OR13
commented
1 year ago Thank you for filing this. Still digesting it.
Similar to the argument regarding media types, we should avoid creating new RDF classes if we don't need them.
Closed iherman closed 1 year ago
OR13
commented
1 year ago Thank you for filing this. Still digesting it.
Similar to the argument regarding media types, we should avoid creating new RDF classes if we don't need them.
iherman
commented
1 year ago As a personal opinion (i.e., with my staff contact's hat put down) I would be strongly in favour of the first alternative, ie, the subclassing approach. It keeps the vocabulary simple, and it corresponds, ontologically, to the fact that a verifiable credential is a credential...
andresuribe87
commented
1 year ago IFF we introduce the Credential term, then I agree with Ivan's statement that
VerifiableCredential is a subclass of Credential
That said, my opinion is that we should NOT introduce the term. I'm in favor of only having VerifiableCredential defined. It simplifies the spec on multiple aspects. I would also be favorable to renaming the VerifiableCredential term to something else, that doesn't elevate the verification aspect above other normatively required properties.
Let me elaborate on why I think we should only have a single term.
We can informatively refer to something as a Credential, with the understanding that it's a VerifiableCredential without proof associated with it. But to refer to it normatively, then I ask myself the following: Which required fields justify having a separate term to describe an object where that field isn't present?
For example, what is a VerifiableCredential without @context? Is that a SemanticlessVerifiableCredential? Would a TypelessVerifiableCredential make sense? A SubjectlessCredential? AnonCredential (perhaps one without an issuer and without a proof)?
The conclusion I arrive to is that there already exists a brand (which is also a normative term) called VerifiableCredential, and we're giving special treatment to the proof field only because the brand name is the composition of two words (Verifiable and Credential).
I don't know the history as to why that name was chosen, and that's something I'd love to learn. If today we were referring to VCs with the alternative brand names (like w3c-creds, a made up word like Vecred, or a completely different term like Ocred), then it is my belief that it would be clear that a new term is not needed.
Furthermore, I would suggest we replace the use of the term Credential in the spec (like what's used in the examples), and instead use the term Unsecured VC.
OR13
commented
1 year ago @msporny @dlongley would love to hear your thoughts on this.
dlongley
commented
1 year ago I would prefer not to make implementations more complicated by having to use Credential in the type field. I think we can solve this problem by ensuring the vocab says VerifiableCredential is a subclass of Credential and then we continue to just use VerifiableCredential in the type field.
iherman
commented
1 year ago I would prefer not to make implementations more complicated by having to use
Credentialin thetypefield. I think we can solve this problem by ensuring the vocab saysVerifiableCredentialis a subclass ofCredentialand then we continue to just useVerifiableCredentialin thetypefield.
@dlongley just to understand what you propose:
Credential class in the vocabulary, as a superclass to VerifiableCredential, and modify the vocabulary that way (ie, by adjusting the domains and ranges accordinglyI do have a clear opinion on (1) (which is a "yes!") but I do not have a clear opinion on (2), so I let you guys decide on that. I am not a VC implementer, nor am I a familiarity with that community, and I am obviously biased by my background...
dlongley
commented
1 year ago @iherman,
Yes, to 1 and 2 -- I'm trying to find a middle ground where we can do the vocabulary properly and keep implementations simple.
TallTed
commented
1 year ago I'll be saying similar things to the following in a few threads, I think, as overlapping topics are being covered in multiple issues...
We must remember that classes and subclasses (a/k/a types and subtypes) do not necessarily require differentiation in their Media Types, and in fact, some subtypes SHOULD NOT have a Media sub-Type — such as the EncryptedStrawManDocument subtype of StrawManDocument — because the encryption changes the content of an application/encrypted+credential+ld+json document sufficiently that trying to fall back and handle it as an unencrypted application/credential+ld+json document will be an utter failure — unless the encrypted payload (which might have any of a number of Media Types (a/k/a formats)) is just one piece of the application/credential+ld+json.
