06:49:13 RRSAgent has joined #vcwg 06:49:18 logging to https://www.w3.org/2026/06/02-vcwg-irc 06:49:18 RRSAgent, make logs Public 06:49:19 please title this meeting ("meeting: ..."), ivan 06:49:54 meeting:%20Verifiable%20Credentials%20Working%20Group%20F2F,%20Brussels,%201st%20day%0ADate%3A%202026-06-02%0AAgenda%3A%20https%3A//www.w3.org/events/meetings/6a191799-b432-4fe7-8767-adbca85401ce/%0Achair:%20brent,%20phila%0A/topic%20Meeting%20Agenda%202026-06-02:%20https://www.w3.org/events/meetings/6a191799-b432-4fe7-8767-adbca85401ce/%0A 06:50:44 meeting: Verifiable credentials working group F2F, 1st day 06:50:53 date: 2026-06-02 06:51:28 agenda: https://www.w3.org/events/meetings/6a191799-b432-4fe7-8767-adbca85401ce 06:51:59 ivan has changed the topic to: Meeting Agenda 2026-06-02: https://www.w3.org/events/meetings/6a191799-b432-4fe7-8767-adbca85401ce/ 06:55:37 phila has joined #vcwg 07:03:38 denkeni has joined #vcwg 07:04:04 manu_ has joined #vcwg 07:05:36 brent has joined #vcwg 07:06:21 JoeAndrieu has joined #vcwg 07:06:35 present+ 07:06:44 present+ carolynn 07:06:46 present+ 07:06:49 present+ manu 07:06:56 present+ 07:07:00 present+ denkeni 07:07:05 IvoLadenius has joined #vcwg 07:07:05 present+ bretn 07:07:14 s/bretn/brent/ 07:07:45 present+ amir 07:07:51 present+ 07:08:15 Carolynn has joined #vcwg 07:08:18 present+ ivo 07:08:30 KevinDean has joined #vcwg 07:08:37 present+ 07:08:44 scribe+ 07:08:55 Welcome everyone to the VCWG F2F 07:09:06 s/Welcome/brent: Welcome/ 07:09:29 present+ 07:09:43 JennieM has joined #vcwg 07:09:47 present+ 07:09:53 brent: We will need some scribes today, so look forward to scribing throughout the day. The goal is to capture discussion and decisions made. 07:10:32 brent: I have belgian chocolate and a book to share, if anyone would like either. 07:11:10 ivan: Ivan Herman, I am a W3C Staff contact for the WG and others -- been with the WG for about 5 years. 07:11:56 brent: I'm Brent Zundel, Yubico, have been the Chair of this group for a while, before I was the Chair, I helped write VCDM v1.0. I spent a bit on chocolate over the past several days. 07:12:28 present+ elaine 07:13:29 phila: Phil Archer, from GS1, some of our GS1 employees will be around and are excited to meet you. We have this space for all three days. If there is a fire (not counting on one) go down the stairs. 07:14:19 JoeAndrieu: I'm Joe Andrieu from Legendary Requirements, do work on use cases and threat modelling and confidence method. 07:15:35 shigeya: Shigeya Suzuki from Keio University, working on Originator Profile and educational credentials, this is second visit to GS1 global, was working on RFID technology before. 07:15:51 IvoLadenius: Ivo from GS1 Netherlands 07:16:03 ewooten: Elaine Wooton, working on Verifiable Barcode spec. 07:16:20 wsmith: Wes Smith, from DB, working on credential status and other related technologies. 07:16:28 wes-smith has joined #vcwg 07:16:31 scribe+ 07:16:34 present+ wes-smith 07:16:43 manu: Hi, I'm an editor on a few specs 07:17:06 present+ cappell 07:17:23 stevecapell: Steve Capell, work on trade facilitation, here because I believe W3C VCs are by far best mechanism for scaling global trade, work at UN as well. 07:17:37 s/wsmith/wes-smith/ 07:18:19 Elaine has joined #vcwg 07:18:19 s/ewooten/elaine/ 07:18:23 Carolynn: Carloynn Bernier, new W3C member/expert soon, interests are vocabularies for DPP and wallets, heavily involved in ativity in europe. Phil invited me here to participate. 07:19:01 denkeni: Denken Chen, affiliated with Ministry of Digital Affairs in Taiwan, co-editor of VC Confidence method and co-chair of Credentials CG and bring more energy to APAC regions. 07:19:43 KevinDean: Kevin Dean from Legendary Requirements, co-editor on VC Use Cases. 