Add renderMethod as reserved extension point.

[msporny]

This PR builds upon PR 1097 and adds three new properties (and their reserved URLs) to the reserved properties table:

• confirmationMethod / confidenceMethod
• presentationSchema
• renderMethod

There is now also an example specification that demonstrates how these reserved properties could be leveraged by external specifications: Verifiable Credential Rendering Methods

The specification notes that it utilizes the reserved property in the VC Data Model, and then defines a type that can be used with the extension point.

---

Preview | Diff

[OR13]

Can we split this PR up, so we can address each of these independently?

I am supportive of reserving confirmationMethod, and but I object to renderMethod, presentationSchema.

The reason for my objection is that both of these extensions when leveraged by an issuer, impact complexity on the holder / verifier, which I believe might lead to fragmentation and harm adoption.

[awoie]

lgtm

[msporny]

Can we split this PR up, so we can address each of these independently?

We can just refactor this PR after we have a discussion in it. The changes are small enough that a refactor after we get consensus on the properties will be easier than having a parallel discussion on each one.

The reason for my objection is that both of these extensions when leveraged by an issuer, impact complexity on the holder / verifier, which I believe might lead to fragmentation and harm adoption.

Hmm, that doesn't make sense to me, perhaps there is a miscommunication of some kind. Could you explain this a bit more?

The impact that confirmationMethod/confidenceMethod would have on the ecosystem would be the exact same for renderMethod and presentationSchema. That is, they're optional properties that Holders/Verifiers can ignore, unless they want to process them.

Also, note the issue marker here: https://github.com/w3c/vc-data-model/pull/1108/files#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R3200-R3206

Which states that all three are at risk, and will be removed by the end of the Candidate Recommendation phase, unless a specification and two implementations exist (no requirement for a test suite, no requirement for interoperability on each feature, but at least a demonstration that people are implementing against the extension point).

[davidlehn]

Should this be here?

[msporny]

No, it shouldn't... bad merge. Fixed in cabcea1. Thank you!

[gobengo]

these seem useful to define now to enable adoption. I dont know of any other vocabulary that these short names would collide with.

[brentzundel]

It isn't clear to me if this means only from the pertinent sections of the spec, or from this table as well.
Would it be better to put this text before each at risk property?

[msporny]

It isn't clear to me if this means only from the pertinent sections of the spec, or from this table as well.

Yeah, good point, I wasn't thinking about the existing sections of the spec.

We should probably just add at-risk markers to evidence, refreshService, and termsOfUse to be crystal clear wrt. their current state (at risk) as we enter CR. I'll do that in a separate PR.

Would it be better to put this text before each at risk property?

Yes, I can do that. It felt like it would be repetitive to copy/paste the same text to each entry. In the grand scheme of things, it doesn't really matter because the entry and/or text would be removed as we move into PR. I'll do the revision in an update to this PR.

[msporny]

Fixed in a86f020.

[David-Chadwick]

Can we please discuss issue #1102 along with this issue please. Thanks.

[msporny]

@OR13 I don't now if your review is still blocking this PR, or if we achieved consensus to merge this PR during one of the calls this week (that I missed -- the minutes are not clear on the status of this PR).

If @OR13 is good with this PR, we can merge. If not, we're going to have to shift it into DO NOT MERGE / discuss.

[OR13]

Suggested change

	<td>`confidenceMethod`</td>
	<td>`confirmationMethod`</td>

[OR13]

Suggested change

	`https://www.w3.org/2018/credentials#confidenceMethod`.
	`https://www.w3.org/2018/credentials#confirmationMethod `.

[OR13]

It would be good to not invent new security terminology that can so easily be confused with existing RFCs that do exactly the same thing:

By including a "cnf" (confirmation) claim in a JWT, the issuer of the
JWT declares that the presenter possesses a particular key and that
the recipient can cryptographically confirm that the presenter has
possession of that key.

https://datatracker.ietf.org/doc/html/rfc7800#section-3

[TallTed]

Except that they don't do exactly the same thing. The cnf claim (and, I think, the related confirmationMethod) is specifically tied to key possession, while the confidenceMethod is explicitly broader and non-specific, though it might include key possession.

