►
A
A
A
A
A
A
A
So
essentially
we
should
probably
read
all
I
did
was
skim
it
once
again,
so
which
probably
read
it
just
to
confirm
what
this
memo
defines:
a
path:
prefix
for
well-known
locations,
slash
dot,
well,
hyphen
known
slash
in
selected
uniform
resources,
identifier
schemes,
selected,
uniform
resize
resource
identifier
schemes,
so
it
obsoletes
rfc,
four
or
five,
seven,
eight
five
and
updates
the
uri
schemes
defined
in
rfc
7230
to
reserve
that
space.
It
also
updates
rfc
7595
to
track
uri
schemes
that
support
well-known
uris
in
their
registry.
Okay.
So,
first
of
all
what
the
hell
is
this
thing?
A
What
is
this
document?
Many
of
you
may
not
have
seen
what
what
this
is.
So
these
are
called
rfcs
request
for
comment,
request
for
comments
yeah,
and
this
is
the
number,
so
they
each
get.
It
assigned
a
particular
number
kind
of
like
kind
of
like
cves
right,
and
this
one
looks
like
it
was
written
by
somebody
named
nottingham
in
may
of
2019.
A
So
there's
links
in
the
the
tutorial
series
draft
notes
where
we
talk
about
how
we
want
to
take
this
through
the
rfc
process.
I
need
to
get
back
to
jeremy
on
that,
and
basically
that
means
we
want
to
write
one
of
these
things
and
what
we're
going
to
do
is
we're
going
to
write
it
just
about
you
know.
A
A
This
is
hilarious,
basically
they
say
ip
over
carrier
pigeon.
So
that's
that's
my
favorite
funny
one.
This
is
my
favorite
one
for
this.
This
diagram.
I
love
it.
So
this
is
nice
because
so
these
these
these,
the
authors
of
the
the
dhcp
protocol
and
that's
you-
know
the
how
we
get
ip
addresses
on
on
a
network
right
that
the
outer
router
router
will
issue
out
these
dhcp
blobs.
A
I
believe
it's
a
udp
packet,
so
it's
under
transport
layer.
This
is
a
transport
of
sorts
yeah.
I
think
so,
but
basically
there's
a
state
machine.
There's
a
nice
state
machine
diagram,
sort
of
it's
more
of
like
who's
talking,
but
it's
also
a
state
timeline
diagram.
That's
where
it
is
so.
Basically
this
is
my
favorite
one,
because
it's
I
mean
this
thing
is
beautiful.
This
is
beautiful.
I
mean
this
is
just
yeah.
A
This
is
great,
so
these
people
did
a
fantastic
job,
because
when
you
go
and
you
try
to
parse
things,
this
is
just
like
the
quality.
The
quality
here
is
just
very
rare
in
documentation
of
formats
right,
so
what
basically
the
dhcp
rfc
is
inspiring,
and
so
we
should,
you
know,
also
rfc
this,
and
you
know,
try
to
try
to
do
have
a
good
job
so
because
this
is
the
sort
of
thing
that
you
write
in
rfcs
for
based
on
my
understanding,
at
least.
Is
you
know
hey?
A
You
know,
I've
got
this
protocol,
I
wanna,
you
know
we
wanna
we
to
sort
of
talk.
This
open
we're
just
putting
this
out
there
right
like
can.
This
is
what
we're
doing
that's?
Why
we're
writing
this
up
and
we're
doing
all
this
stuff?
It's
like
hey
we're
just
putting
this
out
here.
You
know
w
we're
requesting
your
comments
right,
yeah,
we're
we're
doing
this
thing.
A
Yeah,
I
guess
you
would
send
them
a
letter
or
maybe
they
were
on
the
internet
and
yeah
okay,
so
I
wonder
how
much
spam
mail,
the
free
software
foundation
gets
so,
okay,
look
at
this.
This
is
just
this
is
just
beautiful
okay,
so
this
is
at
this.
So
we
should
strive
to
do
something
half
as
good
as
this.
If
we
can
do
something
a
quarter
of
as
good
as
this
for
the
first
draft
here,
we
can
always
do
an
obsolete,
but
this
is
just
perfect.
A
You
know,
maybe
there's
something
else.
That's
needed
now
now.
What
we're
saying
here
is
basically
we're
defining
something:
that's
a
generic
proxy
for
whatever
else.
So,
if
there's
something
else,
that's
new,
then
we
have
a
problem
basically
and
we
need
to.
We
need
to
go
update
the
we
need
to
go,
update
the
rfc,
then,
and
and
and
account
for
that,
so.
A
A
Is
this
working?
Yes,
it
is
okay,
great
all
right
so,
and
so
now
we're
reading
so
and
we're.
Let's
pop
back
up
our
stack
so
red,
right,
right,
red
and
now
we're
back
at
the
well,
the
the
well-known
did
configuration
spec
okay,
so
let's
go
back
and-
and
so
we
were
here-
we're
investigating.
What
is
this
thing?
Why
are
we
here?
Well,
it
says
it
makes
it
possible
to
connect
existing
systems
and
decentralized
identities
or
making
it
possible
to
connect
existing.
A
So
it's
laying
some
context
for
us
so
making
it
possible
to
connect
existing
systems
and
decentralized
identifiers,
and
it
is
an
important
undertaking
that
can
aid
in
bootstrapping
and
adoption
and
usefulness
of
dids.
One
such
form
of
connection
is
the
ability
of
a
did
controller
to
prove
they
are
the
same
entity
that
controls
an
origin.
Okay.
So
what
is?
What
does
this
remind
us
of?
You
know,
I'm
just
going
to
run
through
this.
A
They
might
tell
us
the
did
configuration
research
provides
proof
of
a
bidirectional
relationship
between
the
controller
of
an
origin
and
a
did
via
cryptographically
verifiable
signatures
that
are
linked
to
did's
key
material.
This
document
describes
the
data
format
of
the
resource
and
the
resource
location
at
which
origin
controllers
can
publish
their
did
configuration
due
to
the
location
of
the
did
configuration
resource,
discovery
of
associated
decentralized
identifiers
against
an
origin
is
trivial.
