15:59:02 <RRSAgent> RRSAgent has joined #did
15:59:07 <RRSAgent> logging to https://www.w3.org/2026/02/05-did-irc
15:59:09 <ottomorac> rrsagent, make logs public
15:59:19 <ottomorac> Meeting: Decentralized Identifier Working Group
15:59:21 <ottomorac> Chair: ottomorac
15:59:25 <ottomorac> Agenda: https://lists.w3.org/Archives/Public/public-did-wg/2026Feb/0001.html
15:59:26 <agendabot> clear agenda
15:59:26 <agendabot> agenda+ Agenda Review, Introductions (5 min)
15:59:26 <agendabot> agenda+ DID Issues \[1\] (10 min)
15:59:26 <agendabot> agenda+ Unclear statement about verifiability of results of DID Resolution \[2\] (10 min)
15:59:26 <agendabot> agenda+ DID Resolution Issues \[3\] (5 min)
15:59:29 <agendabot> agenda+ DID Resolution Threat Modelling (25 min)
15:59:31 <ottomorac> previous meeting: https://www.w3.org/2026/01/29-did-minutes.html
15:59:35 <ottomorac> next meeting: https://www.w3.org/2026/02/12-did-minutes.html
16:01:00 <JoeAndrieu> JoeAndrieu has joined #did
16:02:47 <Wip> Wip has joined #did
16:03:02 <pchampin> present+
16:03:22 <Wip> present+
16:03:28 <ottomorac> present+
16:04:12 <swcurran> swcurran has joined #did
16:04:19 <swcurran> present+
16:05:00 <TallTed> TallTed has joined #did
16:06:00 <KevinDean> KevinDean has joined #did
16:06:06 <KevinDean> present+
16:06:40 <swcurran> Yes
16:06:43 <swcurran> Sorry
16:06:57 <ottomorac> zakim, next item
16:06:57 <Zakim> agendum 1 -- Agenda Review, Introductions (5 min) -- taken up [from agendabot]
16:08:03 <JennieM> JennieM has joined #did
16:08:08 <JennieM> present+
16:08:11 <swcurran> ottomorac: DID Issues, DID Resolution Issues/assignments, DID Resolution Threat Modelling
16:08:16 <ottomorac> q?
16:08:18 <TallTed> present+
16:08:21 <ivan> present+
16:08:25 <ottomorac> zakim, next item
16:08:25 <Zakim> agendum 2 -- DID Issues \[1\] (10 min) -- taken up [from agendabot]
16:09:00 <swcurran> manu: New VC Charter is out for a vote, so if you are a member please vote -- early and often.
16:09:27 <swcurran> scribe
16:09:38 <swcurran> scribe+
16:09:41 <pchampin> scribenick: swcurran
16:09:58 <smccown> smccown has joined #did
16:10:05 <ottomorac> subtopic: https://github.com/w3c/did/issues/911
16:10:08 <smccown> present+
16:10:18 <ottomorac> Move normative DID method specification statements about equivalentId and canonicalId into this spec #911
16:10:18 <ottomorac> (meaning move them from DID resolution to DID Core)
16:10:53 <manu> +1 to do that, thank you!
16:11:02 <manu> q+
16:11:05 <ottomorac> ack manu
16:11:17 <swcurran> manu: +1 to this good to do.
16:11:21 <Wip> q+
16:11:25 <ottomorac> ack Wip
16:11:46 <manu> q+
16:11:51 <ottomorac> ack manu
16:12:00 <swcurran> Wip: One of the comments from Jeffrey, so good to do. Wip to reference this when done and following up with Jeffrey.
16:12:16 <ottomorac> q?
16:12:31 <ottomorac> q?
16:12:33 <manu> q+ to suggest next topic: DID CR publication...
16:12:34 <swcurran> manu: Summarizing each of the issues they raised in their tag issue tracker they have so it is clear things were closed out.
16:12:34 <Wip> +1 I will do that
16:12:55 <ottomorac> subtopic: DID CR publication
16:12:59 <ottomorac> ack manu
16:12:59 <Zakim> manu, you wanted to suggest next topic: DID CR publication...
