The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

VC API Task Force

Transcript for 2022-05-17

Our Robot Overlords are scribing.
Manu Sporny: All right welcome everyone to the verifiable credentials API call this is May 17th 2022 agenda in here.
Manu Sporny: On our agenda today we've got this agenda review introductions relevant Community updates and then we're going to jump into issues we're going to talk about Scopes and r&r's and support for those things in our OS files we there's a question on whether or not we should.
Manu Sporny: Close an issue I went to closed pending issues and then I wasn't clear if we should close an issue so we're going to talk a bit about that talk about linting see ICD what happens when you delete a revocable credential and any other issues we also need to cover to pull requests that have been out there for a bit Mike Varley one of them is to nudge your PR Ford it seems like it's you've responded to everyone and it's ready to merge and so we just need to see if there any.
Manu Sporny: Directions to merge.
Manu Sporny: There's of course the mermaid diagrams that need to be merged as well that's it for the agenda are there any updates or additions to the agenda.

Topic: Introductions, Announcements

Manu Sporny: All right so let's go on to introductions and announcements is anyone new on the call today anyone want to give an update on how they're doing their new job old job anything like that anyone want to give an intro or re intro.
Manu Sporny: I think it's a the regular crew here so we all know each other.
<manu_sporny> Proposed W3C Charter: RDF Dataset Canonicalization and Hash Working Group
Manu Sporny: Announcements reminders please go ahead and put yourself on the queue for that I've got a couple of announcements this is mostly I'm sure some of you were on the call earlier today the main weekly call there is a new proposed Charter for an rdf data set and canonicalization working group and putting the link in chat now this is so that we can canonicalize.
Manu Sporny: He's Data before we.
Manu Sporny: In it in a verifiable credentials primarily this work is around linked data rdf data set canonicalization the proposed Charter is linked to in that link I sent if you are w3c member or you know w3c member you might want to urge them to vote on that Charter Marcus here on the Queue go ahead.
Markus Sabadello: Yes when you announce this to the list I responded and I also want to quickly respond here and Echo what you said to make everyone aware of that Charter and w3c member then please vote on that I think it's funny a lot of people are probably not aware of the fact that this part of the stack hasn't actually been standardized yet a lot of us maybe take that for granted the fact that we can canonicalize on.
<bengo> ��
Markus Sabadello: If data and then attach proofs but we need to standardize it because of things depend on that so please have a look if I find one part of the charter very interesting which says that the the very fiber credential Charter right that's also available right now and that says that the work on securing linked data is primarily intended for verify with credentials.
Markus Sabadello: It may also be used for.
Markus Sabadello: And the same is true here for the katana conversation and hashing so let's not underestimate the importance of this giving some attention.
Manu Sporny: Wonderful thank you for that Marcus and and some of you might not know but Marcus is one of our fearless leaders in that group Marcus you're one of the co-chairs along with Phil Archer from gs1 which is wonderful and I and I and I know that you and Phil are going to do a fantastic job navigating that group through the through the standardization Waters it's always an adventure.
