updated introduction to focus on verification of proofs #102
Conversation
|
Addresses issue w3c/vc-data-integrity#75 |
msporny
requested review from
davidlehn,
dlongley,
iherman,
TallTed,
David-Chadwick,
decentralgabe,
KDean-Dolphin,
brentzundel and
PatStLouis
There was a problem hiding this comment.
Can we get the first sentence to say that controller documents are about keys and services? The whole paragraph ends up saying the right thing, but it might be better for the first sentence to capture what controller documents are about in a single sentence. Something like:
Controller documents enable an entity to interact with services and verify proofs created by the controller of an identifier.
While that's imperfect and needs more word smithing, I hope it conveys the desired language.
index.html
Outdated
| services related to the identifier, for example to request | ||
| additional information for verification. In other words, the | ||
| controller document contains the necessary information for proving | ||
| cryptographically that specific actions were taken by the |
There was a problem hiding this comment.
| cryptographically that specific actions were taken by the | |
| cryptographically that either specific actions were taken by, |
It is not always that specific actions were taken by the controller. It might be that someone wants to contact the controller of an identifier.
There was a problem hiding this comment.
@David-Chadwick Happy to take your changes. They got clobbered by some cleanup I accepted from Manu.
If you could recomment, I'll adopt.
index.html
Outdated
| additional information for verification. In other words, the | ||
| controller document contains the necessary information for proving | ||
| cryptographically that specific actions were taken by the | ||
| controller of an identifier, including cryptographic material for |
There was a problem hiding this comment.
| controller of an identifier, including cryptographic material for | |
| or for communicating with, the controller of an identifier, including cryptographic material for |
Co-authored-by: Manu Sporny <[email protected]>
|
Ok. I've made some changes, trying to be responsive to @msporny @dlongley and @David-Chadwick's requests. |
|
FWIW, I'm also working on edits to the rest of the document (in a separate PR) to align with this introduction, including a replacement definition for the "controller" property. That will let us But first, let's make sure there's a version of this language the works for most. |
I'll update my PRs to your language once we get consensus. I had to fiddle around w/ the intro because both PING and TAG asked for more elaboration about what this document is about and that ended up touching parts of the introduction, which is still quite slim on details. |
There was a problem hiding this comment.
I really like the updates, thank you. I'll incorporate them into PR #103 which will go in after this PR.
The intro feels a bit repetitive once you get to the final paragraph, don't know if we can tighten that language up, though that might just be a side effect of reading the abstract and then reading the intro back-to-back. It's not a big deal, we can wordsmith further in future PRs or direct edits.
LGTM to merge.
|
If you allow me to re-review it, then I can comment on the revised wording. Thanks. |
Co-authored-by: Manu Sporny <[email protected]>
Agreed. Part of that was just editorial fatigue. Open to suggestions and will aim to keep an eye on this as we move forward. I think the edits for w3c/vc-data-integrity#75 might also affect readability, so I'll review again in the PR for that. |
Co-authored-by: Dave Longley <[email protected]>
Co-authored-by: Dave Longley <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
|
I like the new text, but I have two comments here.
|
index.html
Outdated
| @@ -329,8 +329,8 @@ <h2>Introduction</h2> | |||
| <p> | |||
| In other words, the | |||
| controller document contains the necessary information for proving | |||
| cryptographically that specific actions were taken by the | |||
| controller of an identifier, including material for | |||
| that specific actions were taken by the controller of an identifier, | |||
There was a problem hiding this comment.
that either specific actions were taken by, or for communicating with, the controller of an identifier
|
@iherman So how about changing the title of the document to "Cryptographic Information Document (CID)". The first sentence of the Introduction will then read "A Cryptographic Information Document (CID) contains cryptographic material and service endpoints for the purposes of verifying proofs from, and interacting with, the controller of an identifier. And the abbreviation CID can then be used everywhere that Controller Document is currently used. |
I have created a reference to your comment in w3c/vc-data-integrity#100. That is the issue discussing the (possible) document name change. However, I do not think the name change would answer my issues in #102 (comment). Or maybe that was not your intention? |
|
@iherman wrote:
It wasn't my intention, but since you mentioned it, I'll take a shot at trying to answer your questions below (I do think we'll need some new spec text to address your concerns, but don't quite know what to say yet).
Yes, we're essentially talking about the same concept. A controller is capable of demonstrating that they "are in control of" something. That might mean they can demonstrate that they can modify a controller document, or it might mean that they can demonstrate that they can generate a digital signature with a private key that's paired to a public key.
https://w3c.github.io/controller-document/#controllers
https://w3c.github.io/controller-document/#verification-methods ... though, I admit that is not clear unless you're reading the spec very closely.
