The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

Verifiable Traceability Task Force

Transcript for 2022-08-23

  1. IP Note, Agenda Review, Scribe Selection
  2. GitHub Issue & PR review
Orie Steele, Mike Prorock, Mahmoud Alkhraishi
Our Robot Overlords
Chris Abernethy, Russell Hofvendahl (, nis, Ben - Transmute, Mahmoud Alkhraishi, vivien, TallTed // Ted Thibodeau (he/him) (, Ted Thibodeau
Audio Log
Our Robot Overlords are scribing.
Chris_Abernethy: A recording has started at a quick transcriber check just to see if it's working.

Topic: IP Note, Agenda Review, Scribe Selection

Chris_Abernethy: Okay yeah Miss maybe tomorrow or a day that's not a normal day for this so we don't get messed up with the recording of the audio and transcription maybe we can hop on a meeting and see if we can troubleshoot what's going on with while you transcribe it doesn't work for you I'm happy to do that whenever you want yeah okay.
Ben_-_Transmute: Yeah hour or less just be mindful about not remembering to write stuff in chat.
Chris_Abernethy: Yeah okay so quick IP note for the beginning of the call anyone can participate in these calls however all substantive contribution contributors to any ccg work items must be members of the ccg with full IP our agreement signed information about and links to the required license agreements can be found in the meeting agenda so the this mentioned the topic this week is Trace interop so we can go ahead.
Chris_Abernethy: You PR's going to sort these with oldest first.

Topic: GitHub Issue & PR review

Chris_Abernethy: A link is in the chat the first PR here is number 353 I think most of these are mine so I'll just dive straight into them this one is to make some modifications that were recommended by Miss to the documentation for meeting Note updates specifically an explicit instruction to commit the new group that text file and I think there are some minor typos and some corrections for Ted in there as well.
Chris_Abernethy: this has rubles from.
Chris_Abernethy: Owners plus Ted are there any objections to merging this documentation updates.
Chris_Abernethy: Merging it now.
Chris_Abernethy: An 353 has been merged.
Chris_Abernethy: Next PR excuse me I just lost my list.
Chris_Abernethy: Next one is 355 this one is mine as well and this is one of two PRS that is in place to update the request body for oauth 2 token requests we were using raw Json encoding but the official RFC six seven four nine specifies it should be application/x-www-form-urlencoded request body.
Chris_Abernethy: so this.
Chris_Abernethy: P are updates to requests for the conformance tests any objections to merging this PR.
Chris_Abernethy: Okay I'm merging now.
Chris_Abernethy: Next PR is the second of these two is number 357.
Chris_Abernethy: This is similar but it modifies a number of requests because this is for the tutorials and we have I think seven or eight different Postman files but it is the same modification in addition is also adds the required Scopes to each of those Postman excuse me each of those auth token requests because each one requires different Scopes obviously so this includes that and that is for issue 3.
Chris_Abernethy: Are there any objections to merging this modification to the tutorial Postman Scripts.
Chris_Abernethy: In Crete I believe that with oz0 they take the stance that if you are doing machine-to-machine authentication you should have all of the possible grants that are granted to that idea and they just give them all to you but it's if you want different Behavior you need to write one of their hooks in order to do that other implementers don't do that or maybe they do it by default but they will also Grant specific.
Chris_Abernethy: Request them the reason that we're even doing this at all is so that we can have negative testing for tokens which don't contain the correct scope.
Chris_Abernethy: That makes sense.
Chris_Abernethy: So we want you know we have defined in the open API spec that certain Scopes are required in order to access the various endpoints in order to do - testing we need to be able to obtain tokens that do not contain those scopes.
Chris_Abernethy: It does if you if you implement a hook and the auth0 side so that it only grants the tokens that were requested and I'm happy to discuss that with you offline and in the grand scheme of things if someone doesn't do that the only thing that's going to fail as a - testing for that conformance it because it's not possible to test that but all the you know the interop test will still work the rest of the conformance testing will still work.
Chris_Abernethy: We are also using Auth0 and I have implemented the correct hook which I'm happy to share with you.
Chris_Abernethy: Okay emerges but yeah touch base with me offline and I'll go over that with you.
Chris_Abernethy: Our production implementation I am not positive but the implementation I'm working on that will be rolling out soon yes.
Chris_Abernethy: Okay so that was 357.