16:14:23 <swcurran> manu: Been travelling and lost track of where we are on CR.  I think I was supposed to get a CR candidate req want to be sure each horizontal review has been completed or timed out -- perhaps not accessibility.  Manu to do CR candidate reg, and group needs to provide a date for it.
16:14:44 <swcurran> pchampin: A formal resolution would help.
16:15:13 <swcurran> JoeAndrieu: Date needed?  Going into CR or out?  And how long is CR?
16:15:41 <swcurran> manu: At least 30 days, say that, but requires resolution from the working group.
16:15:47 <ivan> q+
16:15:53 <ottomorac> q?
16:16:01 <swcurran> JoeAndrieu: Issue is the Threat Modelling likely to be another month.
16:16:18 <ottomorac> ack ivan
16:16:23 <swcurran> manu: Propose leaving CR at minimum, but can be longer.
16:16:49 <manu> q+ to suggest Feb 19th?
16:16:57 <swcurran> ivan: Put minimum -- just means no Recommendation before that date -- but can be longer. No need to put in details of whys and whats.
16:17:07 <JoeAndrieu> +1
16:17:07 <ottomorac> ack manu
16:17:07 <Zakim> manu, you wanted to suggest Feb 19th?
16:17:08 <swcurran> pchampin: Agree.
16:17:40 <swcurran> manu: Based on that -- publication date of CR Feb 19 DID 1.1 with minimum time in CR.  Let's get that in a resolution.
16:18:13 <swcurran> manu: to draft a resolution ... in real time.
16:19:00 <ottomorac> PROPOSAL: Publish DID v1.1 as a Candidate Recommendation with a target publication date of Feb 19th 2026.
16:19:05 <manu> +1
16:19:07 <pchampin> +1
16:19:09 <Wip> +1
16:19:10 <TallTed> +1
16:19:10 <ottomorac> +1
16:19:11 <JoeAndrieu> +1
16:19:11 <swcurran> +1
16:19:12 <ivan> +1
16:19:14 <dmitriz> +1
16:19:15 <JennieM> +1
16:19:15 <smccown> +1
16:19:26 <ottomorac> RESOLVED: Publish DID v1.1 as a Candidate Recommendation with a target publication date of Feb 19th 2026.
16:19:46 <ivan> q+
16:19:53 <ottomorac> ack ivan
16:20:04 <manu> q+
16:20:24 <swcurran> ivan: Manu -- don't know what happens with testing? Have to produce test plans for CR -- can we reuse what was done before?
16:20:35 <ottomorac> ack manu
16:21:34 <swcurran> manu: Yes -- good news is that work was done Oct 2025, updated the test suite to use 1.1 context, runs against all tests, and no need to contact original implementers. Nice to run full JSON-LD coverage.  But we can prove will not break compatibility.
16:21:36 <ottomorac> q?
16:21:55 <ottomorac> subtopic: https://github.com/w3c/did/issues/914
16:22:02 <ottomorac> PROPOSAL: Universal values for a *null DID* as well as an *empty DID* #914From Michael Herman
16:22:46 <JoeAndrieu> q+
16:22:53 <ottomorac> ack JoeAndrieu
16:23:08 <Wip> q+
16:23:19 <ottomorac> ack Wip
16:23:42 <TallTed> s/PROPOSAL: Universal values for a *null DID* as well as an *empty DID* #914From Michael Herman//
16:23:43 <manu> s/PROPOSAL:/issue 914/
16:23:56 <manu> q+
16:24:06 <ottomorac> ack manu
16:24:54 <Wip> q+
16:25:33 <smccown> q+
16:25:34 <JoeAndrieu> q+ to follow URLs/URIs
16:26:02 <swcurran> manu: did:null was submitted as a proposal as an April Fools Joke, but kinda serious. Signals could be worked on at the Method level. From experience, we have never needed a null/empty DID, so not clear there is a need.  Could, and Methods may have a way to express.
16:26:06 <ottomorac> ack Wip
16:26:45 <swcurran> Wip: Did look at it, consensus was you don't need this.  Suggest that issue submitter propose a DID Method.
