23:57:36 RRSAgent has joined #vcwg 23:57:41 logging to https://www.w3.org/2025/11/13-vcwg-irc 23:57:46 Zakim has joined #vcwg 23:58:02 meeting: Face to Face meeting, TPAC 2025 23:58:05 chair: Brent 23:59:25 present+ 23:59:56 taki has joined #vcwg 00:00:12 benoit has joined #vcwg 00:00:12 JoeAndrieu has joined #vcwg 00:00:12 fershad has joined #vcwg 00:00:34 dezell has joined #vcwg 00:00:40 ewooton has joined #vcwg 00:00:42 jay has joined #vcwg 00:00:43 present+ David_Ezell 00:00:44 present+ 00:00:45 present+ 00:00:52 present+ 00:00:53 present+ 00:00:57 scribe+ 00:01:00 present+ 00:01:07 present+ 00:01:12 phila: Lets get started 00:01:15 present+ 00:01:33 present+ 00:01:35 KevinDean has joined #vcwg 00:01:43 present+ 00:01:43 ... I am Phil Archer, I work for GS1. Brent has been chairing this group for a while. I am joining him. 00:01:53 ... The first thing we will be talking about is the conversation on rechartering 00:02:03 dmitriz has joined #vcwg 00:02:05 ... The current charter ends at some point 00:02:21 ... We need to discuss what we want to work on in our charter 00:02:32 ... After the break we will talk about confidence method and render method 00:02:39 scribe+ 00:02:50 hiroki has joined #vcwg 00:03:01 charter end date: 2026 October 11 00:03:05 brent: Explains that there will be a 10 min discussion about the process just before the break 00:03:08 Shuji has joined #vcwg 00:03:21 brent: We'll talk about the proposed new charter 00:03:40 phila: There is a list of possible work items at https://docs.google.com/spreadsheets/d/1Wpm0oz56VuSGEmQ51HwZAO9zqM5tSYVNJME2O907eRQ/edit?gid=1778386372#gid=1778386372 00:03:53 brent has joined #vcwg 00:04:34 q? 00:04:37 Haruki has joined #vcwg 00:04:44 Ugur9 has joined #vcwg 00:04:57 Topic: recharter 00:05:00 q+ 00:05:08 Hidi has joined #vcwg 00:05:09 phila: https://docs.google.com/spreadsheets/d/1Wpm0oz56VuSGEmQ51HwZAO9zqM5tSYVNJME2O907eRQ/edit?gid=1778386372#gid=1778386372 00:05:34 pchampin has joined #vcwg 00:05:36 ack manu_ 00:05:38 ack manu_ 00:05:39 sean has joined #vcwg 00:05:41 present+ 00:05:54 manu_: I have 2 other links. The CCG has bene incubating a number of specs over years 00:05:56 Yasushi-Sony has joined #VCWG 00:06:01 ... some over 5 years+ 00:06:09 ... so we may want to bring those into the charter 00:06:20 present+ 00:06:33 manu_: We ran a poll in August to get feedback to see who thought what was important 00:06:38 present+ 00:06:43 present+ 00:06:49 manu_: We have results from that poll (39) 00:07:01 Results of community poll: https://lists.w3.org/Archives/Public/public-vc-wg/2025Sep/0005.html 00:07:33 yamdan has joined #vcwg 00:07:41 present- 00:07:44 manu_: Good number of people said they wanted to be in the VCWG 00:07:57 manu_: Shows graph of results 00:08:13 JennieM has joined #vcwg 00:08:19 present+ 00:08:53 brent: The results for the top two - render and confidence - have already been adopted and are being worked on. SO the question is how much more do we want to adopt 00:09:29 manu_: Render method is about how do you visualize a VC. You can also render to audio, an image, braille, NFC etc. 00:09:54 present+ 00:10:10 ... Convert a cred into some form. It's about giving issuers control over what their cred looks like in a wallet. A gov ID card, for example, will want their logo etc. 00:10:33 render method will be of interest to the Accessibility folks 00:10:37 manu_: Confidence method helps you as a verifier understand who originally received the cred. 00:11:01 q+ to ask about types 00:11:18 manu_: You want confidence that the person showing you the cred is the right person. A crypto challenge might be one way. I'm sending you a challenge, you send a reply 00:11:44 manu_: But a confidence method might be a biometric match, account access etc. 00:11:57 ack JoeAndrieu 00:11:57 JoeAndrieu, you wanted to ask about types 00:12:00 RRSAgent, make logs public 00:12:04 ack JoeAndrieu 00:12:36 JoeAndrieu: I'm an editor working on this now. The current charter limits us to one method. I want us to have the freedom to have separate docs for each type of confidence method 00:12:40 