brent's question a couple days ago, I left instructions on how to hook up your own library to the test suite. manu: There's a report, but we haven't run the processor to update the page yet? dmitriz: Right, I probably misunderstood the directions, I thought the report generates and processes in one command. manu: I don't remember, we should get it so that everyone can see what a successful test report looks like. dmitriz: Ok. stonematt: Do we have something along the lines of a tutorial or recipe guide for how to do all that as well? dmitriz: It's in an issue at the moment and we can cut and paste that into a standalone document. stonematt: Can we have that in a README? <manu> We should put it here --- [31]https://w3c.github.io/vc-test-suite/ [31] https://w3c.github.io/vc-test-suite/ dmitriz: It's a little informal at the moment, I would like feedback from Brent and other implementers as to if it made sense. manu: If you put that link from IRC into the browser it tells you how to run the test suite and we should put that HOWTO from the issue in there. <dmitriz> [32]https://github.com/w3c/vc-test-suite/issues/14 [32] https://github.com/w3c/vc-test-suite/issues/14 dmitriz: That's fine. <ken> Putting the instructions in the doc would be helpful. manu: We may also want to point to the issue with vc-js verify. dmitriz: The comment in the issue goes into that. brent: I haven't had a chance to try that out yet, it helps me having a document we can update as more questions come in. <stonematt> +1 to a README or "HOWTO" brent: +1 to moving the comments from an issue to a document. <Zakim> manu, you wanted to note README <manu> [33]https://w3c.github.io/vc-test-suite/ [33] https://w3c.github.io/vc-test-suite/ manu: +1 to a strong preference for putting everything in the README. ... My hope is that the URL I put in IRC is the place people can go to find out what implementations exist that are conformant to the specification as well as how to write your own, hook up to the test suite, etc. ... One stop shop for all of that, current implementations, what they support, what they don't, how you can write your own. Having more than one place for that is confusion, so just one place, that README would be good. stonematt: That makes sense, right marching orders for Dmitri or whomever to make updates. ... Any other questions about test suite or implementation reports today? none stonematt: That covers our agenda, we had a placeholder for scheduling ad hoc discussion if necessary from the issue lightning round, I didn't hear any. If anyone needs discussion this week, raise your hand now, otherwise we're done for the day. ... Any other business? ... Ok, 10 minutes back. Thanks for a great call, got through a ton of stuff and really appreciate everyone's attention and focus on the spec in the last few weeks and we've made a ton of fine tuning contributions and it's coming together in a nice way, good bye! <stonematt> good bye everyone! Summary of Action Items Summary of Resolutions 1. [34]The WG believes that the type system described in the specification does not require a JSON-LD processor to be used and the concerns raised in issue #484 have been demonstrated to be expressible in JWTs using the VC Data Model in a way that is both conformant with JWTs as well as other expression mechanisms. No technical examples have been provided that demonstrate that the type system used for the Verifiable Credentials Data Model either 1) requires a 2. [35]The WG has considered the proposals raised in Issue #484 and continues to support both JWTs and JSON-LD in the specification, continues to support the use of @context as it exists in the specification today, supports any valid JWT claim expressed in a JWT-based serialization, and supports the use of JWS with the specification. The WG has discovered no technical reason that JWE cannot also be used to encrypt data expressed in the specification. Issue 3. [36]Issue #470 should be addressed by making a set of non-normative changes to the specification that adds a simple note after each RsaSignature2018 example with an informative reference to that spec and that mentions it used a JWS detached signature with an informative reference to the JWS spec. Issue #470 should be closed after the PR is merged. 4. [37]Issue #474 should be addressed by making a set of non-normative changes to the specification that clarifies the use of @context, the differences between it and the credentialSchema property, with appropriate references to more detailed explanations in the specification and other specifications. Issue #474 should be closed after the PR is merged. 5. [38]Issue #458 is addressed by PR #544, which makes non-normative changes noting when it is and is not appropriate to use the refresh service. The PR has been approved by multiple parties and has been merged. Issue #458 should be closed. 6. [39]Issue #511 should be addressed by making a non-normative change to the specification noting that multiple subjects are not supported by JWTs and implementers should refer to the JWT registry for future multisubject properties or the yusef-nested-jwt specification. Issue #511 should be closed after the PR is merged. 7. [40]Issue #530 should be addressed by creating a Verifiable Credentials Extension Registry in the W3C Credentials Community Group and requesting that the registry is adopted as an official W3C CCG Work Item. Issue #530 should be closed after the W3C CCG accepts the registry as a Work Item. 8. [41]Issue #543 should be addressed by providing informative references to detached JWS, LD-Proofs, LD-Signatures, and the RsaSignature2018 signature suite in sections 3.4, 3.7, and any other section where it is appropriate. Issue #543 should be closed after the PR is merged. 9. [42]Issue #545 should be addressed by moving the majority of at risk Disputes section to the Implementation Guide and referring to that section from the Data Model specification, and making the Disputes section in the VC Data Model specification non-normative. Issue #545 should be closed after the PR is merged. 10. [43]Issue #549 should be addressed by flattening all contexts that the specification depends on into https://www.w3.org/2018/credentials/v1, adding the JSON-LD Context into an appendix in the spec along with its SHA-256 hash, all of which would be a non-substantive modification. Issue #549 should be closed after these actions are taken. 11. [44]Issue #556 should be addressed by applying the non-substantive changes requested by the issuer submitter. Issue #556 should be closed after the PR is merged. 12. [45]Issue #552 should be addressed by making a non-normative clarification related to the various ways the data model can be encoded using a JWT. Issue #552 should be closed after the PR is merged. 13. [46]Issue #557 is addressed by PR #546 which made non-substantive changes to explain why @context is an ordered set. PR #546 has been merged and issue #557 should be closed. 14. [47]Dereferencing a value in the @context property should result in a document containing machine-readable information about the context. Non-normative clarification text should be added to the specification to underscore that dereferencing machine-readable @contexts is optional. Issue #558 should be closed when the PR #564 is merged. 15. [48]It is common practice, both at W3C and IETF, to introduce concepts in a non-normative fashion and then provide normative statements in the more technical parts of the specification. Readers are urged to note whether sections are marked as non-normative and should not assume that other sections discussing the same concept are non-normative as well. Issue #559 should be closed with no changes to the specification. [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [49]scribe.perl version 1.154 ([50]CVS log) $Date: 2019/05/01 08:46:12 $ [49] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [50] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 1 May 2019 08:48:39 UTC