-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add normative requirements related to context processing #1281
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The language here is fine. It wasn't touching on the aspect I thought you brought up in your summary during the meting.
Sorry for the confusion.
The issue was discussed in a meeting on 2023-09-14
View the transcript1.11. Add normative requirements related to context processing (pr vc-data-model#1281)See github pull request vc-data-model#1281. Manu Sporny: Orie requested that, because context is normative, we explain what that means. Sebastian Crane: From a security perspective you don't want to have errors leaking through. What is the difference between the context and any other validation? Manu Sporny: One example is the daterange validFrom and validUntil. E.g. a validFrom value that said use "validFrom tuesday". It has nothing to do with context. It's a non-context based error. Validation would fails. Joe Andrieu: I think your question is the difference between verification vs validation. I don't think you can verify with an invalid context. Sebastian Crane: Why is it so specific to the context file? Manu Sporny: I think you are correct in suggesting "any validation errors should be bubbled up". Joe Andrieu: I want to disagree when the processing you're suggesting to do when you're not doing json-ld processing. Manu Sporny: the full json-ld processor will utilize the full extent of the @context file. Joe Andrieu: I understand that nuance. You still need to understand that context even if you aren't doing full processing. Manu Sporny: that does not happen. You presume it's valid.
Manu Sporny: It's happening in the web right now. the same file may yield different results depending on whether full processing is doing. Brent Zundel: the VCDM already states that context needs to have certain values.
Manu Sporny: I think Joe, you're saying that the Joe Andrieu: Not sure yet, but I think we need to still look at the property. Will look at the PR and m ake suggestions. |
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Normative, multiple reviews, changes requested and made, no objections merging. |
This PR is an attempt at addressing #1185 by noting how the normative context is used and to make sure that if that optional processing is performed, if an error occurs, verification MUST fail.
Preview | Diff