07:19:53 present+ jennie 07:20:01 JennieM: Jennie Meier with Digital Contract Design, alternate AC rep for DCD, have been involved for 4 years now. 07:20:58 wes-smith has joined #vcwg 07:21:04 amir: Hello Amir from Sirraya Labs, Invited Expert and work on ZKPs and post-quantum transition. I have been implementing a lot of this technology. 07:22:02 phila: We'll be joined by Carsten, Simone, and Hadley later today. I'm not planning a dinner for anyone tonight, have to leave early today -- we need to make sure we keep the room tidy. 07:22:48 brent: Today we're meeting until around 6pm -- tomorrow starting at same time, but will end at 3pm, we will be doing a tour of beer museum and then a dinner. 07:23:22 brent: Thursday we have to be out by 1pm. 07:23:35 rrsagent, draft minutes 07:23:37 I have made the request to generate https://www.w3.org/2026/06/02-vcwg-minutes.html manu_ 07:25:00 JoeAndrieu: What time zone are we anchored to? 07:25:09 brent: Boston time zone 07:26:02 phila: Make sure you us IRC if you want to speak and queue. 07:26:14 brent: We will need scribes throughout the day 07:27:44 Group discusses IRC logistics 07:29:32 SteveC has joined #vcwg 07:30:02 Elaine has joined #vcwg 07:30:08 present+ SteveC 07:30:12 present+ Elaine 07:30:18 present+ wes-smith 07:30:58 Topic: Process and Task Force Discussion 07:31:31 wes-smith has joined #vcwg 07:32:02 brent: The W3C Process document is a description of how W3C operates. Describes how W3C gets stuff done. I'm the Chair of the Process CG. Goal here is for people to feel comfortable jumping into the document. 07:32:57 JennieM has joined #vcwg 07:34:01 brent: W3C Process document talks about membership, rights and obligations, covers how we participate in groups, criteria for being invovled, rules guidelines for meetings, W3C is a member organization -- a member is a company, there are dues involved, every member can select a representative to the advisory committee. AC is group at W3C that makes final decision on charters, specifications, AC that elects members to Advisory Board. 07:35:17 brent: The AC has 3 elected groupps -- Board of Directors keep lights on approve budgets hire CEO, Advisory Board gives advice to W3C Team and Advisory Committee -- AB represents the AC, AB is responsible for updating W3C Process document. For example, travel fund would be for AB to decide. 07:36:02 brent: Technical Architecture Group oversees architecture of the Web, review specs as they are being developed, how they fit within greater Web architecture. Hadley is co-Chair of TAG as of today. 07:37:19 brent: The rest are Working Groups and Interest Groups -- WGs recommend specifications -- here are IGs... like privacy and security IGs that do reviews. 07:38:26 brent: WGs start with a Charter, which gets refined by team (WGs exist for a span of time, goals/objectives, scope of work -- charter for this group works on VC technologies). Skim through group charter if you haven't yet. 07:38:51 brent: If there is stuff you want in the charter, let us know. 07:40:39 brent: W3C cares a lot about consensus -- strong consensus model, which means we aim for unanimity (everyone agrees)... strong consensus is "I can live with it" (the ugly baby is the best thing we can make)... the benefits is that we know that the thing that was produced was agreed to... consensus is very important. If this group makes a decision that you feel is absolutely wrong, it is your right to formally object to that. 07:41:26 brent: Formal objection is a part of the process, it is your right to do so, but it is a very serious step and takes months to work through. 07:41:59 brent: If there is a FO, team tries to resolve, then goes to council, then is resolved eventually if everything fails. 07:42:11 q+ 07:42:25 scribe+ 07:42:28 scribe+ 07:42:38 manu_: Is anything changing in the next year or two that will affect this group? 