I am firmly convinced that we need Credential and VerifiableCredential types. I am less convinced though leaning toward Presentation and VerifiablePresentation types. I am becoming significantly less convinced of the utility — not to mention compliance with Media Type rules — of application/verifiable+presentation+ld+json vs application/presentation+ld+json.
This comment does not represent completed thoughts, but I thought it more important to start others thinking about the same things, than to finish the picture myself.
iherman
commented
1 year ago The issue was discussed in a meeting on 2023-02-28
OR13
commented
1 year ago I am opposed to defining RDF that has no impact or use for implementers.
I am opposed to an RDF type called Credential that would contain proof just like VerifiableCredential currently does.
awoie
commented
1 year ago I agree with @OR13 that having an RDF type called Credential that contains a proof would be misleading.
TallTed
commented
1 year ago OR13
commented
1 year ago @TallTed There is no @context definition for Credential...
Your assertion that https://www.w3.org/2018/credentials#Credential exists and is a subtype is false, that is a proposal (discussed in this issue).
Only https://www.w3.org/2018/credentials#VerifiableCredential exists.
I assume eventually this issue will become a PR to create the subtype relationship or it will be closed.
That PR would need to modify this vocabulary: https://www.w3.org/2018/credentials/
iherman
commented
1 year ago I am not sure what the controversy is all about, @OR13 @TallTed. This issue asks whether there is a need for a separation between the Credential and VerifiableCredential types. I have the feeling that there is a relative consensus that yes, that would be good. If that is correct, I am happy to do a PR that puts that into practice. If it is incorrect, I do not do anything...
OR13
commented
1 year ago If Credential is like VerifiableCredential but does not contain proof, what other use will this Class have?
I am in favor of creating clarity if the classes will have some use to implementers, and if they do not create further semantic confusion.
"Credential": {
"@id": "https://www.w3.org/2018/credentials#Credential",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
"credentialSchema": {
"@id": "https://www.w3.org/2018/credentials#credentialSchema",
"@type": "@id"
},
"credentialStatus": {
"@id": "https://www.w3.org/2018/credentials#credentialStatus",
"@type": "@id"
},
"credentialSubject": {
"@id": "https://www.w3.org/2018/credentials#credentialSubject",
"@type": "@id"
},
"description": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"evidence": {
"@id": "https://www.w3.org/2018/credentials#evidence",
"@type": "@id"
},
"holder": {
"@id": "https://www.w3.org/2018/credentials#holder",
"@type": "@id"
},
"issued": {
"@id": "https://www.w3.org/2018/credentials#issued",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"issuer": {
"@id": "https://www.w3.org/2018/credentials#issuer",
"@type": "@id"
},
"name": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"proof": { // proof is included here....
"@id": "https://w3id.org/security#proof",
"@type": "@id",
"@container": "@graph"
},
"refreshService": {
"@id": "https://www.w3.org/2018/credentials#refreshService",
"@type": "@id"
},
"termsOfUse": {
"@id": "https://www.w3.org/2018/credentials#termsOfUse",
"@type": "@id"
}
}
},"Credential": {
"@id": "https://www.w3.org/2018/credentials#Credential",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
// proof has been removed here.
"credentialSchema": {
"@id": "https://www.w3.org/2018/credentials#credentialSchema",
"@type": "@id"
},
"credentialStatus": {
"@id": "https://www.w3.org/2018/credentials#credentialStatus",
"@type": "@id"
},
"credentialSubject": {
"@id": "https://www.w3.org/2018/credentials#credentialSubject",
"@type": "@id"
},
"description": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"evidence": {
"@id": "https://www.w3.org/2018/credentials#evidence",
"@type": "@id"
},
"holder": {
"@id": "https://www.w3.org/2018/credentials#holder",
"@type": "@id"
},
"issued": {
"@id": "https://www.w3.org/2018/credentials#issued",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"issuer": {
"@id": "https://www.w3.org/2018/credentials#issuer",
"@type": "@id"
},
"name": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"refreshService": {
"@id": "https://www.w3.org/2018/credentials#refreshService",
"@type": "@id"
},
"termsOfUse": {
"@id": "https://www.w3.org/2018/credentials#termsOfUse",
"@type": "@id"
}
}
},The "controversy" is some working group members appear to want to have the word "credential" and "verifiable credential" apply to the exact same bytes. Other working group members feel this is confusing and undermines the meaning of both terms.