However,
the
inverse
e
e-
I
I
I
e,
given
a
did,
discover
the
associated
origin,
is
deemed
out
of
scope.
A
So,
given
a
did
discover,
the
associated
origins
is
deemed
out
of
scope,
and
that
is
what
we're
addressing
here.
So
basically,
here's
here's,
the
here's,
the
did
go,
get
some
information.
You
know
why
did
this
get
added
here
in
the
first
place?
That's
what
we're
doing
via
this
manifest
stuff
is
at
least
as
far
as
I'm
reading
this.
So
far,
that's
my
understanding.
So
we
need
to
connect
with
these
guys
and
we
need
to
understand
what
they're
working
on
and
and
whether
that
was
out
of
scope
intentionally
because
of
what
they.
A
What
are
they
doing?
What
it's
a
schedule,
a
company,
a
new
world
of
data
and
digital
trust?
We
need
to
understand,
you
know
we're
going
to
connect
with
them,
but
first
off
we
should
understand
you
know:
how
are
we
going
to
be
received
like
do
they
have?
Are
they
thinking
about
this
already?
You
know:
is
this
within
scope
for
them
or
do
they?
This
is
not.
You
know
it's
out
of
scope.
A
A
There's
active
discussion
happening
or
really
there
is
no
working
group
and
then
and
then
this
is
a
place
where
then
we
would
go,
create
a
working
group
around
around
that
right,
so
yeah,
okay,
so
so
on,
and
what
is
that
that
is,
however,
the
inverse
is
deemed
out
of
scope.
So
basically,
given
a
did
discover
the
associated
origins
right
and
that's
what
we're
saying
we're
going
to
add
that
information
to
the
chain
as
a
manifest.
A
A
Software
engineering
101.:
now
we
go
to
twitter-
oh,
I
don't
know
how
to
sign
in
on
this
okay.
So
now
we
go
to
twitter
on
my
phone
live
to
twitter
on
my
phone
and
that
made
that
stupid.
How
it
usually
is:
okay,
live
to
twitter
on
my
phone.
So
now
we're
gonna
ask
daniel!
What's
with
this
well-known
identifier,
spec.
A
A
B
A
Daniel
in
the
tid,
well
well-known
spec,
and
just
to
recap
on
what
I'm
doing
here
so
so
what
we
did
is
we
were
reading
through
the
specs
right.
We
realized
that
there's
a
potential.
So
so
this
stuff
is
evolving
right
and
so
there's
this
potential
that
we
we
see
it's
out
of
scope
right.
I
don't
know
where
to
find
the
full
list
of
what
is
in
scope
and
out
of
scope.
Maybe
it's
that
I'm
jaded
by
bureaucracy,
but
I
don't
think
it
exists.
A
So
if
it
does
exist,
daniel's
gonna
tell
me
right
away.
He's
just
gonna,
be,
like
you
know,
he's
nice,
so
somebody
less
nice
would
say
rtfm
you
know,
but
it
you
know
and
then
he'll
tell
me
here's
the
docs.
Then
I
can
just
go.
Look
at
the
docs
right.
If
he
says
no
that
doesn't
exist,
then
we
begin
discussions
with
whatever
the
parent
working
group
is
which
looks
like
the
w3c
in
this.
A
This
is
the
w3.
No,
this
is
the
digital
identity
foundation.
So
then
that's
the
parent,
that's
the
parent
association
of
the
the
oh,
no,
the
dif,
the
digital
identity
foundation,
yeah
yeah,
the
digital
identity
fund
or
the
digital
identity
foundation
working
group.
Is
it
digital
identity,
foundation
yeah?
I
guess
it
is
so
they're
the
parent
working
group,
so
we
would
work
with
them
to
understand
whether
a
new
working
group
needs
to
be
formed.
A
So
this
is
just
like
sort
of
how
you
navigate
when
you
see
a
gap
in
like
the
overall
like
you're
looking
at
the
strategy
you're
looking.
These
are
like
the
plans
when,
when
we
issue
specs,
it's
like
hey,
you
know
this
is
the
format
just
like
the
rfc,
so
they
said
they
started.
Building
the
dhcp
servers
they're,
like
they're
sitting
there
in
their
labs
and
they're
designing
things.
I
p
addresses
and
they're
like
this
sucks.
A
Let's
make
the
computer
assign
the
ip
addresses
right
and
so
then
they
go
and
they
write
this
piece
of
software
and
they're
like
okay.
Here's
this
packet
format
that
we
designed
like
hey.
You
know
it
would
be
great,
since
this
is
a
networking
project,
if
other
people,
I
should
tweet
this.
No,
I'm
gonna
forget
if
other
people,
if
other
people
who
ran
computers,
that
went
on
networks,
we
could
talk
to
them,
so
we
shared
the
same
protocol
right.
So
how
do
you
do
that?
A
Well,
you
publish
an
rfc
because
it
says:
hey
everybody.
I
think
you
know
what
do
you
think
about
using
this
I'm
using
this
right.
So
if
you
interact
with
my
computers,
my
computers
are
going
to
be
using
this
right,
and
so
what
do
you
have
when
you
have
like
this
web
3
plus
edge
thing
right?
Well,
it's
hey
everybody!
Here's
my
computers
right!
What?
How
do
you
want
to
interact
with
my
computers
right?
So
you
need
some
kind
of
format
to
interact.
Agnostically
like
this
is
your.
This
is
your.
A
This
is
your
your
your
your
your
trans,
your
application
is
it's
essentially,
it's
essentially
like
a
wrapper
around
the
application
layer.
It's
just
like.
We
need
another
layer
because
we
always
end
up
doing
this
and
it's
just
your
wrapper
around
your
applique
would
usually
sit.
It's
it's
the
first
thing
that
that
that
sits
in
your
application
layer,
because
it's
it's
going
to
be.
You
know
above
your
tcp
or
whatever
right,
and
it's
like
okay.
Well,
what
what
it's
it's
like.