Chris_Abernethy: I believe you got it.
<nis> Let's push ahead, but we might scale back from making RFC 6749 a requirement for conformance testing
Chris_Abernethy: Perched next PR is one and this one comes from Isaac burn and what he has done in this I don't believe is on the call.
Chris_Abernethy: I'm sorry I'll just go over this he has modified the postman tests for credentials issue such that request body contains an issuance date that corresponds to the current time so that they can differentiate between various stored credentials and understand which one of them may have caused has caused a test failure if they have to go back and look at them I believe that's a the effect of the comment that you made Ben is that is that correct.
Chris_Abernethy: So this is a fairly straightforward change it just makes use of some Postman predefined variables.
Chris_Abernethy: There are a number of modifications that I requested which have all been integrated and we have approvals from Alba to code owners does anyone object emerging pull requests 361.
Chris_Abernethy: It does indeed object-- okay.
Ben_-_Transmute: I'll pay him and to say can be merged wants to compliment this been interested.
Chris_Abernethy: Last PR 362.
Chris_Abernethy: And this PR is part of the implementation of issue number 199 which is related to storing historical runs of our integration ink excuse me interoperability and conformance testing so what I've done here is taken some input from Ted regarding the format of historical reports so nightly whenever our reports are published.
Chris_Abernethy: t' I publish them to the current.
Chris_Abernethy: Station and also a second location that is a folder which contains the type of report either interoperability or conformance a hyphen and then Unix timestamp so that each time this is run we have the archive available to go back to now with this PR does not Implement is any sort of browsable index into that content so that is something that still needs to be created in order to close 199.
Chris_Abernethy: so this is just a partial fix for that.
<tallted> any chance of changing that unix epochstamp to a normal datetime?
Chris_Abernethy: Precisely what this this store is the beautiful charts that we normally create nightly you just have no waiting each one of them and we see manually go in but yeah so I have approvals from to of for it does anyone object to merging this test functionality.
Chris_Abernethy: I'm Ted I'll just I just saw your comment can you elaborate what you mean.
TallTed_//_Ted_Thibodeau_(he/him)_( All right yeah I'm just wondering if instead of basically a serial number for the timestamp that it could be a human-readable parts of all you know your mom's day and time to whatever degree.
Chris_Abernethy: I would counter that with this is never going to be human readable but I would 100% suggest that when we generate the index file we parse that into a daytime that is human readable if that makes sense.
TallTed_//_Ted_Thibodeau_(he/him)_( I suppose that's reasonable since that's the way will mostly be interacting with that sure okay.
Chris_Abernethy: Yeah yeah that's it that's a good point and I think that would probably be the best way to implement that.
Chris_Abernethy: Yes tonight when it runs you should see an additional folder that publish to GitHub pages so instead of just a single commit they'll be to one of them will contain an entirely new folder the other one will overwrite the latest version.
Chris_Abernethy: All right merging 362.
Chris_Abernethy: And that is completely leave until we see 361 resolved that is the last PR for interrupt so let's hop over to trace vocab PR's.
Chris_Abernethy: See that we have seven peers here one of which is.
Chris_Abernethy: Merge first so let me just get the link for oldest to newest first.
Chris_Abernethy: Chat and let's begin with 35 excuse me 535 which is tagged March first.
Chris_Abernethy: Who do you want to introduce this one for us.
Chris_Abernethy: Anyone objects to merging in this PR even that we I think agreed to this prior to the conflicts and it's probably okay let's speak now or forever hold your peace.
Chris_Abernethy: Okay merging 535.
Chris_Abernethy: And that is smirched so now let us return to the normal order of things which puts 525 top Vivian this one looks like yours would you like to introduce it please.
Vivien: Yeah so five two five dots for that's adding I guess schema for delivery schedule which is going like what's meant to represent a plan for transportation of like commodity across borders.
Chris_Abernethy: Okay I see that we have.
Chris_Abernethy: Bunch of approvals and we actually held this one over from last week specifically so people could have a chance to look at it there don't appear to be any objections if no one on the call today objects I will go ahead and merge 525.
Chris_Abernethy: That is perched.
Chris_Abernethy: Spr is 529.
Chris_Abernethy: Is also yours Vivian.
Vivien: Yeah so last week called one of the issue that we went through there was like a batch number description it's not aligned across different files and this PR just fixing the description for badge numbers.