manu_: +1 to that 00:12:55 present+ 00:12:56 manu_: Next one if the VCALM - Life Cycle Management 00:13:13 manu_: if you're an issuer, what API do I call, revoke, etc 00:13:25 btw, the "limit" on convene methods is about timing not scope 00:13:36 manu_: We find vendors doing a lot of proprietary APIs for this. So we want to avoid vendor-lock 00:13:53 manu_: Basically, this is all about HTTP APIs for VCs 00:13:55 s/convene/convenience/ 00:14:17 manu_: VC barcodes. This is about taking a VC and putting it into a QR Code or PDF417 00:14:34 q+ to say that concerns me deeply 00:14:38 ... California currently putting a VC on the back of every physical licence they're printing 00:14:47 s/convenience/confidence/ 00:15:06 manu_: So this is already in production. We can still change the spec but they're being used on paper docs to help make them more trustworthy 00:15:17 manu_: Birth certs in the US is another use case 00:15:23 phila q+ 00:15:28 q+ 00:15:47 manu_: So VC barcodes are about compressing them and putting in a doc and printing 00:15:48 ack brent 00:15:48 brent, you wanted to say that concerns me deeply 00:15:55 ack brent 00:16:19 brent: It concerns me that this has been deployed but hasn't been specified yet. Even in the CCG it hasn't had much attention 00:16:23 ... That's a concern 00:16:28 ack phila 00:16:34 scribe+ 00:16:55 phila: for me the use case is conformance certificates, waybilss, etc. 00:17:12 ... however, in the realm of conformance testing, there are folks who say, even a barcode isn't enough. 00:17:14 q+ to suggest implementation before standardization is good and healthy 00:17:25 ... wish someone from singapore was here as well 00:17:27 q? 00:17:31 ack JoeAndrieu 00:17:31 JoeAndrieu, you wanted to suggest implementation before standardization is good and healthy 00:17:54 JoeAndrieu: A modest push back on Brent's concern. Implementation is an important aspect of standardization 00:17:55 q+ 00:18:00 q+ to ask the motivation of printing VC on the physics card 00:18:09 ack manu_ 00:18:27 manu_: I hear what Brent says. It didn't get a lot of attention in the CCG. It's come mostly from the SVIP/DHS in the US 00:19:04 manu_: The California DMV saw the value and knows it's not yet standardized and that this group may change it and they'll be able to adapt accordingly 00:19:22 kmoon has joined #vcwg 00:19:45 ack denkeni 00:19:45 denkeni, you wanted to ask the motivation of printing VC on the physics card 00:19:50 manu_: Yes, it would have been ideal to standardize before adoption in some ways but we are where we are 00:20:21 denkeni: Printed cards can't be bound to holder 00:20:48 denkeni: Is it reasonable to keep an image on a physical card? 00:21:23 brent: Now that we're looking at specs not yet in our charter - shall we go through the spreadsheet now or go back later 00:21:49 brent: VCALM - string indication of importance. Some people saying they'd be happy to be editors 00:22:08 manu_: Gives names of two people who are not currently here for VCALM 00:22:24 manu_: We already have 11 config files in the test suite 00:22:49 q+ to answer denken 00:23:11 Kazue has joined #vcwg 00:23:23 present+ 00:23:24 ack denkeni 00:23:28 ack denken 00:23:56 denkeni: Was asking about why the DMV was so interested in the barcode stuff 00:23:58 ack manu_ 00:23:58 manu_, you wanted to answer denken 00:24:39 manu_: It's fairly trivial to create a fraudulent licence today. Including a barcode that can provide an illusion of veracity. 00:25:07 manu_: You can verify it but a lot of people don't. California DMV wanted to try and avoid that kind of fraud. There's an active illegal market for them. 00:25:51 Elaine: I'm an IE. I retired at the end of March from the DHS. Expert in fighting counterfeiting. Something digitally signed, printed on the doc is important 00:26:23 q? 00:26:23 Elaine: Original plan was secure printing. But now the forgeries are as good. So we want something cryptopgraphic 00:26:33 denkeni: Is the portait included? 