Refer to VC-SPECS-DIR for proof types.

[msporny]

This PR attempts to address issue #1105 by explicitly stating that proof types SHOULD come from the VC-SPECS-DIR. The PR avoids saying "MUST" because VC-SPECS-DIR is not meant to be the authoritative registry of everything VCs, but rather a directory of things that individuals wanted to have listed.

---

Preview | Diff

[OR13]

Seems weird to use vc specs dir for data integrity and use the core data model for vc-jwt... I wonder if we can point both to the core data model section, and mention VC specs dir from there.

[msporny]

Seems weird to use vc specs dir for data integrity and use the core data model for vc-jwt... I wonder if we can point both to the core data model section, and mention VC specs dir from there.

I'd be fine with that... this PR is attempting to address an issue you brought up, so you tell me what you want to see in the spec and I'll try to make it happen.

Options include:

• Add language in the description for proof that points to VC-SPECS (this PR... because that's the line you commented on in the original thread that raised the issue)
• Pointing to the Extensibility section in the spec, which talks about VC-JWT and VC-DATA-INTEGRITY and points to VC-SPECS.
• Add VC-JWT to the section on Proofs in VC-SPECS (or maybe rename that section to "Securing Mechanisms" or something that allows us to put any securing mechanism in there).
• Adding a section on VC-SPECS and talking about the sorts of extensions one could find in there (don't know about this one, feels like we'd just be repeating stuff that's already said in the spec).

Pick a direction, and ideally suggest some concrete text, to help me refine this PR so that it closes the issue you raised.

[TallTed]

I'm OK with this. I can also see some justification for tweaking it as @msporny described above. Of the listed options, I'm most inclined to --

• Add VC-JWT to the section on Proofs in VC-SPECS (or maybe rename that section to "Securing Mechanisms" or something that allows us to put any securing mechanism in there).

[m00sey]

I like this option:

Add VC-JWT to the section on Proofs in VC-SPECS (or maybe rename that section to "Securing Mechanisms" or something that allows us to put any securing mechanism in there).

[msporny]

@OR13 I need you to signal a direction you'd like this PR to go in among these options #1212 (comment) or another one provided by you. Others in the thread have provided input, so if you are aligned w/ their input, we might have a clear path forward with this issue.

[OR13]

I think it would be better to link to the specs directory for both securing mechanism... Instead of separating them the way the current text does.

Specifically, we should link to the section of the directory that covers media types that secure the core data model, and we should include the core data model media types in that section, for the case that data integrity proofs are used... Since they have no separate media type.

[iherman]

The issue was discussed in a meeting on 2023-08-01

• no resolutions were taken

View the transcript

1.4. Refer to VC-SPECS-DIR for proof types. (pr vc-data-model#1212)

See github pull request vc-data-model#1212.

Brent Zundel: this is 'Refer to VC Specs Dir for Proof Types'. two change requests, from Orie and Sebastian.
… Sebastian, have your changes been addressed?

Sebastian Crane: let me look..
… yes, those are fine, works for me.

Brent Zundel: manu, looks like Orie has a change suggestion, if you could ..

Manu Sporny: I think I disagree with the change suggestion, mainly because the request was to refer to the VC Specs Dir.
… not to remove links to the securing specifications we're working on here.
… my concern is that we would be .. that the question that the PR is trying to address in 1105 is - how should we refer to the securing specs?
… in other PRs, we said we're going to talk about the securing specs of this WG, we're just going to mention them, and also say there may be other ways to secure the VCs, and those will be in the specs dir.
… so, the JOSE/COSE stuff, the DI stuff, and for other securing specs, go look in the directory.
… Orie's change req would be to /not/ mention the securing specs this WG is working on.
… but only refer to the specs dir, some of which the group has not worked on at all.

Joe Andrieu: I'm concerned about the position you're taking here, Manu.
… seems to be saying that a method is required to be in a directory.

Manu Sporny: that's not the intent. we're just saying - securing mechanisms exist. Here's two examples. Others are in the specs dir.

Joe Andrieu: I'll take another look.

Sebastian Crane: I think my comment has been addressed.

Brent Zundel: next steps.. we have a change request from Orie. Joe is reviewing..
… Manu, if at least you could respond to Orie's change req with the things you mentioned today, that'd be valuable.

Manu Sporny: or we could accept it, I don't hear anyone arguing against not mentioning at all.
… the first objection was "you say there's securing mechanisms, but not providing examples". So we added examples, and that PR went in.
… and now Orie is saying we should remove that.
… and if we do that, we'll have no examples again.
… and won't have a link to the vc specs dir, or external mechanisms.

