The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back


Verifiable Traceability Task Force

Transcript for 2022-08-09

Agenda
https://github.com/w3c-ccg/traceability-interop/AGENDA.md
Organizer
Orie Steele, Mike Prorock, Mahmoud Alkhraishi
Scribe
Our Robot Overlords
Present
Orie Steele, nis, Raad, Ben - Transmute, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Russell Hofvendahl (mesur.io), Chris Abernethy, Vivien
Audio Log
<ccgbot> Chris Abernethy joined the meeting.
<ccgbot> Chris_Abernethy: present+
<ccgbot> CG Bot joined the meeting.
Our Robot Overlords are scribing.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Victory appears to be ours.
<ccgbot> Chris Abernethy left the meeting.
<ccgbot> The meeting has ended.
Chris_Abernethy: I apologize actually just was able to get into the call something wrong with Mike's link.
Chris_Abernethy: She got it all right so I apologize you said three to six okay so I was looking into this in response to some chatter on slack that the actual spec has not been published in quite some time editor's draft so I did some investigating and some cleanup we did a couple of months ago removed the CD workflow that was doing that so I've.
Chris_Abernethy: Added a new.
Chris_Abernethy: In that will now publish the contents of the docks / spec folder which is where I moved all of the spec related items the the sections HTML the I think three images that were used and index.html and those will now be published to / draft in the existing GitHub Pages area whenever someone wishes to Maine and it includes changes to the docks / spec folder.
Chris_Abernethy: It should be noted that there's an additional PR linked in there for the perm ID repo that will change the permalink to the index.html.
Chris_Abernethy: Well currently the index.html lives at the root of our GitHub folder now it lives in the draft.
Chris_Abernethy: So we'll need a sink or a may have permission to merge that I'm not sure if that's the case or you can you speak to that.
Orie Steele: If it's a pull request that I proved you have my permission to merge it.
Chris_Abernethy: This this is for the Perma ID / W 3 ID don't work.
Orie Steele: You can't you can't merge that I will have to leave a comment saying I endorse your change and you should get Mike to do the same and then they will merge it for us.
Chris_Abernethy: Got it okay.
Orie Steele: But you said only to do that after you merge the other one so the other ones been merged and now we're just waiting for a permit ID.
Chris_Abernethy: I believe so nis.
Ben_-_Transmute: Okay this is a.
Ben_-_Transmute: The the equipment Small Change there's a result as follows that gets created every time you run at the Mt with the results of how many of the test results and this is causing a bunch of thrashing when we put a porpoise this is removing it from the repository and adding it to get ignore.
Russell_Hofvendahl_(mesur.io): Yeah 3:17 is just cleaning up some stuff with the food grade inspection schemas I put in a while ago there are two things one is fixing undefined terms which are all seem to be rooted and just various structural and semantic mistakes and also improving making making some of the.
Russell_Hofvendahl_(mesur.io): Terrific a lot of it is now referring to Eunice Yoon AC don't know how to actually put on sit acronym but um yeah so it's just cleaning up those schemas.
Vivien: I said I can for rad I don't see him joining here so but.
Vivien: Yum no I messaged him dead he can rejoin but he's not replying but so basically it's an update in the postal address where he changed the organization name to a name because there is a use case where we wanna use the pro stole a dress to represent the facility.
Vivien: and the.
Vivien: Doesn't make sense to describe the facility name with organization they so it's better to have a more general term.
Vivien: That's all the pr is about.
<vivien> :+1:
Orie Steele: Yeah I think it's essentially continuously happening right now without an actual verifiable credential associated with it I think this is a cool idea that seems like it would just be extra work for folks and I'm not sure I'm hearing anyone chomping at the bit to implement it.
Orie Steele: So we could leave it open or we can just close it as no interest.
Ben_-_Transmute: I mean I think we want to be passing the results before we celebrate.
Ben_-_Transmute: I mean I would be tempted to close it now and say like okay once everyone is passing the test you know is there some official search kitchen that we want to create for it but I would kind of say this the the focus should be on passing the test first.
Chris_Abernethy: I'm just reviewing this quickly so right now there don't it looks like for the identifiers / did endpoint need some additional work so that we know specifically what sort of response should return should be returned if the provided did parameter it's one not a valid ID at all.
Chris_Abernethy: all or two.
Chris_Abernethy: I did the can't be resolved by the end point right now we're just kicking out unexpected error which is more or less 500 and that it didn't seem like that was enough detail.
