Zoom Link: https://us02web.zoom.us/j/83119969275?pwd=IZTuXgGLtdLPjPLuB6q8zHXazxHSsU.1
Agenda: HackMD, did:webvh Repository (synchronized after each meeting)
WG projects | DIF page | Mailing list and Wiki | Meeting recordings
- Meeting Information
- Future Topics
- Meeting - 16 Jan 2025
- Meeting - 19 Dec 2024
- Meeting - 05 Dec 2024
- Meeting - 21 Nov 2024
- Meeting - 07 Nov 2024
- Meeting - 24 Oct 2024
- Meeting - 10 Oct 2024
- Meeting - 26 Sept 2024
- Meeting - 12 Sept 2024
- Before you contribute - join DIF and sign the WG charter (both are required!)
- Meeting Time: Every second Thursday at 9:00 Pacific / 18:00 Central Europe
- Calendar entry
- ID WG participation tracking
- Zoom room
- Links and Repositories:
- Specification, Spec Repository, Information Site
- Implementations: TS, Python, Go
- did:webvh Server
Participants are encouraged to turn your video on. This is a good way to build rapport across the contributor community.
This document is live-edited DURING each call, and stable/authoritative copies live on our github repo under /agenda.md
, link: Agenda.
- Using the
did:webvh
log format with other DID Methods - Merging
did:webvh
features intodid:web
? - Implementor's experiences -- architectures, learnings
- A did:webvh test suite -- such as proposed here
============================================
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording and Chat Transcript
- Daniel/Stephen to collaborate on a best practices document for key references in DID documents, focusing on keeping valid keys in the current DID document for publication on the https://didwebvh.info site.
- Stephen to add the agenda link in the meeting information on the https://didwebvh.info site.
- Brian to complete implementation of files resolution and witness functionality for v0.5 spec.
- Andrew to finish updates to the resolver for collecting witness rules and verifying proofs for v0.5 spec.
- Patrick to focus on implementing uploading of an AnonCreds object on the web server.
- Jamie to work on DIDComm protocol for requesting witness signatures.
- Patrick to implement witness and DID rotation features for the server.
- did:webvh team to consider implementing the witness proofs as VCs in the
/whois
VP in a future version (v0.6 or later). - did:webvh team to further discuss and decide on the implementation of revocation registry entries.
- Stephen Curran
- Brian Richter
- Andrew Whitehead
- Patrick St. Louis
- Kaliya Young
- Emiliano Sune
- Alexander Shenshin
- Char Howland
- Daniel Bluhm
- Jamie Hale
- Phillip Long
- Sylvain Martel
- Dmitri Zagidulin
- Markus Sabadello
-
Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- [did:webvh Specification license] -- W3C Mode
- Introductions and additional Agenda Topics
-
Announcements:
- did:webhv v0.5 is now official. No changes yet to the editor's draft.
- Implementations renamed to
didwebvh
-- TS, Python and server. Renaming complete! - did:webvh has been merged into the DID Extensions repo and is now a "listed" DID Method.
- Presentation on did:webplus was made at this week's DIF ID Working Group meeting (Recording). Interesting presentation, focusing on a Web-based DID Method that emphasises tools (a "DID Gateway") to enable the long term resolution of DIDs -- years to decades -- regardless of the status of the original DID.
-
Status updates on the implementations
- TS -- files resolution work near complete, about 50% complete of the witnesses, will do the
/whois
- PY -- sync'd PR to renaming, generating a witness file, updates being made to the witness rules and proofs -- required some refactoring. Some updates to the interface to enable unit tests.
- Server -- opened some issues on the features -- especially resources. Current focus is on AnonCreds objects. Working on the witness -- enabling the process for witness proof request/response.
- A new project/repos was added to create static did:webvh DIDs and AnonCreds objects to enable testing. A series of small Python scripts -- useful for GHA for testing. https://github.com/OpSecId/webvh-static.