Ted Thibodeau Jr.: just reading this over, Manu, I think you're mistaken as to what it currently says.
… it says, if present, proof value should be .. [ quote follows ].
… now, it's only a SHOULD, it does allow for whatever private or public deployment.
… but it does say that you SHOULD use one that's in the directory.

Manu Sporny: ah, I see the reading you're referring to.
… also don't see VC-JWT or VC-JOSE/COSE.

Brent Zundel: sounds like there's a bit of tweaking needed.

Manu Sporny: yes.

Brent Zundel: sufficient steps taken, lets move on to 1215.

[iherman]

The issue was discussed in a meeting on 2023-08-09

• no resolutions were taken

View the transcript

2.5. Refer to VC-SPECS-DIR for proof types. (pr vc-data-model#1212)

See github pull request vc-data-model#1212.

Manu Sporny: PR 1212 examples of securing mechanisms in spec. Point to specifications or directory? Need PR about media types?

Orie Steele: VCs with some securing mechanisms, with DI proofs; two specs; or media types; This or that language in DM spec.
… merge media types, refer to them consistently.

Joe Andrieu: this establishes related specs into a privileged position...

Orie Steele: +1 on should to MAY.

Manu Sporny: +1 on SHOULD to MAY conversion.

Ivan Herman: +1 to MAY.

Manu Sporny: securing mechanisms we have vetted here and those not. Anyone can add to specs dir. No review...

Michael Jones: I want XML DSIG.

Manu Sporny: very dangerous thing; any mechanism...

Orie Steele: +1 JoeAndrieu.

Joe Andrieu: I think anything does go; people can come up with new crypto; a directory is okay; our mechanisms are published as recs.

Sebastian Crane: be careful, don't devalue our (WG) opinion.

Kristina Yasuda: safely change to MAY...

Manu Sporny: we don't say what has/hasn't been vetted in registry? The VC DM doesn't say what has been vetted.
… how should we refer to securing mechanisms we have been working on?

Orie Steele: I suggested a concrete change here: https://github.com/w3c/vc-data-model/pull/1212/files#r1279836059.

Manu Sporny: what sections/where to put?

Orie Steele: if media types is merge is will be obvious;.

See github pull request vc-specs-dir#14.

Orie Steele: +1 manu.

Manu Sporny: blocking on Kristina PR 14; create media type in specs dir; then merge.

Orie Steele: I can edit "register to list".

Gabe Cohen: directister.

Joe Andrieu: avoid that directory is a registry.

Ted Thibodeau Jr.: Sorry, I'm slow, I have to re-review most recent changes in w3c/vc-extensions#14.

See github issue vc-specs-dir#27.

[iherman]

The issue was discussed in a meeting on 2023-08-15

• no resolutions were taken

View the transcript

1.4. Refer to VC-SPECS-DIR for proof types. (pr vc-data-model#1212)

See github pull request vc-data-model#1212.

Brent Zundel: next up PR 1212: Refer to VC-SPECS-DIR for proof types. many approvals. one outstanding request from Orie who is not on the call.

Manu Sporny: looking to see where the objection is...would rather link to the specs dir for both securing mechanisms for this particular PR re:vc-specs-dir#14 which was merged.
… we could refer to two parts in the specs dir now. that feels awkward. can just point to two specifications that the group is working on. can make those changes if no objections.

Brent Zundel: Orie has joined, which changes would you like to see in 1212. sorry for ambushing you.

Orie Steele: expect there to be other representations of VCs. expect there to be media types that distinguish them. easier to refer to the specs dir where those media types exist, instead of our work item continuing to refer to the two current mechanisms over and over again.
… we have a specs dir and should be using it to clarify that it's not just Data Integrity Proofs or JWTs. you'll need a media type to tell them apart.

Manu Sporny: I will refer to the specs directory and two different places: one for proofs, one for media types.

Orie Steele: I would refer to just the media types section, and add to the section vc+ld+json as a media type which can contain embedded proofs. just refer to the media type section.

Manu Sporny: previously kristina had objected putting the base media type into the media types section. if you're OK with that we can do what Orie said.
… will add a PR to the specs dir for that media type and then in this PR point to that location.

Phillip Long: +1 to manu's course of action.

Brent Zundel: any objections? [none heard].

[msporny]

Editorial, multiple reviews, changes requested and made, no objections, merging.