New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
May 2018 - Review comments from Allen Brown #175
Comments
Extracting all 104 comments from the PDF file and including them here to make it easy to respond to each issue: @vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
@vieillevigne wrote:
|
@vieillevigne wrote:
Yes, the test suite certainly has (and will have more of these sorts of tests). From a pedagogical standpoint, I'm not sure we want to include counter-examples in the specification. The reason being that there are many ways a Verifiable Credential can be wrong, and I'm not certain that elaborating on only a subset will be helpful. Verifiable Credentials that are wrong will fail validation/checking and the errors will be apparent to the developers using libraries to check the correctness of the verifiable credential. |
@vieillevigne wrote:
Fixed here 901a5d3 |
@vieillevigne wrote:
This has been fixed in 901a5d3 |
@vieillevigne wrote:
One of the frequent complements we received on the JSON-LD specification was that the specification's front-matter can be used to understand why the specification exists for people that are not developers while the back-matter can be used by implementers to implement. I have no issue with short specifications, for example the meat of the HTTP Signatures specification (which I wrote) is all of 5 pages long: https://tools.ietf.org/html/draft-cavage-http-signatures-10 This is because the concepts and use case that it addresses is simple and self-contained. That is not the case for the Verifiable Credentials specification. In addition, we have had to defend its right to exist many times over the past 5+ years (it's not immediately obvious to people that have a background in x.509 and similar technologies), which has led us to refining that story into the front matter of the specification so that we don't have to keep explaining it to people as they discover what we're doing. I think the mistake that many W3C specifications make is being so succinct that they completely miss out on the opportunity to teach people what the problem is and how it is being solved in the first place. Most technical specifications (and technical writing) fails to orient the reader before delving into the details. That's not to say that the VC spec is doing a good job in that regard... but that's at least the principle behind why the front matter is so verbose. |
@vieillevigne wrote:
Fixed in 3387198 |
@vieillevigne wrote:
Fixed in f30c3c0 |
@vieillevigne wrote:
Fixed in 68cb5da |
@vieillevigne wrote:
Fixed in d304bc7 |
@vieillevigne wrote:
Fixed in 62e2242 |
@vieillevigne wrote:
We try to avoid the term "agent" as W3C people often confuse it with "user agent" which results in tragic consequences. |
@vieillevigne wrote:
Clarified the language around roles and entities in 8fa3910 |
@vieillevigne wrote:
Clarified it as a role in 8fa3910 |
@vieillevigne wrote:
Fixed in 525d709 |
@vieillevigne wrote:
I think this is fixed in 525d709, but I'm not sure. |
@vieillevigne wrote:
The arrows do specify the data flow. The specification does state "Holders store their credentials in credential repositories". The Holder isn't always the only repository of credentials (for example, public databases, blockchains, etc. can also be credential repositories, some of them have no connection with the holder.) |
@vieillevigne wrote:
Yes, that is the correct interpretation. |
@vieillevigne wrote:
Yes, correct. It's an obvious statement but there are many that don't know about or understand the goals of the semantic web. We're trying to succinctly express those here (without overly burdening the reader w/ the goals or mechanisms used for semantic web... as many of those concepts are uninteresting to most developers... and some of them are not useful for day to day programming tasks). |
@vieillevigne wrote:
Ha! Interesting, I didn't know that. @vieillevigne wrote:
Yes, although they are provided to help give the reader some operational context. @vieillevigne wrote:
Again, to provide the reader w/ operational context. |
@vieillevigne wrote:
The processor will throw an error as explained at the bottom of the section. @vieillevigne wrote:
The answer isn't nothing... it's prevented by happening via the processor throwing an error. |
@vieillevigne wrote:
The property itself is defined by the Verifiable Credentials JSON-LD context (this is true for all properties defined in the specification)... which is defined in the section on extensibility above where this comment was made: "the base JSON-LD Context (https://w3id.org/credentials/v1)." The current JSON-LD Context is provided here: https://github.com/w3c/vc-data-model/blob/gh-pages/vocab/context.jsonld When the spec is finalized, the URL above will be udpated. |
@vieillevigne wrote:
Clarified how evidence is different from proof in this commit: f10f8c8 |
@vieillevigne wrote:
Removed confusing non-normative MAY language in 3dcbe4e |
@vieillevigne wrote:
Fixed the MAYs in 3dcbe4e. Clarified the requirements in 9e73f95. |
@vieillevigne wrote:
Cleaned up the language in 860a725. |
@vieillevigne wrote:
Fixed in ad793e1. |
@vieillevigne wrote:
Fixed and clarified in ffc269a. |
@vieillevigne wrote:
The text says "verifier", so the currently means "the future of the verifier". I expect you mean "example the verifier", and if they can't see it until 2 hours after issue, then it's not a problem as long as 2 hours in the future is not "in the future" for the verifier. That said, I've clarified the language a bit in c625755. |
@vieillevigne wrote:
This is up to the verifier's risk model to determine if that is appropriate for the use case. This is one of the reasons we're keeping the language around |
@vieillevigne wrote:
Yes, fixed in 2d08dc4. @vieillevigne wrote:
Yes, that was confusing. Fixed in 2d08dc4 to use positive examples instead of negative ones. @vieillevigne wrote:
Fixed in 2d08dc4. |
@vieillevigne wrote:
I've effectively gutted the entire section on syntax as most of the specification is introduced by example, most every example /is/ JSON and this section doesn't add a great deal wrt. the examples and language. Most of the section is confusing and repetitive (it was one of the first sections written in the specification and hasn't been kept up to date). Thus, the huge editorial gutting in eb9be6c. For every section in the syntax section that has been gutted, I've made sure that an example or text exists elsewhere in the specification that covers the text that has been removed. Many of your questions/confusions below have been addressed by the rewrite. @vieillevigne wrote:
Yes, that's true.