Manu Sporny: The other announcement of course is that the verifiable credentials to a working group Charter is out there for a vote as well please go and vote on that if you are w3c member and if you know a w3c member make sure to poke them to make sure that they vote and I think Brent sundel are other fearless leader who has been leading that group for a long time as chair is here.
Manu Sporny: Here but I don't know if you have any words.
Manu Sporny: To share about that Charter or the work.
BrentZ: I don't thank you for for advertising us we appreciate all the support we've gotten so far folks who haven't jumped in the more overwhelming the support the better I think we have at this point you know the minimum number of approvals that that we would need but the more we can get the better so please check it out and vote.
Manu Sporny: Thank you Bret Marcus you're back on the queue.
<manu_sporny> cool, didn't know about that one!
Markus Sabadello: Yep just as I wanted to mention about two weeks from now there will be a w3c workshop on data spaces and semantic interoperability here in Vienna we don't have a slot on the agenda because we didn't think client time but both Phil and Phil Archer and myself we will be there and first connect with the other participants and.
Markus Sabadello: Get some treats.
Markus Sabadello: On the works that we have with rdf data canonicalization and passion also verify credentials we can after that report back to the larger group.
Manu Sporny: Awesome thank you for that Marcus I had I had no idea that wasn't in Vienna or that it was going on all right the only other announcement right now is that a couple of weeks ago we announced a number of test Suites around the verifiable credentials API and crypto sweets and all that kind of.
<manu_sporny> Cross-vendor interop for Data Integrity and Ed25519Signature2020 achieved:
Manu Sporny: Um they were V Capi issuer verifier test Suites there were test Suites for the Edwards signature 2020 crypto sweet announced in the here we are three weeks later we've got a demonstration of at least two independent vendor implementations passing those preliminary test Suites I'll put the link to that mail.
Manu Sporny: The reason this particular things of relevance is that one of the things that we have to do for the verifiable credentials to a working group is to produce a test suite and get enough implementations for some of the work items and you know usually the minimum bar is two independent implementations the good news here is that we have a test suite and we have demonstrated that there are two.
Manu Sporny: Her operable.
Manu Sporny: Shins today surely these test Suites are going to change when the group meets they will be refined they will be come more rigorous but the fact that we're going into the working group with test Suites and to interoperable implementations is a really good sign so thank you a ton Demarcus and Dan UTech for being one of the organization's to.
Manu Sporny: Ask digital Bazaar is.
Manu Sporny: The one right now and we're we've got cross vendor interop going between both of our companies and we have I think I know of at least four other companies that are actively implementing to the test Suite right now so we should be in pretty good good shape from a crypto sweet standpoint for the VC to working group the announcement I did not get around to making today was that we have the same thing for.
Manu Sporny: Issue and verify.
Manu Sporny: Here is that these are cross-industry test Suites the traceability folks have been doing a great job of interrupting between each other using the VC API for many months now which is great the test Suites that that we're talking about here are slightly different in that they're a little more generic they're not super focused on traceability they're more generalized VC API tests and more modular.
Manu Sporny: In that fashion.
Manu Sporny: So that's good news you know it's this is this is good you know all the all the hard work that people have been doing for a long time now is starting to kind of you know bear fruit any other updates announcements anything of that nature.