This confusion is playing out in "media types", "spec definitions" and "rdf classes".
@dlongley @msporny Do you think adding option 1 would help clarify your postion that "credential" can have a "proof?... Do you agree we should attempt to define "Credential" in RDF?
TallTed
commented
1 year ago I am most inclined to drop VerifiableCredential (and application/verifiable+credential+ld+json, application/vc+ld+json, etc.), and keep Credential (and application/credential+ld+json, etc.).
Whether or not it's verifiable is not a question of its structure, which goes to media type, but a question of the bits held in that structure, which goes to business logic.
It may not be worth having a media type for this at all.
msporny
commented
1 year ago @OR13 wrote:
I am opposed to an RDF type called Credential that would contain proof just like VerifiableCredential currently does.
I don't think anyone is saying "would"... folks seem to be saying "could"... because it's an open world model... any subject can be associated with any predicate unless there is a higher level rule that says it shouldn't... but that's not enforced at the RDF or JSON-LD layer... it's enforced at the VC Data Model layer.
So, for example, if we are producing a JSON-LD Context for Credential, your Option 2 is probably fine as long as we don't prohibit someone from pulling in another JSON-LD Context that allows proof on Credential. <-- I believe that's the thing that most of the folks arguing against banning proof in Credential are saying... but I cringe saying all of that because I don't think most developers will care that much about Credential being defined in the JSON-LD Context since they'll largely be working with VerifiableCredentials... Credentials by themselves have very limited value in the real world, IMHO. The class /does/ have value in the RDF model, however, because it provides a very clear mapping between the terminology in the spec and the RDF classes in the data model.
IOW, we were explicit in conceptually differentiating a credential from a verifiable credential in the v1.0 and v1.1 specification because it was a question that came up repeatedly. The specification makes this distinction one hundred and seventeen (117) times (I just went through and counted). So, and I'm not saying anyone is asserting this, but just to be clear -- I don't think the WG made that distinction on accident. :)
@dlongley @msporny Do you think adding option 1 would help clarify your postion that "credential" can have a "proof?... Do you agree we should attempt to define "Credential" in RDF?
I think we should define Credential in RDF so the formal data model hangs together, and I think we should not add it to the JSON-LD Context (because I don't expect developers to find it useful in practice). If developers want to use Credential, they can create their own JSON-LD Context for it.
We should separate at least three of the discussions that are happening here:
Credential and VerifiableCredential modeled from an RDF perspective? (this is largely an academic discussion, but an important one to ensure we're going to be logically consistent in how the entire spec is written). At present, we're logically consistent (or very close) w/ the usage of credential vs. verifiable credential in the spec today.Credential (is it necessary to do so)? (this is largely an implementation consideration)Credential useful to developers? (this is largely an academic consideration)I'll try to provide thoughts on each one separately:
How is
CredentialandVerifiableCredentialmodeled from an RDF perspective? (this is largely an academic discussion, but an important one to ensure we're going to be logically consistent in how the entire spec is written).
We make the distinction between credential and verifiable credential around 117 times in the spec today. We shouldn't remove the distinction. Since there is a distinction, it makes sense to reflect that in the RDF vocabulary.
