IETF Logo Mail Archive

Re: [SPICE] Informal Meeting Notes (errata)

Michael Prorock <mprorock@mesur.io> Fri, 05 January 2024 14:20 UTC

Return-Path: <michael.prorock@mesur.io>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8E1DC14F704 for <spice@ietfa.amsl.com>; Fri, 5 Jan 2024 06:20:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.886
X-Spam-Level:
X-Spam-Status: No, score=-1.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paH9rAZdwcWX for <spice@ietfa.amsl.com>; Fri, 5 Jan 2024 06:20:45 -0800 (PST)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA2EC14F703 for <spice@ietf.org>; Fri, 5 Jan 2024 06:20:45 -0800 (PST)
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a28ec136715so174640766b.1 for <spice@ietf.org>; Fri, 05 Jan 2024 06:20:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20230601.gappssmtp.com; s=20230601; t=1704464444; x=1705069244; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iimO21XGJSzTWJfy2fJTP7jdIsJTBZg8wCkMl8dMlGQ=; b=IWJujxnrVXYIdP1q0RFU2fzWAntUpjjjOJ3nhPna8aIW3JCviB6EjqXWmQp8ZkzVZa SIpKgrGObgQvbWIgCm5DXHNX1XMn/FhPn4de1cTaSPkiSlkJr01R+VePhEX3Iyh9uTpH sh4Uik3nEgxDuf5awJHl5YKJs4o4g+NjkpqgH/8SraPapn8y99/NtvCbfbkrG+esxEWA jhwB0j5DLBAIQQTW5OZihlZbUk+kymrqCfCKBzzM5TtFjFI577OZ49BtgOFB+vIoq6Iv 6X3nu5VY+uOPqVj2QCpCFBu8Kxg58n93O+D8Ef55zHFMWH4ZeCEikemLJSc8hpuMvxb4 01PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704464444; x=1705069244; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iimO21XGJSzTWJfy2fJTP7jdIsJTBZg8wCkMl8dMlGQ=; b=TkecyABUJIVSJfZRGZgEXWV658n/eq2NlmTlJSxcU5a/s6EJl7tmDWUa62A/7AToC7 f3qjdISxhil4GhaMqO/UNlPWuVk6wiSSu6Ze7u1MLGh2TL7Ci/9QI++b+bRUvKib1qFq Xjn+MCnO774bzU2GOjWDdSj3cjOMsv/sLif3CyOm0nmx4CbFWpA3ugiCh9sRY7KM28He 47m51n+Uil4Id3sr7/GnTFNyR8ADsI+aR7P+y8JOObqukZpjD0TzWWhZp9yIxwbwQ5LK XNcZmwafEGwNYyF9kthlc/9hq55yzQ/p+rhINvvc04/lXhPCAfiLlY0KI7hq+aenYzhj ohpw==
X-Gm-Message-State: AOJu0YzUOKs9pwifQ8nRj2GIEXmFPUBjvsvynTvnh/KOjL7YgguDb6SF xFiqKHcCU8Eu2vHmQ2I2E29/B234n9WZ4M5KPTlxzU7Q49BC
X-Google-Smtp-Source: AGHT+IEKDgaAJKwQg+4ObvcX7fyGRoLPTD02Y8abqjHCCvc1yfKFFfdrB2xWV3FotgDu5NBjVOKH6gARKOLqf5RjvbM=
X-Received: by 2002:a17:906:ad6:b0:a27:fada:51f with SMTP id z22-20020a1709060ad600b00a27fada051fmr1058197ejf.70.1704464443477; Fri, 05 Jan 2024 06:20:43 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_JF81-sZ4dQB7_Ma7_UfAwgc8UhZ-trRHQY1TCk+t7iKg@mail.gmail.com> <9b385dd2-bc5a-c7bc-d131-0bffb4fe8d26@free.fr> <59bc594d-9539-1597-d4da-983f38dd1b49@free.fr> <CAN8C-_JrAFHRSQ7tP=+RFsVNj=6a9tRb+v4ST3r3zxp_urNHaA@mail.gmail.com> <f7bf2593-35b1-5fc0-935e-12c692357506@free.fr> <CAN8C-_KiK84KKPZJnnbvHyzPB6q8x5cEJXEGYeVxiv6ru3frHQ@mail.gmail.com>
In-Reply-To: <CAN8C-_KiK84KKPZJnnbvHyzPB6q8x5cEJXEGYeVxiv6ru3frHQ@mail.gmail.com>
From: Michael Prorock <mprorock@mesur.io>
Date: Fri, 05 Jan 2024 07:20:33 -0700
Message-ID: <CAGJKSNSZsUE7=qCnQHtPJnkhCOiXNcomFmaFCsaYaPa4cN4q2A@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Cc: Denis <denis.ietf@free.fr>, Hannes Tschofenig <hannes.tschofenig@gmail.com>, spice@ietf.org
Content-Type: multipart/alternative; boundary="000000000000afa48f060e338d3a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/sxyDeO86cfpa7qJJgq4S-i46r6I>
Subject: Re: [SPICE] Informal Meeting Notes (errata)
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2024 14:20:49 -0000