A
It
has
to
have
some
knowledge
of
the
data
right,
which
is
where
you
need
to
manifest
right
and
because
the
manifest
is
just
like
a
generic
term
to
describe
this
little
blob
of
data.
That's
just
bytes
that
you
can
find
if
it's
just
bytes
right
or
a
stream
or
whatever
right,
and
so
this
is
what
we're
saying
is:
is
we're
defining
an
open,
open
protocol
for
the
for
the
application
layer
or
something
like
that
right
and
that
open
protocol
for
the
application
layer
is
dids
and
web
nodes
and
and
all
of
this
stuff?
A
The
fact
that
this
last
sentence
says
it's
out
of
scope
and
there's
no
references
to
anything
else
that
says
scope
of
anything
now.
That
also
doesn't
mean
it's
not
there,
because
this
also
doesn't
reference
the
rest
of
the
did.
Okay,
now
it
does
reference.
The
did
controller
subject
issue
or
did
document
did
linked
data
proof,
okay,
link
data
proof.
It
could
be
linked
data
proof.
Okay,
credentials
are
part
of
the
daily
lives.
A
A
A
A
A
A
A
I'm
gonna
sub
heading
this
by
what
so,
let's
see
so
we're
going
to
go
ahead,
and
what
is
this
so
this
is
effectively
we're
writing
this.
So
this
is
the
introduction.
It's
like
a
little.
This
is
all
sort
of
introduction
here
or
is
it
is?
Are
these
separate?
What
are
these
you
get
too
used
to
writing
like
it's
documentation
are
these
chapters.
A
A
And
this
is
the
tricky
part
is
understanding,
and
this
is
the
thing
that
alice
is
going
to
have
to
do
right.
How
are
we
going
to
make
it
so
that
alice
knows
how
to
do
this
process
right?
Because
this
is
the
process
of
going
through
and
saying
where's
the
where's,
the
edge
where's,
the
edge
of
the
train
of
thought
right?
The
train
of
thought
is
web3
right.
So
where
are
the
leaf
nodes?
A
Where
are
the
leaf
nodes
right?
The
leaf
nodes
in
that
train
of
thought
are
the
current
specs
in
flight,
and
then
you
have
leaf
nodes
off
that
and
you're
treating
it
all,
treat
it
all
as
if
it's
like
a
fork
right
and
you're
forking
off
of
everything
is
code,
basically
treat
it
as,
if
think
of
it,
as
if
it's
all
code
right
and
you're
seeing
these
specs,
because
it
is
code
and
you're,
seeing
these
specs
right
and
you're
like
okay.
Well,
it
looks
like
this
lisa.
A
This
leads
to
this
and
you're
looking
at
all
this
rfcs
and
basically
like
if
you're
looking
at
research.
So
look
at
research
in
the
field
right
like
in
in
in
research.
In
a
field
right
where
people
are
publishing
all
these
papers
and
there's
citations
right,
so
if
you
want
to
find
out
what's
the
state
of
the
field
like
in
some
train
of
thought,
you
know
where
a
field
is
a
train
of
thought,
then
you
you,
you
know
you
figure
out
what
are
all
their
publications
like?
A
What
are
what
are
the
places
that
do
publications
right?
What
is
the
tiers
of
sphere
of
info
influence
of
the
publication?
What
is
the,
what
is
the?
What
is
the
the
the
category
of
customers
right
like
when?
What
is
what
is
the?
What
is
the
and
by
that
I
mean
like
what?
What
like
is
this?
You
know
sort
of
do
your
do
your
like
small,
medium,
large
right.
A
So
so,
let's
see
so
within
a
project.
We
do
adrs
right.
So
an
adr
would
be
like
the
lowest
scope
level
of
rfc
right
like
it's
within
the
repo
right
people
who
need
to
know
about
it,
they're
somehow
they're,
interacting
with
this
repo
right,
then
you
get
to
like
the
the
w3c
specs
right.
So
these
are
things
like
primarily
related
to
web,
browsers
and
stuff
right.
A
I
guess
what
we're
saying,
though,
is
like
everywhere:
there
is
internet,
then
there
would
be
this
as
well,
because
this
defines
execution
right
so
everywhere
there
is
communication.
There
is
execution
around.
That
communication
is
what
we're
saying
right,
and
so
it's
like
because
that
that
that
that
communication
is
context
aware.
I
think
there
was
an
example
in
there
about
there's
an
example
in
there
about
like
two
people
who
are
there's
two
people,
so,
okay,
so
I've.
A
So
the
reason
I
think
I
thought
about
this
is
because
I've
had
this
situation
happen
to
me
twice.
It
just
happened
to
me
the
other
day
again,
where
there's
just
like
a
random
car
stuck
and
then
like
me,
and
another
person
move
the
car
and
just
like
push
it.
It's
just
like
random
people
come
together
and
then
do
the
thing
and
it
wait.
Where
was
this?
A
God,
damn
it
fine
all
right,
it's
a
signal
to
focus
again:
okay,
there
it
went
it
just
went
right
in
the
middle
of
it
okay,
so
we
were
talking
about
how
to
do
this
and
we're
trying
to
figure
out
okay.
So
this
points
to
this
point
to
this,
and
then
you
basically
map
to
your
user
base
and
so
we're
just
traversing
these
series
of
specs,
right
and
and
the
code
that
we
have.
Basically,
you
know
the
the
code
that
we
have
in
the
world
is
is
really
like
about.
A
A
I
think
we're
calling
it
data
flow,
because
I
hadn't
heard
anything
about
a
well
because
our
project
is
called
data
flow
yeah
and
it
sounds
like
data
flow
uses,
data
model,
if
you're
using
this
terminology
so
and
the
data
model
is
the
focus.
I
think
we
talked
about
the
last
video
where
it's
like
the
focus
is
on
okay.
Well,
what
are
the
things?
And
then
you
know
what
are
the
the
the
fields
and
the
types
and
and
how
they
go
within
each.
You
know
struct,
basically,
right,
like
your
data
classes,.