- TS -- files resolution work near complete, about 50% complete of the witnesses, will do the
-
To Do's from Last Meeting:
- DONE All participants to review the latest PR for v0.5 of the did:webvh specification.
- DONE Commit Stephen to add a commit to the PR clarifying that null and an empty list both mean no pre-rotation for the next_key_hashes parameter.
- DONE Stephen to finalize and declare v0.5 of the specification after the PR is merged.
- Dmitri to find and share external specs related to key security events.
- DONE Issue Brian to create an issue about addressing right to deletion requests in the specification.
- DONE? Andrew to continue work on the resolver, including handling witness rules and improving caching behavior.
- DONE? All participants to join the did:webvh channel on the DIF Slack instance for future discussions.
-
Revisiting DID Key references for rotated keys
- Best practices: Retaining "valid" keys in the current DIDDoc vs. using DID version key references. What is the right way in the face of the need to revoke keys?
- There are techniques to declare a key "revoked".
-
Slack Topic: Using
/whois
as the holder of witness proofs- Idea: Instead of current (v0.5) design of a file
witness.json
"beside" thedid.jsonl
containing proofs from the witnesses, we instead have the witnesses produce VCs that assert the version of the DID is valid, and the DID Controller puts the VCs into the/whois
file. The same rules would apply about what VCs are needed -- at least the latest VC from a witness from a published DID entry. The/whois
file containing the latest witness VCs MUST be published before publishing a new witnessed DID log entry.
- Idea: Instead of current (v0.5) design of a file
-
Progress on DID Resources using AnonCreds objects as examples
- Goal -- an immutable object (via hash in the resource identifier), and a proof about the resource.
- Definition of an "attested resource" that can be the generically used as the most basic secured resource -- hash protected in the URL and signed by the DID Controller.
- The RevRegEntry use case -- periodically published objects that must be retained.
- Multiple access use cases -- "get latest", "get by ID", "get list by timestamp and then by ID"
- Evolving design document: AnonCreds in did:webvh
- RevRegEntries
- Have a list that is a JSONL file that has the list of identifiers and each entry is a separate file.
- Related -- a did:webvh server MAY have a list of all DID Linked Resources. Must contain all of the files -- regardless of type. Perhaps we use that to get the list of RevRegEntries.
- Have a JSONL file that has all the entries. Get all the entries by retrieving the file. Can't be immutable in the identifier because the resource hash will change with each update to the log.
- Have a list that is a JSONL file that has the list of identifiers and each entry is a separate file.
-
Plans for updates to the spec.
- A ChatGPT pass, likely using the using the "Academic Assistant Pro" GPT. That should include DRYing the spec to remove duplication.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
8.CEL proposal announced by Manu. I don't think we can use the spec directly, and it would complicate the explanations about what is in that spec, and what is in the did:webvh spec. Thoughts? There are some really useful ideas -- such as the ability to break logs into multiple files -- although we would want them in reverse from that they have defined.
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording and Chat Transcript
- All participants to review the latest PR for v0.5 of the did:webvh specification.
- DONE Commit Stephen to add a commit to the PR clarifying that null and an empty list both mean no pre-rotation for the next_key_hashes parameter.
- Stephen to finalize and declare v0.5 of the specification after the PR is merged.
- Dmitri to find and share external specs related to key security events.
- DONE Issue Brian to create an issue about addressing right to deletion requests in the specification.
- Andrew to continue work on the resolver, including handling witness rules and improving caching behavior.
- All participants to join the did:webvh channel on the DIF Slack instance for future discussions.
- Stephen Curran
- Brian Richter
- Andrew Whitehead
- Patrick St. Louis
- Kaliya Young
- Emiliano Sune
- Rob Aaron
- Andor Kesselman
- Keith Kowal
- Dmitri Zagidulin
- Markus Sabadello
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- [did:webvh Specification license] -- W3C Mode
- Introductions and Agenda Topics
- Welcome to Andor
- Announcements:
- NEW DIF Slack channel
did-webvh
(link) -- will invite everyone to the Slack instance and channel.