How are we going to construct the JSON-LD Context for
Credential(is it necessary to do so)? (this is largely an implementation consideration)
I don't think we have anyone using Credential today (because it's not defined), and if we were to define it, I'm struggling to understand what use case it helps developers solve. I'd venture to guess that most developers today care about creating VerifiableCredentials... not Credentials. The only use of Credential that I can think of is to be academically pure in creating something that you send into a piece of software that immediately turns it into a VerifiableCredential. The benefits of referring to something as a Credential seem to be slim to none.
As such, I don't see a need to put this in the base JSON-LD Context... but we shouldn't prevent someone from creating their own JSON-LD Context that uses the concept. Perhaps when VC v3.0 rolls around, there'll be a set of use cases that demonstrate why having Credential in the base context is useful.
Is the data structure for
Credentialuseful to developers? (this is largely an academic consideration)
Same argument as above... I expect the answer to be: "It's not useful at this point in time other than to convey the logical data model for the ecosystem".
So, to summarize:
Credential and VerifiableCredential in the data model.Credential in the JSON-LD Context.... with the caveat that I might feel differently about this next week. :P
msporny
commented
1 year ago @TallTed wrote:
I am most inclined to drop
VerifiableCredential(andapplication/verifiable+credential+ld+json,application/vc+ld+json, etc.), and keepCredential(andapplication/credential+ld+json, etc.).
I think I'm inclined to go the other way, @TallTed. Let's define application/vc+ld+json, which MUST/SHOULD contain proof and drop application/credential+ld+json... and use the same logic you applied above:
Whether or not it's verifiable is not a question of its structure, which goes to media type, but a question of the bits held in that structure, which goes to business logic.
:)
I'd rather optimize for what developers will be working with most of the time, which is to use and express verifiable credentials... the whole concept of a Credential is interesting, but largely useless when it comes to what implementations will be dealing with the vast majority of the time.
To answer the question of "Well, then what media type do you send an HTTP endpoint to add a proof to a credential" could be: application/ld+json ... or even application/json. Thoughts?
iherman
commented
1 year ago @OR13,
You are presenting two JSON-LD @context files, and that is not relevant here. @context ≠ vocabulary. I am talking about the underlying vocabulary, which is a different thing altogether.
If
Credentialis likeVerifiableCredentialbut does not contain proof, what other use will this Class have?
The vocabulary/ontology is there to clarify our thoughts, first of all, and I would not underestimate that. But, from a practical point of view, if the vocabulary is used as an ontology for reasoning in a Linked Data context, an RDFS/OWL reasoner would deduce, when seeing a proof property on a credential, that it is indeed a verifiable credential. This is how the deduction mechanism works in RDF/RDFS/OWL & Co. Whether this is something useful in the VC case, I cannot judge; whether it is useful if a VC is included in a larger knowledge graph: probably; whether a VC is ever included in a knowledge graph: I have no idea.
@msporny,
I think I'm inclined to go the other way, @TallTed. Let's define application/vc+ld+json, which MUST/SHOULD contain proof and drop application/credential+ld+json...
This ship may have sailed already... but I sympathize with your opinion. The only thing this issue says: if we do make this strong separation between credentials and verifiable credentials conceptually, the vocabulary should reflect that (at least in my view). If we decide that we keep vc+ld+json only, then this specific issue is moot.
I'd rather optimize for what developers will be working with most of the time, which is to use and express verifiable credentials... the whole concept of a Credential is interesting, but largely useless when it comes to what implementations will be dealing with the vast majority of the time.
I tend to agree with you, but I am not a VC implementer...
OR13
commented
1 year ago @msporny
Let's define
application/vc+ld+json, which MUST/SHOULD contain proof and dropapplication/credential+ld+json... and use the same logic you applied above.
I think with a MAY it aligns exactly with the current RDF definition for VerifiableCredential.
In the spec with the caveat that the "proof" can be "embedded" or "external" this aligns with the term "verifiable credential".
We need to be careful with proof since it introduces bias towards "securing formats", since some use "external proofs".