A
And
I
got
lost
again:
okay,
so
okay,
so
basically
we
think
that
we've
found
we
went
to
go
and
learn
about
this
well-known
stuff,
because
this
was
going
to
be
a
way
that
we
could
bind
the
web
2
world
to
the
web
3
world
to
be
to
begin
our
chain
of
trust,
because
these
things
are
a
bunch
of
asymmetric
keys
from
what
I
understand
and
then
because
so
our
first
step
would
be.
Obviously
you
know
to
do
this
to
go
from
the
web
to
world
to
what
through
world.
A
So
we
can
actually
bridge
that
in,
like
you
know,
put
data
in
here,
because
it's
gonna
be
important.
Obviously
so,
and
then
what
we
found
is
that
there's
this
a
decentralized
identifier
document
where
that,
where
did
that
go,
we
went
and
we
looked
at
the
main.
What
was
this
okay?
And
this
says
data
model-
two
see:
that's
it's
apparently,
a
term
verifiable
credentials,
data
model?
Okay,
so
this
is
one
of
the
other
working
groups.
A
That's
active
in
this
space
is
this
verified
credentials,
working
group,
which
is
a
w3c
working
group,
and
this
looks
pretty
recent
yeah.
That
was
just
what
two
months
ago,
errata
exists.
Errata
is
like
there
were
errors
in
the
spec
and
we
have
updates
so
day
long
yeah,
I
don't
know
any
of
those
people.
Oh
there
is
that
no,
it's
not.
I
don't
know
any
of
these
people.
A
I
think
part
of
what
we're
doing
here.
That's
that's
kind
of
so
the
blockchain
stuff,
like
it
all,
relies
on
these
contracts
executed
within
the
network
and
stuff
in
these
little.
I
don't
you
know,
I
don't
quite
understand
how
they
trust
all
this
stuff
to
run.
I
guess
it
runs
the
code
in
a
sandbox.
It
runs
it
an
interpreter,
that's
how
they
trust
it
to
run
yeah.
I
forgot
about
that.
Okay,
I'm
like
why
are
they
just
running
people's
code?
Okay?
Well,
okay,
that's
exactly
what
I'm
suggesting!
A
I
think
that
we
need
to
be
just
yeah
well,
and
I
mean
it's
not
just
me
we're
we're
all
suggesting
this
right.
Like
you
know,
as
a
community,
I
mean
like
not
as
dfo
from
all
community,
I
mean
like
the
wider
community
is
basically
saying
hey,
you
know
like
sgx.
Well,
this
is
intel
right.
Sgx
exists
right,
you
can
run.
You
know
people
if
you
don't.
If
you
don't
trust,
if
you
don't
trust,
you
know
the
hardware
or
the
I
mean.
A
If
you
don't
trust
the
os,
then
you
can
trust
the
hardware.
So
you
can
deliver
your
little.
You
know
application
like
your
your
box,
that
you
would
put
in
a
data
center,
but
you're
just
putting
it
in
a
machine
right.
So
you
can
you
can
you
can
do
your
you
know
like
this
is
this
is
what
we're
saying
here
is.
Basically
you
can
do
this
at
the
station
and
why
did
would
you
want
to
do
a
test
station?
A
You
know
camera
over
there
right,
but
I
can
trust
the
software,
and
I
can
you
know
somehow
verify
via
via,
like
you
know,
some
mechanism,
maybe
a
model
number
or
something
that
and
then
I
plug
it
in
alice
and
alice,
tells
me
okay.
That
thing
is
only
executing
strategic
plans
which
have
a
tested
provenance
information
which
tells
me
that
their
strategic
plan
took
into
account
that
they
shouldn't
be
doing
facial
recognition
right,
and
so
this
ensures
that
no
code
ever
runs
on
that
device
that
ever
triggers
code
anywhere
down
the
line.
A
A
Here
is
a
reference
architecture
for
how
you
do
that
on
top
of
web3did's
dwns
and
then
using
orchestration
from
kubernetes
via
the
kcp
project,
so
we're
providing
a
reference
implementation
right
from
which
then
so
so
from
which
then
we
would
go
and
issue
and
and
and
and
and
issue,
a
request
for
comment
and
say
hello.
Everybody.
A
A
The
thing
is
okay,
so
that
the
question
is,
is
this
going
to
be
all
about?
Tell
me
what
crypto
algorithms
to
do,
because
I
think
that's
just
something
we
were
saying
we
were
going
to
table
for
now
in
terms
of
using
these.
As
for
the
personal
data
stores,
because
what
we're
interested
in
is
this
something
that
tells
you
we
want.
What
is
this?
So
what
is
this?
So?
What
is
this?
Actually?
So,
let's
look
at
this
a
different
way
right.
So
let's
look
at
this
a
different
way.
A
So,
instead
of
saying
we
need
to
put
something
in
the
did
before
we've
even
read
the
did
spec,
we
can
say
that
this
thing
looks
like
the
did
says.
It's
already
got
support
for
integrating
with
this
thing
right.
So
now
we
can
go
look
at
this
thing
and
we
should
say:
is
there
any
way
we
can
put
our
data
in
this
thing
right,
so
this
is
the
outer
wrapper
right.
This
is
this
the
next
level
parser
of
the?
If
the
shim
gets
this
thing,
then
what's
the
next
thing,
it's
going
to
do
right.
A
Status
of
this
document-
oh
abstract
credentials,
are
part
of
our
daily
lives.
Driver's
license
are
used
to
assert
that
we
are
capable
of
operating.
A
motor
vehicle
university
degrees
can
be
used
to
assert
our
level
of
education
or
government
issues.
Passports
can
enable
us
to
travel
between
countries.
This
specification
provides
a
mechanism
to
express
these
sorts
of
credentials
on
the
web
in
a
way
that
is
cryptographically,
secure,
privacy,
preserving
and
machine
verb,
viable
round
of
applause.
Around
flaws.
A
A
Comments
regarding
the
specification
are
welcome
at
any
time.
That's
the
idea
right.
Readers
should
be
aware
that
the
comment
period
regarding
a
specific
version
of
the
document
have
ended,
and
the
working
group
will
not
be
making
any
substantial
modifications
of
this
version
of
the
specification
at
this
stage.
