w3c / vc-data-integrity

W3C Data Integrity Specification
https://w3c.github.io/vc-data-integrity/
Other
42 stars 19 forks source link

Is another context required to express JsonWebKey or Multikey? #164

Closed msporny closed 1 year ago

msporny commented 1 year ago

@OR13 noted that he will object if another context is required to express a JsonWebKey or Multikey here:

https://github.com/w3c/vc-data-integrity/pull/135#discussion_r1291340563

This issue is to track that objection and potential ways to resolve it.

msporny commented 1 year ago

I think the short answer to this question is: No, another context is not required if the key formats are already defined in an existing context. I would expect that the DID Core v2 context will eventually include both JsonWebKey and Multikey, but until that happens, we need contexts for these key types so that systems that want to include the key types have a pre-defined mechanism for doing so.

msporny commented 1 year ago

@OR13 I note a thumbs up for the explanation above for why we need context files for the key formats.

I'm marking this issue as pending close. Feel free to speak up if your question hasn't been answered.

OR13 commented 1 year ago

I suggest we bundle the terms in the V2 context as we have been doing for other terms, and then it's fine to host a second context as we do for status list.

OR13 commented 1 year ago

I suggest we bundle the terms in the V2 context as we have been doing for other terms, and the it's fine to host a second context as we do for status list.

I can raise the PR to do that, you can assign to me if you agree.

msporny commented 1 year ago

I suggest we bundle the terms in the V2 context as we have been doing for other terms, and the it's fine to host a second context as we do for status list.

While I'm not entirely opposed to the idea, I don't expect VCs to need to express key material (in general).

That said, if confidenceMethod is adopted into the main spec with a concrete type defined, I can see how they might. I would prefer to wait until that happens to put it in the v2 context (and we can do that during CR if necessary). Without that happening, what's the driving use case for expressing public and private keys in a VC?

I can raise the PR to do that, you can assign to me if you agree.

I'd prefer that we not do this yet, and only do this when we have a concrete use case that someone in the WG is implementing/deploying. We should consult the WG if such a use case exists, and if it does, that would justify the PR, IMHO.

I'd be fine w/ a PR being raised to trigger the discussion in vc-data-model, but would be a -0.5 on it until we have a concrete use case identified with a community that's going to use the definition.

msporny commented 1 year ago

The Editors of the Data Integrity and cryptosuite specifications discussed this last week and came to the following conclusions:

Since PR https://github.com/w3c/vc-data-model/pull/1260 has been raised to track that concern, there is nothing more for us to do here. Closing.