Chris_Abernethy: Okay this one looks very straightforward we have to of for approvals does anyone object emerging 529.
Chris_Abernethy: And that is marched.
Chris_Abernethy: Next PR we have is 538.
Chris_Abernethy: Benjamin this one is yours would you like to intro it please.
Ben_-_Transmute: Sure now this is just a very small change for the regenerate script it assumes that currently assumes the credentials in is in a fixed position from where the script is being called but that's not necessarily where the current working directory is when calling it so I added a small change to resolve the path so it can be able to plan the credentials even when it's not called directly in the in the director that's.
Chris_Abernethy: Has two of for approvals does anyone object to merging or request 538.
Ben_-_Transmute: Yeah this is kind of a precursor to adding it into the the npm I thing is that now it should be able to run from the root directory so we can play update package.json to make it easier it's just yeah.
Ben_-_Transmute: So this is just a small I think I think I could have actually probably included that in this PR but just one step at a time.
Chris_Abernethy: All right right so I will merge right now.
Chris_Abernethy: It's merged the next is 539 which is in draft and would you like to discuss this one today.
Ben_-_Transmute: It's a draft enough CI is also failing but I will go ahead and describe the current work in progress so right now we have a script called open API to concept that Jess and what that's doing is it's taking all the schemas and it's building the traceability be one that json-ld file which is being used when as a reference when credentials are signed and if you look at the flower currently it's about you know ten lines of code that calls.
Ben_-_Transmute: An external Library so it's taking this.
Ben_-_Transmute: Function from the external library and it's declaring it directly inside the scripts that we can edit it do it and change those we need need to as far as work on this goes is I managed to get the script working and declaring the context file but for some reason when I try to actually sign credentials with the context is not working and I think that has to do with something with the way the context file is structured it's not good enough that everything is there I think.
Ben_-_Transmute: Jen and vocab needs to be at the very top of the resulting Json file or something so a few more tweaks to make on this and after that hopefully we can do things like some little one of Json schema issues that are in the issues so this is also just a precursor to addressing this.
Chris_Abernethy: Okay that sounds like it'll be helpful to be able to modify that bit of code.
Chris_Abernethy: Okay the next PR is 540 which looks like we've got some conflicts but miss would you like to comment on what this one is.
Ben_-_Transmute: As a kind of a side note to add on to mrs. thing when I was going through the script I kind of realized it term might not be something that we need to declare in our demo files because the term is always going to be the same as the property name and so all this does is allow for bugs to pop up and it doesn't actually provide any.
Ben_-_Transmute: Quick note on that.
Chris_Abernethy: We feel like we need to create an issue to remove those.
Ben_-_Transmute: II think we once we update I can I can remove right now the the current context file is being generated from the library and it depends on term being there and what update the script I can update the script in a way that it doesn't use term so I could probably go ahead and make it obsolete by updating by updating the scripted do that half.
Ben_-_Transmute: We can have a issue that says term is no longer needed to want to remove them.
Chris_Abernethy: Do we feel like this is something back to 540 now if this is something that we can merge was conflicts are fixed or would folks like to see this again comment.
Chris_Abernethy: Sorry I didn't hear you it's rather.
Chris_Abernethy: Um yeah I agree with that assessment does anyone else disagree otherwise we can merge this one's conflicts are fixed.
Ben_-_Transmute: Let's just make a note confirming that merge on once conflict has been addressed.
Chris_Abernethy: I have added a comment let's carry on that was 540 the next one is pull request 541 this one also has some conflicts among students.
Ben_-_Transmute: Not the same thing.
Chris_Abernethy: Okay I will create a comment to that effect.
Chris_Abernethy: Okay I believe that is it for pull requests and we are.
Chris_Abernethy: Over halfway through are there any specific issues that folks want to ensure get a dress today before we dive into the trace interop issues.
Chris_Abernethy: If not I will sort by recently updated.
Chris_Abernethy: It's the list first issue is issue 199 just discussed a PR that addresses part of this PR addresses the storing of the historical data but not the actual index I will add a comment here.
Chris_Abernethy: Not yet we actually need to produce an index that's browsable so folks can actually view this data.
Chris_Abernethy: Okay I see your point in that case we need to create a new issue.
Chris_Abernethy: I am all for reducing complexity and reducing scope of each issue so I will have we create close this and create a new issue after the call.
Chris_Abernethy: So I've closed 199 the next issue is a perennial favorites number 39.
