W3C

Verifiable Credentials Working Group Telco

17 June 2026

Attendees

Present
Benjamin Young, Carolynn Bernier, Dave Longley, Dmitri Zagidulin, Elaine Wooton, Hiroyuki Sano, Ivan Herman, Ivo Ladenius, Jennie Meier, Joe Andrieu, Kevin Dean, Kayode Ezike, Manu Sporny, Michael Shea, Phillip Long, Phil Archer, Sebastian Schmittner, Ted Thibodeau Jr., Ted Guild, Wesley Smith
Regrets
Brent Zundel
Chair
Phil Archer
Scribe
Phillip Long

Meeting minutes

Phil Archer asks for intros

Hiroyuki Sano - introduced last time

Reflections on F2F

Phil Archer: f2f meeting brought people together working toward a common goal. Biggest takeaway.

Manu Sporny: Wesley Smith to talk about forgery defense to Wes.

recognized Entities TF

Manu Sporny: recognized enitities - good discussion, including a threat model for that spec. Developed a threat model with many use cases making sure the GS1, UNECE and the rest are supported

Manu Sporny: how to achieve that remains.

Manu Sporny: won't go to a CR without concrete solutions that work for all concerned

Manu Sporny: Threat modeling as it applies to recognized entities spec. We are appoint a single person to put together a cohesive threat model draft. The Data Flow Diagram needs updating, and all threats addresses with cross-linking

<Manu Sporny> w3c/vc-recognized-entities#83

Manu Sporny: will be in CR as a result of TPAC

Joe Andrieu: on the diagrams please change the shapes of things for accessibility reasons

Manu Sporny: tried it but it didn't looked good. What is our symbology for these diagrams?

<Joe AndrieuAndrieu> https://w3.org/TR/threat-modeling-guide

<Ted Thibodeau Jr.> a11y will ding us for the "color is your only clue" ... as I flagged yesterday

Manu Sporny: used Google Draw

Phil Archer: Manu Sporny's approach likely will be trend setting for diagramming

Joe Andrieu: should have a uniform language

VC Forgery Defense

Wesley Smith: Forgery defense - talked about next steps in F2F. Best thing to do publish this forgery defense as a separate specification. Want to discuss this proposal publishing forgery defense of a stand alone doc and puiblish it

Phil Archer: is it a rec or note?

Wesley Smith: it's a req by intent

Ivan Herman: we can do that. When we do it we should present it and sell it to the outside world that it's under the quantum safe crypto suites

Phil Archer: do we do working draft vote today?

Wesley Smith: wants to run a proposal to adopt the document formall and run the FPWD

phlla: hoping to copy Manu Sporny's style for the threat model as Wesley Smith has done great work on it.

<Wesley Smith-smith> Suggested proposal: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", adopt this document in the group (under the VC Barcodes and Data Integrity task force), and publish this document as a first public working draft.

<Wesley Smith-smith> +1

<Dmitri Zagidulin> +1

Phil Archer: the proposal includes a first public working draft- should drop that part as it's not ready yet.

Wesley Smith: agreed will split it up

<Wesley Smith-smith> PROPOSAL: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", and adopt this document in the group (under the VC Barcodes and Data Integrity task force).

<Phil Archer> +1

<Manu Sporny> +1

<Ivan Herman> +1

<Wesley Smith-smith> +1

<Dave Longley> +1

<Kayode Ezike> +1

<Michael Shea> +1

<Jennie Meier> +1

<Ted Thibodeau Jr.> +1

<Phillip Long> +1

<Joe AndrieuAndrieu> +1

RESOLUTION: Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", and adopt this document in the group (under the VC Barcodes and Data Integrity task force).

Ivan Herman: should no there is a publication moratorium as of the 3rd of July, if not it will slip until later in July

Wesley Smith: If it's ready by next week will that be in time?

Ivan Herman: we can try

Ivan Herman: FPWD's are accepted much more quickly

Wesley Smith: will try to get it in shape.

Phil Archer: the home page news paragraph also needs done

Ivan Herman: today's the 17th, so next week at this meeting we must have the resolution. Can't make the request without that.

Phil Archer: would it be helpful to have the resolution now?

Ivan Herman: We can make a resolution "as soon as it's in the right shape ..." now.

<Phil Archer> PROPOSAL: The WG seeks to publish the vc-forgery-defense document as a FPWD as soon as it is ready, given that the substantial work is already done.

