- From: Daniel Burnett <daniel.burnett@entethalliance.org>
- Date: Tue, 9 Feb 2021 15:41:20 +0000
- To: Orie Steele <orie@transmute.industries>, Manu Sporny <msporny@digitalbazaar.com>
- CC: Ivan Herman <ivan@w3.org>, W3C VC Working Group <public-vc-wg@w3.org>
- Message-ID: <SA0PR15MB383811D5F65920AD1B8A6453E28E9@SA0PR15MB3838.namprd15.prod.outlook.com>
@Orie: to quote Miracle Max from The Princess Bride, "Why don't you give me a paper cut and pour lemon juice on it while you're at it?". Long, frustrating conversation about how to name and reference the contexts. Maybe the world will be more in agreement for v2 ... -- dan ________________________________ From: Orie Steele <orie@transmute.industries> Sent: Monday, February 8, 2021 5:09 PM To: Manu Sporny <msporny@digitalbazaar.com> Cc: Ivan Herman <ivan@w3.org>; W3C VC Working Group <public-vc-wg@w3.org> Subject: Re: Renaming the default branch in the Verifiable Credentials WG repositories -1 to moving things off github. +1 to never resolving contexts over the network. -1 to having terms lead to no human readable definition... https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L10 https://www.w3.org/2018/credentials#VerifiableCredential<https://www..w3.org/2018/credentials#VerifiableCredential> (biggest sad face ever).... +1 to relying on /ns/ and versioning in the URLs for future vocabularies and their contexts. OS On Sat, Feb 6, 2021 at 9:34 AM Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>> wrote: On 2/6/21 2:53 AM, Ivan Herman wrote: > "W3C should fix this": what do you mean? The WG's decision was to keep the > context file on github, and to set up a redirection. Do you mean that the > context files should be copied and stored on W3C? Yes, the v1 context files should be frozen, copied, stored, and served from W3C. W3C is supposed to be the authority of the Verifiable Credentials v1 context. At present, the W3C Verifiable Credentials global standard depends on the infrastructure of a private company -- Microsoft (who owns Github). We should fix that. :) We also have people that have access to the Github repository that don't have two-factor authentication turned on and could inject things (either on purpose or accidentally) into Github-served context. We don't want to allow an accident to turn into an attack vector. No one is supposed to be loading the v1 context off of the Web, but we know that not all developers are careful about reading specifications or implementing security protocols properly or paying attention to these sorts of details. > All that being said: we may not want to overreact. The intent was always to freeze the v1 context and to serve the content off of W3C servers (because of W3C's Process and archival agreements w/ multiple institutions that are centuries old). I think all we're doing here is making sure we implement the original intent. :) -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches -- ORIE STEELE Chief Technical Officer www.transmute.industries [https://drive.google.com/a/transmute.industries/uc?id=1hbftCJoB5KdeV_kzj4eeyS28V3zS9d9c&export=download]<https://www.transmute.industries>
Received on Tuesday, 9 February 2021 15:41:36 UTC