-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correct layering violations related to the proof property #1397
Correct layering violations related to the proof property #1397
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR removes the proof
property as an extension point, which we don't have consensus to do. It also makes a number of changes that are already made in other PRs, such as removing proof
from a few examples. In many cases, it edits text that is in the process of being removed in other PRs.
I suggest waiting for the other PRs to settle and then seeing what is left. Some of the text in this PR is ok, but the removal of proof
entirely as an extension point is the biggest issue.
@msporny can you propose specific wording changes to the PR to address your concern? I'm OK leaving |
The issue was discussed in a meeting on 2023-12-19
View the transcript2.1. Correct layering violations related to the proof property (pr vc-data-model#1397)See github pull request vc-data-model#1397. Brent Zundel: Mike, you opened this one about an hour ago, I don't imagine people have had time to review. Michael Jones: Thank you. Brent Zundel: If anyone has read it please jump on the queue. Manu Sporny: I was able to read it before the call. Some of the changes in the text being made has already been removed in other PRs. Michael Jones: Glad to hear that other PRs are already handling much of this. Brent Zundel: That's my recommendation, continue the conversation in the PR. It's been live for an hour, so get your reviews in. Michael Jones: Live for an hour, but two days of work, had to read lots of text. Brent Zundel: Thank you, Mike. |
Yes, most of the significant concrete change suggestions are in these PRs:
If/when those PRs land, the other concrete changes I'd suggest to this PR would be in text that is deleted (and therefore, there is no sense in making those changes since the text will disappear if the PRs above are merged). Most of the changes fall into those two categories. We'll have to see what the delta is if/if not the PRs above land and go from there. |
The issue was discussed in a meeting on 2024-01-03
View the transcript1.1. Correct layering violations related to the proof property (pr vc-data-model#1397)See github pull request vc-data-model#1397. Brent Zundel: looking at 1397 (#1397) - has been superseded by other PRs? is that correct. Manu Sporny: next step is for Mike to look at the latest spec and see what the delta is. probably a minimal change set at this point. |
All, please re-review. This PR now does less than it used to because some of the preceding PRs already accomplished some of the goals of this PR. |
index.html
Outdated
@@ -2081,7 +2071,7 @@ <h3>Securing Mechanisms</h3> | |||
|
|||
<p> | |||
An <dfn class="export">embedded proof</dfn> is a mechanism where the proof is | |||
included in the serialization of the data model. One such RECOMMENDED embedded | |||
included in the serialization of the data model. One such embedded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why removing this?
The preceding paragraph on enveloping proof uses the same terminology to 'recommend' jose-cose. This paragraph does the same for DI. Either both RECOMMENDED statements are removed, or none of them. Personally, I prefer keeping it as is: after all, we are 'recommending' the two proof mechanisms that this WG standardizes, which is perfectly fine, and it certainly does not exclude third parties coming up with their own.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Do not remove this, the WG is explicitly recommending at least the securing mechanisms that it is publishing as standards.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
both paragraphs should be consistent
index.html
Outdated
@@ -2331,7 +2321,7 @@ <h3>Presentations</h3> | |||
The example below shows a [=verifiable presentation=]: | |||
</p> | |||
|
|||
<pre class="example nohighlight" title="Basic structure of a presentation"> | |||
<pre class="example nohighlight" title="Basic structure of a presentation secured with Data Integrity"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not think it is necessary for this example. Example 18 does not use any proof mechanisms, so the reference to DI looks irrelevant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few blocking requests, after these are fixed (and the change suggestions are integrated), we can merge:
- Do not remove the recommendation of using the securing mechanisms the WG is creating.
- Do not remove text related to DI and replace it with text related to JWT -- either talk about both mechanisms specifically, or securing mechanisms generally, or be silent.
- Keep the mentions that
proof
or securing data is placed in a separate graph; it's important to be able to separate the securing mechanism from the data being secured.
The PR still has merge conflicts, so we'll have to make sure those are fixed before we can merge as well.
index.html
Outdated
@@ -2081,7 +2071,7 @@ <h3>Securing Mechanisms</h3> | |||
|
|||
<p> | |||
An <dfn class="export">embedded proof</dfn> is a mechanism where the proof is | |||
included in the serialization of the data model. One such RECOMMENDED embedded | |||
included in the serialization of the data model. One such embedded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Do not remove this, the WG is explicitly recommending at least the securing mechanisms that it is publishing as standards.
index.html
Outdated
Secure the [=credential=] with a <a href="#proofs-signatures">proof</a> establishing that the | ||
[=issuer=] generated the [=credential=] (that is, it is a | ||
[=verifiable credential=]), or |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will want to just reword this to refer to the "Securing Mechanisms" section. This is not blocking feedback, and it's editorial, but while we're in here we might as well change this/update it to point to a better place.
index.html
Outdated
<br/><br/> | ||
The `verificationMethod` [=property=] specifies, for example, the | ||
public key that can be used to verify the digital signature. Dereferencing a | ||
public key URL reveals information about the controller of the key, which can | ||
be checked against the issuer of the [=credential=]. The | ||
`proofPurpose` [=property=] clearly expresses the purpose for | ||
the proof and ensures this information is protected by the signature. A proof is | ||
typically attached to a [=verifiable presentation=] for authentication | ||
purposes and to a [=verifiable credential=] as a method of assertion. | ||
The JWT <code>iat</code> claim likewise provides the time that the signature was made. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-1 to removing this text AND adding the JWT text. Either remove all of it, or add all of it.
`verifiableCredential` or `proof`. These properties | ||
`verifiableCredential`. These properties |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@iherman this is removing all notions that proof
is a separate graph, which doesn't seem like a good idea. You added this text, thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point but, with this new setup, the fact that a proof
creates a new named graph must be added somewhere to the DI spec, and it is ok not to have it there.
At this point we probably should raise a new issue in the DI repo to remind us that this MUST be done, and leave this change as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @iherman that this information belongs in DI - not VCDM.
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
Co-authored-by: Brent Zundel <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
…correct-proof-layering-violations
Normative, multiple reviews, changes requested and made, no objections, merging. |
The history of this PR suggests that all my requested changes were applied, but they were NEITHER ACCURATELY NOR COMPLETELY applied, apparently because the "commit" buttons provided by GitHub were not used on all (if any) suggestions. Manual application of change requests is HORRIBLY error prone, and it is impossible to know whether requested changes were rejected intentionally (which should have led to discussion and agreed resolution) or accidentally — which means manual review of each-and-every change request and subsequent commit must now be performed. I noticed this problem when skimming the "files changed" after the PR was merged. The word "complementary" was deleted, where it should have moved from one line to the next. The original sentence read —
The remaining sentence is nonsensical —
It should now read —
I am VERY unhappy. |
Perhaps GitHub is providing the stress here... The files changed shows the broken sentence above, while the main branch shows the correct sentence. I don't know of a good way to review this, that will accurately show the requested changes and their disposition, other than comparing the PR to the Main branch in side-by-side browser tabs... |
Remove uses of
proof
where a specific securing mechanism is not being used or described. Whereproof
is being used for Data Integrity, be explicit that that is the case.This will resolve most of #1377.
cc: @jyasskin
Preview | Diff