16:26:46 <ottomorac> ack smccown
16:27:34 <TallTed> q+
16:27:57 <ottomorac> ack JoeAndrieu
16:27:57 <Zakim> JoeAndrieu, you wanted to follow URLs/URIs
16:28:06 <swcurran> smccown: Agree let him submit. Have not seen a reason -- other than Comp Sci often needed.  Not clear how serious given the other examples he provides.  Perhaps just going for completeness, but I don't see the point.
16:28:26 <ottomorac> ack TallTed
16:28:31 <dmitriz> q+
16:28:38 <swcurran> JoeAndrieu: Make own did Method -- that said, there is no such thing as a "null" URL and a DID is a URL.
16:29:16 <ottomorac> q?
16:29:41 <ottomorac> ack dmitriz
16:30:12 <swcurran> dmitriz: re: did:sunny, etc. -- URN is for that -- point him to that.
16:31:14 <ottomorac> Topic: DID Resolution Threat Modelling
16:32:03 <swcurran> JoeAndrieu: On Tuesday met with Sing and started the process and it went well. Not much ideation, but JoeAndrieu to go through the slides.
16:32:57 <swcurran> JoeAndrieu: Joe to put PPT into the record later.  Scribing will cover comments, but not slide contents.
16:33:16 <swcurran> JoeAndrieu: Slide 1 Agenda.
16:33:37 <ottomorac> slide: Today
16:33:41 <swcurran> JoeAndrieu: Slide 2 - commitment by end of CR -- hence previous discussion.
16:34:20 <swcurran> JoeAndrieu: Groundwork for DID v1.1 security review.
16:36:25 <swcurran> JoeAndrieu: Steps -- picture/stakeholder analysis, identify threats, describe good responses.  Exercise -- used the Web -- worked well. People. Legal. Public Sector.
16:37:07 <ottomorac> Mocha?
16:37:43 <swcurran> JoeAndrieu: Use various frameworks -- formal analytic approach -- or start with concerns you already know about -- things we've considered in the past. What did we care about? Build out from there.
16:38:36 <swcurran> JoeAndrieu: Define responses, including accepting.  Various responses -- there is an acronym for that.  Could have multiple responses for a single threat.
16:39:13 <swcurran> JoeAndrieu: Slide 4 -- Categories of Threats.
16:44:49 <swcurran> JoeAndrieu: Slide 5 -- Constellation of Threat Models that interconnect.  Shared diagram is key.
16:45:53 <ottomorac> q?
16:46:05 <manu> q+
16:46:12 <ottomorac> ack manu
16:46:56 <swcurran> manu: Very helpful. Have looked at the doc.  The fuzziest in my mind -- constellation.  Where does this spec's model stops, others begin.  Who decides where the edge is?
16:47:30 <swcurran> manu: What happens if there is no threat model to point to?  E.g. if none, just point to security and privacy in the spec?
16:48:14 <swcurran> JoeAndrieu: Yes -- point to the spec if you have to. W3C is pushing this approach, but others (e.g. IETF) are/may not, so RFCs won't be covered.
16:49:41 <swcurran> JoeAndrieu: Level of detail will vary about the boundaries of concern. Could go all the way to the hardware -- go for it, but others may only go to the network, or software level.  Perspective is from the authors view -- in the diagram created.
16:49:50 <Wip> q?
16:49:56 <ottomorac> q?
16:50:57 <swcurran> JoeAndrieu: Slide 6: Next steps
16:51:23 <swcurran> JoeAndrieu: Tada -- The Diagram -- link to be added to the record.
16:52:16 <swcurran> JoeAndrieu: Focus on first two columns -- third is proxy -- we can cover that later.
16:52:28 <swcurran> JoeAndrieu: Please think about the terms and challenge them if needed.
16:53:41 <swcurran> JoeAndrieu: Future iterations -- different implementation models.
16:54:35 <Wip> q+
16:55:11 <manu> +1 overall diagram looks good to me, thank you for all that hard work, Joe!