07:42:45 scribe- 07:43:12 brent: There is a set of suggestions to W3C Process changes that is incoming. 07:45:59 brent: We took feedback at TPAC, put them into actionable thing that could change, AC meeting we talked about two directions to head on prcess changes. The first is tooling improvements that will help ease burden of holding to process -- for example, wide review -- i18n, privacy, TAG, security, all groups review. Toolingn around horizontal review is something that could be useful. Possible changes to WGs (how items are added/removed, how it interacts 07:45:59 with patent commitments made). 07:46:19 q+ 07:46:24 ack manu_ 07:46:34 brent: Potentially a lot of stuff should be changing -- AB is going to try to make things better w/o sacrificing quality of W3C specs. 07:46:40 ack phila 07:47:48 phila: To add to what you're saying -- Chairs are appointed by W3C Team -- for me, Chairing is a privilege, take it seriously, our job is to help the group come to consensus, go through wide review, we have a timeline to get documents done... there are a lot of documents to get through the process. 07:48:35 phila: I try very hard to co-chair and focus on being the Chair -- I am also from GS1, but focus on Chairing. 07:49:39 brent: Our powers as Chair are fairly limited, we keep things on the rails, and have to find consensus if it exists (or make calls on how to proceed) 07:50:36 ivan: Most WGs have W3C Staff/team contact -- I'm here to help the Chairs and group to navigate the W3C Process. We do stuff to help publish documents. 07:51:42 ivan: Each staff contact has a view on what they have to do -- try to coordinate with other groups, keep things connected. I also help w/ various technical items in the WG. 07:52:44 q+ to ask about IP commitments with registries 07:53:13 brent: There are three types of documents we can produce: NOTEs, Recommendations, and Registries. NOTES don't necessarily have consensus (other than to publish). Registry is a standard set of guidance for how registry process works (registry has contents that are updated). 07:53:17 ack JoeAndrieu 07:53:17 JoeAndrieu, you wanted to ask about IP commitments with registries 07:53:45 present+ wip 07:54:02 SteveC has joined #vcwg 07:54:26 Carolynn has joined #vcwg 07:54:34 q+ 07:55:02 JoeAndrieu: IP commitments -- don't understand language on "content of registries" -- for example, registration of DID Methods doesn't mean you entangle any IP. RECs are free of patents (per W3C Process). Registries don't have patent commitments (for example, proprietary DID Methods can exist). 07:55:16 Carolynn: There are three types of technical reports... is a use case a NOTE? 07:55:19 brent: yes, exactly. 07:55:19 ack Carolynn 07:56:10 ivan: Some groups rely heavily on NOTES for things like best practices. 07:56:22 Wip has joined #vcwg 07:56:25 present+ 07:56:26 brent: When we talk about FPWD, CR, these are "Recommendation" path technical reports. 07:57:24 q+ 07:58:07 brent: Wide review is required for Recommendation -- but we can make changes to Recommendations (class 1, class 2, class 3, class 4) -- each has requirements. 07:58:38 q- 07:59:04 ivan: Our charter allows us to make certain changes to certain documents. 08:00:21 q+ 08:00:28 brent: Looking at picture of process -- CG follows CG process of incubated technology -- then WG considers if something is ready for FPWD... once FPWD is done, it keeps publishing as WD while we work on document. 08:00:32 q+ 08:00:54 brent: Until we're done, at which point we move into CR phase. 08:01:03 ack ivan 08:01:12 SteveC has joined #vcwg 08:01:40 ivan: Important to emphasize role of FPWD -- when do we do that? As soon as possible is a good way to go there... FPWD is a message to the outside world that the WG is working on a particular technology so public can make comments. 