Topic: Support for scopes/rars in OAS3.0

Manu Sporny: All right let's get into the agenda then the first item up has been on our agenda for multiple weeks now it is support for Scopes and regards in the OAS 30 files we haven't talked about this in a while so we're going to come back and talk about it let me go ahead and share my screen.
Manu Sporny: I have not even looked at this in a while.
Manu Sporny: So I guess Ori raise this Mike it's assigned to you Mike I hate to put you on the spot or would you be able to talk about this otherwise I can.
Mike Varley: Yeah I think I can talk a little bit about it it's it's around how we wanted to manage Scopes in the API and there was a gist there is shows where or he's just using I think structured Scopes you know so there's kind of a structure within the string that server would have to parse.
Mike Varley: And we have.
Mike Varley: Come up with.
Mike Varley: Plan Legacy you know: or Dash or whatever the point is that there is a structured scope string and then the suggestion from Justin was that there's there's a better way and called rawr that and I see Justin's on the call so I'll let him jump in on on explaining through how Roars but it's a structured set up for your Scopes that allows you know a location the permissions associated with that scope.
Mike Varley: And then.
Mike Varley: Looks like there's a data type field there as well so it's a really flexible and structured way so between seems kind of like opposites but they're you know in this way you can you can you can get a lot of flexibility out of your structured Scopes and it's something that's you know got aspect to it and it's and it's portable across other implementation so you may get Library support and all the other benefits I believe the pushback was that the tooling that were using for defining the API.
Mike Varley: AI does not support rar.
Mike Varley: That would be a challenge to get the spec you know the Swagger that were using to to specify it properly and sort of two points there I think Justin has actually gone and engaged with the open API Group to to involve some of those capabilities within this back so there's some some activity there and also if the group feels that you know structured Scopes are the right thing to do.
Mike Varley: Do then we shouldn't necessarily.
Mike Varley: And Define a proper spec but we do have the limitation where we would like to use open API for various good reasons including test Suites and napi generation and Postman scripts and so on and so on so I think it's still open for discussion about what this group would like to do I am in favor of the RAR approach but I recognize the tooling issue and with that I think.
Mike Varley: You're able to jump on then I think describing the benefits of ride you did a presentation I'm going to say over six months ago but that's only because my memory isn't very good but but it was it was a while ago you did a presentation on R&R structures so maybe just if there's a summary of that as the benefits then maybe we could kick off from there.
Justin Richer: Yeah sure / I mean Mike Mike covered most of it and basically.
Justin Richer: Our was invented because several people in the past myself included developed specifications that required structured Scopes and it's one of those things that seems like a great idea on paper until you actually need to deploy it and use it especially across any pi over time as you discover new and different things that you want to do with that API and you find your structures.
Justin Richer: And adding new syntax and New Dimensions and all of this other stuff that I'm sure people will swear to me up and down that no that's not going to happen here because this time is different well it's not it's I'm sorry it's just not it's this is what has happened to every single time I've seen this invented and what we're trying to do with RAR is create an actual multi-dimensional structure for.
Justin Richer: Describing exactly.
Justin Richer: This kind of thing.
Justin Richer: So the tooling is not available for R&R yet Mike mentioned in linked to issues where I'm starting to engage with the open API specification security subgroup about that I encourage people to go read those strawman proposals and comment on them and see if that even makes sense but quite frankly as I demonstrated in a previous call.
Justin Richer: .
Justin Richer: The tooling I'm sorry ball to I'm not sure where that came from thanks transcriber but anyway as I demonstrated on a previous call the tooling can in fact be.
Justin Richer: Adapted in pretty much any way that we need to describe what it is in the resultant spec because the.
Justin Richer: Output of this group is not the OAS spec it's the Respec document.
Justin Richer: That fully describes the API and all of its peace pieces so.
Justin Richer: Any additional tooling that's needed for processing that kind of stuff in that type of pluggable system I think is a reasonable reach for this group but that's me I'm not the one who has to write the tooling regardless structured Scopes I can say definitively are not a good idea they feel like a good idea you may have convinced yourself that they're a good idea.
Justin Richer: Many years of experience and several versions of inventing these in the past dictates otherwise.