16:55:29 <ottomorac> ack Wip
16:55:35 <manu> q+
16:55:50 <ottomorac> q?
16:55:55 <swcurran> Wip: What do we need to spin up a repo for this work?
16:56:16 <swcurran> pchampin: I can do that if needed.
16:56:19 <ottomorac> ack manu
16:56:35 <ivan> q+
16:56:41 <ottomorac> ack ivan
16:56:48 <swcurran> manu: Great work -- thanks.  Would like to adopt, and to get it into a repo so that we can publish as an FPWD
16:57:35 <swcurran> ivan: Tried to image what would one do with VCs.  Create a diagram that covers the lifecycle of a VC?  Is that the process, with each step?
16:57:53 <Wip> q+ to mention DID Path PR briefly
16:57:55 <ottomorac> zakim close queue
16:58:45 <ottomorac> q?
16:58:48 <swcurran> JoeAndrieu: You could use a sequence diagram. What Sing is advocating for is whatever makes sense.  In my case, I like dealing with key flows, but not an end-to-end process.  Could do it in one with all the processes -- the three parties, and the key flows between them.
16:58:50 <ottomorac> ack Wip
16:58:51 <Zakim> Wip, you wanted to mention DID Path PR briefly
16:59:03 <Wip> https://github.com/w3c/did-resolution/pull/260
16:59:37 <swcurran> Wip: Not threat modelling.  DID URL Path review needed -- please do and let's try to merge in a week or so.  It's on the clock.
17:00:13 <swcurran> JoeAndrieu: Do we need a resolution to start a repository for DID Resolution Threat Model, then a later one for DID Core.
17:00:50 <swcurran> JoeAndrieu: Proposal is all specs need a Threat Model, and changing the focus from DID Resolution to DID Core gets a different model.
17:02:00 <swcurran> pchampin: Post the resources to the mailing list, that gets a URL and then we can add the permanent URL to the record.
17:04:19 <pchampin> threat model diagram: https://lists.w3.org/Archives/Public/public-security/2026Feb/att-0003/DID_Resolution_DFD.png
17:04:23 <pchampin> RRSAgent, make minutes
17:04:24 <RRSAgent> I have made the request to generate https://www.w3.org/2026/02/05-did-minutes.html pchampin
17:05:29 <pchampin> Joe's slides: https://lists.w3.org/Archives/Public/public-security/2026Feb/att-0003/DID_Threat_Modeling.SING.2026.02.03.pptx
17:05:31 <pchampin> RRSAgent, make minutes
17:05:32 <RRSAgent> I have made the request to generate https://www.w3.org/2026/02/05-did-minutes.html pchampin
17:07:27 <ottomorac> m2gbot, link issues with transcript
17:07:34 <ottomorac> zakim, end the meeting
17:07:34 <Zakim> As of this point the attendees have been Wip, pchampin, dmitriz, TallTed, KevinDean, ottomorac, JennieM, swcurran, denkeni, pdl-asu, smccown, bigbluehat, ivan
17:07:37 <Zakim> RRSAgent, please draft minutes
17:07:39 <RRSAgent> I have made the request to generate https://www.w3.org/2026/02/05-did-minutes.html Zakim
17:07:45 <Zakim> I am happy to have been of service, ottomorac; please remember to excuse RRSAgent.  Goodbye
17:07:45 <Zakim> Zakim has left #did
17:08:13 <ottomorac> m2gbot, link issues with transcript
17:31:31 <m2gbot> m2gbot has joined #did
17:31:39 <pchampin> m2gbot, link issues with transcript
17:31:39 <m2gbot> comment created: https://github.com/w3c/did/issues/911#issuecomment-3855106673
17:31:40 <m2gbot> comment already there: https://github.com/w3c/did/issues/911#issuecomment-3855106673
17:31:41 <m2gbot> comment created: https://github.com/w3c/did/issues/914#issuecomment-3855106812
18:52:17 <ottomorac> ottomorac has joined #did
20:10:55 <ottomorac> ottomorac has joined #did
20:12:32 <ottomorac> ottomorac has left #did
23:02:08 <dmitriz> dmitriz has joined #did