Chris_Abernethy: This is related to selective disclosure credentials and it is externally blocked and has been for quite some time does anyone have any updates regarding information that we were hoping for out of ietf.
Chris_Abernethy: I will add a comment at this is still blocked.
Chris_Abernethy: Next issue is number 87 this one has also been around for quite some time on the last call we added pending closed actually several calls ago.
Chris_Abernethy: You're waiting for Ori to agree to closing which he did two weeks ago so unless anyone object I think that the proper action here is to close this.
Chris_Abernethy: Closing number 87.
Chris_Abernethy: Next issue is number 100 which is a similar status we added anything close to this Q two weeks ago or a confirmed after we asked him if he was ready to close I believe that we should close this one as well unless anyone has an objection.
Chris_Abernethy: I closing 100.
Chris_Abernethy: Next shoe is 330 this is a crush.
Chris_Abernethy: If I remember correctly that was added by Elite that's correct.
Chris_Abernethy: Now you definitely added something to the head of each tutorial how you could download and install the The Collection instead of going through the tutorial.
Chris_Abernethy: Would it then be possible to do something similar here and create a new ticket for that specific issue I think we've moved quite far from hosted Postman collections.
Chris_Abernethy: Awesome thank you.
Chris_Abernethy: Okay the next one is 3:30.
Chris_Abernethy: This is a question that I added and this is whether or not acceptable options for the credential issue or endpoint should still include credential status the reason I ask this is because I noticed there's some discussion in d.c. API repo regarding possibly removing those I have not myself implemented the credentials revocation.
Chris_Abernethy: T so I'm not 100%.
Chris_Abernethy: Exactly how that works and whether or not this information is required in the credential issue requests so if anyone has some more insight into that saying that would be appreciated.
Chris_Abernethy: It says nobody implemented credential revocation.
Chris_Abernethy: Got it so I think specifically what they're saying is when you go to issue a credential there's the credential object and then there's the options object and inside the options object is a credential status sub object and specific event I linked to talking about removing that that's the one that contains domain and Challenge and I think proof date if I'm not mistaken I forget.
Chris_Abernethy: I think I think yeah that's better.
Chris_Abernethy: Yeah so I don't know the answer to this I don't have a proposal because I don't have enough information to make one but I would like that information if anyone has it.
Chris_Abernethy: I'm happy to let this one sit if folks want to Noodle it and come back to it over the week.
Chris_Abernethy: I've also seen.
Chris_Abernethy: I've also seen cases where credential stats is part of a credential and not part of the options and apologies I don't remember where I saw that or if that's even relevant.
Chris_Abernethy: So been just this is a verifiable credential that's already been issued right now you just listen.
Ben_-_Transmute: Not as should not should yet this is from the guy did actor just it was this is just reminding myself to for look at the credential status.
Chris_Abernethy: Okay so I will.
Ben_-_Transmute: But I think I think in terms the issue specifically if the PC API doesn't have anything concrete like I'd be more than happy to be reactive on this and like once I decide we can adjust involved from there.
Ben_-_Transmute: Oh I think I think I can speak to a little bit of maybe what the background is behind that is I think they're trying to address the phone home problem which it will Cory eventually before is if the issuer defines if the revocation index is 0 then every time they know that so on you know request for the index zero to be verified that they know that you know the specific you know the specific index is being a you know a.
Ben_-_Transmute: For and they like oh.
Ben_-_Transmute: He's checking to see if my college you know my college verification is like okay like I said I sent my resume out to four companies so I know one of those four companies is now looking at my at my college you know credentialed I sent them and so that kind of tells people that gives people information that gives a verifier early issuer information on who's coming to verify their credentials and this is I guess that's describes his phone home problem so I guess trying to remove.
Ben_-_Transmute: move that they might be trying to remove the.
Ben_-_Transmute: Address that by having the index randomizer okay then then forget what I just said.
Chris_Abernethy: I'm also going to link a specific bit of open API that I'm talking about which does not have revocation list or revocation list index or any of that it only contains type and you can only specify revocation list 2020 status and that's it.
Chris_Abernethy: I do think it makes sense and I also think it makes sense to have this in the request think I should probably reword issue to what should this be an option or should this be part of the credential.
Chris_Abernethy: So if you click on the link it have in the body of the issue there's a comment from Manu on 21 July and it's third paragraph in the body says new PR remove challenge domain and credential status from the list of suitable options prudential's issue issue service and.