Manu Sporny: Great thanks Justin Mike Europe.
Mike Varley: I sure thank you I would also like to consider how Scopes structured or otherwise are seen to be used with our exchanges and point which is kind of an extension piece so you know we have the exchanges endpoint which enables a you know a variety of functionality with credentials and how credentials can be.
Mike Varley: So I don't know if we need nuanced Scopes in order to support the exchanges API that being there's an API or in sorry an access token for one exchange is it scoped for exactly one exchange or is it just kind of a access token which could be used against many anyhow for those implementing the exchanges.
Mike Varley: Maybe interesting to hear your perspective.
Mike Varley: You want to control access to those exchanges or if there's another mechanism.
Manu Sporny: All right good questions Mike I put myself on the Q let's see so.
Manu Sporny: I think I mean we're in a position where we could do we don't think anyone here thinks doing all of these things is a good idea but at the same time I think each one of these ideas might need time to breathe and I don't think it would harm anything to start defining but for those that want to do these things I think the group would you know look at PR s in pull PRS.
Manu Sporny: In that enabled.
<justin_richer> question to Manu: does OAS3 support ZCAPs? If not, how do you get it in there?
Manu Sporny: Is of doing authorization to the API so today what we have is we have people using oauth2 digital bazaars implementation uses ecaps and we support some level of belonged to I think we should also you know enable the RAR stuff to happen I agree with Justin the tooling stuff is not a good reason to say we can't do.
Manu Sporny: Do it in.
<justin_richer> Thanks for clarifying
Manu Sporny: Don't imagine the tooling is going to be that hard to do just ask the question you know there's OAS3 support Z caps it doesn't we just implemented it in the tests we enabled the test Suite to test implementations that have z cap so Justin I think the z cap stuff is in the same boat that the our stuff is in which is that the OAS stuff doesn't support it.
Manu Sporny: It so.
Manu Sporny: We can we can enable it in the test Suite I don't see any reason why we why we can't do that and so it's just a matter of you know people putting in the time to do that work so the concrete proposal on this item is that we are entertaining PRS for any of these things you know I think Justin's right the whole structured scope stuff is 0 it's severely problem.
Manu Sporny: Attic that's one of the.
Manu Sporny: That we're not happy with you know the oauth2 stuff but the fact is the fact of the matter is there a lot of implementers that are doing it anyway and so do we provide any kind of guidance to them or is it a wild west right anyway I guess all this to say that the concrete proposal is we are accepting PRS for supporting all these different authorization mechanisms certainly in the.
Manu Sporny: That's just work that people can do and if people don't want to implement you know particular type of authorization they don't have to and you know let's try to see how what people how people think we should integrate this into the spec so it just yeah so so we're accepting PRS would there be any thoughts concerns about that approach Mike you're on the queue.
Mike Varley: Okay then yeah was just in first or was it was it myself.
Manu Sporny: I looked at the Q and you were there for question on Z caps.
Mike Varley: Okay I'll ask my question and then just maybe we can follow up on the question on Z caps was just if you could provide maybe a 30 second view on how the client obtains the the original you nosy caps object and then and then how that delegation may work only because I'm familiar with Z caps as a data structure but not the messaging on how to you know get.
Mike Varley: One or get a particular capability.
Mike Varley: More narrowly so if there is a 30 second kind of overview about how that happens that'd be great because it might help Drive the roar Associated work thank you.
Manu Sporny: I am afraid Mike that I would say the wrong thing I would rather have our implementers on the call so they can say how it happens today I have not yeah I can take a guess but it's probably going to be wrong.
Mike Varley: Richard different okay thank you no no no problem no problem no thank you no problem.
Justin Richer: Yeah I just wanted to know to the group just so that everybody knows pasting it in ietf data tracker link for there are specification it is in the state publication requested which in layman's terms means that it is out of the working group and into sort of the higher areas of the ietf we're sort of The Wider review is happening right now and it is this is.
Justin Richer: Is kind of one of the final stages.
Justin Richer: Publication for our FC.
Justin Richer: The ietf process is complicated with many layers but this is the second or third to the end it's very it's very close.
Manu Sporny: All right thanks I guess I'll just take that out a quick thanks for that Dustin okay so are there any objections for us basically saying we're looking for pull requests on Scopes Roars C caps any of that stuff and then we'll review as a group once those come in.
Justin Richer: +1 To PRs

