Meeting minutes
phila: ok, lets get underway
… we're still kind of in a rebooting (rechartering) of the group
… and this is the first time I've chaired a meeting under a new charter
… I'd like to ask people who we haven't heard from before to introduce themselves
… I'll also introduce myself
… I've been at GS1 for over 9 years. before that, I was at W3C over 8 years,
… I worked on mobile web, other data standards, looked after the Semantic Web suite and some other things
… I've chaired various groups, most recently RDF Canonicalization group I cochaired with Markus Sabadello
… when I chair like this, I will do my best to be a neutral independent chair
… if I need to switch my hat to a GS1 representative, I will say so
… but will do my best to stay neutral
… are there any others in the group who want to introduce or re-introduce themselves?
Elnar: (no irc nick I think) hi everyone, this is my first time joining this call
… I come from a company called Realize (sp?), we work on biometric solutions
… we recently became members of the VC WG, in order to work on VC Confidence Method, specifically related to biometrics
… hopefully we'll be able to help out there and push the topic forward
… since we have natural interest in that area
Scott: (no irc nick) Hi, I'm a colleague of Elnar,
… collaborating on privacy preserving client side biometrics
… excited to be part of this group
phila: ok, lot to get through
… I'd like to go through the Task Forces
… lets start with -- Scott and Elnar mentioned they're interested in Confidence Method, lets start with that
Task Forces
Confidence Method
JoeAndrieu1: main think we did at the Confidence Method Task Force is to choose a meeting cadence
… every other week, starting next week
… on Weds
<DPPSusanne> Yes, sorry, was not able to unmute fast enough. I introduced myself last time. I am here to work on the DPP vocabulary.
ivan: I added it to the calendar, made it every week by accident. should we change it to every other week?
JoeAndrieu1: let's change it, make sure people don't show up by accident
phila: thanks Joe. One question -
… how far are you away from seeking wide review, for the Confidence Method?
JoeAndrieu1: pretty far. we don't have yet the spec text the meat of the spec of various methods. we still need to write up the biometrics method, etc. we have the framework
… and we do have the question of -- evidence vs Assurance Level vs Confidence Method
… so that the group can help decide terminology
phila: should we set aside one of these meetings to decide on that?
JoeAndrieu1: yes? I'm not sure how much time it will take
phila: it's making good use of the time, allowing the meeting to be genuinely useful to everyone
… like, today is for generally orienting everyone
… but like you said, we should specifically add it to an agenda
render Method
dmitriz: Regarding VC Render Method
dmitriz: I'm not sure we've set new meeting cadence, we're working on the broad categories of the render methods.
dmitriz: We have an iframe/sandbox method, talking about general purpose template substitution method is useful or not, or if iframe supercedes it.
<PatStLouis> +1
dmitriz: Discussing what to do with OCA proposed method and one other existing one. Ongoing work, not sure how close we're to asking for broad review. Would like to do it sooner than later...
phila: Don't have to ask all the groups at the same time.
phila: You could ask groups sooner rather than later.
phila: one issue that came up yesterday in one of the TFs is the security issue
… whether every one of our specs needs a regular Security Considerations section
… OR if we can write one Thread Modeling document, and point to it
… I'm hoping we can do that latter one
… I've already sent an email to Simone, Security Lead at W3C staff, let's see what happens
… I'd like to invite him to one of these future meetings to possibly answer that
<PatStLouis> how do I get on the queue?
phila: that raises the question - who's going to write the Threat Model?
… I'm initially thinking Joe, but he's busy with Confidence Method
ivan: one step at a time...
PatStLouis: just wanted to chime in, Dmitri mentioned an OCA render method, that was my one proposal,
… last thing to discuss was - do we want to define an OCA specific thing in Render Method, or whether it fits into a broader method category
… so we still would need to discuss that
phila: should that be a full WG discussion, or start with the TF?
patStLouis: we can start in the task force, yes
JoeAndrieu1: I'm happy to help out with the Threat Modeling stuff
… however I will at least need a domain lead on each of the specs. since they each need their own threat model
… what Simone and I have been trying to figure out (this and the DID work are tough litmus tests) -- within a set of related specs, how do you reconcile that
… individual threat models vs a monolithic threat model
… so, I'm happy to be an overall editor, but will need individual domain experts
ivan: that worries me slightly, as a general problem (and I'm not sure if it's something you can comment on)
… it looks like the Threat Modeling approach, for security, it's still in the process of forming
… (like, you mentioned you're still working with Simone on it)
… and we have 12 or 13 docs in this WG to go through
<JoeAndrieu1> https://
ivan: so I feel a little bit uneasy for this WG being the experimental subject, for this new process
… we already have our hands full as it is
… could we get away with just using the old method, of Security Consideration sections?