[OR13]

@TallTed you are correct they don't do the same thing, and one of them is more dangerous because it has an unbound domain... https://en.wikipedia.org/wiki/Confidence_trick

[OR13]

Adding confirmation like this is going to cause interoperability problems with existing securing formats, for example JWTs.

Reserving these properties is not necessary, since JSON-LD supports extension of credential attributes using @context, and there is no working group consensus on how these terms will be used in the future, we should allow for implementation experience to drive the standards development process.

This PR groups 3 experimental properties into one change to the document, I think the entire PR is a mistake, but my only blocking feedback is regarding confirmation method.

[Sakurann]

For the confidenceMethod, I would like to see #1054 merged first.

[awoie]

I would want to get PR #1054 to get merged before or not include confidence method as a reserved property but instead make it part of the core VCDM.

[awoie]

I would want to get PR #1054 to get merged before or not include confidence method as a reserved property but instead make it part of the core VCDM.

Also the current description of confidence method in this PR is different from the description in PR #1054

[msporny]

@OR13 wrote:

Adding confirmation like this is going to cause interoperability problems with existing securing formats, for example JWTs.

Assertion stated without explanation. It seems as if this was discussed at length during the VCWG special topic call and the group came to consensus that using cnf was the wrong thing to do:

https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-05-02-vcwg-special

Reserving these properties is not necessary, since JSON-LD supports extension of credential attributes using @context, and there is no working group consensus on how these terms will be used in the future, we should allow for implementation experience to drive the standards development process.

This is going back on the consensus position of the group to have reserved properties. There doesn't have to be WG consensus beyond that the terms are reserved and that there is a simple statement related to what the term does.

This PR groups 3 experimental properties into one change to the document, I think the entire PR is a mistake, but my only blocking feedback is regarding confirmation method.

It seems as if you were not present at the meeting that settled the topic on confidenceMethod being the preferred term:

https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-05-02-vcwg-special

Are you stating that consensus was not reached because you are objecting to the consensus reached on the call?

[msporny]

@Sakurann wrote:

For the confidenceMethod, I would like to see #1054 merged first.

Is this a technical objection to the PR, or a request that #1054 is merged before this PR?

[msporny]

@awoie wrote:

I would want to get PR #1054 to get merged before

We could have done that, but #1054 is now blocked by @OR13.

or not include confidence method as a reserved property but instead make it part of the core VCDM.

confidenceMethod is on the same footing as evidence, termsOfUse, and refreshService... that is, there has yet to be a demonstration of two implementations. evidence, termsOfUse, and refreshService are listed in the reserved properties section today (even though they are listed in the specification):

https://w3c.github.io/vc-data-model/#reserved-extension-points

Why should confidenceMethod achieve a higher status than evidence, termsOfUse, and refreshService in the spec today?

To reiterate the purpose of this PR:

• Any extension point that has a definition in the specification (evidence, termsOfUse, refreshService, and -- presumably -- confidenceMethod, if Add confidence method to VCDM #1054 is merged), but does not have two implementations for it, has its section listed in the spec as "at risk" and is listed in the reserved extension points table. If we don't get enough implementations by the end of CR, we delete the section from the spec and leave the reserved properties table entry for the item alone. If we get two implementations, we remove the entry from the reserved properties table (and the section remains in the spec).
• Any extension point that does not have a definition in the specification (presentationSchema, renderMethod) gets an entry in the table and a term URL assigned to it. If we get enough implementations by the end of CR, we create a definition for the extension point in the specification (just as there is one for evidence, termsOfUse, and refreshService now) by lifting it's definition from the external spec that defines the extension point. Example for renderMethod.

We might want to add something that explains the above in an issue marker in this PR -- would anyone be averse to doing so?

Also the current description of confidence method in this PR is different from the description in PR #1054

We should update the description to match #1054.

[David-Chadwick]

two suggestions. First, the comma after in is not needed. Second, 'being associated with a particular subject' is either ambiguous or unnecessary. All credentials are associated with a subject as they have a subject property, so does this mean that the presenter is associated with a particular subject or not?
I suggest simply remove 'being associated with a particular subject' or clarify to 'can gain more confidence
that the presenter of the credential is associated with the subject"

[TallTed]

Definitely, remove the extraneous comma.