Please
file
issues
directly
on
github
or
send
them
to
w
public
vc
comments
at
w3c.org,
so
red
flag.
A
The
rest
of
this
and
okay
has
received
implementation
feedback,
showing
that
there
are
at
least
two
implementations
for
each
normal
feature
in
the
specification.
That's
great.
That
means
we
can
go
run
some
code.
The
group
has
obtained
reports
from
14
implementations
for
details,
see
the
test
suite
and
implementation
report.
So
this
is.
This
is
fantastic.
Let's
see
the
test
suite
and
implementation
report.
These
people
do
great
work.
A
Okay,
so
this
is
the
test
suite
okay.
So
this
is
going
to
tell
us
how
to
run
some
tests,
and
these
are
going
to
tell
us
about
the
format,
and
you
know
it's
just
it's
going
to
do
a
bunch
of
stuff
that
says:
hey.
You
know,
let's
see.
So
what
are
we
looking
open
attestation
report?
See
I'm
telling
you,
let's
see,
want
to
be
in
one
or
more
uris
basic
documents
at
context
unless
we
want
to
wear
your
eyes?
Okay.
So
what
is
this
where
you
are?
So
this
is
great.
A
So
these
is
some
kind
of
test
case
format.
They
have
that's
written
in
json
and
true
to
form.
When
you
go
to
a
website,
it
will
execute
the
test
cases.
I
think,
for
I
don't
quite
understand
why
they
do
it
this
way,
but
I
think
they
have
some
sort
of
test
framework.
That's
set
up
to
work.
This
way
with
their
ci.
A
Yeah,
okay,
so,
let's
find
out
where
this
is
deployed,
because
that
can
tell
us
the
the
most
the
up
to
date.
So,
let's
see
oh,
oh
2021,
that's
not
good!
Now,
okay,
this
is
a
big,
bigger
red
flag.
So
this
is
to
we
need
to
find
something.
That's
work
in
progress
to
understand
where
we're
at
or
where
we
should
be
at.
B
B
A
A
A
A
Origins
the
standard
definition
of
a
domain
base
origin
in
the
web
security
context,
see
the
what
wg
html
living
standards-
origin,
definitions,
section:
okay,
let's
go!
Click
that
origins
are
the
fundamental
currency
of
the
web
security
model.
Two
actors
in
the
web
platform
that
share
in
origin
are
assumed
to
trust
each
other
and
have
the
same
authority.
Actors
with
different
different
origins
are
considered,
potentially
hostile
versus
each
other
and
are
isolated
from
each
other
to
varying
degrees.
Okay,
for
example,
if
example
bank's
website
hosted
at
bank.example.com,
tries
to
examine
the
examine.
The
dom
of
example.
A
A
A
A
A
A
A
A
A
A
A
A
We
really
need
to
read
this
as
the
sections
mark
norm,
we're
going
to
the
normative
all
authority,
guidelines,
examples
and
notes
in
this
section,
okay,
so
these
special
keywords-
these
are
very
important.
We
need
to
remember
these,
so
basically
may
must
must
not.
They
must
oh
may
must
not.
May
must
must
not,
recommend
and
should
in
this
document
are
to
be
interpreted
as
they
are
described
in
bc14,
rfc,
2119
and
rfc
8174.
A
So
once
again,
there
we're
seeing
rfc,
which
is
that
that
broader
scope,
which
these
w3c
specs
are
referencing,
now
you're
going
to
see
the
newer
rfcs
referencing,
the
older
w,
are
the
the
the
older
w3c
specs,
most
likely,
I'm
I'm
sure
that's
in
there
somewhere
at
some
of
them,
I'm
just
guessing,
but
because
you
know
it's
becomes
historical
right
and
we're
building
we're
always
building
these
layers
of
abstraction.
I
think
we
did
the
meeting
the
meeting
minutes
from
the
meeting
minutes
from
two
weeks
ago.
A
Three
weeks
ago,
we
talked
about
building
these
levels
of
abstraction
and
that
that
that
that
maps,
exactly
that's
the
software
equivalent
of
what
we're
talking
about
here
with
these
specs
okay.
So
they
appear
in
all
capitals,
as
shown
here.
The
conforming
document
is
any
concrete
expression
of
the
data
model.
That's
complies
with
the
normative
statements
in
this
specification,
so
this
is
like
a
valid
system
context.
A
A
conforming
document
is
any
concrete
if
you're
mapping
it
to
the
language,
that's
in
the
existing
alice
discussion
is
the
concrete
expression
of
the
data
model
that
complies
with
the
normative
statements
in
the
specifications,
specifically
all
relevant,
normative
statements
in
section
four
basic
concepts:
five
exams
concepts
and
six
syntaxes
of
this
document
must
be
enforced.
The
serialization
format
for
the
conforming
document
must
be
deterministic
bi-directional
and
lossless,
as
described
in
section
six
syntaxes.
A
The
conforming
document
may
be
transmitted
or
stored
in
any
serialization
format,
so
that
deterministic,
bi-directional
lossless
is
the
like
what
is
in
there
as
being
dna,
and
the
conforming
document
may
be
transmitted
or
stored
in
such
serialization
formats.
So
this
is
what
we
said
by
basically
maybe
transmitted
or
stirred.
So
this
is
what
we
said
by
when
we
were
talking
earlier
about.
You
know
just
streams
of
streams
of
bytes
that
you
should
be
able
to
grab
to
understand.
So
this
is
very
well.
A
This
is
aligning
very
well
right
now,
specifically
all
relevant
normal
statements
in
sections
four
basic
concepts:
section,
five
advanced
context
and
section
six
syntaxes
of
this
document
must
be
enforced.
Okay,
a
conforming
processor
is
any
algorithm
realized
as
software
and
or
hardware
that
generates
and
consumes
a
conforming
document.
Okay,
a
conforming
processor,
okay,
so
maybe
they've
already
done
what
we're
talking
about
here.
I
think
we
might
be
doing
an
implementation
of
this.
Then
conforming
processors
must
produce
errors
when
non-conforming
documents
are
consumed.