I fall in line with Orie on this one.  I think use of the term metadata is
helpful here and aligns with other uses of the term elsewhere im ietf docs

Mike Prorock
CTO - mesur.io

On Fri, Jan 5, 2024, 07:03 Orie Steele <orie@transmute.industries> wrote:

> Issuer metadata discovery is key to understanding "what kind of
> credentials can I get" and "what formats are coming in" and "how can I get
> them".
>
> The word metadata is a generic term to describe data... about data... In
> this case that solves the problem of "what (meta)data is discoverable about
> issuers, holders and verifiers".
>
> And all the examples we provide such as keys, claims, credentials and
> proofs, are examples of data which we might want to retrieve additional
> information (metadata) regarding.
>
> Our use of the word, is consistent with other IETF working groups, for
> example:
>
>
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-01#name-jwt-issuer-metadata
>
> I don't agree with your proposal.
>
> OS
>
> On Fri, Jan 5, 2024 at 1:53 AM Denis <denis.ietf@free.fr> wrote:
>
>> Hi Orie and all,
>>
>> I rephrased your suggestion here:
>>
>>
>> https://github.com/transmute-industries/ietf-spice-charter/commit/3848dac6c5b7b2ab5d91c0bb909c3f959eb2b197
>>
>> The new sentence is :
>>
>> A meta-data discovery document enabling issuers, holders and verifiers
>> to discover supported protocols and formats for keys, claims,
>> credentials and proofs.
>>
>> I would propose to drop the words "meta-data" and "issuers,". As
>> mentioned earlier, an issuer does not need to discover anything.
>>
>> A  discovery document enabling holders and verifiers to discover
>> supported protocols and formats for keys, claims, credentials and proofs.
>>
>> Denis
>>
>> I don't know what a "credential request format" is but I assume it's some
>> protocol (possibly one of many) for issuance (delivering a credential from
>> an issuer to a holder).
>>
>> You also did not include "presentation request format", which would be
>> some protocol (possibly one of many) for delivering a proof (or
>> presentation) from a holder to a verifier.
>>
>> I used "supported protocols and formats" to capture these requirements.
>>
>> You might consider data URIs presented through animated QR Codes to be an
>> example of part of a presentation protocol.
>>
>> I suspect that commenting on "supported protocols" might raise the
>> question of if SPICE will define issuance or presentation protocols.
>>
>> I think it's ok to keep it as is and not define any protocols under the
>> first charter, even if we enable discovery of OIDC4VC, OIDC4VP, mDoc
>> Request API, etc...
>>
>> If you think that we MUST define protocols for issuance and presentation
>> under the first charter, we will need to add more milestones, but I don't
>> want to do that.
>>
>> OS
>>
>>
>> On Thu, Jan 4, 2024 at 4:24 PM Denis <denis.ietf@free.fr> wrote:
>>
>>> Error:
>>>
>>> Instead of "Verifiable Credential formats", please read: "Verifiable
>>> Presentation formats"
>>>
>>> Denis
>>>
>>> Hi Orie,
>>>
>>> The second document is defined as follows:
>>>
>>> A meta-data discovery document focusing on the scalable, Internet-wide