That was not the intent and I've added clarity here in eb9be6c. @vieillevigne wrote:
It's meant to map a source data model to a target syntax. Some clarification in eb9be6c. @vieillevigne wrote:
Yes. I've tried to clarify all of this in eb9be6c.
I've tried to bring the language such that it speaks specifically to "Numeric values representable as IEEE754" in eb9be6c. @vieillevigne wrote:
Nothing... I've gutted the examples. :) @vieillevigne wrote:
Removed the confusing language in eb9be6c. @vieillevigne wrote:
Removed in eb9be6c. @vieillevigne wrote:
Fixed in eb9be6c. @vieillevigne wrote:
Removed and reworded in eb9be6c. Does the new text address your concern? |
@vieillevigne wrote:
Yes, that is correct. In fact, we weren't even allowed to start the WG until we had a section that picked apart all of the privacy considerations that we could think of. It took us multiple in-person meetings at conferences, multiple requests to WGs and IGs, and close to six months to do the analysis and bring all of this together. :(
Yes, well... there are politics at play here and we need this section in the document. We tried to make it a separate document and people (not involved in the work) moaned and complained about it. So, it's there until everyone feels comfortable with the fact that we've done the proper review. We're submitting this document to the W3C Privacy Interest Group in the next couple of months. |
@vieillevigne wrote:
If we can cite a collection of Web Privacy papers that might be better, such as from the most recent Privacy on the Web Workshop (which I did a quick search for and couldn't find). |
@vieillevigne wrote:
The latter establishes an exact date where the former just provides monotonic logic wrt. the question asked. The second is more privacy preserving than the first.
Yes, correct.
I'd challenge that assertion, there are zero knowledge proofs that would convince /some/ verifiers that the person's legality as a drinker is entailed. |
@vieillevigne wrote:
Yes, that is correct. I've tried to note that in the spec in 30ccbcd. |
@vieillevigne wrote:
Privacy is a sliding scale, and at times, principles are at odds with one another. So yes, it is at odds for all use cases, but not for some use cases (where you prefer one principle over the other). |
@vieillevigne wrote:
They are different conceptually... Principle of Minimum Disclosure is meant to be about "asking and giving as little as possible"... Aggregation of Credentials is about "be aware of the information collected on you over time". |
@vieillevigne wrote:
Agreed, bad sentence. Attempted to clarify in 352a574. |
@vieillevigne wrote:
Yes, that was the intent. This point is being debated in #178. |
Ok @vieillevigne, I have responded to every comment you made in your review. Most of them with changes, and when there were not changes, the response included the reason there were no changes. Please review PR #179 ... diff-marked version here: https://pr-preview.s3.amazonaws.com/w3c/vc-data-model/179/daed52d...352a574.html line by line diff here: https://github.com/w3c/vc-data-model/pull/179/files Let me know if all of that satisfies your review comments (understanding that you can submit more comments at a later date). |
All review comments have been processed and editorial changes have been made to the specification. |
@vieillevigne submitted lots of review comments for the spec in PDF form:
AllenBrownReview-VerifiableCredentialsDataModel.pdf
This is just a reminder to @msporny to not drop that on the floor.
The text was updated successfully, but these errors were encountered: