Initial Implementation Exists

[OR13]

• [ ] CI/CD Tests are running on branches
• [ ] Dockerized Local Development Environment
• [ ] Swagger API Definition Exists
• [ ] Swagger Definition is Published

[tplooker]

To clarify this proposal is to have a reference implementation contained inside this repository

[tplooker]

The counter proposal is for us to have a seperate repository that contains a reference implementation of the specification

[tplooker]

Discussed on the 07/04/2020 call

[dmitrizagidulin]

+1 to having a separate repository for an implementation. -1 to calling it 'reference implementation'. Instead, 'example implementation', or just one of the various implementations that will inevitably exist.

[OR13]

-1 to multiple repos without a justification for the mangement overhead. -1 to "example implementation" see :

In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is the standard from which all other implementations and corresponding customizations are derived.

https://en.wikipedia.org/wiki/Reference_implementation

[OR13]

There can be more than 1 reference implementation... its actually fairly common to see one per language...

[dlongley]

In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is the standard from which all other implementations and corresponding customizations are derived.

^ This definition is precisely why some people don't want to call it a "reference implementation". You don't get independent implementations if "all other implementations" are "derived" from the reference implementation. If implementers use this pattern to write their own implementations it could cause us to fail to standardize (which requires independent implementations).

[OR13]

https://github.com/search?q=reference+implementation

I would argue the opposite... lack of clear reference implementations per language causes a failure to standardize and a failure to adopt... because there is no proof of concept implementation to base an optimized proprietary independent implementation on in the language used by the enterprise / developer....

See also: https://stackoverflow.com/questions/22824843/what-does-reference-implementation-mean

Its pretty common for someone to take a reference implementation, modify it, optimize it, and then make it a proprietary system...

Is that an independent implementation? I would suggest that it is, since you can't see the source, and you can have confidence that its interoperable based on conformance to the test suite.

Absence of such an implementation will require developers to reverse engineer the software from the test suite... which is just a longer way of getting to the same place... I had to do this to build our EDV implementation... its possible to do, but only by people who want to invest the time... and they have to really believe its going to pay off... which at the beginning is a real gamble...

You 100% can have interoperable, independent implementations and have reference implementations... see HL7 / FHIR.

I worry about total number of implementations, implementations in different languages, and then different implementations in the same language... in that order.

[dlongley]

I would argue the opposite... lack of clear reference implementations per language causes a failure to standardize and a failure to adopt...

What I believe people are saying is that it's not a matter of opinion here, but one of W3C process. The process requires two or more independent implementations of every normative feature. We don't want to set up conditions whereby we would fail to meet that bar because every implementation done is merely a derivation of the same reference implementation.

[OR13]

Also, the first open source implementation in any language is always a de facto reference implementation for that language... the strongest form of independent implementation is one in a different language... but a test suite is required to ensure interoperability.... the reference implementation helps you get more implementations... it does not necessarily ensure you have interoperability.

See hyperledger aries:

https://github.com/hyperledger/aries-framework-go https://github.com/hyperledger/aries-sdk-ruby https://github.com/hyperledger/aries-framework-javascript

W3C requires a test suite, AFAIK it does not require open source implementations that can be audited line by line to ensure they do no rely on the same underlying reference implementation.

https://www.w3.org/wiki/ImplementationReport

The working group is NOT REQUIRED to show that a technical report has two independent and interoperable implementations as part of a request to the Director to announce a Call for Implementations. However, the working group SHOULD include a report of present and expected implementations as part of the request.

Not sure if this is the correct section to cite, but please provide some links to the process you are alluding too.

[OR13]

Is this representative of the kind of report we want at the end:

https://www.w3.org/2007/SMIL30/SMIL30-implementation-result.html ?

Trying to figure out if these 3 "independent" implementations are all open source... if they are not... then who knows if they are independent.... even if they are open source, but both depend on https://www.npmjs.com/package/jose does that still count?

... pretty sure the test suite when applied to the software implementation provided by the vendor is what determines an independent implementation.

A decision to use or not use a reference implementation, or popular / audited dependencies in delivering your solutions is out of scope for determining if its "independent", unless there is a specific w3c process document that can be cited that requires all test implementations be open source / audited for reuse of common dependencies.

[agropper]

I don't see how something as new and as complicated as SSI gets to market without a couple of reference implementations.

[OR13]

Yes, IMO, it's all basically not a real thing until there are at least 1 implementations in javascript/typescript, go, rust, java, python....

When there are 0 its hard to get 1... when there is 1 its hard to get 2, but when there are 3 its easy to get 10... the more places you have to pull ideas from / see how someone else solved that test case... the easier it is to get your implementation compliant with the test suite.

[OR13]

We could decide to not do a reference implementation, and instead rely on vendors interoperability test suites like this one: https://github.com/decentralized-identity/secure-data-store/pull/70

[OR13]

We have some tests, we need to get started on a sample implementation.

[OR13]

closing my own issue