00:26:51 watanabe has joined #vcwg 00:27:25 Elaine: There are some clones that just swap the photo. [Talks more about the problem, details missed] 00:27:35 Elaine: Possible to include low-res image 00:27:45 ... Not 100% but better than nothing 00:27:55 brent: Jumping back to VCALM 00:28:15 brent: Who *in the WG* is likely to be an editor from the WG membership 00:28:32 manu_: Pat St Louis and Kayode 00:28:48 When we would like a thing, e.g. product, to have a sort of information, it kind of makes sense to using verifiable credentials in the barcode format. (Though I understand it is not the best way to do so.) We actually did some PoCs with some companies like that. 00:30:49 Brent: Goes through needs for VCALM and fills in the spreadhseet 00:31:17 s/Pat St Louis and Kayode// 00:31:27 RRSAgent, draft minutes 00:31:29 I have made the request to generate https://www.w3.org/2025/11/13-vcwg-minutes.html phila 00:31:36 steele has joined #vcwg 00:32:06 [Discussion of filling in the spreadsheet for barcodes] 00:32:55 brent: Back to the poll - VC over wireless 00:32:55 q? 00:34:01 kmoon: From NTT. Talked about an insect-based snack. Looking for proof of certification 00:34:24 kmoon: It's a use case 00:34:32 phila: I'll put you in touch with GS1 Japan 00:34:50 Ugur has joined #vcwg 00:34:52 manu_: VC over wireless - use case is first responders 00:35:17 ... Want to be able to tap into a secure zone. Keep people not supposed to be in the zone out. 00:35:29 ... need to be able to transmit VCs without internet connection 00:36:18 manu_: Some challenges to the spec. Not much incubation, but there's not a lot to do. NFC tap will do it. Bluetooth looks fairly easy 00:36:29 ... There is Web NFC as a W3C spec 00:36:42 ... some implementation but not all browsers 00:37:01 ... so there would be work to go beyond pure NFC. Use case is important 00:37:04 q+ to ask how this compares with OID4VP over bluetooth 00:37:12 ack brent 00:37:12 brent, you wanted to ask how this compares with OID4VP over bluetooth 00:37:15 ack brent 00:37:31 brent: How does this work relate to OID4VP over bluetooth. 00:37:46 manu_: AFAIK, it hasn't made much progress in the last few years 00:38:00 ... The NFC portion is very different from the Bluetooth 00:38:19 manu_: NFC max payload is limited to under 1K, Bluetooth can be MB 00:38:39 brent: But the Bluetooth part - is it approx the same capabilities? 00:38:54 manu_: Theory is that the protocol will be based on VCALM 00:38:58 q+ to note that in general this work is a departure 00:39:05 ... but there's a question about the params in Bluetooth 00:39:16 ack brent 00:39:16 brent, you wanted to note that in general this work is a departure 00:39:17 ack brent 00:39:54 brent: This spec in particular - the family - looks like a departure from what the WG has done. We've done data models, not protocols. Exciting but it might create pushback 00:40:13 brent: This would be a biggish shift and we need the right people 00:40:54 manu_: We have some volunteers but will have to check if they're WG members 00:41:19 manu_: VC Refresh 00:41:35 ... What does the wallet do if the VC is approaching expiry. 00:42:01 ... Want to avoid manual process if it's not necessary. Hope is that the wallet can do the entire refresh process itself 00:42:31 manu_: Demand fairly hight. Decent number of people saying they'd implement but no volunteers to edit 00:42:47 manu_: It's not a difficult spec. Would be a good training ground for new editors! 00:43:04 ... This is what TruAge uses today and California DMV uses 00:43:16 manu_: So we have good experience and implementations 00:43:21 sean has joined #vcwg 00:43:52 manu_: It's really Connesxus and truAge who have the experience 00:44:54 mvsamuel has joined #vcwg 00:45:25 [Discussion about TruAge/Connexxus being editors] 00:45:28 q? 00:45:52 manu_: Quantum-safe DI Suite 00:46:16 manu_: How do we create crypto that is resistant to quantum computing 00:46:32 manu_: We are a good way towards this with existing work [Names some] 00:47:22 manu_: Some post-quantum signatures are thousands of times larger than current ones. Some work on a small-footprint (Ski-Sign?) looks promising 00:47:47 manu_: I don't think we'll get there in the next charter. We could poss do a FIPs/Two FIPs. 00:47:49 q+ to note Q in JOSE 00:48:07 ... There is draft spec and some editors but they're not in the WG. At least three implementers 00:48:42 [Some details added to spreadsheet] 00:49:35 manu_: It's important to us to get that work done. We get asked about it by our customers. 