A
Okay,
so
this
is
a
shim
now
the
conforming
processor
is
the
shim,
because
that's
what
this
shim
does
is
any
algorithm
realized
as
software
and
or
hardware
that
generates
or
consumes
a
conforming
document.
That's
the
shim.
This
specification
makes
no
normative
statements
with
the
regards
to
okay,
so
this
is,
and
so
let's
take
some
notes.
A
A
A
A
A
A
A
A
B
A
Don't
know
it
doesn't
have
to
be
freedom,
preserving,
it
only
has
to
be
privacy,
respecting
because
the
robot
will
go
read
it
because
we're
going
to
make
it
do
that,
so
it
better
only
read
things.
That's
that's
also
why
we
have
our
origins,
input,
origins
and
we
have
the
ability
to
do
thorough
input
validation.
A
So
we
can
filter
these
things
out
from
the
there
was
some
recent
work
done
where
people
said
that
you
could,
by
slipping
some
specific
training
data
into
a
training
data
set,
you
could
you
could
you
could
basically
get
it
so
that
when
it
did
inference
every
once
in
a
while,
it
would
just
give
this
really
wacky
answer
right
and
that
really
wacky
answer
could
be
used
to
could
be
used
to
wait.
Is
this
working
okay?
It
is
working.
B
B
A
A
A
That
is
not
helpful
right.
So
if,
if
there's
something
that
exists
like
if
these
dids
conform
perfectly
and
these
verifiable
credentials
conform
perfectly
we're
not
going
to
invent
anything
new,
we
don't
want
to
invent
anything
new
right.
We
I
mean
we
want
to
tie
together
as
many
things
that
exist
as
possible
to
integrate
anything
easily
right,
like
that's
sort
of
what
we're
going
for
here
right
when
we
want
to
integrate
anything
very
easily
right
and
then
what
we're
going
to
do
with.
A
A
And
and
so
event,
essentially,
what
you
end
up
with
this
is
this
like
shared
communication
right
and
this
shared
communication
through
this,
this
this
language
of
intent
and
and
and
we
can
basically
because
we
have
this
granular
level
of
of
understanding
right,
because
we
have
complete
visibility
into
the
data.
That's
going
into
this
web
of
devices
that
accept
the
provenance
as
the
the
understanding
that
something
is
following
a
strategic
plan
to
the
best
of
its
abilities.
A
As
is
able
to
you
know,
based
on
the
propagation
of
those
plans
through
the
network
of
the
devices
that
it's
communicating
with
right,
it's
like
sort
of
the
best,
it's
the
it's
the
best
you
can
do
basically
like
you're
doing
your
best
you're
doing
the
best
you
can
right.
Like
you,
you
know
like
it's.
It's
just
you
know
it's!
A
It's
the
acceptance
that
it's
not
going
to
be
perfect,
but
as
long
as
you
know,
as
is
it's
it's
the
acknowledgement
that
I'm
going
to
do
what
I
I'm
going
to
tell
you
what
I'm
doing
and
I'm
going
to
tell
you
that
you
know
I'm
going
to
do
it
to
the
best
of
my
abilities.
Right
as
a
device
right
and
and
you're
able
to
then
see
that
and
say,
okay
so
looks
like
you
are.
A
I
can
see
your
pro
pro
with
your
attestation
information
right
and
then
you
know
what
so
what
what
data
you
got
right
and
but
that's
like
so
in
this
edge
case
right
so
and
if
we
to
detect.
So
that
means
that
we
can
detect
one
of
these
devices
because
the
devices
attest
to
each
other
in
order
to
communicate,
and
you
can
say,
hey
other
device,
I
don't
I
don't.
I
don't
think
I
want
to
give
you
that
information
right.
If
I
detect
that
you're
operating.
A
Some
software
on
there
that
doesn't
assure
me
that
you're
gonna
follow
your
privacy
policy
right
or
you're.
Gonna
follow
your
freedom
policy
in
this
case
right,
and
so
if
you
say
that,
if
you're,
if
you're
gonna
hand,
so
basically
you
get
to
define
your
own
privacy
policy
right
and
you
get
to
say,
I
don't
give
my
data
to
devices
that
don't
adhere
to
my
privacy
policy,
my
definition
of
a
privacy
policy
right
and
well.
What
is
your
definition
of
privacy
policy?
A
That's
your
own
creation
of
these
data
flows,
which
we're
going
to
have
you
know
this
intuitive
interface
to
create
via
basically,
you
I
mean
you're,
going
to
be
able
to
drag
and
drop
or
you're
going
to
be
able
to
literally
just
talk.
The
goal
is
to
be
able
to
talk
and
just
describe
what
you
want
to
happen
right
and
or
you
can
then
come
together
as
groups
of
people
and
say
hey,
you
know,
and
these
are
the
strategic
plans
this
is
like
you
can
say
you
can
say.
Basically
hey.
A
A
What
do
I
want
to
give
my
data
to
right,
and,
and
and
so
basically,
when
your
device
is
making
an
api
call
through
another
device,
it
can
say:
hey
hold
up,
hold
up
right
first
off
it
does
this
handshake
and
it
says:
well
what
kind
of
device
are
you
and
if
that
device
reports
back,
you
know
it
has
to
basically
for
me
to
for
my
device
to
talk
to
it
at
all.
It
better.
Tell
me
you
know
it
better.
A
If
I
you
know,
basically
we
can
have
this
full
transparency
and
visibility
into
these
systems
and
say:
okay,
like
we
know
that
you're
not
doing
anything
that
you
didn't
tell
us
about
up
front,
because
we
have
the
the
attestation
information
that
maps
to
the
actual
code
that
you
executed.
So
we
know
that
you
didn't
execute
any
funny
business
right,
and
so
the
nice
thing
about
this
and
the
reason
why
we
want
to
put
all
of
this.
On
top
of
this.
You
know
this.
A
This
uniform
application
layer
protocol
in
terms
of
these
dids
is
then
we
can.
You
know,
work
together
with
our
friends
also
via
these
shared
protocols
to
say
you
know,
and
when
I
say
our
friends
this
could
be.