- NEW DIF Slack channel
- Are we good with the next version of the specification for publication?
- DID Method name is updated.
- Pre-rotation change is made (although we will add a picture to clarify).
- PR -- allowing turning off pre-rotation, and how.
- Next PR: Add the picture from Brian and flow from Sylvain to spec or info site.
- Witness proofs in a separate file.
- PR: JSON fixed.
- PR: Sign the versionId instead of the DID Log Entry
- Any more changes?
- NOT DISCUSSED Should we back off/deemphasize/remove the portability capability?
- Discussions left open from last week.
- Should a key from a prior log entry be used to verify a signature? YES! -- Related to that -- should a
did:webvh
resolver provide any support for doing that?- The DID Controller should be able to express that a key is revoked. Ideally for signing, but also for verifying -- we need a status. But that should be a DID Core feature -- did:webvh would do what the DID Core spec. says to do.
- Andrew -- we don't need to solve this ourselves.
- Markus -- use query args and fragment or keep the keys in the latest DID Document.
- Dmitri -- agree that all DID Methods should deal with.
- Current
did:web
differentiates between expiring and deleting keys. - Not obvious in DI cryptosuite or DID Core specs -- can have date in DI.
- OpenID Federation -- JWK Sets (JWKS) added optional property
"revoked": "<timestamp>" and "revoked_reason": "<enumeration>"
-- we should have valid from/to and enumerated reason (e.g. "rotated" "compromised"). - Suggest investigating the idea and share at DID Core level
- Suggest including the three pieces of information (from, to, reason); using the log vs. the DIDDoc to store the data. For more flexibility -- perhaps use a key security event and store it in the log (look at external specs -- Dmitri to find/point out).
- For DID Methods that can't keep history -- issuer registries might be a place to go.
- Current
- Should a resolver return the entire log, so that a client can weed through it?
- Markus: Not a way to get the entire log. Look to the DID metadata as a way to use that. Other DID Methods have used this and might give us guidance. DID Resolution result -- the DIDDoc + DID Metadata. Examples: did:indy returns its "state proofs" as metadata.
- Should a resolver resolve a fragment that is not in the current DIDDoc? For example, if the VC is signed by an identified key (e.g.,
<did>#key-a
), can the client ask the resolver for that key regardless of the version of the DIDDoc it is in? What if it is in multiple versions of the DIDDoc? Presumably all are the same, but...- Current answer NO -- this is not supported with DIDs.
- However, this topic is being discussed at the DID Working Group --- fragment handling rules. Perhaps this could be supported. Raise the issue there.
- A DID URL of the form
<did>?versionId=<versionId>#key-1
could be used. A resolver MUST resolve that. did:webvh
VersionIDs are of the form "3-1241ge6wgd" (<vernum>=<entryHash>
). Given that, can we do a query in the form<did>?versionId=3
?- Brian says no
- Patrick says hey, that's useful! -- but later takes it back
- Markus there is no support for this in DID Core -- also, with metadata you can findout the
prevVersionId
(but Andrew checked and there is onlynextVersionId
-- which is not helpful to us). - Andrew says we should use the short form, or perhaps invent another parameter (which, it turns out, we already have -- see below).
- Andrew -- separate point -- what if both a versionId and versionTime parameter -- we must reject if not consistent -- add this as a clarification?
- Brian -- maybe we rethink
versionId
format? -- NO!!! - Patrick -- does
versionId
need to be in the DIDDoc to use theversionId
query parameter? Markus says No (phewww!!!) it shouldn't be in the DIDDoc - Brian/Stephen - we have in the spec (v0.5) to use the form
?versionNumber=3
-- e.g. inventing a new query parameter. Everyone was more or less happy with that.
- VersionTime can always be used.