00:49:41 ack brent 00:49:42 brent, you wanted to note Q in JOSE 00:50:20 brent: The JOSE capabilities that are already a Rec will automatically make use of the IETF specs so we're already covered (it can be argued) 00:50:57 scribe+ 00:51:29 ugur has joined #vcwg 00:51:30 manu_: Verifiable issuers and verifiers is about verifiers being able to check issuers of credentials against some authority 00:52:06 ... For example in the US there are 56 jurisdictions able to issue drivers licence. As a verifier of licences in the US you would be able to refer to some list and check the issuer against that list 00:52:15 q+ to mention multiplicity 00:52:24 ... There are many other such examples of known entities able to make specific attestations 00:52:35 ... This spec is about how you make these lists, how you publish them 00:52:44 q+ to ask if folks doing this are following TOIP 00:52:56 ack JoeAndrieu 00:52:56 JoeAndrieu, you wanted to mention multiplicity 00:52:57 q+ 00:52:58 ... In the EU there is going to be lists of organisations able to ask specific info from issuers 00:53:38 JoeAndrieu: We need to be able to layer on other authorities. E.g. for the driving licence case, it wont just be the US jurisdictions but it might include international entities too 00:53:40 ack brent 00:53:40 brent, you wanted to ask if folks doing this are following TOIP 00:53:47 ... We need a mechanism to layer this on 00:54:09 brent: I wanted to ask if folks in the group are following the ToIP and the trust framework work going on there 00:54:16 kmoon has joined #vcwg 00:54:18 present+ 00:54:28 manu_: I dont think we are tracking that well at all. DavidC and Dimitri is working on this 00:54:33 ack phila 00:54:33 manu_: +1 we should look into this 00:54:52 brent: A lot of work went into this, lots of consensus and diagrams in that group. We should learn from them 00:55:33 I've working on verifiable issuers with some research institute and organization. I think this one is especially important for cross ecosystem use cases. 00:55:34 manu_: dmitriz you have a set of use cases about verifiable issuers and verifiers. Brent mentioned the TOIP folks have been working on similar stuff for a while 00:55:41 ... Have you had any contact with TOIP 00:56:01 present+ 00:56:04 dmitriz: I have a bit. There was a join project around comparing issuer registries that looked at the TOIP spec 00:56:16 ... We can reach out specifically and coordinate with those groups to see where the intersections are 00:56:22 phila: That sounds positive 00:56:48 ... Yesterday we had a conversation around trusted verifiers and issuers 00:57:02 q+ 00:57:07 ... I think this is not enough on its own. It does not scale 00:57:43 ... The talk yesterday about cross border trade includes millions of credentials a day. There isn't always a list of issuers, but many entities can add evidence to your claim 00:57:56 ... One VC is often not enouhg 00:58:12 ... You want to present a bundle of VCs together from different issuers. 00:58:48 ... The ask from me is to possibly add a class 4 change to the data model so a generic verification model could check multiple VCs 00:59:02 q+ 00:59:04 ack KevinDean 00:59:05 ... This spec looks like the closest thing we have on the list to doing that. Maybe it fits in here 00:59:24 q+ 00:59:34 KevinDean: Expanding on phila, we looked at the verifiable issuer through the lens of the issuer having a specific credential 00:59:44 q+ to ask about any likely class 4 changes in response to these specs 00:59:47 ... Because I have this credentail, I am authorized to issue these other types of credential 01:00:17 ... E.g. in the case of a diploma from a university, this implies that you know who the university is. This is not scalable. You don't always know