… while the Threat Modeling approach is being worked out?
JoeAndrieu1: I know change is hard, and every transition is going to feel like this
… I have to endorse Simone's perspective and experience -- seeing these Security Consideration sections, it's hard for reviewers to fully overview
… that's what we're trying to address, to have it be a higher value security review
JoeAndrieu1: if we at all can, we shouldn't refuse this opportunity
manu: I agree, we should transition to the Threat Modeling approach
… Joe, I'm not sure if you saw my email to the security mailing list, asking -- if we're doing a Threat Modeling doc, do we ALSO need a Security Considerations section?
… does a Threat Model meet the horizontal review reqs?
… Simone responded, but it's unclear.
… so, I'd like to assert -- I want us to write a Threat Model, and when we go to horiz review, neither Security nor PING should also ask for a Security Considerations
phila: that's my concern too
… with so many docs in flight (which is a good thing) -- if we have to write one or more Threat Model docs before we write other ones, that's a lot of work
… but on the other hand we want to avoid copying and pasting
… so, we do need that answer for Simone
JoeAndrieu1: haha yes sometimes it's confusing
… my understanding is -- from SING's perspective, you COULD simply have a Security Consideration section "go read the Threat Model"
… I think it's more readable, for people reading the spec, if we contextualize that "go over there and read" a bit, with some paragraphs
… like, mention tamper evidence with VCs, etc
… I don't think there's a bottleneck, with the Threat Model docs
… that's how we're dealing with it in the DID WG
… so that will hopefully provide an example
… other thing to add - I have JSON-ified the presentation layer in our DID Resolution Threat Model,
… and we'll have a repo of that, which we can use as template
… for consistent look and feel
… what we DON'T know is whether or not PING will accept privacy considerations in the format of a Threat Model
… we think that the Threat Modeling guide can encompass privacy threats, but I haven't confirmed with PING yet
… I'm hoping that if we go into the Threat Modeling doc with both Security and Privacy in mind, we can cover both
phila: SING is the Security Interest Group, PING is Privacy Interest Group
manu: the other question is - can we put the Privacy Threat Model as an appendix?
… or do we need like 20 different separate documents (which could get out of control)
JoeAndrieu1: yes, absolutely. (when I made a sample Threat Model for the web as an example, I was shocked how long it became). But, an Appendix is a reasonable approach, it does not need to be a standalone note
manu: I think we should, in the threat model, tag some threats as Privacy Threats, and then treat that as our Privacy Considerations section
<JoeAndrieu1> +1 to advance that proposal to PING
phila: I think you're right
… that's partly why I'm constantly asking for wide review -- because it takes so long, to get the ball rolling
… thank you. I will follow up with Simone
phila: ok, let's move on, I want to hear from other Task Forces
VCALM
PatStLouis: I want to preface this by -- this is my first time being actively involved in W3C VC WG standard process. I've observed from outside, but welcome guidance and tips
phila: guidance: RUN WHILE YOU CAN
PatStLouis: ok, we had a good discussion yesterday
… about the state of VCALM
… a review of how the spec has been progressing
… we voted on presenting a First Public Working Draft (and it was unanimous), but we want to vote here on the wider group
phila: do you prefer Patrick or Pat?
PatStLouis: Patrick
phila: thanks Patrick. Next one: Barcodes
Barcodes and Data Integrity
phila: would that be you, Elaine?
