The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

Verifiable Traceability Task Force

Transcript for 2023-01-10

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0022.html
Topics
  1. interop week
  2. Vocab PRs
  3. Issue Review
Action Items
  1. issue correction to mailing list to change next meeting date to 21 Feb
  2. update issue 457 with Orie's comments regarding warnings for Azure
Organizer
Orie Steele, Mike Prorock, Mahmoud Alkhraishi
Scribe
Mahmoud Alkhraishi and Our Robot Overlords and Mahmoud Alkhraishi and Benjamin Collins
Present
Orie Steele, Nis Jespersen , Paul Dietrich GS1, Benjamin Collins, Mahmoud Alkhraishi, Chris Abernethy, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com)
Audio Log
Mahmoud Alkhraishi is scribing.
Our Robot Overlords are scribing.
Mahmoud Alkhraishi is scribing.
Nis Jespersen : Welcome everyone and IPR Note.

Topic: interop week

Nis Jespersen : Announcement of 4 week of calls, break due to CBP, this does not preclude our normal merging work etc. Proposal to block until feb 14
Orie Steele: Starting 14, we would alternat evocab/interop calls
ACTION: issue correction to mailing list to change next meeting date to 21 Feb
Mahmoud Alkhraishi: 14 Has VCWG in person, lets do it on 21.
Orie Steele: Consesnsus to push it to 21st, we should send out announcement on the list.
Mahmoud Alkhraishi: We should also update the CCG calendar invite, will ping mike
Mahmoud Alkhraishi: I merged a typo fix, it was editorial only.

Topic: Vocab PRs

Nis Jespersen : 682, Plenty of approvals no issues, merging
Nis Jespersen : 683, Fixed all of issue 574, no objections, will merge
No objections on 684, all approvals merging
Nis Jespersen : 685 Invoice/PO narrowing of organization.
Orie Steele: I reviewed this, it just removes erroneous usage of @types, alters RDF graph to not include type info.
Orie Steele: If you're using Identifiers from schema.org they ahve their own opinions, this appears to just be removing inconsistencies.
Chris Abernethy: Russel removed the incorrect usage, leaves the correct implementation to future PRs.
Nis Jespersen : No objections, merging.
Mahmoud Alkhraishi: 571 Needs to stay open, the others can be closed.
Orie Steele: We should identify on a case by case bases when adding types, to make sure we have type interop on things that we care about. In ecommerce for example, if you want the
Orie Steele: In context of ecommerce , if you want query interop on knowledge graph then you want the context t odefine type in the same way schema.org does, so you can query the graph correctly.
Mahmoud Alkhraishi: It can wait a week, to merge as it isnt critical.
Orie Steele: We should surface important issues on the list, but give it a week for normal reviews.
Nis Jespersen : 17 Issues we can do this!
Benjamin Collins: Presentation Exchagne Oauth is still a valid issue, as it does not have a readme, I will tackle it.