>>> discovery of keys, credential formats and meta-data for issuers, holders
>>> and verifiers.
>>>
>>> During the meeting, I was looking for a wording better than "key
>>> discovery" or "meta-data discovery"and I could not find it.
>>> After the meeting, I believe that "formats discovery" would be more
>>> appropriate.
>>> In the list, "credential request formats", "proof formats" (i.e.;
>>> Verifiable Credential formats - using the W3C vocabulary) are "claims
>>> formats" are missing.
>>>
>>> Below is my proposal:
>>>
>>> A "formats discovery" document focusing on the scalable, Internet-wide
>>> discovery of credential formats,
>>> * credential request formats, proof formats*, *claims formats* and keys
>>> for holders and verifiers.
>>>
>>> I dropped "issuers" from the list, since an issuer does not need to
>>> "discover" anything.
>>>
>>> Denis
>>>
>>> Hello Spice Enthusiasts,
>>>
>>> Call attendance:
>>>
>>> - Orie Steele
>>> - Alexander Stein
>>> - Brent Zundel
>>> - Denis
>>> - Henk Birkholtz
>>> - Heather Flanagan
>>> - Justin Richer
>>> - Pam Dingle
>>> - Rifaat Shekh-Yusef
>>>
>>> Call agenda:
>>>
>>> - Charter Text Revisions
>>> - https://github.com/transmute-industries/ietf-spice-charter/pull/17
>>>
>>> Minute Summary:
>>>
>>> We discussed recent feedback on the MLS charter, and decided to remove
>>> the "history section" except for the 3rd paragraph, which was proposed by @Hannes
>>> Tschofenig <hannes.tschofenig@gmail.com> .
>>>
>>> We discussed the "Key Discovery" milestone deliverable, and revised it
>>> to be "meta data discovery" and include, keys, issuer, holder, verifier
>>> metadata including supported "formats".
>>>
>>> We discussed the possibility of including an informative use cases
>>> document. There was rough consensus to omit this document from the official
>>> milestones, but comments that it still might be useful as the group
>>> developed the architecture, and a suggestion to perhaps put it on the wiki
>>> when we have one.
>>>
>>> We had unanimous agreement that the 3 proposed milestones are the right
>>> starting point for the charter.
>>>
>>> We had no additional milestones or recommendations proposed.
>>>
>>> There remains some concern the initial charter text is too long, see the
>>> latest text here:
>>>
>>>
>>> https://github.com/transmute-industries/ietf-spice-charter/blob/main/charter.md
>>>
>>> The call time remains the same until we announce otherwise, everyone is
>>> welcome to attend (we are not a formal working group yet):
>>>
>>>
>>> https://github.com/transmute-industries/ietf-spice-charter?tab=readme-ov-file#meetings
>>>
>>> Regards,
>>>
>>> OS
>>>
>>> --
>>>
>>>
>>> ORIE STEELE Chief Technology Officer www.transmute.industries
>>>
>>> <https://transmute.industries>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>>
>>
>> ORIE STEELE Chief Technology Officer www.transmute.industries
>>
>> <https://transmute.industries>
>>
>>
>>
>
> --
>
>
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries
>
> <https://transmute.industries>
> --
> SPICE mailing list
> SPICE@ietf.org
> https://www.ietf.org/mailman/listinfo/spice
>

v2.23.0 | Report a Bug | By Email