all the universities that exist 01:01:01 ... But, an accreditation body could issue credentials to universities. This could be included in the diploma credentials they issue. Creating a chain back to the source accreditation body 01:01:23 ... Allowing verifiers to tell that a diploma was issued by an authorized education body 01:01:23 ack dmitriz 01:01:42 q+ 01:01:46 q- 01:01:55 dmitriz: phila, your description sounds like a verifiable presentation to me 01:02:13 brent: Lets not get too into the details in relation to the verifiable issuers and verifiers spec 01:02:17 ack shigeya 01:02:26 phila: I understand your point dmitriz, but I think there are potential issues 01:02:50 shigeya: We are working on the originator profile. One part of this is securing documents from the originator, which is the signer 01:03:02 ... The other side of this is annotating about originator attributes from certified parties 01:03:27 ... We use this related to news. Some newspaper organisation belongs to a specific group 01:03:46 ... We are looking into the use case of applying this technology into banking 01:04:12 ... In this case, end users want to verify that a issuer is a bank. 01:04:29 steele has joined #vcwg 01:04:37 ... Multiple third party providers can issue credentials to attest to specific issuers 01:04:48 ... We have open source the code for this. It is based on Verifiable Credentials 01:05:11 ... We have a conceptual document defining how multiple third parties can annotate issuers 01:05:15 https://originator-profile.org/en-US/ 01:05:15 ack JoeAndrieu 01:05:15 JoeAndrieu, you wanted to ask about any likely class 4 changes in response to these specs 01:05:51 JoeAndrieu: phila mentioned that we are likely to want class 4 changes to the VCDM. I am wondering if there are any other changes that might be required by other specs 01:06:03 manu_: Yes, we should leave the door open for class 4 changes 01:06:05 Code; https://github.com/originator-profile/originator-profile 01:06:20 JoeAndrieu: Are there any other specs with obvious areas we might require a change 01:06:22 manu_: no 01:06:33 brent: I think potentially 01:07:12 manu_: Yes it is definitely possible, but chances are low for the other specs we have talked about today. The verifiable issuers and verifiers has a high chance of requiring changes to the data model 01:07:55 brent: There are three implementations of the verifiable issuers and verifiers spec, with broad interest in this area 01:08:07 manu_: It would be very interesting to pull in the originators work 01:08:12 brent: Editors? 01:08:25 manu_: David Chadwick will, dmitriz can you>? 01:08:39 dmitriz: I am happy to contribute, not sure I have the bandwidth to coeditor 01:08:51 phila: You can put down GS1 and PIX 01:09:10 s/PIX/PYZ/ 01:09:15 scribe+ phila 01:09:21 scibe- 01:09:22 phila: Thanks Wip 01:09:29 Ugur has joined #vcwg 01:09:49 brent: We have had interest from a possible Chinese (SM3/SM4) Data Integrity securing mechanism 01:10:10 q+ want to discuss work: on multilingual 01:10:21 brent: They received the usual call for editors, commitments etc. Might happen in the Chinese WG sperate from VCWG 01:10:42 q+ to ask about test suites 01:10:49 phila1 has joined #vcwg 01:10:57 q+ shigeya 01:11:16 q+ 01:11:20 q+ to propose an order 01:11:22 brent: [Talks about how we can advance the charter] 01:11:48 brent: Would like to see an order of action in the charter 01:12:07 brent: We need some rough agreement on how to run the WG 01:12:10 ack want 01:12:10 want, you wanted to discuss work: on multilingual 01:12:18 ack shigeya 01:12:20 q- shigeya 01:12:32 shigeya: I have previously proposed multilingual text outside the VC 01:12:36 q+ to mention MOSIP and multilingual 01:13:06 ... We saw that the developers really don't want to use JSON-LD-style encoding inside the VC for multilingual text 01:13:20 ... maybe have two separate VCs, each in a single language 01:13:36 ... these could be linked and shown as equivalent 01:13:44 ... Need to find a better way to make developers happy 01:13:59 ... I din't have specific proposal just yet but want to look into it 01:14:15 ... I'd like to discuss this if possible in the WG 01:14:16 ack JoeAndrieu 01:14:18 JoeAndrieu, you wanted to ask about test suites 01:14:25 JoeAndrieu: Support for multilingual, sure 01:14:47 JoeAndrieu: Are we talking about the charter or immediate adoption? 