Ivan Herman: this works

Wesley Smith: works for wes

<Ivan Herman> +1

<Dmitri Zagidulin> +1

<Wesley Smith-smith> +1

<Phillip Long> +1

<Jennie Meier> +1

<Phil Archer> +1

<Ted Thibodeau Jr.> +1

<Joe AndrieuAndrieu> +1

<Dave Longley> +1

<Kayode Ezike> +1

<Hiroyuki Sano> +1

RESOLUTION: The WG seeks to publish the vc-forgery-defense document as a FPWD as soon as it is ready, given that the substantial work is already done.

Ivan Herman: needs abstract and intro

<Michael Shea> +1

Phil Archer: congrats Wesley Smith

Confidence and threat models

Phil Archer: Joe Andrieu's reflections on the F2F

Joe AndrieuAndrieu: did an Sebastian Schmittnerrcise with Legos to model threats and responses. Helps you get out of your head and learned a lot from it.

Joe AndrieuAndrieu: scope of work concerns raised. Simplying the threat model guide is needed

Joe AndrieuAndrieu: the full threat model approach is useful but it's not where the WG is - capturing what the WG is aware of to describe them and their mitigation. Want to keep threat modeling from being more work than the spec.

Joe AndrieuAndrieu: got 33 threats modeled and feedback using the VCALM spec as test case. Confidence Method also has a threat model session. What is the privacy preserving method for biometrics?

Joe AndrieuAndieu: A photo image was one suggestion, and the other is a biometric template using a service to provide a biometric match and how to secure that

Joe AndrieuAndrieu: this covers the f2f

Phil Archer: what stage will threat modeling be at by TPAC?

Joe AndrieuAndrieu: hesitancy is the level of work (completion, throroughness, etc). Will have something toward an an acceptable draft of the sectiosn for review and discussion for TPAC

Phil Archer: hopes to get a bunch of CRs out after TPAC

Ivan Herman: we need horizontal reviews before going to CRs, not just security but accessibility and internationalization, as well.

Joe AndrieuAndrieu: hopes to have a draft ready for horizontal review

Ivan Herman: that's more realistic

Phil Archer: want's many CRs ready for horizontal review

Remote participation

Jenny: interesting to get an overview of the different TFs

Phil Archer: others for feedback?

Kevin Dean: alot was accomplished, comparable quality to previous years

Michael Shea: remote participation was quite good. Content excellent, depth and conversation was really good.

Phil Archer: another f2f in may/june of next year under discussion

Phil Archer: it was worth it and would be good to have another.

<Sebastian Schmittner> I do as well think that remote participation was pretty nice

<Sebastian Schmittner> could not take part in the Lego and Beer most unfortunately, but the hybrid setup in that room was great and I was well able to follow the discussion :)

Vocab TF

Carolynn Bernier: excellent meeting, more productive than she expected. Only vocab person and had discussion about whether this WG was right place for cross border vocab discussions. Things brought to VCWG because there aren't really other places to do it.

Carolynn Bernier: should create a registry for VCDM compatible vocabs with use cases

Carolynn Bernier: on the work itself they now have a scop of work that is clear. Short term: guidance document discussing why using VCs is useful for issuing a DPP use cases is valuable.

Carolynn Bernier: mid-term goals - test suites for VCDM for example. Want to create a EU compliant VCDM implementation.

<Michael Shea> Carolyn, I would be interested in participating in these efforts.

Carolynn Bernier: Longer-term - decided to postpone decision to create another DPP vocab.

<Phil Archer> https://lists.w3.org/Archives/Public/public-credentials/2026Jun/0018.html

<Ivan Herman> s/VPD (?)/DPP/

Phil Archer: concerns about others addressing DPP

<Hiroyuki Sano> https://www.w3.org/community/eudi-4-payments/

Carolynn Bernier: how do payment wallets relate to credential wallet is unclear.

Phil Archer: dmitri in text mode, - render method will be summarized later

Phil Archer: Brent gets together with phila on Monday's to get agenda items together. Trying to insure inclusivity.

Phil Archer: congrats to Wesley Smith, Manu Sporny, and a great scribe job ;-)

Summary of resolutions

  1. Create a new document, titled Verifiable Credential Forgery Defense 1.0, short name "vc-forgery-defense-1.0", and adopt this document in the group (under the VC Barcodes and Data Integrity task force).
  2. The WG seeks to publish the vc-forgery-defense document as a FPWD as soon as it is ready, given that the substantial work is already done.
Minutes Manu Spornyally created (not a transcript), formatted by scribe.perl version 244 (Thu Feb 27 01:23:09 2025 UTC).