- Should there be a way to get a list of all keys in all the versions of the DIDDoc, in case the client wants to try them all? NO. Use DID metadata and other techniques to get / resolve the DID versions.
- Other approaches? No suggestions.
- The DID Controller should be able to express that a key is revoked. Ideally for signing, but also for verifying -- we need a status. But that should be a DID Core feature -- did:webvh would do what the DID Core spec. says to do.
- Resolved -- PR ready: Should the addition of witnesses only be permitted in the first entry or can it be later? As defined in the latest update, later is permitted. Decsion: Leave as is.
- Resolved -- PR added: Is there a use case for turning off witnessing? As defined now, this is not mentioned, but presumably one could put an empty list (
[]
) in and "turn off" further witnessing -- although that update would have to be witnessed. Decision: Add in a paragraph about turning off witnessing.
- Should a key from a prior log entry be used to verify a signature? YES! -- Related to that -- should a
- Status Check: Updating the implementations to the new version. Goal is to try for backwards compatibility -- but not to go to extremes. Please report back on the challenges.
- Are we ready to declare with the current PR that v0.5 is complete? Are there any other changes we want to see?
- Minor addition, but otherwise all agreed we are ready. Tweak: For
nextKeyHashes
andupdateKeys
-- empty list ornull
are permitted. Currently only have[]
.
- Minor addition, but otherwise all agreed we are ready. Tweak: For
- NOT DISCUSSED: CEL proposal announced by Manu. I don't think we can use the spec directly, and it would complicate the explanations about what is in that spec, and what is in the did:webvh spec. Thoughts? There are some really useful ideas -- such as the ability to break logs into multiple files -- although we would want them in reverse from that they have defined.
- NOT DISCUSSED: Plans for updates to the spec.
- A ChatGPT pass, likely using the using the "Academic Assistant Pro" GPT. That should include DRYing the spec to remove duplication.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
- NOT DISCUSSED: AnonCreds object formats and did:tdw, and perhaps a follow up discussion on DID Linked Resources. @andrewwhitehead has provided this proposal. Let's talk about it.
- NOT DISCUSSED: DIDDoc and DID Metadata
- NOT DISCUSSED: Spec. PRs and Issues
- NOT DISCUSSED: Update on the did:webvh Web Server -- Patrick St. Louis.
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording and Chat Transcript
Attendees:
- Stephen Curran
- Brian Richter
- Andrew Whitehead
- Patrick St. Louis
- Kaliya Young
- Jamie Hale
- Alex Sinelnikov
- Emiliano Sune
- Rob Aaron
- Sylvain Martel
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Kaliya and Alex
- Announcements:
- Much of the renaming of the DID Method has been completed. Next up is the update of the implementations.
- Are we good with the next version?
- Name is updated.
- Pre-rotation change is made (although we will add a picture to clarify). 3. Issue -- should we allow turning off pre-rotation, and how. Issue 151 4. Add the picture from Brian and flow from Sylvain to spec or info site.
- Witness proofs in a separate file. 5. Brian to fix the JSON. 6. Sign the versionId instead of the DID Log Entry -- Issue 152
- Discussions left open from last week.
- Should a key from a prior log entry be used to verify a signature? YES! -- Related to that -- should a
did:webvh
resolver provide any support for doing that?- The DID Controller should be able to express that a key is revoked. Ideally for signing, but also for verifying -- need a status. But that should be a DID Core feature -- did:webhv would do what the DID Core spec.
- Should a resolver return the entire log, so that a client can weed through it? YES
- Should a resolver resolve a fragment that is not in the current DIDDoc? For example, if the VC is signed by an identified key (e.g.,
<did>#key-a
), can the client ask the resolver for that key regardless of the version of the DIDDoc it is in? What if it is in multiple versions of the DIDDoc? Presumably all are the same, but... YES (we should discuss in an issue) - VersionTime can always be used.