Elaine: that is me -- yes, that's me and Wes
… we'll do a poll on whether a different meeting day might be better
… the draft is in good shape.
phila: to come back to what Patrick was just saying -- I'm well aware that both VCALM, Barcode and Data INtegrity task forces want to publish FPWDs
… for input documents
… ideally, what would happen now is that the full group would have a week at least to take a look at those documents
wes-smith: wrt readiness of wide review of the Barcode Spec -- the majority of the doc is ready for wide review, but there is one significant feature that the group needs to decide on,
… and that's whether (and how) to add a Quantum-Resistant feature to the spec
… the rest is just polish
phila: you should submit for wider review anyway. (once you submit, you won't hear for 8-12 weeks, so it might make sense to kick it off early)
wes-smith: ok, that's good to know. I'm not sure about right now, but we'll kick it off when the end is in sight
phila: right, so, there's various TF resolutions to public input docs from the CCG as FPWDs
… generally speaking, what would happen in such a transition is - this group would have at least a week to look at the docs,
… these publications, although they're driven by a relatively small group of people working on the doc, they're made in the name of the full group
… so whether or not your name is explicitly on the doc, as a participant of the WG, you're tied to the documents
… so I think it's particularly important on various transition milestones (FPWD, CRs, etc) -- it needs to be a full WG decision
… the reason I'm happy to shortcut this, in this particular case -- the docs we're talking about have been public for a very long time
… they've been published by the CCG, they've been in the charter, etc, for a long time
… so it's not like it's new text that just came into being
… so, if we don't decide to publish FPWD, it'll be May before it happens
… I'm well aware that if you're in a group like this, it's easy to be intimidated (lots of middle aged men, native speakers, strong opinions)
… especially if you're a person who's naturally client. you may be wondering "can I argue with people?". Answer: yes, you can, please do
… we will do everything we can to make you feel comfortable
… the person with the loudest voice does not necessarily know more than you
… please know that it's safe to make your opinion known, nobody is going to laugh or denigrate you. that's absolutely not how we work, and we wouldn't put up with it
PatStLouis: thank you for saying that. as somebody who's used to be very quiet in social settings, it's hard to voice your question, but many people will benefit from it
… so, it resonates a lot
phila: thanks. So yes, whatever your background, if you have a question, just q plus in the chat
… we want to hear from you
… the Code of Conduct is there, but it's also deeper than that. your view is important.
… ok, so, by publishing these docs as First Public Working Draft, that's a statement from everyone, from the whole group
… my proposal (due to the fact that these docs have been out there for a long while now) is to accept these as input docs
… any comments?
manu: thanks Phil, I'm very much aligned with everything
… the other thing I want to make clear -- we don't have to agree with everything in FPWDs
… it's just a statement "hey this is the general direction we're going with, what does the wider world think?"
… but doesn't mean we agree with every word or sentence in there
<PDL-ASU> +1 to the working draft being a statement of intent, not formal agreement
ivan: to go into details on FPWD publication thing
… for the Barcode doc, the title says "v.0.8"
… I think we should publish it as v1.0
… in my view
… VCALM is fine, it's already 1.0
… in both docs, we have to decide on the "shortname"
… we have already shortnames "vc-barcode" and "vc-vcalm"
<manu> not vc-vcalm -- just vcalm
ivan: er sorry, just "vcalm"
… but I wonder if we should include the version number in the shortname
<manu> not "vc-barcode" ... "vc-barcodes" :)
ivan: I realize that previously, for 1.0, we had version-less shortname. and I want to avoid that
<Zakim> manu, you wanted to agree with ivan (probably)
manu: +1 to ivan's suggestions, we should have a dash version number in the shortname
<phila> PROPOSED RESOLUTION: The WG endorses the resolutions passed by the barcodes and data integrity task force, and the VCALM task force (see https://
manu: I want to make sure we get the shortnames right. it's "vc-barcodes" with an s, and "vcalm"
phila: given what you just said, do you want to amend the text of the resolution?
… ok, manu or ivan, please create the text for the resolution that includes the shortnames
… next, I want to talk about a new subgroup/task force, about Vocabularies
Entity Recognition
phila: oh but first let's talk about Entity Recognition TF
… there was a long discussion about the task force name itself. (and the document title, and the Shortname)
… we're not quite ready, still discussing
ivan: just reminding - we have a resolution from the Barcode Group, about the DI and Cryptosuite publishing
… we have to have separate explicit resolutions for each doc
phila: right, that's the bit manu is working on
Vocabulary
phila: ok, so I want to talk about the yet-to-be-formed Vocab TF
… several people joined W3C to work on that
… Susanne, plus some other people not on the call currently,
… Susanne, do you want to say a few words?