Chris_Abernethy: And really that's it it's your.
Chris_Abernethy: Will be awesome thank you so I think we can let this one sit still.
Chris_Abernethy: Next time and move on to issue 333 and let anyone else would like to helmet.
Chris_Abernethy: So she 333 this is another question that I have added and this is whether or not the type property of credential and presentation should allow a bear string in addition to an array of strings the reason that I'm even thinking about this is because I'm writing some code that uses the hyper Ledger areas framework go to deal with credentials and one of the things that's.
Chris_Abernethy: they do is.
Chris_Abernethy: Normalize that value to a single string if all it is is an array of one string and I went through a couple of examples that I could find and many places indicate that should be an array of strings but then there are some that for example the VC implementation guide has examples with just a string so food brought up the point that if we allow both here this does increase.
Chris_Abernethy: makes it easier to interrupt.
Chris_Abernethy: So I put the question to the group should we should we allow a single string for type credential and presentation.
Chris_Abernethy: Perhaps a more appropriate question is does anyone on the call today object to modifying these open API spec to allow a single string in this instance.
TallTed_//_Ted_Thibodeau_(he/him)_( I don't objectify what it was.
TallTed_//_Ted_Thibodeau_(he/him)_( It was discussed rather heatedly that it was much more difficult to look for strain or array of string than it is to just deal with it an array that has a single string in it.
TallTed_//_Ted_Thibodeau_(he/him)_( I don't have any feeling on this because I don't cook so I don't know how much work it is.
Chris_Abernethy: A very narrow view on this with a Counterpoint that says the library I'm using does all that for me I realize I'm not the only case here just to suggest that there's there's a Counterpoint there do you remember where that was disgusted and be interested in Reading those notes.
TallTed_//_Ted_Thibodeau_(he/him)_( Oh I wish no I have no idea where it was I don't even know if it was this repo versus vocab versus another one entirely.
Ben_-_Transmute: I don't in terms of coding I don't mind a string or an array of strings but in terms of data modeling prefer to avoid that kind of thing it if you know if you have an array type you you know that would be better solved with array with the single string in it but.
Ben_-_Transmute: Yeah I yeah they issue or one is yeah I would prefer odd I would definitely prefer objects or Stringer that's be sterilized because you have to be like oh if it's an object check for ID if it's not an object check to the string and that's issuer issuer being an object versus string is definitely very annoying so I would that be sterilized would definitely be awesome.
Chris_Abernethy: Well I mean I'm happy to to go either way here if we want to make this a required to be an array that would be fine.
Ben_-_Transmute: That's what I'm kind of alluding to.
Ben_-_Transmute: Yeah yeah just to kind of I'm using about the data modeling side I didn't address the inner upside and you know if it's a hip if it's an interrupt issue then you know they do modeling wolves aside and you know it's unfortunate that we should probably support it.
Chris_Abernethy: Okay then if that's the case I will change this to ready to PR I'll sign it to myself and that's time for us today would anyone like to volunteer to submit the meeting minutes.
Chris_Abernethy: Not submitted the meeting minutes yet everyone should do that at least once.
Chris_Abernethy: All right if there's no volunteers I will happily do that.
Ben_-_Transmute: Or I would kind of counter and say that you know potentially if we kind of round robin who chairs the meeting then get do.
Ben_-_Transmute: Are you know we could kind of set up a schedule to say to kind of know in advance and then that way we can avoid having discusses on the call kind of thing.
Chris_Abernethy: Yeah that works for me too then people will come on time because they're not worried about having to start the meeting.
Ben_-_Transmute: All right so Chris decide who uploads meeting notes.
Chris_Abernethy: I'm happy to do it today and going forward whoever runs the meeting should up with the meeting notes.
Ben_-_Transmute: Okay so I don't mean this movement are you going to be on the next call.
Ben_-_Transmute: Okay next okay so wait the next week are you planning on being here.
Ben_-_Transmute: Okay alright I will go ahead and save move doesn't show up I will be the backup post and that I guess that works.
Chris_Abernethy: All right sounds great thanks everyone in just a point before I forget we ran into this last week when this and I were working on the notes the full audio doesn't often populate for quite some time so if you happen to notice that the audio is only 6 minutes long give it an hour.
Chris_Abernethy: I'll see everyone next week.