Topic: Initial PR for exchange discovery

Manu Sporny: All right there we go we'll put it as ready for PR and not is that item um my apologies Mike I totally forgot about processing pull request so let's do yours next yours is the initial PR for exchange Discovery if you would like to give us actually please give us.
Manu Sporny: On this PR and its current state.
Mike Varley: Yep absolutely so when we were defining the exchanges capability of the API where the API was able to support workflows for obtaining credentials and verifying credentials.
Mike Varley: It was noted that it may be the case where some of those exchanges have protocol rules like username and password has to be handed in or some other authentication token has to be handed in at the time that the exchange in point is accessed and then at which point the the VP our data structure might specify what the protocol is to obtain.
Mike Varley: In the credential and and.
Mike Varley: Bull is revocation or sorry not revocation refresh Prudential refresh 2020 or 2021 so the trouble there is that as a client application calling the calling an exchange endpoint I likely need some information before I call the endpoint to know what I'm supposed to be doing in order to be successful and with that in mind.
Mike Varley: Respect out on exchanges Discovery and point so you would make a call to the just top of the exchanges tree a get call and you would receive a list of the endpoints available and then the associated protocols just as a string value or a URI that was implemented on those exchange and points and the assumption is that if the client understood what that.
Mike Varley: String meant then it was it would be able to.
Mike Varley: Kate with the endpoint and if not then it can throw an error right away saying sorry I unsupported to the person using the API or to the other system used using the API as a client and you know and so and then there was a request to enhance the API for pagination and and some other you know structured issues which have been addressed I believe.
Mike Varley: The open.
Mike Varley: So I believe the pr has addressed all the immediate issues requested however there may be some discussion around whether Discovery is even necessary or if the structure of the VP our protocol supported by this this API sort of has enough built-in that Discovery is redundant.
Mike Varley: And no one would.
Mike Varley: It's more that second question that I put to the group do we still think discoveries necessary do we want to support more than just VPR or do we is can we can we achieve everything just with the VP R-Spec language and finally if there is no answer to that second question today now or discussion we can always add we can always accept the.
Mike Varley: ER and then.
Mike Varley: And later that Discovery is not necessary we could we could remove it because it's fairly independent of the rest of the API it's just an endpoint which returns a list of n points and protocols so if we decide it's useless and maybe we could remove it but that's the current state the pr itself is probably ready to go there's sort of an open discussion as to whether we still want discovery.
Manu Sporny: Awesome thank you for that Mike yeah I mean my read on the pr is that Mike is answered all the questions all the requests in the group have been answered in yes there's an open question on whether or not discoveries needed or not the digital bizarre doesn't use Discovery for the exchange endpoints but it is very possible that we're just not seeing the same use cases that.
Manu Sporny: Avast is see.
Manu Sporny: Um in you know +12 merging I mean you know we're still in an experimental state in the API lets Define this and see if people find it useful or if people want to iterate on it and then as Mike said if implementation experiences we don't need this then then it can be taken out at a later point in time so I'm a plus-one to merge Justin you're on the.
Justin Richer: Yeah so also a plus one to merge and I wanted to just raise the often forgotten point that even in protocols where Discovery is not strictly necessary it can be a very useful Dynamic optimization for different systems so good nap for example is written from the start as a protocol that does not need a discovery phase.
Justin Richer: We still Define Discovery documents and end points so that self-configuring clients can optimize their interconnection with the server based on the Discovery information now is that step strictly required absolutely not an app is designed to allow for live negotiation and sort of a back-and-forth to kind of find the bits that you need as you go however there is no reason to disallow a.
Justin Richer: Client to optimize itself.
Justin Richer: In this particular way so I also support merging this.
Manu Sporny: Thanks Justin anyone else in the queue queue is empty are there any objections to merging the pr.
Manu Sporny: All right I'm not hearing any objections Mike it's been a while since the pr has been updated means moved on their conflicts would you mind fixing the conflicts and as soon as those are fixed we can merge it in.
Mike Varley: Okay will do can't guarantee what will happen today but yes we'll fix the conflicts and then we can then just get approvals for emerge.
Manu Sporny: Okay sounds good and thank you for putting the pr together the only other one that's out there is this sequence diagram mermaid Respec sequence diagram stuff I was just going to merge it it just adds it converts the static PNG images to mermaid diagrams where we can actually hand edit them a hand edit the user flow diagram so that'll that'll go in shortly as well we just forgot to merge that in.
Manu Sporny: PRS back to the issues Next Issue up.