... your Option 2 is probably fine as long as we don't prohibit someone from pulling in another JSON-LD Context that allows proof on Credential.
I think this is where the strongest disagreement exists.
There are 2 considerations:
How does @protected impact this? similar to https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L12
Why would an implementer not use type and multiple inheritance to add proof.
If proof is added can it be different than the proof in VerifiableCredential.
If answer to 3 is no, what are the actual differences at the information level between Credential and VerifiableCredential.
As a general rule, a new RDF type should be used when there is new information to represent.
I still don't understand what "new information" would exist, between "Credential" and "VerifiableCredential"... the current arguments in favor of allowing "proof" in "Credential" make me believe there is no new information, and we should therefore NOT define "Credential".
dlongley
commented
1 year ago I think I would be fine with us dropping any formal discussion of "Credential"/"credential" and keeping all of that as informal discussion in the spec.
This would include changing application/credential+ld+json to application/vc+ld+json (if we prefer the shortened vc, but that's bikeshedding) and only using VerifiableCredential in the data model in the type field. The new "base media type" would be application/vc+ld+json (bikeshedding aside), with no other side effects to any other decisions previously made. I think this could simplify things for implementers and perhaps help address some of Orie's concerns. We already know that this is how people have been working with the 1.1 spec with success thus far.
To emphasize, it would be vital that this would not undo other decisions and create more work for the WG -- the idea here is to simplify and reduce work. So if the above would do that and we can get consensus around it, then I'd be for it.
TallTed
commented
1 year ago [@msporny] Let's define
application/vc+ld+json, which MUST/SHOULD containproofand dropapplication/credential+ld+json
Change that MUST/SHOULD to MAY and I'm OK with it. application/vc+ld+json describes the data structure of a credential, which may (verifiable) or may not (unverifiable) include crypto signature and/or encryption.
I might be OK with SHOULD, but I'm inclined against it, and I'm definitely not OK with MUST — unless the value of proof may be NULL (or functional equivalent) in both cases.
Just as we don't know every use to which verifiable credentials may be put, I don't believe we know every use to which unverifiable credentials may be put, and I want to preserve sufficient flexibility that another "thing" won't be required to satisfy those unverifiable credential use cases.
[@OR13] We need to be careful with
proofsince it introduces bias towards "securing formats", since some use "external proofs".
I'd be fine with changing most, probably all, instances of proof to cryptographic signing and/or encryption information or the like.
David-Chadwick
commented
1 year ago In my opinion the confusion between credential and verifiableCredential has led to issues around which metadata was tied to the credential and which was tied to the verifiableCredential. So the validity period of the credential became confused with the validity period of the cryptographic proof, whilst the ID of the credential became confused with the ID of the proof/signature. Clearly Orie's Option 1 above continues this confusion by inserting a proof property into a credential. The credential does not have a proof property. If it does then it is by definition verifiable, so is a verifiableCredential
iherman
commented
1 year ago I have set up a PR (#1057) to focus the discussion. The possible changes (or not) on media types or context files are, though related, separate issues...
TallTed
commented
1 year ago [@David-Chadwick] The credential does not have a proof property. If it does then it is by definition verifiable, so is a verifiableCredential
A proof property does not render the credential verifiable unless it has an appropriate value. An empty proof property might be included in a non-verifiable credential (or "credential") — or in a verifiable credential for which there is an associated external proof.
The presence of the proof property in a "credential" of indeterminate verifiability is not enough in itself to "by definition" make that "credential" "verifiable".
OR13
commented
1 year ago The presence of the proof property in a "credential" of indeterminate verifiability is not enough in itself to "by definition" make that "credential" "verifiable".
The spec sorta disagrees with this point, though I admit that I have seen this part of the spec consistently disputed by WG members.
At least one proof mechanism, and the details necessary to evaluate that proof, MUST be expressed for a credential or presentation to be a verifiable credential or verifiable presentation; that is, to be verifiable.
