Closed andresuribe87 closed 8 months ago
@andresuribe87 Can you please be more specific about the sort of "clarification" you're seeking? While everything @iherman says above is accurate, I'm not sure it helps readers.
IOW, we're re-explaining concepts that other specifications explain (like RDF Concepts), or the details are not pertinent to the understanding of implementing VCs. I don't know if you're requesting a few sentences of clarification, and if so, what specifically?
Or you're requesting the depth of explanation @iherman provided to you, which I don't agree is helpful to put in the specification for at least two reasons: 1) those concepts are covered in other specifications; duplicating content is generally frowned upon, and 2) it's not clear how these clarifications impact anyone using or implementing the system?
@msporny here are some more concrete clarifications that I think are the minimum necessary.
Within the section 4.9, state that "An externally secured verifiable credential is not considered a verifiable credential graph. In general, a URL is only considered a verifiable graph when dereferencing the value results in a conformant document according to this data model.".
Within the definition of Presentations, in the verifiableCredential
property, state that "The values of the array MUST NOT be a verifiable credential secured with an external proof.".
Seems like making it clear that IRI is included in the range of verifiableCredential
would be all that is needed.
The issue was discussed in a meeting on 2023-12-06
@andresuribe87 wrote:
@msporny here are some more concrete clarifications that I think are the minimum necessary.
Great, thank you for the concrete suggestions, very helpful.
I'm going to get super pedantic here because it'll affect the language that's written. To be clear, I want to write some variation of the language you suggested as long as it's accurate:
Within the section 4.9, state that "An externally secured verifiable credential is not considered a verifiable credential graph.
While an externally secured VC couldn't be directly considered to be a separate graph (in most cases), it could be expressed in a separate graph, which is what PR #1379 does.
There is probably also some language that we could create where one could pre/post-process it and /interpret/ it as a verifiable credential graph... but that would just add complexity for the sake of academic purity. I'm not sure that language would benefit the vast majority of VC authors.
In general, a URL is only considered a verifiable graph when dereferencing the value results in a conformant document according to this data model.".
This sounds true on the surface... I'm trying to think about how this might be mis-interpreted. Developers might think that they can start stuffing URLs in the verifiableCredential
property, which they can't (and doing so wouldn't be very useful w/o cryptographic digest information on the contents).
Within the definition of Presentations, in the
verifiableCredential
property, state that "The values of the array MUST NOT be a verifiable credential secured with an external proof.".
This is true, but then people might think they can't do what's in PR #1379.
I guess I'm trying to figure out if PR #1379 changes any of your suggestions? I think what you're trying to say is "ban the use of pure strings and URLs in the verifiableCredential
array so that people don't continue to keep getting confused about it"?
I think what you're trying to say is "ban the use of pure strings and URLs in the verifiableCredential array so that people don't continue to keep getting confused about it"?
Yes. That's it. I want to provide clarity to implementers on what is and what isn't allowed as a value of the verifiableCredential
property.
Ok, I can change #1379 to include that language. Something to the effect of: "For the avoidance of doubt, you can't have these values..." or, as @dlongley suggested on the call, "MUST be an object and can't be something else, such as..."...
"MUST be an object; i.e., it can't be any non-object, particularly including..."
The issue was discussed in a meeting on 2023-12-13
PR #1390 has been raised to address this issue. This issue will be closed when PR #1390 has been merged.
The issue was discussed in a meeting on 2023-12-20
PR #1390 has been merged, closing.
From https://github.com/w3c/vc-data-model/pull/1358#issuecomment-1831580248 it's become evident that we need to further clarify what a "verifiable credential graph" is. Excerpt from the conversation is paster below.