- Should there be a way to get a list of all keys in all the versions of the DIDDoc, in case the client wants to try them all? NO
- Other approaches?
- Should the addition of witnesses only be permitted in the first entry or can it be later? As defined in the latest update, later is permitted. Decsion: Leave as is.
- Is there a use case for turning off witnessing? As defined now, this is not mentioned, but presumably one could put an empty list (
[]
) in and "turn off" further witnessing -- although that update would have to be witnessed. Decision: Add in a paragraph about turning off witnessing.
- Should a key from a prior log entry be used to verify a signature? YES! -- Related to that -- should a
- Next efforts -- updating the implementations to the new version. Goal is to try for backwards compatibility -- but not to go to extremes. Please report back on the challenges.
- NOT DISCUSSED: AnonCreds object formats and did:tdw, and perhaps a follow up discussion on DID Linked Resources. @andrewwhitehead has provided this proposal. Let's talk about it.
- Plans for updates to the spec.
- A ChatGPT pass, likely using the using the "Academic Assistant Pro" GPT. That should include DRYing the spec to remove duplication.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
- NOT DISCUSSED: DIDDoc and DID Metadata
- NOT DISCUSSED: Spec. PRs and Issues
- NOT DISCUSSED: Update on the did:webvh Web Server -- Patrick St. Louis.
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording and Chat Transcript
Attendees:
- Stephen Curran
- Sylvain Martel
- John Jordan
- Patrick St. Louis
- Andrew Whitehead
- Brian Richter
- Emiliano Sune
- Martina Kolpondinos
- Michael Herman
- Michel Sahli
- Rob Aaron
- Dmitri Zagidulin
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Announcements:
- Add here...
- DID Method Name Change:
- What's the new DID Method name going to be? Leaning is towards
did:webl
. Let's discuss.- Too easy to confuse with
did:web1
. - Or perhaps we should use it instead of
did:webl
.
- Too easy to confuse with
- An idea --
did:web:<something>
but that doesn't sound aligned with the DID spec and would break the name space anddid:web
spec. Nope. did:weblog
-- but that conflicts withblog
.did:webh
-- "h" for history, emphasizing the log (history) capability, which is the important part. Loses the "secure", but so be it.did:webhash
as an alternative. Although it is bit subtle a connection to the purpose of the DID Method.
- What's the new DID Method name going to be? Leaning is towards
- Version 0.5 Updates:
- Pre-rotation change -- PR #129. Summary:
- No pre-rotation:
- Each entry is signed by a key from the active
updateKeys
list. - The
active
list is the most recently defined list prior to the current log entry -- except for the first entry, where it is the list in the first entry.
- Each entry is signed by a key from the active
- With pre-rotation:
- Eliminate the
prerotation
parameter. Preroation is automatically activated when thenextKeys
item is present in a DID log entry and MUST be enforced from then on. - Can be activated in the first log entry, or afterwards. If activated afterwards, the current log entry is signed according to the "non-pre-rotation" rules, and the pre-rotation rules apply to all subsequent log entries.
- Once active, every entry MUST have a new
updateKeys
andnextKeys
list. - The hash of each
updateKeys
list item MUST be in thenextKeys
list from the previous entry. This rule does not apply to the first log entry, as there is no previous entry. - Each entry must be signed (in the DI proof) by a key in the
updateKeys
list from the current record.
- Eliminate the
- No pre-rotation:
- Witness change requests from @andrewwhitehead HackMD Doc. Summary:
- Data model for the
witnesses
parameter remains the same (list of witnesses, threshold). - Instead of the witness proofs going into the log, they are stored in a separate file,
witness.json
-- an array of proofs from witness, including the DID Log entry version number (1, 2, ...) to which the proof applies. Or should it be theversion_id
? - The array contains only the last two proofs from each witness from which proofs are collected. When a witness proof is retrieved, if there are already two in the file from the witness, remove the oldest, and add the new one before writing the file.