Suggested change

	in, the presentation of the credential being associated with a particular
	in the presentation of the credential being associated with a particular

[TallTed]

A less definite change, but no less definitely a problem, is that, as discussed, confidenceMethod is not limited to connecting a presenter nor a presentation with a subject, nor to connecting a credential with a presenter. confidenceMethod has been discussed as applicable to any attribute (and its value), meant to let the issuer guide the verifier to increased confidence in that assertion/claim by the issuer. I haven't come up with a more pithy way to put that, but maybe the above helps someone else to a concise and accurate description.

[mprorock]

Suggested change

	<td>`confidenceMethod`</td>
	<td>`confidenceMethod`</td>
	<td>`confirmationMethod`</td>

[dlongley]

-1 to bringing back confirmationMethod.

[mprorock]

how would you suggest we map cnf then?

[dlongley]

@mprorock,

how would you suggest we map cnf then?

A specific, single-key-style proof-of-possession type of confidenceMethod (which someone will need to define) can be mapped to cnf. Other types clearly wouldn't map, for example:

{
  ...,
  "confidenceMethod": [{
    "type": "FooSingleKeyProofOfPossessionConfirmationThing",
    "cnf": { /* same kind of stuff that goes in 'cnf' }
  }, {
    "type": "DoesNotWorkWithCnf",
    ...
  }]
}

[iherman]

The issue was discussed in a meeting on 2023-05-10

• no resolutions were taken

View the transcript

1.6. Add new v2.0 reserved properties. (pr vc-data-model#1108)

See github pull request vc-data-model#1108.

Manu Sporny: PR 1108 - Add new v2.0 reserved properties.
… 4 objections with change requests from Orie, David Chandwick, Oliver and Kristina.

Orie Steele: FWIW i think #1107 can be merged outside of call time, I was the only objector.

Manu Sporny: think Oliver and Kristina wanted to see confidence method merged before this PR is merged, which we're not doing today.
… what are you thoughts on this Orie?

Orie Steele: seems like render method would go in by itself. there's work going in the CCG and people would agree with this.
… would approve render method and has presentation schema reservations.

Samuel Smith: In the academic literature the word confidence is extremely common in expert systems and automated reasoning to provide a measure of uncertainty on a given predicate.

Samuel Smith: See https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5378479/#:~:text=Nevertheless%2C%20there%20is%20a%20fundamental,commitment%20is%20overt%20or%20covert)..).

Orie Steele: today Orie is ok with the confidence method in the table. Not a fan of it in any format and prefer to have it reviewed for terms independently.

Manu Sporny: refactor PR to only refer to render method - any objections to that?

Brent Zundel: no objections heard.

Shigeya Suzuki: I share same thought on presentationSchema and renderMethod with Orie.

Orie Steele: I would be a +1 to reserving render method, since their is a ccg spec which I can read that might eventually get 2 independent implementations.

Dave Longley: SamSmith: (and that's a match for its usage in VCs).

Phillip Long: Manu wil redo 1108 to only include render method.

[msporny]

I have reworked this PR to only include renderMethod. This clears all registered objections with the PR, namely:

• Both @Sakurann and @awoie's request to merge Add confidence method to VCDM #1054 first no longer applies, as Add confidence method to VCDM #1054 is now blocked (by @OR13), and the property is no longer a part of this PR.
• @David-Chadwick's request to change confidenceMethod no longer applies due to the previous bullet point.
• The remaining property in this PR, renderMethod did not receive any objections in this PR, nor during a call for objections during the last call.
• @OR13 and @mprorock confirmed that they will not object to a renderMethod-only PR being merged.

Therefore:

Normative, multiple reviews, changes requested and made, no objections, merging.

[Sakurann]

I am not ok with this being merged over my request for changes, saying that the PR #1054 is blocked. Please revert.

I am against merging properties that were not in v1.1 as extension points like this without much clarity what it means, especially given the direction PR #1054 is taking.