-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'v05-changes' of github.com:swcurran/didwebvh into v05-c…
…hanges
- Loading branch information
Showing
1 changed file
with
97 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,7 @@ Agenda: [HackMD](https://hackmd.io/k4cIK9vQSlaeg2pdHE51IQ), [did:webvh Repositor | |
|
|
||
| - [Meeting Information](#meeting-information) | ||
| - [Future Topics](#future-topics) | ||
| - [Meeting - 19 Dec 2024](#meeting---19-dec-2024) | ||
| - [Meeting - 05 Dec 2024](#meeting---05-dec-2024) | ||
| - [Meeting - 21 Nov 2024](#meeting---21-nov-2024) | ||
| - [Meeting - 07 Nov 2024](#meeting---07-nov-2024) | ||
|
|
@@ -53,6 +54,102 @@ _This document is live-edited DURING each call, and stable/authoritative copies | |
| - A did:webvh test suite -- such as proposed [here](https://github.com/nuts-foundation/trustdidweb-go/pull/1) | ||
|
|
||
| ============================================ | ||
| ## Meeting - 19 Dec 2024 | ||
|
|
||
| Time: 9:00 Pacific / 18:00 Central Europe | ||
|
|
||
| Recording: [Zoom Recording and Chat Transcript](https://us02web.zoom.us/rec/share/WToy6ye-AFb-6BjxYRQo8eqlgNbNSJfV1TbhOa0paKsEqi8t1RKYbTdYWH8fqv0n.bDDjffy7Sa7-sv7k) | ||
|
|
||
| ### To Do's from Meeting (as generated by Zoom):<!-- omit in toc --> | ||
|
|
||
| 1. All participants to review the latest PR for v0.5 of the did:webvh specification. | ||
| 2. DONE [Commit](https://github.com/decentralized-identity/didwebvh/pull/159/commits/e13e35b958ea14a9a79ae2616d905871d6aca5c3) Stephen to add a commit to the PR clarifying that null and an empty list both mean no pre-rotation for the next_key_hashes parameter. | ||
| 3. Stephen to finalize and declare v0.5 of the specification after the PR is merged. | ||
| 4. Dmitri to find and share external specs related to key security events. | ||
| 5. DONE [Issue](https://github.com/decentralized-identity/didwebvh/issues/161) Brian to create an issue about addressing right to deletion requests in the specification. | ||
| 6. Andrew to continue work on the resolver, including handling witness rules and improving caching behavior. | ||
| 7. All participants to join the did:webvh channel on the DIF Slack instance for future discussions. | ||
|
|
||
| ### Attendees:<!-- omit in toc --> | ||
|
|
||
| - Stephen Curran | ||
| - Brian Richter | ||
| - Andrew Whitehead | ||
| - Patrick St. Louis | ||
| - Kaliya Young | ||
| - Emiliano Sune | ||
| - Rob Aaron | ||
| - Andor Kesselman | ||
| - Keith Kowal | ||
| - Dmitri Zagidulin | ||
| - Markus Sabadello | ||
|
|
||
| ### Agenda and Notes<!-- omit in toc --> | ||
|
|
||
| 1. Welcome and Adminstrivia | ||
| 1. Recording on? | ||
| 2. Please make sure you: [join DIF], [sign the WG Charter], and follow the [DIF Code of Conduct]. Questions? Please contact [[email protected]]. | ||
| 3. [did:webvh Specification license] -- W3C Mode | ||
| 4. Introductions and Agenda Topics | ||
| 1. Welcome to Andor | ||
| 6. Announcements: | ||
| 1. **NEW** DIF Slack channel `did-webvh` ([link](https://difdn.slack.com/archives/C085WH27B33)) -- will invite everyone to the Slack instance and channel. | ||
| 2. Are we good with the [next version](https://identity.foundation/didwebvh/next) of the specification for publication? | ||
| 1. DID Method name is updated. | ||
| 2. Pre-rotation change is made (although we will add a picture to clarify). | ||
| 1. PR -- allowing turning off pre-rotation, and how. | ||
| 2. Next PR: Add the picture from Brian and flow from Sylvain to spec or info site. | ||
| 3. Witness proofs in a separate file. | ||
| 1. PR: JSON fixed. | ||
| 2. PR: Sign the versionId instead of the DID Log Entry | ||
| 4. Any more changes? | ||
| 1. **NOT DISCUSSED** Should we back off/deemphasize/remove the portability capability? | ||
| 3. Discussions left open from last week. | ||
| 1. Should a key from a prior log entry be used to verify a signature? YES! -- Related to that -- should a `did:webvh` resolver provide any support for doing that? | ||
| 1. The DID Controller should be able to express that a key is revoked. Ideally for signing, but also for verifying -- we need a status. But that should be a DID Core feature -- did:webvh would do what the DID Core spec. says to do. | ||
| 1. Andrew -- we don't need to solve this ourselves. | ||
| 2. Markus -- use query args and fragment or keep the keys in the latest DID Document. | ||
| 3. Dmitri -- agree that all DID Methods should deal with. | ||
| 1. Current `did:web` differentiates between expiring and deleting keys. | ||
| 2. Not obvious in DI cryptosuite or DID Core specs -- can have date in DI. | ||
| 3. OpenID Federation -- JWK Sets (JWKS) added optional property `"revoked": "<timestamp>" and "revoked_reason": "<enumeration>"` -- we should have valid from/to and enumerated reason (e.g. "rotated" "compromised"). | ||
| 4. Suggest investigating the idea and share at DID Core level | ||
| 5. Suggest including the three pieces of information (from, to, reason); using the log vs. the DIDDoc to store the data. For more flexibility -- perhaps use a key security event and store it in the log (look at external specs -- Dmitri to find/point out). | ||