- The processing is: Given an entry to be witnessed, verify that the
witness.json
file contains valid witness proofs from a threshold of current witnesses on the current or newer log entries. - Questions from the document:
- Witness proofs can be published before the DID log with a new log entry is published. This eliminates the race condition of the DID Log being published without corresponding witness proofs. The "two proofs" per witness allows for the verification of at least one of the proofs of the witness when the
witness.json
is published before the corresponding log entry. The resolver would ignore the proof of an unpublished entry. - What DID Method can a witness use? Currently must be
did:webh
, but could/should we allowdid:key
be used? Could use "instantly resolved DIDs" -- e.g.did:key
. Short list:did:webh
,did:key
,, maybedid:jwk
did:web
.- Long discussion resulted -- to be fully resolved in Discord and at the next meeting.
- It was proposed that there are two use cases for witnesses, one where there was just the added security of needing more than one key to sign the log entry (e.g. must compromize multiple keys and the web server to impact the DID), and another where the reputation of the witness was important in an ecosystem (external parties monitoring the behaviour of the DID Controller), so there needs to be ways to attach reputation (presumably, via VCs or a Trust Registry) to the witness.
- For the first - purely for added security - an ephemeral key method is sufficient --
did:key
. We discussed also allowingdid:jwk
but it was felt that was just an alternative todid:key
that adds complexity/dependencies to the spec without adding any value. - For the second, the reputation could be added by a Trust Registry while using
did:key
, but it would eliminate (complicate?) the ability to use VCs for the reputation. - For the second, some thought support for
did:webh
makes sense, while others are concerned about possiblity of resolution taking a long time if the witnesses have witnesses have witnesses, and so on. Worse is the scenario of DIDs having common witnesses, and the need to detect and handle an infinite loop. - This then changed to a discussion, that also needs to be continued on Discord and at the next meeting about if a key from a prior log entry should be used to verify a signature in the
did:webh
scenario, and more broadly in the use of verifiable credentials signed using a key in adid:webh
DIDDoc.
- NOT DISCUSSED: Should the addition of witnesses only be permitted in the first entry?
- NOT DISCUSSED: Is there a use case for turning off witnessing?
- Witness proofs can be published before the DID log with a new log entry is published. This eliminates the race condition of the DID Log being published without corresponding witness proofs. The "two proofs" per witness allows for the verification of at least one of the proofs of the witness when the
- Data model for the
- Pre-rotation change -- PR #129. Summary:
- NOT DISCUSSED: No progress made on the spec. Latest spec updates and implementation notes.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Next up -- DRYing the. spec.
- Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
- Cleaning up
- NOT DISCUSSED: DIDDoc and DID Metadata
- NOT DISCUSSED: Spec. PRs and Issues
- NOT DISCUSSED: Update on the did:tdw Web Server -- Patrick St. Louis.
- NOT DISCUSSED: Update: AnonCreds object formats and did:tdw, and perhaps a follow up discussion on DID Linked Resources
- Good discussion about the pros and cons of signing the resource, if it is signed should we use the VCDM or just attach a Data Integrity proof, and how we can get a consistent hash and where should it go.
- Alignment with the DID Linked Resources spec would really nice to have. We don't want to return in the DIDDoc metadata the information about all the resources associated with a DID -- it can be a lot of data. That said, a discovery mechanism for resources, such as
<did>?resources
would be really nice. - The next step is to create a document about a likely approach (@andrewwhitehead agreed to create that first draft) and then we can then collaborate on implementing/updating the document from there.
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording
Attendees:
- Stephen Curran
- Patrick St. Louis
- Andrew Whitehead
- Brian Richter
- Cole Davis
- Emiliano Sune
- Kjetil Hustveit
- Martina Kolpondinos
- Michael Herman
- Michel Sahli
- Rob Aaron
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Pre-rotation change to be put into a PR for discussion -- Michel Sahli
- Announcements:
- DID Methods Working Group Meetings start next Wednesday, Nov. 13 at 9:00 Pacific / 18:00 Central Europe -- calendar.