We
could
be
a
little
agent,
that's
going
and
running
some
machine
learning
jobs
right.
We
we
can
share
the
information
that
that
we
have
on
the
people
collecting
the
data,
and
we
can
say-
and
we
can
say,
hey
you
know,
does
it
look
like
their
activities?
A
If
we
look
at
maybe
like
news
stories
or
something,
does
it
turn
out
that,
like?
Yes,
they
have
this
attestation
by
maybe
a
third
party,
like
maybe
something
says
it's
organic
right
and
you're
like
okay.
This
is
great.
It's
organic,
I'm
gonna
buy
this
thing
right.
I
want
to
be
healthy
right
and
so
I'm
going
to
eat
organic
food,
and
then
you,
you
turns
out
that.
Well,
actually,
you
know
this
is
just
some
kind
of
chill
organic
certification
thing.
A
This,
like
this
one
company
that
happens
to
be
like
the
cert,
because
they
all
say
certified,
buy
right
and
then
there's
some.
You
know
top
level
governing
body
there
right
and-
and
you
happen
to
get
the
one
that
that
happened
to
be.
You
know
they
were
somehow
just
just
scamming
by
and
nobody
had
checked
on
them
for
a
while
and
they
weren't
actually
doing
anything
right,
and
so
it
turns
out.
A
This
thing
is
full
of
pesticides
right,
and
so
you
know
this
in
in
this
event,
this
is
why
you
know
it's
this
dynamic
protocol
and
it
basically
is
this
queryable
on-demand
thing
right.
Where
and
customizable
data
sources,
where
you
can,
you
can
supplement
that
whatever
data
you
need
right
and
that's
our
definitions
and
our
and
our
in
our
and
those
input
parents
which
was
basically
we're
going
to
turn
the
definitions
into
the
parent
objects
and
we're
going
to
be
able
to
track
the
lineage
of
any
any.
A
You
know
piece
of
data
and
then
we're
going
to
be
able
to
also
you
know,
create
new
pieces
of
data.
That
basically
say
you
know,
because
basically,
what
you
can
do,
what
you
can
do
is
you
can
just
do
the
reverse
if
you
needed
to
map
something,
if
you
needed
to
have
like
this,
this,
like
you
can
just
you
can
basically
say
hey.
A
You
know
if
I,
if
I
want
to,
if
I
want
to
say,
let's
see,
okay,
so
basically
what
we
can
do
is
we
can
say
hey
if
you
read
any
specification
right
and
we'll
know,
whenever
we
parse
specification,
we'll
it
will
create
an
input,
object
that
says:
hey.
There
was
a
spec
right
and
that's
the
definition.
There's
an
input,
object
created
of
type
spec
right
and
we
can
say
anytime
you're.
A
Looking
at
a
specification
because
a
specification
defines
the
way
you're
going
to
communicate
with
other
devices,
so
only
use
specs
that
say
that
they
are
freedom
and
privacy
respecting
right
and
don't
use
any
code
that
is
not
implementing
a
protocol
based
on
a
spec
that
hasn't
been
shown
to
be
freedom
and
privacy.
Preserving
and
then,
when
you
see
in
the
spec
for
like
the
like
the
organic
thing,
who
confirmed
that
this
is
previous
freedom
and
privacy
preserving
well
mitigation,
one
asked
daniel
mitigation.
A
2
ask
matt,
so
these
are
going
to
be
our
organic
association.
People
they're
going
to
be
the
ones
who
can
tell
us.
You
know
these
are
the
experts
that
we've
identified,
that
we
can
trust
that
we
can
say
hey.
You
know,
does
this
thing
conform
to
what
it
says
it
does?
You
know
this
is
our
in
in
absence
of
an
attestation
where
it
proves
that
it's
freedom
and
privacy
preserving
then
we
need
to
have
this.
You
know
third
party
vetting
system,
and
I
think
somebody
was
talking
about
this
recently
yeah.
A
I
think
it
was
yeah.
Marcella
marella,
I
think,
is
her
name
and
she
is
working
on
some
secure,
compute
stuff,
and
she
was
saying
something
about
you
know
in
toto
and
how,
in
toto
she's
doing
some
cool
work
where
she's
gonna,
I
think
she's
gonna
upstream,
to
both
in
toto
and
salsa,
and
she
was
saying
something
about
this,
this
this
concept
of
these,
these
third-party
verifiers
right-
and
this
is
also
something
that
we've
been
having
the
discussion
about
in
like
the
the
cbe
space
right,
where
it's
like
well.
A
Well,
what
more
information
needs
to
be
added
to
these
cves
right
and
and
it's
the
same
thing
that
you
have
when
you
get
into
the
s-bomb
and
these
these
these
package
repositories
with
the
namespaces?
What
you
end
up
with
is,
is
you
really
just
end
up
with?
What
do
I
need?
I
need
this
constant
can
link
thing
to
this
new
system:
new
namespace,
whatever
right,
okay.
So
what
we're
saying
here
is
just
use
the
did,
everything's
just
a
link
to
a
link
to
a
link
just
make
another
link.
It's
just
like
the
input
networks.
A
A
A
A
Yeah
and
then,
basically,
obviously
so
we're
going
to
map
the
specs
to
programs
and
then,
basically
you
know
alice,
don't
don't
don't
don't
write
any
code,
that's
good,
because
what
alice
is
going
to
end
up
doing
everything
is
an
integration
problem
right
at
this
point
I
mean
so
basically,
what
we're
working
on
is
everything
is
an
integration
problem
and
then,
beyond
that,
we
we
start
to
get
to
well.
How
do
you
create
new
things,
and
how
do
you
create
new
things
needs
to
be
somehow
more
based
on
this
like
well
idea
of
what?
A
What
are
you
really
trying
to
do
here,
because
or
else
we
risk,
you
know
what
we
want
to
do.
Is
we
want
to
solve
specific
problems
right
and
and
and
address
problem
statements
we
don't
want
to
just
sometimes
we
just
write
a
lot
of
code,
because
writing
code
is
fun,
but
you
know
the
less
code
we
write
the
better
and
just
because
then
we
can
get
more
done
right
because
we're
now
writing
all
the
same
code
in
different
ways.