Topic: Close: Should vc http api use PE Spec for query format?

Manu Sporny: Is should we close question on whether or not we should use the presentation exciting exchange spec as as a query format.
Manu Sporny: Let's see I think Mike you had asked a question we were going to wait was pending close and then we asked secure key if you were the only one that was interested in implementing presentation exchange we said we would you know close the issue until they was more interest and then there was also mentioned that VPR could could potentially support it so Mike why don't you cover your.
Manu Sporny: Response here in the.
Manu Sporny: Here is are you okay with closing this or should we keep it open.
Mike Varley: Thank you so my comment was a question just to see if any other implementers were interested in utilizing those other protocols presentation exchange did come Etc from our position we were happy to close it out if there was no immediate need and and then.
Mike Varley: Then Buckner jumped in and said hey we do that and so I think that there are some I think there is some Community interest and other protocols but I don't know how serious that is was close block actually intend to use this API with presentation exchange and.
Mike Varley: And we like presentation exchanging with and we'll use it with whatever we're doing I heard to say so but there were some other community members who were asking questions about it so from my perspective I'm still okay to say it looks like for now it's a VP are based API but I believe we should reach out to Dan.
Mike Varley: I don't know if.
Mike Varley: He's actually going to implement pecs transmute rather anyway we should we should just kind of ping and say PR's welcome or we're going to close this until we get a PR like I'm not sure what you do with that kind of a hanging issue like that.
Manu Sporny: Yeah that's a good question Mike my suggestion is PR's welcome right at this point you know of assets you know about secure key Avast has signaled that there they have interest block has signaled they have interest in so the next thing is to put put forward a PR on what those types of flows would look like if we have presentation Exchange in here currently it is VP our base like the whole a.
Manu Sporny: API and and is VPR based I think.
Manu Sporny: Well I won't speak for Ori but so yeah I think you know PR's welcome let's let's see what a proposal would look like go ahead Mike.
Mike Varley: I'll just note that I believe that in the sample in the linked issue ad presentation exchange example we are using the VPR outer structure and then the inner structure you know because there's a type it says type presentation exchange and then the inner structure is the presentation exchange so again that's not a PR it's just saying here's how you could do it I don't know if anyone.
Mike Varley: Into the idea of oh yes let's do that so.
Manu Sporny: Is this the example you're talking about my where the interact service points out.
Mike Varley: No no it's you have to click on the on the link tissue it's actually part of the message.
Manu Sporny: This one add presentation exchange example okay.
Mike Varley: So if you click on that you'll just see there you go so see it says it's type presentation exchange credential carry and then in there you have so it's kind of nested within the the VPR rap group but again so there's multiple approaches here not a lot of active discussion on how presentation exchange would actually be leveraged I know presentation exchange and credential manifest our.
Mike Varley: Part of the.
Mike Varley: Open ID work and you know they're being discussed in diff so I just don't know that.
Mike Varley: There's there's activity for this API to support it and again maybe it maybe there's maybe there's a way to add it in later I can't say I just don't I don't know what other people's intentions are.
Manu Sporny: Yeah I mean it certainly would be able to be put into the the query type right the PPR type and and credential query that would be one way of doing integration but you're right I mean I think what we need here is again this is kind of a PR's welcome.
Mike Varley: +1 To PRs welcome
Manu Sporny: Right if there are two companies that want to interop or one company wants to propose how we would integrate presentation exchange we should try to it is certainly a very good it's a it in the very worst case it's a really great thought exercise to determine whether or not we can actually use different query mechanisms different protocols over the VC API.
Manu Sporny: So like Chappy's.
Manu Sporny: All agnostic sorry it chappies message agnostic and so the intent was the VC API was supposed to be message agnostic in some cases and so can we actually achieve that or not and doing a presentation exchange using pecs and did come would be one way of trying to see if that's actually true.
Manu Sporny: So Mike is that the suggestion then it's like can we.
Mike Varley: So I would yep say PR's welcome I would all my sorry that's my stuff my anxiety there is that the more protocols we want to enable makes it more difficult for interoperability and you know coverage clients suddenly have to expect.
Mike Varley: That maybe it's a VP.
Mike Varley: Our base protocol or a presentation exchange based protocol again leading to you know as a client what code do I need to write to talk to this server challenges and it so that's that's why I feel like I'd really like to narrow it down so we could get it working but he ours welcome.
Manu Sporny: Okay great are there any objections to suggesting people submit PR's for this so that the group can explore that space.
Manu Sporny: Okay we will say it's ready for its not finding clothes it's ready for PR.
<mike.varley> sorry I have to drop early today. thx.
Manu Sporny: Come on GitHub ready here we go all right it's ready for PR and we'll move on from that okay next item up is linting and CI CD from OAS or for OAS.

Topic: Linting CI/CD

Manu Sporny: So I think the status here like had to drop the status here is basically me grab this is we just need someone to do the work so Lin ping happens right now on the OAS files when the Respec spec is rendered so if the OS is broken in any way the spec will refuse to render in you have to go to the console.
Manu Sporny: Soul and look to see what what.
Manu Sporny: OAS wenting error was thrown that said it would be really good to have linting as it just a part of the regular process that runs we just need someone to do the work.
<mahmoud_alkhraishi> happy to do it
Manu Sporny: Would there be any volunteers to do the work on oasc ICD linting should be a quick one my moods volunteering awesome thank you so much my hood let's see discussed this on the.
Manu Sporny: Yes no that's not the year 2020 2517 Helicon volunteered to is that as a GitHub action from mood.
<mahmoud_alkhraishi> yes
Manu Sporny: Thank you volunteer dad to get Hub action to lint the specification the event b os files you PRS are raucous whatever only go as far as okay alright there we go I'm going to assign it to you I'm good.
Manu Sporny: And take money off of that and that is up to you to raise a PR to do that thank you very much for all and tearing to do that.

Topic: What happens when you delete a revocable credential?

