Hi all,
I noticed in https://trustvc.io/news-updates/upgrade-required-oav3-documents-before-15-may-2026-what-platform-owners-must-do that there was some confusion around using contexts in JSON-LD. It seems that prior to v2.12.1 trustvc was retrieving contexts at runtime (and maybe not even caching them?). This is generally bad practice for any networked information system, so the change y'all made in TradeTrust/tradetrust#27 is the right approach but should be extended to all contexts, not just the ones that have disappeared.
Contexts are analogous to package dependencies in NPM (or other). Consequently, for any system dependent on them being stable they should not be retrieved often. Instead, the context files should be cached/stored/kept in relation to their identifiers within any system that depends upon them.
Different communities have different policies and provide different stability around the lifecycle of the contexts, but generally speaking you should change their values in your application rarely (dependent on upstream changes) and confirm that they match some hash (or other validator) of the upstream source (so that you know you're both saying the same things when you say https://...).
So, the work done in TradeTrust/tradetrust#27 is great! But keep it going! Otherwise the running code is dependent on the network (and the other servers!) more than it ever should be.
FWIW, the JSON-LD Working Group is actively working to dispel the assumptions being made around this problem and make the guidance more obvious in the specifications. If you'd like to join the WG, we'd love to have you participate: https://www.w3.org/groups/wg/json-ld/
Cheers!
🎩
Hi all,
I noticed in https://trustvc.io/news-updates/upgrade-required-oav3-documents-before-15-may-2026-what-platform-owners-must-do that there was some confusion around using contexts in JSON-LD. It seems that prior to v2.12.1 trustvc was retrieving contexts at runtime (and maybe not even caching them?). This is generally bad practice for any networked information system, so the change y'all made in TradeTrust/tradetrust#27 is the right approach but should be extended to all contexts, not just the ones that have disappeared.
Contexts are analogous to package dependencies in NPM (or other). Consequently, for any system dependent on them being stable they should not be retrieved often. Instead, the context files should be cached/stored/kept in relation to their identifiers within any system that depends upon them.
Different communities have different policies and provide different stability around the lifecycle of the contexts, but generally speaking you should change their values in your application rarely (dependent on upstream changes) and confirm that they match some hash (or other validator) of the upstream source (so that you know you're both saying the same things when you say
https://...).So, the work done in TradeTrust/tradetrust#27 is great! But keep it going! Otherwise the running code is dependent on the network (and the other servers!) more than it ever should be.
FWIW, the JSON-LD Working Group is actively working to dispel the assumptions being made around this problem and make the guidance more obvious in the specifications. If you'd like to join the WG, we'd love to have you participate: https://www.w3.org/groups/wg/json-ld/
Cheers!
🎩