-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address @jyasskin's pre-Candidate Recommendation review comments #1357
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Relatively small. I think all are editorial. Some further tweaking may be necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just 1 substantive comment for this document; looks good once you've considered that.
<li> | ||
be used when retrieving the content, such as via the `Accept` HTTP Header | ||
</li> | ||
<li> | ||
match the retrieved content media type, such as via the `Content-Type` HTTP | ||
Header. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that these restrictions will need to be enforced in the fix to w3c/vc-data-integrity#222. No need to block this PR on that.
index.html
Outdated
@@ -3069,6 +3100,11 @@ <h2>Integrity of Related Resources</h2> | |||
an object in the <code>relatedResource</code> array. | |||
</p> | |||
<p> | |||
Any failure to verify content integrity information that is vital to the | |||
validity of a <a>conforming document</a>, such as the integrity of content | |||
identified by related `@context` URLs, SHOULD result in a validation error. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like it should be a MUST, but that MUST should appear in the place that uses the related resource, rather than here. The wording here could be something like
The authors of any specification that fetches a resource based on the `id`
of an object inside a <a>conforming document</a> need to consider whether
that resource's content is vital to the validity of that document. If it is,
the specification MUST produce a validation error unless the resource has
the expected media type and its bytes hash to the expected digest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Applied a variation of your text in: 12f98c1
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Gabe <7622243+decentralgabe@users.noreply.github.com>
12f98c1
to
90fb40d
Compare
Normative, multiple reviews, changes requested and made, no objections, merging. |
@msporny just flagging this: the VC Controller document MUST be published as a WD for the VCDM to go to CR. It is all right if it is published on the same day, but certainly not later. |
This PR attempts to address issue #1347 by making modifications to the specification based on @jyasskin's review:
2. Terminology
4.1 Getting Started
4.2 Contexts
4.4 Types
4.7 Issuer
5.4 Integrity of Related Resources
Accept
header would be used formediaType
and the returned document would need to have that media type listed in theContent-Type
. [Fixed in 9ebfe55]relatedResource
that fails content integrity protection results in a verification error. [Fixed in 8187708]5.8 Zero-Knowledge Proofs
7.10 Validity Checks
CredentialStatus
specifications to not enable individual tracking. [Fixed in fcfd9e5]Preview | Diff