| 6. For DID Methods that can't keep history -- issuer registries might be a place to go. | ||
| 2. **Should a resolver return the entire log, so that a client can weed through it?** | ||
| 1. Markus: Not a way to get the entire log. Look to the DID metadata as a way to use that. Other DID Methods have used this and might give us guidance. DID Resolution result -- the DIDDoc + DID Metadata. Examples: did:indy returns its "state proofs" as metadata. | ||
| 3. Should a resolver resolve a fragment that is not in the current DIDDoc? For example, if the VC is signed by an identified key (e.g., `<did>#key-a`), can the client ask the resolver for that key regardless of the version of the DIDDoc it is in? What if it is in multiple versions of the DIDDoc? Presumably all are the same, but... | ||
| 1. Current answer **NO** -- this is not supported with DIDs. | ||
| 2. However, this topic is being discussed at the DID Working Group --- fragment handling rules. Perhaps this could be supported. Raise the issue there. | ||
| 4. A DID URL of the form `<did>?versionId=<versionId>#key-1` could be used. A resolver **MUST** resolve that. | ||
| 5. `did:webvh` VersionIDs are of the form "3-1241ge6wgd" (`<vernum>=<entryHash>`). Given that, can we do a query in the form `<did>?versionId=3`? | ||
| 1. Brian says no | ||
| 2. Patrick says hey, that's useful! -- but later takes it back | ||
| 3. Markus there is no support for this in DID Core -- also, with metadata you can findout the `prevVersionId` (but Andrew checked and there is only `nextVersionId` -- which is not helpful to us). | ||
| 4. Andrew says we should use the short form, or perhaps invent another parameter (which, it turns out, we already have -- see below). | ||
| 5. Andrew -- separate point -- what if both a versionId and versionTime parameter -- we must reject if not consistent -- add this as a clarification? | ||
| 6. Brian -- maybe we rethink `versionId` format? -- NO!!! | ||
| 7. Patrick -- does `versionId` need to be in the DIDDoc to use the `versionId` query parameter? Markus says No (phewww!!!) it shouldn't be in the DIDDoc | ||
| 8. Brian/Stephen - we have in the spec (v0.5) to use the form `?versionNumber=3` -- e.g. inventing a new query parameter. Everyone was more or less happy with that. | ||
| 9. VersionTime can always be used. | ||
| 10. Should there be a way to get a list of all keys in all the versions of the DIDDoc, in case the client wants to try them all? NO. Use DID metadata and other techniques to get / resolve the DID versions. | ||
| 11. Other approaches? No suggestions. | ||
| 2. Resolved -- PR ready: Should the addition of witnesses only be permitted in the first entry or can it be later? As defined in the latest update, later is permitted. **Decsion: Leave as is.** | ||
| 4. Resolved -- PR added: Is there a use case for turning off witnessing? As defined now, this is not mentioned, but presumably one could put an empty list (`[]`) in and "turn off" further witnessing -- although that update would have to be witnessed. **Decision: Add in a paragraph about turning off witnessing.** | ||
| 4. Status Check: Updating the implementations to the new version. Goal is to try for backwards compatibility -- but not to go to extremes. Please report back on the challenges. | ||
| 5. Are we ready to declare with the current PR that v0.5 is complete? Are there any other changes we want to see? | ||
| 1. Minor addition, but otherwise all agreed we are ready. Tweak: For `nextKeyHashes` and `updateKeys` -- empty list **or** `null` are permitted. Currently only have `[]`. | ||
| 6. **NOT DISCUSSED**: CEL proposal [announced by Manu](https://lists.w3.org/Archives/Public/public-credentials/2024Dec/0051.html). I don't think we can use the spec directly, and it would complicate the explanations about what is in that spec, and what is in the did:webvh spec. Thoughts? There are some really useful ideas -- such as the ability to break logs into multiple files -- although we would want them in reverse from that they have defined. | ||
| 8. **NOT DISCUSSED**: Plans for updates to the spec. | ||
| 1. A ChatGPT pass, likely using the using the "Academic Assistant Pro" GPT. That should include DRYing the spec to remove duplication. | ||
| 2. Cleaning up `[[spec]]` references -- Brian has enabled us to add our own spec references. | ||
| 3. Security and Privacy sections. Anyone able to help? | ||
| 4. Getting "spec to a standard" advice and applying those changes. | ||
| 9. NOT DISCUSSED: AnonCreds object formats and did:tdw, and perhaps a follow up discussion on [DID Linked Resources](https://w3c-ccg.github.io/DID-Linked-Resources/). @andrewwhitehead has provided this [proposal](https://hackmd.io/@andrewwhitehead/HkNC44z71g). Let's talk about it. | ||
| 10. NOT DISCUSSED: DIDDoc and DID Metadata | ||
| 11. NOT DISCUSSED: [Spec. PRs and Issues](https://github.com/decentralized-identity/trustdidweb/issues) | ||
| 12. NOT DISCUSSED: Update on the [did:webvh Web Server](https://github.com/decentralized-identity/trustdidweb-server-py) -- Patrick St. Louis. | ||
|
|
||
| ## Meeting - 05 Dec 2024 | ||
|
|
||
| Time: 9:00 Pacific / 18:00 Central Europe | ||
|
|
||