Note the use of the MUST... which is normative, and requires a "test".
Perhaps the spec text is so poor, we must admit that it is never interpreted consistently.
TallTed
commented
1 year ago At least one proof mechanism, and the details necessary to evaluate that proof, MUST be expressed for a credential or presentation to be a verifiable credential or verifiable presentation; that is, to be verifiable.
This does not require that such a proof mechanism be expressed via a proof property within a credential, nor does it say that a proof property (if present) must be populated with any specific value(s).
Perhaps the spec text is so poor, we must admit that it is never interpreted consistently.
I will concede this possibility, and continue to strive for better text, toward more consistent (though perhaps never perfectly so) interpretation, particularly but not only because we are actively working on a v2 that is generally if not universally expected to improve on v1.
OR13
commented
1 year ago This does not require that such a proof mechanism be expressed via a proof property within a credential, nor does it say that a proof property (if present) must be populated with any specific value(s).
100% agree... I think the problem is that it is not clear to the WG if a "well formed" "proof" property is sufficient to satisfy the MUST.
The problem with this ambiguity is:
...
David-Chadwick
commented
1 year ago A proof property does not render the credential verifiable unless it has an appropriate value.
I tend to disagree. Even if a verifiable credential has an appropriate value, the credential could still have been revoked and is therefore not verifiable (for example, an imposter could have stolen the issuer's private key, issued the VC, and then the issuer, upon finding out the theft, revokes all issued VCs).
So I maintain that a credential with a proof property is a verifiable credential. The proof property may be badly formatted, null, or use a weak algorithm with known flaws. Nevertheless it is verifiable, but the result of the verification process will yield the result of positive or negative verification.
David-Chadwick
commented
1 year ago p.s. Verifiable does not mean verified
msporny
commented
1 year ago p.s. Verifiable does not mean verified
Yes, I tend to agree with @David-Chadwick here as well.
It seems as if talking about a Credential being secured or not has turned out to be a dicey proposition.
However, talking about a VerifiableCredential tagged with a media type of application/vc+* that MUST be secured IN SOME WAY (as PR #1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress. Once we decide that, we could come back to this discussion.
I'm increasingly doubtful that normatively formalizing a Credential or a Presentation adds much value. That's not to say it has some value, but the juice doesn't seem to be worth the squeeze.
iherman
commented
1 year ago The issue was discussed in a meeting on 2023-04-12
TallTed
commented
1 year ago talking about a
VerifiableCredentialtagged with a media type ofapplication/vc+*that MUST be secured IN SOME WAY (as PR https://github.com/w3c/vc-data-model/pull/1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress.
It's not going to make much progress with me.
A verifiable something is something which can be secured, to the extent that "securing" means "providing means by which to confirm that its content has not been tampered with, and to discover its issuer".
Specific use cases may choose to use weak tools of various kinds, and still work with (weakly) verifiable credentials.
The full structure of a VC can be complied with, and the V can always fail, and the document is still a VC, to my mind. What happens with the business logic thereafter is beyond our remit.
msporny
commented
1 year ago talking about a
VerifiableCredentialtagged with a media type ofapplication/vc+*that MUST be secured IN SOME WAY (as PR #1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress.It's not going to make much progress with me.
:)
A verifiable something is something which can be secured, to the extent that "securing" means "providing means by which to confirm that its content has not been tampered with, and to discover its issuer".
I'm not sure that's a useful definition... anything can be secured, so if that's your definition, it applies to anything, which makes the distinction not worth much.
I'd argue that one of the things that makes the work this group is doing important is the notion that we're not just saying "anything can be secured"... we're saying: "We expect the VCDM to be secured in these normative ways."
Specific use cases may choose to use weak tools of various kinds, and still work with (weakly) verifiable credentials.
