W3C home > Mailing lists > Public > public-vc-wg@w3.org > February 2021

Re: Renaming the default branch in the Verifiable Credentials WG repositories

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 6 Feb 2021 10:33:20 -0500
To: Ivan Herman <ivan@w3.org>
Cc: W3C VC Working Group <public-vc-wg@w3.org>
Message-ID: <a5ce9213-aae4-980b-aafc-a367c8d0d121@digitalbazaar.com>
On 2/6/21 2:53 AM, Ivan Herman wrote:
> "W3C should fix this": what do you mean? The WG's decision was to keep the 
> context file on github, and to set up a redirection. Do you mean that the 
> context files should be copied and stored on W3C?

Yes, the v1 context files should be frozen, copied, stored, and served from
W3C. W3C is supposed to be the authority of the Verifiable Credentials v1
context.

At present, the W3C Verifiable Credentials global standard depends on the
infrastructure of a private company -- Microsoft (who owns Github). We should
fix that. :)

We also have people that have access to the Github repository that don't have
two-factor authentication turned on and could inject things (either on purpose
or accidentally) into Github-served context. We don't want to allow an
accident to turn into an attack vector.

No one is supposed to be loading the v1 context off of the Web, but we know
that not all developers are careful about reading specifications or
implementing security protocols properly or paying attention to these sorts of
details.

> All that being said: we may not want to overreact.

The intent was always to freeze the v1 context and to serve the content off of
W3C servers (because of W3C's Process and archival agreements w/ multiple
institutions that are centuries old). I think all we're doing here is making
sure we implement the original intent. :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Saturday, 6 February 2021 15:33:38 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 February 2021 15:33:38 UTC