Topic: Issue Review

Orie Steele: 438, Gave a presentation of our work to OWF, Linux foundation is still sorting out their workstreams, it is looking like they are close to taking code contributions, we have heard that the VCAPI and data models associated with it, there are two members who would be interested in at a minimum. Those are Gen(Avast/Securekey) and Transmute
Orie Steele: The Test harness may be accepted as a code contribution. When they have finished call time, we may spend some call time to discuss what moving this to the Linux foundation looks like and its benefits/drawbacks.
Chris Abernethy: One of mine, modifies verifiableCredential schema. right now it cannot be a string, some other implementations make it a requirement. Should be ready-for-pr
Mahmoud Alkhraishi: To rephrase this is if a JWT was provided, then it should be a valid option.
Nis Jespersen : Looks like its ready for PR.
Chris Abernethy: this was to update respec doc to allow for updates that were done in our docs to be reflected. We should allow this to go on
Chris Abernethy: if no preferences/guidance it shoudl be good to go.
Nis Jespersen : 646, Workflow needs to be more generic rather than US oriented.
Orie Steele: I think thats fair, we should be adding more diverse flair rather than removing existing flair.
Mahmoud Alkhraishi: I like how concrete it currently is, we shouldn't lose that, but we should increase diversity by adding more workflows, if he is willing to help with that contribution, then it is a positive.
Nis Jespersen : Will assign myself and look for some suggestions.
Scribe-
Benjamin Collins is scribing.
Chris Abernethy: 457 is a long conversation about azure AD for OAuth, it is impossible for them to pass tests. Azure AD require's scopes to follow a rigid naming format.
Chris Abernethy: The proposal is for the scope to be parameter for the tests. Orie pointed out that this makes testing interop impossible. I I agree with that, but unless we mandate that everyone uses the Azure AD names, we can't take that approach.
Chris Abernethy: My suggestion is that we could mandate that all implementations grant all scopes and give an optional parameter to say the scope request must contain this string.
Chris Abernethy: Let me know if you have any questions
Orie Steele: I pinged my friends at Microsoft to weigh in on this issue. I want a response from them before acting on this issue.
Orie Steele: I think we want to say that if you're capable of validating, you still get some coverage. We want to have some security posture around that. And then we add a description to the respec document around how scopes are handled in the profile around interop.
Orie Steele: And then we would need to have some changes in the tests so that people dont have to jump through hoops. So update the respec document, and then add a flag to the tests to ignore scopes for other OAuth implementations.
Chris Abernethy: Would you mind adding a comment to that effect?
ACTION: update issue 457 with Orie's comments regarding warnings for Azure
Orie Steele: Sure, I'll copy it from the meeting minutes
Chris Abernethy: 454, this came out of the issue with some VC-API testing around the options behavior.
Orie Steele: Okay, looking at the issue, `x-`prefix is not an optional
Orie Steele: The intention here is to show support for data integrity and JWT. And the reason headers came out, should we have headers to opt-in to a feature to be able to show capability to that. I think long-term we want to have body parameters to define this functionality.
Chris Abernethy: So anyone who implements this without any tests, with VC-API will fail these tests, or should we make the options optional, or should we leave them as required?
Orie Steele: I prefer for options to be required to show intention
Chris Abernethy: This could break interop with VC-API, are we okay with that?
Orie Steele: I think we want to have specific options around security, and rather than having implicit options that are known to the caller, these should be exposed to the user.
Chris Abernethy: My main issue here was that it didn't seem to match up with what they are doing. But I'm okay with the current proposal.
Orie Steele: I think that's what we want to do.
Chris Abernethy: I will close with comments.
Nis Jespersen : I think this issue might be in the wrong repo, this should probably be moved to trace-vocab
Orie Steele: Yes, you can move it to trace-vocab.
Chris Abernethy: Can we jump to 482?
Chris Abernethy: This is something Mike brought up with me. Should we update to statuslist 2021?
Orie Steele: If we can't resolve the context, can we update?
Nis Jespersen : It looks like it's fixed, and was just fixed now.
Orie Steele: I have been bit by implementing something that just got moved to a working group. I would like to see something get further a long in a working group before a working group as published a FPWD on it.
Chris Abernethy: I don't know what FPWD
Orie Steele: First Published Working Draft. In order to become a technical recommendation it need to start as a FPWD.
Paul: Is there a function that we want to have in interop which would use this?
Orie Steele: This would allow for suspension and revocation, in which there are a few. I think that we don't want to chase a bleeding edge.
Chris Abernethy: In our spec, we have a bunch of examples that contain proofs, but we changed the content, but didn't update the proof. So it doesn't seem right to have invalid proofs.
Orie Steele: With respect to proofs, we might want to use a respec plugin for proof signatures, to solve this problem elegantly. And inclusively using JWT.
Chris Abernethy: Okay, sounds good. Can we move this to ready for PR, or do we need more specific examples?
Orie Steele: I think it would apply to every example with a proof in it. I will include a link and a comment.
Nis Jespersen : Does this apply to trace-vocab?
Orie Steele: It's weird that we're even talking about proofs in this document.
Nis Jespersen : I think that means we mostly have a separate similar issue on trace-vocab
Chris Abernethy: If you look at the specification, it will contain a proof. And we want our spec to not perpetuate bias, as well as the respec document.
Orie Steele: I have included a link for something Manu built to help address that problem.
Nis Jespersen : Let's wrap this up, I'll see you Feb 21. Let's keep on the progress. Thank you.
Scribe-