Chris_Abernethy: I'm not you know I'm not sure what the right answer is it seems like probably we would want some kind of 400 bad request if it's not a valid ID or and or a 400 I found if it can't be resolved open to other ideas on that or open to being shot down if everyone thinks 500 is fine.
Chris_Abernethy: I think I would be okay with that that would be great.
Orie Steele: I'm going to leave a comment on it to check the did Speck Registries error code section which seems relevant to this.
Ben_-_Transmute: Yeah I think I was I was kind of going through and looking at each one of those and yeah all the tutorials have a nice read me Apollo describes what to do and that once took out is not having anything which goes against the flow for our love story.
Orie Steele: So as I understand it we're all pretty much intending to start using these endpoints a lot more so today we're passing interoperability tests with presentations available and presentation submission and we're currently all planning to stop really doing that and start using this and point with oauth security so I just want to check their.
Orie Steele: Buddy on the car.
Orie Steele: That's not what we're doing.
Orie Steele: Or where the direction that we're headed.
Orie Steele: Okay so given the silence and plus ones and the chat this seems like a thing that we really ought to have a really nice tutorial documentation around and given that Chris is so good I hate to do this but Chris would you mind documenting this in the format that you've done for the other ones or should we use this as a training exercise for someone else to get on your level.
Chris_Abernethy: II do not mind reading the documentation for this it will probably take a backseat to me rounding out the per the conformance testing though.
Orie Steele: Yeah makes sense.
Chris_Abernethy: Yes please do.
Chris_Abernethy: Yes this one is mine this is an issue reminding me that we need to add a conformance test to the credentials issue and point to ensure that the issuer ID that was provided in request is the same issue ID that comes back in the response.
Chris_Abernethy: Is where it needs to go.
Chris_Abernethy: And it's a short note in there on how to do that we have to resolve the did web get the also known as one so that we know that.
Chris_Abernethy: The implementation where queering actually does know about sure ID.
Chris_Abernethy: Yeah this is.
Chris_Abernethy: This is related to I think the one we just discussed where we need a negative test so that if you try to issue a credential with a issue ID that the endpoint doesn't know about it should return an error.
Chris_Abernethy: It has to have private key material in order to perform the operation.
Chris_Abernethy: I think it can be ready for PR I'll just need to choose what I think is the most appropriate response in this case I would probably go with bad request.
Ben_-_Transmute: I would that would agree on that.
Chris_Abernethy: Yes this is a problem in the conformance suite where I'm using a temporary placeholder for issuer ID clearly we can't properly test any of the things we've just been discussing if we are using fake issue or IDs so this needs to use a valid issue ID by querying a resolving dude web and getting the also known as its first position.
Chris_Abernethy: We do indeed it's a known quantity this will be a little bit different in that I'll probably simply write a function that goes in does this versus a separate request is we're not we're not testing that functionality we're simply using it.
Orie Steele: Sure I think where we're at is there's a couple cases we've identified that yield errors and we have started to define a standard error format and we've started to align on different error codes cases and case in point the conformance tests really cover all of these so I wonder if this tick is just become overtaken by events and the conformance.
Orie Steele: Mission to cover all interesting errors but folks think.
Chris_Abernethy: I'm inclined to agree and I think we can close this.
<orie> apologies I have to drop
<orie> glhf
Chris_Abernethy: This is another reminder to add a negative test to the conformance Sweet this is to test set the response from credentials issue includes the same credential subject that was provided in the request.
Chris_Abernethy: So 315 when we have that facet View and this is both in the conformance test in the interop tests it's more obvious and conformance because there are more tests that whole section is fixed height right now we need to make that Dynamic height so that each line in it is given equal spacing so these boxes don't start to overlap and get crowded.
Chris_Abernethy: I don't think so this is ready for PR.
Chris_Abernethy: We got them to ready for PR last time.
Chris_Abernethy: So the CI nothing has happened here yet.
Chris_Abernethy: I'll get the next four I'll suffer sign.
Chris_Abernethy: I did yes.
Chris_Abernethy: We discuss this one two weeks ago this is simply a matter of differentiating the template used to generate the interop and performance reports so it's a bit more custom to the report that it represents we talked about changing the title and summary as a first step this is simply hasn't been done yet.
Ben_-_Transmute: Also he saw Jesus Reserve very narrowly defined it's open to finding them.
Ben_-_Transmute: I think we would hope that anything that changes the context would cause proofs to break.