Susanne: thank you. what we need is to put together a base Passport vocabulary
… for various products, certificates
… Digital Product passport
… and conformative credentials
… derived from Digital Product Passport
… we have restrictions from all over the world
… VCs luckily became one of the formats that Digital Passports can be issued in, so we need to work out the vocab / semantics
phila: one of the people in the Entity Recognition TF was Steve Capell, who was the leader in the UN protocol work
PatStLouis: so the UNTP spec already has some terms / vocab for related things
… is this something we want to redefine at W3C, or can we reuse UNTP? Or give to UNTP to publish?
… basically, I don't want to split the work
… or step on toes
Susanne: I've also been working with UNTP for the past few years. The only home we had for VCs for Digital Passports was UNTP for a while,
… of course we don't want any divergence between us here and UNTP
phila: agreed. I want to point to an example of your concern being addressed (the thing you're worried about DIDN'T happen)
… and that's the https://
… what it says is "use Dublin Core" or similar existing vocabularies, and only define new things
… so that's my expectation here too. what the W3C work will say is "you see the existing UNTP work, use that"
phila: the other thing I want to ask people about is --
GDC 2026
<phila> https://
<JoeAndrieu1> maybe
phila: is anyone going to GDC 2026 in Geneva in Sept?
Susanne: is that the Identity Conference?
phila: it's the Global Digital Collaboration conf, lots of work on wallets, credentials, etc
<PDL-ASU> Maybe - I went to the first. Still determining if I can make the next.
phila: it was in July last year
<Elaine> I may or may not.
Susanne: I'm not sure, I will look
phila: ok, just wanted to mention it, it looks important
JoeAndrieu1: it was pretty amazing last years, lot of perspectives from parties around the world
… I have a potential conflict, so I'm a 'maybe' right now
Resolutions
phila: ok, let's talk about the resolutions, over to ivan and manu
<PatStLouis> +1
<manu> PROPOSAL: Publish the VC API for Lifecycle Management v1.0 specification (https://
<KevinDean> +1
phila: these are the things that were passed by the relevant Task Forces yesterday, so this is to ratify
<PatStLouis> +1
<dlongley> +1
<denkeni> +1
<manu> +1
<ivan> +1
<TallTed> +1
<smccown> +1
<phila> +1
<DPPSusanne> +1
<JoeAndrieu1> +1
<kezike> +1
<JennieM> +1
<PDL-ASU> +1
<Wip> +1
<dmitriz> +1
<wes-smith> +1
phila: thank you, manu, consider that one done!
RESOLUTION: Publish the VC API for Lifecycle Management v1.0 specification (https://
<manu> PROPOSAL: Move the Verifiable Credential Barcodes v1.0 specification https://
<PDL-ASU> +1
<DPPSusanne> +1
<dlongley> +1
<ivan> +1
<TallTed> +1
<denkeni> +1
<smccown> +1
<manu> +1
<phila> +1
<JoeAndrieu1> +1
<PatStLouis> +1
<Parth> +1
<dmitriz> +1
<kezike> +1
<wes-smith> +1
<KevinDean> +1
<JennieM> +1
<Wip> +1
phila: as always, don't feel pressured on this, speak up if dont agree
RESOLUTION: Move the Verifiable Credential Barcodes v1.0 specification https://
<manu> PROPOSAL: Publish the Verifiable Credential Data Integrity v1.1 specification (https://
<PatStLouis> +1
<ivan> +1
<dlongley> +1
<smccown> +1
<TallTed> +1
<denkeni> +1
<PDL-ASU> +1
<dmitriz> +1
<Parth> +1
<phila> +1
<kezike> +1
<manu> +1
<JoeAndrieu1> +1
<JennieM> +1
<Wip> +1
<wes-smith> +1
<DPPSusanne> +1
RESOLUTION: Publish the Verifiable Credential Data Integrity v1.1 specification (https://
phila: thank you, that's unanimous votes for all those.
<PDL-ASU> wohoo!
phila: one more thing - on the vocabulary work, GS1 does have a position on that, and a colleague will join to work on that (so that I can remain neutral)
phila: ok, we have just resolved to publish a whole lot of FPWDs, thank you all!
… new publications, based on the new charter. we've hit the ground running
… thanks everyone!