- IIW Update
- did:tdw session
<did>/whois
as a separate specification and work item.- Getting
<did>/whois
examples into the wild -- resolver support, did:tdw Server support.
- No progress made on this. Latest spec updates and implementation notes.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Next up -- DRYing the. spec.
- Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
- Cleaning up
- Registering did:tdw as a DID Method PR, and [DONE!] adding a did:tdw component to the Universal Resolver (thanks Brian!).
- Spec. PRs and Issues
- Update on the did:tdw Web Server -- Patrick St. Louis.
- AnonCreds object formats and did:tdw, and perhaps a follow up discussion on DID Linked Resources
- Good discussion about the pros and cons of signing the resource, if it is signed should we use the VCDM or just attach a Data Integrity proof, and how we can get a consistent hash and where should it go.
- Alignment with the DID Linked Resources spec would really nice to have. We don't want to return in the DIDDoc metadata the information about all the resources associated with a DID -- it can be a lot of data. That said, a discovery mechanism for resources, such as
<did>?resources
would be really nice. - The next step is to create a document about a likely approach (@andrewwhitehead agreed to create that first draft) and then we can then collaborate on implementing/updating the document from there.
- DID Portability
- Reviewed the spec concept
- Potential conflict on the name "tdw"
- Project called "Trusted Digital Web" which has used the "TDW" acronym, although not for a DID Method. The project does mention DIDs. How to address the potential conflict? Michael Herman raised an objection on the DID Registration PR that we submitted.
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording Link
Attendees:
- Stephen Curran
- And others...
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Latest spec updates and implementation notes.
- Cleaning up
[[spec]]
references -- Brian has enabled us to add our own spec references. - Next up -- DRYing the. spec.
- Security and Privacy sections. Anyone able to help?
- Getting "spec to a standard" advice and applying those changes.
- Cleaning up
- Registering did:tdw as a DID Method PR, and adding a did:tdw component to the Universal Resolver.
- DID Linked Resources and did:tdw
- Mechanisms to publish/resolve files related to the DID -- e.g., AnonCreds objects, OCA Files, BitListStatus, etc.
- DID Linked Resources vs.
relativeRef
currently in the spec - Complexity of DID Linked Resources is that the DLRs must be listed somewhere so they can be included in the DID Metadata that is part of the DID resolution result.
4. Use case: Clients of resolvers find a DID URL for the resources. With
relativeRef
there is the same DID-To-HTTPS transformation to get the resource as to get the DID Log/DID Doc. 5. Use case: A resource points to a sequence of related documents, as in the case of RevRegEntries in AnonCreds. One identifier, but multiple resources. How does one find (a) the latest, (b) the entire list of entries (c) a specific entry at a given time? Each of those features could be needed with RevRegEntries.
- Spec. PRs and Issues
- Issues that would be breaking changes -- close them?
- Update on the did:tdw Web Server -- Patrick St. Louis.
- Open Discussion
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording Link
Attendees:
- Stephen Curran
- Sylvain Martel
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Latest spec updates and implementation notes.
- Version 0.4 is out.
- https://didtdw.org/ site is published.
- Implementer's Guide, etc. removed from the spec
- Next up -- DRYing the. spec.
- Anyone know a "Spec Veteran" that would be willing to review and point out deficiencies and potential improvements in the spec? Especially one with W3C spec experience.
- Suggestion to wait on this until after the DRYing is done.
- Update on the did:tdw Web Server -- Patrick St. Louis.
- DID Linked Resources and did:tdw
- Should we? How?
- Spec. PRs and Issues
- Open Discussion
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording Link
Attendees:
- Stephen Curran
- Others...
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Feedback from implementing
did:tdw
Witness capability -- Brian Richter.- Resolver has a /witness endpoint -- got the request from the DID Controller.