A
Different
places
we're
all
just
writing
specific
little
pieces
of
code
that
do
specific
things
and
we're
using
our
domain
specific
expertise.
You
know
in
the
most
efficient
way
possible,
and
then
you
know
eventually,
maybe
we
see
if
alice
you
know,
via
training
models
and
stuff
can
get
good
at
those
domain.
Specific
piece,
expertise
areas,
but
for
now
we're
just
really
assisting
people.
A
A
A
Okay,
so
this
is
good,
so
this
is
great.
This
is
great,
so
we're
probably
going
to
want
this
because
we're
about
to
grab
random
code
off
the
blockchain
and
execute
it,
so
we
should
definitely
know
where
it's
coming
from
and
and
trust
that.
So
I
mean
obviously
within
reason
here:
we're
not
grabbing
random
code,
we're
grabbing
the
prototypes,
basically,
the
function
prototypes
and
how
they're
knit
together.
Nevertheless,
it
would
be
really
good.
What
is
this?
A
A
A
A
Review
system
did
jobs
complete
so
when
we
get
to
the
part
where
we're
going
to
start
throwing
these
jobs
at
kcp,
we're
going
to
want
to
understand
we're
going
to
run
we're
going
to
run
kcp
in
this
multi-cluster.
So
I
don't
quite
know
what
their
threat
model
is
because,
but
I
know
I
have
a
strong
feeling.
A
A
A
That's
a
collections
user
list
which
is
a
sub
subclass
of
of
the
regular
list
effectively,
and
so
basically
it
acts
as
like
this
transparent
proxy.
For
the,
for
you
know
a
list
of
treating
of
a
list
of
source
objects
as
if
it
were
one
source
and
so
that
it
does
the
transparent
ex
iteration
over
records
and
updating
of
update
and
updating
a
record
with
update
and
pulling
a
record
with
record
and
we've
had
some
issues
with
that
will
be
solved
with
some
of
this
stuff.
A
We're
still
gonna
have
to
that
one's
gonna
take
some
more
heavy
lifting.
That
was
the
only
one
that's
designed
like
that.
But
the
point
is
this
open
search
stuff,
so
review
system
did
jobs
complete,
so
we
need
to
understand
okay.
So
let's
make
a
note
about
the
trust
boundary
trust
boundaries
need
to
check
here.
A
Someone
needs
to
look
at
kcp.
I
highly
doubt
that's
that
I
highly
doubt
it
is
out
of
the
box.
That
would
be
really
nice,
though
that's
okay,
we
can
always
just
you
know.
We
have
other
ways
of
doing
things.
We
can
always
make
proxies
so
like
to
filter
over
the
api
server,
because
we're
basically
going
to
use
kubernetes
as
the
orchestration
for
every
we're
going
to
use
kubernetes
for
everything
so
or
well
kcp
for
everything.
So
the
api
server
is
what
we're
going
to
use.
A
A
That's
what
we're
gonna
do
and
then
this
is
allows
you
to
build
your
web
of
trust
sort
of
thing,
but
where
the
edge
like
the
pieces
of
data
or
all
these
blobs,
instead
of
having
to
actually
add
signatures
to
things
unless,
unless
I'm
mistaken,
on
how
this
all
works,
but
we're
just
going
to
implement
it
and
then
find
out
so
well.
Okay,
we're
going
to
do
a
lot
of
research!
Obviously.
A
A
Issue
and
state
expiration
date
expiration,
and
what
is
this
verifiable
credential
and
what
was
it
outfit
association?
So
this
doesn't
look
like
this,
so
so,
basically,
where
that
open
asset
station
thing,
we
need
to
go.
Look
at
the
rest
of
these
vc.js,
see
that
looks
nice
and
lightweight
that
that
name
suggests.
I
am
a
nice
little
javascript
library,
let's
see,
and
so
it
is
so
it
is.
The
name
does
not
lie
short
sweet
to
the
point.
Well
written.
A
B
A
A
A
A
A
A
set
of
one
or
more
claims
made
by
an
issuer,
a
verifiable
credential,
is
a
ca
tamper,
evident
credential
credential
that
has
authorship
that
can
be
creative
graph,
cryptographically
verified
verifiable
credentials
can
be
used
to
build
verifiable
presentations
which
can
be
cryptographically
verified.
The
claims
in
a
credential
can
be
about
different
subjects.
A
A
The
claim
is
a
statement
about
a
subject.
A
subject
is
a
thing
which
claims
can
be
made.
I
think.
Okay,
that's
a
key
value
relationship
claims
are
expressed
using
subject:
property
value
relationships,
okay,
so
this
is
a
key
value
relationship.
So
basically
we
have
a
key
value
mapping.
So
what
can
we
do
with
the
key
value
mapping?
Well,
basically,
everything
we
can
do
everything
we
need
to
encode
a
data
flow.
That's
for
sure
the
individual
claims
can
be
merged
together
to
express
a
graph
of
information
about
a
subject.
The
example
shown
from
figure
four.
A
This
is
perfect.
This
is
perfect,
so
this
is
this.
Is
this
is
exactly
what
we
needed
all
right.
Let's
hope
we're
gonna
hope
that
daniel
says
the
government
is
not
out
to
get
us
on
this
one
and
then
we're
gonna,
ask
matt
and
we're
gonna
say
matt.
Does
the
crypto
look
like
the
government
is
not
out
to
get
us
on
this
one
and
then
we
will
sleep
soundly
I
mean
I
think
it
looks
good.
It
looks
good
to
me,
but
I
mean
the
least
we
can
do
is
have
three
people
look
at
it.
A
A
A
A
A
A
All
we
really
need
to
do
is
get
this
into
a
format
that
we
know
is
conformant
and
then
we're
going
to
work
from
there
and
then
we're
going
to
rope
people
in
that
know
this
section
of
it
and
and
can
give
us
some
more
guidance
or
we'll
we'll
figure
this
out
next
after
we
we
can
encode
the
claims.
No,
we
shouldn't
do
that.