It means that the
The https://w3c.github.io/controller-document/#subjects
I don't quite know what you're saying above. Are you saying that |
|
@msporny wrote in #102 (comment)
I must admit I was always bothered that this term is specified twice: once for the controller itself, and once for the verification method. It may be better to define this property formally once (it is, after all, central to the document, so it should deserve attention) and then make it clear that it can be used for those two concepts. The terminology section, though normative, may not be the right place. I wonder whether a new, top level section on controllers is not necessary (for a document whose title is 'controller document':-)
Ok, I missed these, so you are right, there is no ambiguity neither for controller documents nor for verification methods. But, as you say, it may have to be made more obvious. After some closer look, we have
However: where does the last statement appear in the spec? I may have missed it, but it should be obvious. If we have a separate section on controllers, this may be elaborated there.
I was actually wondering about that. And it indeed would not make sense if this was the case. What is, however, misleading at a cursory read is the fact that both Actually, the DI specification does not make it clear that the 'value' of B.t.w., see also #128 |
I'm keeping the duplicate from the abstract, but updating as requested. I agree that duplicating the abstract is a bit painful, but without it, the opening felt out of context. Co-authored-by: Ted Thibodeau Jr <[email protected]>
|
@manu wrote:
Unfortunately, this is simply not true. Clearly we need language to make this explicit. The controller property is optional. If it is not there, then nothing can be presumed about the controller. The controller might be using the DID in reference to themselves or they might use it for other entities. I can create a DID today that refers to Manu Sporny and I can leave the controller property blank. I can then make a VC that uses that DID as a subject id. None of that transforms the controller of the DID into Manu Sporny, even though he is the subject of the DID I created. If the controller property is missing, as it will be in did:btc1, it will be because it is not possible to represent the literal controller of the DID in a URL form. You CANNOT presume that the subject of an identifier is it's controller. This is a huge security disconnect and we need to stop asserting that this is a thing. |
There's a subtlety here that I'm not quite sure how to capture. While I agree that this presumption can be wrong, it is an anti-pattern for a verifiable data registry to both:
It is possible for this to happen, though. Perhaps the way to say this is to highlight that control over the content of a controller document flows from the "verifiable data registry". It may or may not allow a Regardless, there is an expectation, but not a requirement, that a verifiable data registry that does accept proofs for performing updates will accept them from either a listed But, the ultimately root of authority for the content of the document is the verifiable data registry -- and for HTTPS-based documents -- the root of authority is the Web origin + DNS infrastructure. The registry is for DID documents is based on the DID method. In the end, most applications using this spec just want to be able to mark their resources as being under the control of something identified by identifier Note that it is only when this gets "meta" that we need to consider the |
We don't have this expectation in any of the BTC methods. It simply isn't possible. The fact that you have a different expectation is the root disconnect that has created the confusion about whether or not a subject has any control. They do not. Frankly, I'm with Ivan, I think the controller term in a controller document is sufficiently different from the meaning of that term in a verification method that they are effectively two different terms. That doesn't solve the confusion problem about subjects, but it does suggest that however resolve that question, we need to use that new language in the introduction of the controller document and redefinition of the controller property. |
I'm sorry, perhaps I'm missing something, but this confuses me. An interpretation based on a context is possible but it pushes processing complexity to the next level. Why does the term If used on a verification method it should point to a controller document, if it's present on a controller document then it also points to a controller document, otherwise, if it's not present, "the control" is handled differently, is not directly specified. Is that correct? |
The language I used may be a bit tricky, but what I said was this:
And you've said here that the BTC VDR doesn't allow this -- so that's fine and doesn't contradict what I've said. If that VDR did allow this capability, I believe it would be very awkward and unexpected (but perhaps not non-conformant) to not honor proofs from a listed |
|
The issue was discussed in a meeting on 2024-10-23
View the transcript5.1. updated introduction to focus on verification of proofs (pr controller-document#102)See github pull request controller-document#102. Brent Zundel: Updated introduction to focus on verification of proofs. Request for changes from Ted. It looks like requests for changes from David Chadwick or some suggestions that have been resolved. Manu Sporny: That would be great with true. I thought I saw some misalignment between Joe and Dave Longley who is scribing -- that just needs to be resolved. Dave Longley: Taking a quick look, I was being responsive to a point that DavidC was making in comments. I don't think I had changes in the PR that I requested.
Joe Andrieu: Yes, this is just the introduction section, I think Dave and I are discussing something else. I don't think the language addresses the confusion around subject not being the controller.
Brent Zundel: No one else is on the queue, but I would recommend to filip that he raise his concerns as a separate issue. Ted Thibodeau Jr.: My changes have all been applied, with one exception that I can live with. |
|
Editorial, multiple reviews, changes requested and made, no objections, merging. Merged via PR w3c/vc-data-integrity#114 (which fixed the merge conflicts in this PR). |
Just an update to the introduction.
Preview | Diff