Re: Renaming the default branch in the Verifiable Credentials WG repositories

@Orie:  to quote Miracle Max from The Princess Bride, "Why don't you give me a paper cut and pour lemon juice on it while you're at it?".

Long, frustrating conversation about how to name and reference the contexts.  Maybe the world will be more in agreement for v2 ...

-- dan
From: Orie Steele <>
Sent: Monday, February 8, 2021 5:09 PM
To: Manu Sporny <>
Cc: Ivan Herman <>; W3C VC Working Group <>
Subject: Re: Renaming the default branch in the Verifiable Credentials WG repositories

-1 to moving things off github.

+1 to never resolving contexts over the network.

-1 to having terms lead to no human readable definition...<> (biggest sad face ever)....

+1 to relying on /ns/ and versioning in the URLs for future vocabularies and their contexts.


On Sat, Feb 6, 2021 at 9:34 AM Manu Sporny <<>> wrote:
On 2/6/21 2:53 AM, Ivan Herman wrote:
> "W3C should fix this": what do you mean? The WG's decision was to keep the
> context file on github, and to set up a redirection. Do you mean that the
> context files should be copied and stored on W3C?

Yes, the v1 context files should be frozen, copied, stored, and served from
W3C. W3C is supposed to be the authority of the Verifiable Credentials v1

At present, the W3C Verifiable Credentials global standard depends on the
infrastructure of a private company -- Microsoft (who owns Github). We should
fix that. :)

We also have people that have access to the Github repository that don't have
two-factor authentication turned on and could inject things (either on purpose
or accidentally) into Github-served context. We don't want to allow an
accident to turn into an attack vector.

No one is supposed to be loading the v1 context off of the Web, but we know
that not all developers are careful about reading specifications or
implementing security protocols properly or paying attention to these sorts of

> All that being said: we may not want to overreact.

The intent was always to freeze the v1 context and to serve the content off of
W3C servers (because of W3C's Process and archival agreements w/ multiple
institutions that are centuries old). I think all we're doing here is making
sure we implement the original intent. :)

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches

Chief Technical Officer


Received on Tuesday, 9 February 2021 15:41:36 UTC