- From: Orie Steele <orie@transmute.industries>
- Date: Mon, 8 Feb 2021 16:09:22 -0600
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Ivan Herman <ivan@w3.org>, W3C VC Working Group <public-vc-wg@w3.org>
- Message-ID: <CAN8C-_+_SX8Q0mjZgGeZy-0t7LMpeg_9cf4opKL7jchMpD4DuA@mail.gmail.com>
-1 to moving things off github. +1 to never resolving contexts over the network. -1 to having terms lead to no human readable definition... https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L10 https://www.w3.org/2018/credentials#VerifiableCredential (biggest sad face ever).... +1 to relying on /ns/ and versioning in the URLs for future vocabularies and their contexts. OS On Sat, Feb 6, 2021 at 9:34 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 2/6/21 2:53 AM, Ivan Herman wrote: > > "W3C should fix this": what do you mean? The WG's decision was to keep > the > > context file on github, and to set up a redirection. Do you mean that > the > > context files should be copied and stored on W3C? > > Yes, the v1 context files should be frozen, copied, stored, and served from > W3C. W3C is supposed to be the authority of the Verifiable Credentials v1 > context. > > At present, the W3C Verifiable Credentials global standard depends on the > infrastructure of a private company -- Microsoft (who owns Github). We > should > fix that. :) > > We also have people that have access to the Github repository that don't > have > two-factor authentication turned on and could inject things (either on > purpose > or accidentally) into Github-served context. We don't want to allow an > accident to turn into an attack vector. > > No one is supposed to be loading the v1 context off of the Web, but we know > that not all developers are careful about reading specifications or > implementing security protocols properly or paying attention to these > sorts of > details. > > > All that being said: we may not want to overreact. > > The intent was always to freeze the v1 context and to serve the content > off of > W3C servers (because of W3C's Process and archival agreements w/ multiple > institutions that are centuries old). I think all we're doing here is > making > sure we implement the original intent. :) > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches > > > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Monday, 8 February 2021 22:11:23 UTC