- Stuck on signing the entry. Both log entries have a did:key -- the witnesses must be published DIDs -- SHOULD be a did:tdw?
- Where to send the witness request? The DID Controller should know that.
- Perhaps add an endpoint for the witnesses in the
witnesses
object? Decided no -- not to include the endpoint since that puts too much definition in the specification on how to implement the DID Controller and Witness interface. It is left to the DID Controller and witnesses to decide how they will interact. All that is specified is that resolvers can verify the proofs via the DID referenced in thewitnesses
object, and the key identifier that references that DID in the proof itself. - Use cases for witnesses -- (1) monitoring the DID controller to prevent maliciousness -- no backtracking, (2) preventing attacks on the DID Controller.
- Next steps -- Brian to continue implementing based on the discussion. Addition of weasel words to the spec to note the implementation challenges.
- Spec. update to switch from a DID log entry being a JSON array to an object. Feedback? -- Stephen Curran. Good to go with the names of the items in the object.
- General feedback -- all good.
- We reviewed the names and agreed with the ones in the PR now --
versionId
,versionTime
(both of which align with the DID Core spec query parameters),parameters
, andstate
.proof
is as defined in the DI specification.
- Proof Chain vs. Proof Set
- Semantics:
- Proof Chain implies that that a subsequent signature is added to an existing signature, implying an attestation of that signature. But there are no implementations of it that we know of, and it's inclusion adds complexity without the semantics giving much benefit in
did:tdw
. - Proof sets are just independent proofs across the same data.
- Proof Chain implies that that a subsequent signature is added to an existing signature, implying an attestation of that signature. But there are no implementations of it that we know of, and it's inclusion adds complexity without the semantics giving much benefit in
- For now, let's just go with proof sets, as there is little benefit from using proof chains.
- Semantics:
- Update on the did:tdw Web Server -- Patrick St. Louis. 8. Demo given, but we ran out of time.
- DID Linked Resources and did:tdw
- Should we?
- Spec. PRs and Issues
- Open Discussion
Time: 9:00 Pacific / 18:00 Central Europe
Recording: Zoom Recording Link
Attendees:
- Stephen Curran
- Dmitri Zagidulin
- Cole Davis
- Brian Richter
- Andrew Whitehead
- Sylvain Martel
- Martina Kolpondinos
- John Jordan
- Patrick St. Louis
- Jamie Hale
- Welcome and Adminstrivia
- Recording on?
- Please make sure you: join DIF, sign the WG Charter, and follow the DIF Code of Conduct. Questions? Please contact [email protected].
- did:tdw Specification license -- W3C Mode
- Introductions and Agenda Topics
- Introduction to the
did:tdw
Work Item at DIF- CCG Presentation on did:tdw (starts at the 5:40 mark of recording)
- Brief(!) introduction to
did:tdw
- Discussion:
- What do you want this group to achieve?
- What would help you the most?
- Get to 1.0!
- Web server
- Next step topics -- witnesses, deactivation -- how does a diploma remain verifiable when the isssuer disappears -- with their web server. Aka durability.
- Acceptance of the method broadly.
- How
did:tdw
compares with KERI. - Test suite!!!!! Implementation consistency.
- Cryptographic audit on the techniques used -- hashing use, etc.
- Governemnt acceptance of the cryptographic suites being used.
- Switchcord is running live use cases based on
did:web
-- would like to transition todid:tdw
and its features.
- Feature list feedback document -- importance of features?
- Future Topics
- Next Meeting -- next week, same time
- Input to TPAC.
- Spec. PRs and Issues
- Action items and next steps:
- Stephen to create a PR to change the spec. to say that a version is an object, JSON Patch is no longer used, and that the Data Integrity Proof is across the version object, without a challenge.
- Everyone to look at the list of did:tdw features and comment on the features.
- Everyone to review issues and open others as needed, to drive future discussions.