Manu Sporny: Okay that's that one next item up this one's going to be an interesting one what happens when you delete a revocable credential so this and then here's issue 276.
Manu Sporny: All right so Ori ask the question specifically when you delete a revocable credential what happens the status bits anyone have any thoughts.
Manu Sporny: Go ahead Joe.
Joe Andrieu: What component is this for.
Manu Sporny: The issuer I would imagine can you even delete credentials do we have that we I don't think we have that.
Joe Andrieu: Yeah I also added a similar note 2268 I wasn't up to speed with it when you asked if there were objections I also don't know how that's supporting the breaking out a different components but yeah we deleting a credential like it matters very much which component you're calling that a pi on I can someone else delete a.
Joe Andrieu: The holder app.
Joe Andrieu: Very different than if you're deleting a credential that are verifiers already received if you're deleting a credential that an issuer has issued like I really can't even understand the question without understanding which component it's related to.
Manu Sporny: That is an excellent point are there any assumptions that you could make that would allow you to answer that question.
Joe Andrieu: Well who's I mean.
Manu Sporny: Let's let's let's say it's the issuer is an issue or allowed to delete a credential that they have issued and if so what happens to the status bits when that.
Joe Andrieu: Where is the so the issuers calling it and they're calling it on the holder app.
Joe Andrieu: Right so the issuer app is calling it on the issue or service.
Manu Sporny: Now they're calling it on their issuer correct yes.
Joe Andrieu: So I don't know why the issuer service would retaining credentials so I don't expect the issuer service to be a data storage of credentials other people might but I think that's it that's it that's a good.
Joe Andrieu: While the issue are.
Joe Andrieu: I may need to hold credentials the issuer service I would not expect to.
Joe Andrieu: People do I think it's a fair debate I think it's a good debate about should the issuer API enables automatic storage of VCS upon issuance but I think it's probably not a good idea I think these were app that's the website that's interacting with the service I think it's fair game for that issue or distorted.
Manu Sporny: Right and taking notes any other thoughts on this item.
<andy_miller> Is a "revocable credential" a VC with a "credentialStatus" property?
Joe Andrieu: And while you're typing that out man in Andy Miller to your question I think that is correct I think that's what people mean by a revocable credentials that there is a mechanism to check the status which is in the credential status property.
Andy Miller: So if the credential status property points at a credential status service the service might be holding the credential to.
Andy Miller: Maybe what Orion was asking was let's say the credential status service only actually maintains the I don't know which rarely method they've implemented but let's say if some method but which just keeps a bit flag and for a credential so deleting it might mean just.
Andy Miller: Deleting that flag and it's no longer holding it.
Joe Andrieu: That's right I think I think if the delete it could be interpreted as unrwa voguing is what you're saying if the component is the refresh status service I'm sorry not reefer I always mess that up a lot the credential status property the service that that points to.
Manu Sporny: So let me die with a half half taking notes half listening are we saying basically the the whatever's handling the status bit for that credential needs to flip the bit where we saying something else.
Manu Sporny: Like if you delete a credential it's automatically revoked.
Manu Sporny: If you if you're holding it if you like well yeah I guess the credential status - yeah.
Joe Andrieu: I think Andy supposition was that hey maybe Ori meant that the act of deleting is how you you revoke.
Joe Andrieu: I think it comes back to what's what's the component that you're calling it on and who's calling it.
Manu Sporny: Okay so we kind of need more information Logan go ahead.
Joe Andrieu: Yeah I mean for example if it's if the credentials already in my wallet then who gets to delete that except the holder me so I'm thinking there may be a more sophisticated use case that I'm just not picking up on.
Manu Sporny: I guess it's not clear what the word delete means here either.
Manu Sporny: I think we need more information to actually answer the question what is not able to have a bit of discussion around the question because it was not clear which component of the ecos co system was doing the deletion.
Manu Sporny: It's also not.
Manu Sporny: It's not clear what be delete HTTP verb meant.
Manu Sporny: Different aspects of the system delete on a potential in a holder wallet semantically different then delete on a credential in N sure app in or service.
Manu Sporny: Components identified and the semantics around the delete operation lied in order to make progress on this issue does that sound like a reasonable.
Joe Andrieu: Yeah when one thing you might add is also the color like.
Manu Sporny: It means the component the the caller caller the component and the semantics around the delete operation there we go.
Joe Andrieu: Yeah I think what by the way just this sort of a medic comment but I think this the lack of the color component is also part of why I think we've struggled about authorization mechanisms.
Manu Sporny: Yes that would agree with that.
Joe Andrieu: Like you gets to delete or who gets to create that's the authorization question.
<joe_andrieu> /s/Like you gets/Like who gets/
Manu Sporny: Yep absolutely I'm praying to figure out how we roll that into a future conversation that feels like it would provide some clarity to a number of the questions that have been raised all right we have two ish minutes left in the call let's go ahead and end the call here are there any other comments concerns or things that we should be aware of over the next week before we meet again.