Vivien: So basically going to.
Vivien: All the Francine are using the postal address and make updates over this world.
Ben_-_Transmute: Oh wait wait the church the term has also been changed or fart.
Vivien: Okay I'll bring that to rap.
Chris_Abernethy: I know I think some time ago we decided this is ready for PR I think two weeks ago I've just been out so I haven't had a chance to work on this I think we have a good direction.
Ben_-_Transmute: It looks like it looks like from Brian's response at this is still externally blocked at this moment.
Ben_-_Transmute: I think they're the pull request two weeks ago that added this to the repeat to make it more accessible do you want to do anything beyond this in terms of publishing the postman requests or do we think that adding links to the reading is enough to satisfy the conditions for this.
Ben_-_Transmute: My impression was that they were added to the readme so they might not be in the document.
Chris_Abernethy: There were a number of places in the tutorials where he added notes at the top to say hey if you want to just bypass this tutorial and load up the postman stuff this is how you do it.
Ben_-_Transmute: All right well let's yeah let's add specific action items and then.
Chris_Abernethy: I think we've drifted quite far from the original purpose of the ticket perhaps we should open a new issue.
Ben_-_Transmute: I think that's also an option if we just close this and defined something it's narrowly defined I think.
Ben_-_Transmute: It seems like we're kind of kicking around and not being very decisive about what actually needs to be done here.
Chris_Abernethy: We have 25 to through 246 still that are pending clothes that we should be able to close.
Chris_Abernethy: I think I make sense can we link to the trace vocab schema.
Ben_-_Transmute: I think the one thing to point out here is the one obvious one way hopefully can agree on is to keep claims inside the credential subjects.
Ben_-_Transmute: If we if we can agree on that I would declare most of this a win for the certification one I think that kind of depends on how we Define the context of how we Define The Styling that is definitely the the approach that we've taken up and till now and that's I think that could be its own separate bigger debate depending who want to take that up but I think that if this is kind of old it was recorded on March 3rd I should I think we can kind of just agree on what.
Ben_-_Transmute: Define what points we agree on them than closest to get.
Ben_-_Transmute: Then raise new issues.
Ben_-_Transmute: Different ticket we want to take that up.
Ben_-_Transmute: Yeah I think that's the one we can definitely agree on.
Ben_-_Transmute: The certificate is what we've been using up until now and I think that that that depends on how we Define our context of that that's a different conversation I would definitely say that credentials credential subject should be the easiest same thing that we can agree to.
Ben_-_Transmute: Do we need what we need to Define versioning do we need to have specific goals or do you just want to increment at specific points or what what versioning approach would we take for this.
Ben_-_Transmute: And then does the versioning just apply to the respect document.
Ben_-_Transmute: I mean I would almost proposed just put a pull request in the respect document that says put it 0 1 and then we can decide in different later from then just to say that we have some we have something rather than completely nothing and go from there.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): That works for me I mean we could even set it to actually be version 1 I mean it's just a tracking thing for us to know which one is newer than the other.
Ben_-_Transmute: I would I would kind of lean towards version 0.1 over version 1.0 as kind of a small note I think that version 1.0 kind of indicates that like.
Ben_-_Transmute: That this is like a stable version order ready to release and it's ready to be adopted as a standard I don't know if we're quite at that point to make.
Ben_-_Transmute: So just market rate for PR in this.
Ben_-_Transmute: Okay writing it's the person I was I have the memory span of a goldfish so I completely forgot I wrote These okay that's good.
Ben_-_Transmute: There are also saying that they want to wait until the traceability context is fixed stabilized so that kind of that would indicate that this is blocked by a version 1.0 release of traceability context.
Ben_-_Transmute: I think that they're waiting for our version 1 that's the way I interpret this.
Ben_-_Transmute: Yeah but I think I think my well I'm just kind of call you my impression of this is for people to issue credentials using the traceability context if we make any changes that update the context of credentials have been sign they will not be able to verify after the context has been changed so we want to get to the point where context is fixed and stable so that people can be assured that once they issue credentials with our version 1.0 context it's not.
Ben_-_Transmute: Going to change after that.
Ben_-_Transmute: I think Aureus cross-linking and issue on there so I don't think there is a PR on our site that will fix this I think this is saying that we're ready and stable.
Ben_-_Transmute: So this is this is or you putting in on our radar that for other people to be assured to user context they would prefer to have a fixed version to sign the gates.
Chris_Abernethy: I can do it.