Yeah, that's exactly the sort of slippery slope I'd like us to stay away from, because we can already see vendors trying to rebrand their "weakly verifiable credentials" as "verifiable credentials". There's an active dilution in the sort of verifiability and interoperability that we, as a WG, expect... and that's the thing I'm taking issue with.
The full structure of a VC can be complied with, and the V can always fail, and the document is still a VC, to my mind. What happens with the business logic thereafter is beyond our remit.
Slippery slope... I get what you're saying, and don't entirely disagree with it... it's how vendors will twist your intention that worries me.
Can you think of some clauses that would make it harder for vendors to twist your intention?
PS: This is neither here nor there for this particular issue, it's marked pending close and should be closed. @TallTed I'm wondering if we need a new issue for whatever it is that we're discussing here. :)
TallTed
commented
1 year ago Much like the DID Rubric, I think there are some number of attributes of VCs which represent tradeoffs relevant to different deployments/use-cases.
It's appropriate for us to make it as easy as possible for end users to evaluate the VCs from various vendors, and determine whether the strength of their signatures, encryption, etc., is sufficient for their comfort. Hopefully, there will be more than one VC implementation vendor vying for each deployment scenario, and the stronger will win out.
brentzundel
commented
1 year ago Though some additional comments have been made, no objections have been raised since being marked pending close, closing.
(This discussion may belong to the comment thread of #1014, but it is not commenting on the main line of the discussion. I have therefore decided to create a separate issue.)
As a result of the introduction of
credentials+ld+jsonthere is now a discrepancy between the media types used in the spec and the vcdm vocabulary. I do not think that is healthy.At present, there is no class for a
Credentialin the vocabulary (although it is there between the lines, i.e., in the term definitions). We only have aVerifiableCredentialterm. Now that we have a a separate media type for credentials, i.e., a (non-verifiable) credential is now a separate "thing", we may want to consider introducing a separateCredentialclass to the vocabulary.However, if we do this, we have several issues that we have to consider. These issues reflect the discussions we have in #1014. (Note that this is not only boring question of RDF; the vocabulary is a (simple) ontology, i.e., it forces us to pin down the exact relationships of the various terms we are using.)
The fundamental question is: is a
VerifiableCredentiala subclass ofCredentialor not? This is, essentially, the counterpart of the question whether (if we go down that route) we would haveverifiable+credential+ld+jsonorverifiable-credential+ld+json, respectively. The alternatives on the vocabulary are:VerifiableCredentialis a subclass ofCredentialFrom the vocabulary point of view, this is a relatively simple thing. Most properties (
credentialStatus,validFrom, etc.) haveCredentialas a domain; by virtue of subclassing using those terms onVerifiableCredentialinstances is perfectly fine. One would be tempted to refer toproofas the outlier, but the domain of that property, which is defined in the Security Vocabulary is not defined explicitly, probably because the idea is that the termproofcould be used on other concepts than credentials. I.e., even if we introduce a restriction whereby a proof must not be used on aCredential, that statement may remain "outside" the formal ontology. (Alternatively, there may be some complicated OWL2 statement that would lead to a contradiction if proof was used on aCredential, but I am not sure it would be worth it; it would probably be of a form that simple OWL2 reasoners could not handle, so would be ignored in practice).VerifiableCredentialis not a subclass ofCredentialFrom a vocabulary point of view, what it would mean is that all aforementioned properties would have, as domain definition, a disjunction, something akin to "
VerifiableCredentialorCredential". Which is fine. However, a further question is: areVerifiableCredentialandCredentialdisjoint? It certainly feel like this would be the case; luckily, OWL can express that easily, the only practical obstacle is that theyaml2vocabscript we use should be extended to introduce such extra restriction (but that can be solved).Note that the introduction of
Credentialmay affect the examples in the spec which, for now are all of the form:which may have to use
Credentialinstead. But, I believe, by virtue of havingcredentials+ld+jsonseparately this makes sense in any case...@dlongley @msporny @OR13 @mprorock @brentzundel