01:14:57 brent: We can't adopt any of these under the current charter 01:15:06 q+ to speak to test suite 01:15:10 ack manu_ 01:15:10 manu_, you wanted to propose an order and to mention MOSIP and multilingual and to speak to test suite 01:15:13 JoeAndrieu: Can we extend an existing test suite rather than set up separate test suites 01:15:52 manu_: MOSIP, in India, has issued 100M VCs. They have an OS platform. Multiligualism is an issue, especially for render methods 01:16:06 ... They have to render in English, Tamil and more 01:16:24 q+ 01:16:32 manu_: Hopefully i18n wil come out of the render method work 01:17:19 manu_: Yes, we could extend the existing test suite but we can't/shouldn't get ourslelves mixed up with protocols 01:17:28 ... may or may not need a separate test suite 01:17:38 manu_: I'd also like to propse an order. 01:17:55 manu_: VCALM already has a lot of implementations so it's probably on the top. 01:18:11 ... VC over wireless needs more editors and time. Important use case but we might not have the people 01:18:49 manu_: I wish we had more people to work on the post-quantum, so maybe that goes into the optional section 01:18:58 manu_: Barcodes - we're late. Let's get on with that 01:19:10 manu_: Verified issuers and verifiers - looks like we should work on that. 01:19:20 manu_: refresh - it's out there but we need more people 01:19:32 q? 01:19:48 brent: So we have a proposed prioritization 01:19:57 [recorded in the spreadsheet] 01:20:16 brent: No one is saying that we should not recharter. So let's move forward with that. 01:20:40 brent: We have a proposed division of work. Three are prioritized. Three if we have the capacity 01:20:55 brent: So the question is: do you agree with this division. It works for me 01:21:18 brent: I can see refresh as the top of the tentative list 01:21:28 brent: Speak up if you;d like to propose a different order 01:21:29 ack shigeya 01:21:59 shigeya: Manu mentioned MOSIP. I know they can handle multilingualism. 01:22:03 q+ 01:22:08 ack manu_ 01:22:12 manu_: +1 to that 01:22:39 manu_: Working on render method will force us to work on multilingual. But, as shigeya says, it can't be the only way 01:22:56 shigeya: We need a way to select which language will appear - could be field by field 01:23:11 brent: I'm not hearing anyone speak out against the proritization. 01:23:28 RRSAgent, draft minutes 01:23:29 I have made the request to generate https://www.w3.org/2025/11/13-vcwg-minutes.html phila 01:25:31 q+ 01:25:48 ack manu_ 01:26:48 q+ 01:28:18 q+ 01:29:01 ack pchampin 01:29:44 ack JoeAndrieu 01:31:14 q 01:31:19 q+ agree to last minute FOs in CRs 01:31:20 q+ 01:31:41 q- 01:31:45 q+ to agree to last minute FOs in CRs 01:31:47 q- agree 01:33:59 q+ 01:34:04 phila1 has left #vcwg 01:34:55 ack manu_ 01:34:55 manu_, you wanted to agree to last minute FOs in CRs 01:34:55 dezell, 01:35:00 ack dezell 01:37:40 JennieM has joined #vcwg 01:39:55 s/waybilss/waybills/ 01:42:15 s/Demand fairly hight/Demand fairly high/ 01:43:05 JoeAndrieu has joined #vcwg 01:46:20 s/scibe-// 01:46:46 I have made the request to generate https://www.w3.org/2025/11/13-vcwg-minutes.html TallTed 01:47:18 s/dezell,// 01:47:22 benoit has joined #vcwg 01:47:41 I have made the request to generate https://www.w3.org/2025/11/13-vcwg-minutes.html TallTed 01:47:59 JoeAndrieu has joined #vcwg 01:49:06 present+ Elaine, kmoon, manu_ 01:52:16 steele has joined #vcwg 01:53:11 dezell has joined #vcwg 01:55:22 JoeAndrieu has joined #vcwg 01:56:30 JoeAndrieu has joined #vcwg 01:59:31 benoit_ has joined #vcwg 01:59:50 phila has joined #vcwg 02:00:19 brent has joined #vcwg 02:01:02 yamdan has joined #vcwg 02:02:02 https://w3c.github.io/scribe2/scribedoc.html 02:02:23 Wip has joined #vcwg 02:02:41 JoeAndrieu has joined #vcwg 02:02:48 Kazue has joined #vcwg 02:02:53