08:02:34 ivan: Publishing FPWD for quantum resistant cryptosuites -- we'll publish that next week, that we publish it and make an extra point on publication on website of W3C -- we are communicating this to the outside of the world, we are working on quantum-safe cryptosuites, message to community at large. 08:02:59 ivan: Some other groups have reluctance to go to FPWD -- FPWD doesn't have to be complete. 08:03:04 q+ 08:03:27 brent: FPWD kicks off patent commitments. 08:04:19 ack me 08:04:20 phila: We might want to change name of FPWD -- throwback from long ago... this is misleading. 08:04:42 Elaine has joined #vcwg 08:04:49 -> https://w3c.github.io/vc-dpp-bw/ucr/index.html 08:04:53 Carolynn: Even the drafts are public? 08:04:56 ivan: yes 08:05:15 q+ 08:05:21 ivan: In theory, a WG could choose to work behind closed doors, but no one does that lately. 08:05:29 ack manu_ 08:05:35 wes-smith has joined #vcwg 08:05:45 manu: what documents in the groups charter haven't had an FPWD? 08:06:02 ... Vocabularies and Quantum safe aren't yet 08:06:18 ivan: probably two documents from the vocabularies 08:06:29 q+ 08:07:16 ivan: some of the maintained documents may also need FPWD 08:07:27 ack JoeAndrieu 08:08:28 JoeAndrieu: Wanted to comment about public drafts, sometimes we do Google docs, but that's not a part of the process. 08:09:03 q+ 08:09:11 brent: We sometimes have member-visible documents, and private documents, which W3C tries very hard to avoid... they are very few and far between. Board of Directors work tends to be mostly private. 08:09:23 ack ivan 08:10:19 ack SteveC 08:10:20 ivan: This private member/public is reflected in mailing lists that W3C Operates -- group member lists; two mailing lists for WG -- member mailing list and public mailing list. Mailing lists are on WG web pages. 08:10:57 present+ Carsten 08:11:12 q? 08:11:46 SteveC: The UN standards have a less well specified but similar intent -- open development process, UN hasn't had tooling to do that effectively. UNTP was one of the first to use Github to do this, only two weeks did we hit FPWD (we have been working in public for last two years) -- had an enormous positive effect... wholly supportive of working in public. 08:13:26 SteveC: We are here in a member-visible meeting, wondering about other members and who is/isn't here. 08:13:40 brent: That might be a good discussion for dinner. 08:14:15 SteveC has joined #vcwg 08:15:21 brent: A couple of more minutes to go through REC track -- when we publish CR Snapshot (but we keep updating CR as a Draft, we can snapshot again while doing that) 08:15:22 q+ 08:15:57 q+ 08:16:18 brent: Once we get to when we're done, have implementer feedback, all normatives features have been implemented by independent implementations, wide review, horizontal review, responded to it appropriately, we say "we're truly done" and it moves to a W3C Recommendation vote. 08:16:21 q- 08:17:02 brent: That's the process, this is the W3C Process document, please take a look at it. 08:17:43 entropy has joined #VCWG 08:17:59 ivan: For vocabularies, what CR phase means for a vocabulary is different -- it is well defined in VCs what it means... more fuzzy wrt. vocabularies. 08:18:28 ack ivan 08:19:34 ivan: Pierre-Antoine will be here tomorrow -- for vocabularies, two independent uses of vocabularies -- Recommendations are useful in practice, implementations can be written from specs. Vocabulary work item creators need to specify what the bar is -- broader W3C community, set bar for ourselves and figure out what's good enough for vocabularies. 08:19:43 Topic: Use Cases 08:19:45 cstoecker has joined #VCWG 08:20:04 phila: quick intro to new folks... 08:20:21 Wip: Hi Will Abramson, Chair of DID WG, work for Legendary Requirements. 08:20:54 cstoecker: Hi Carsten Stoecker, work on Business Wallet and DPP vocabularies. 08:21:05 phila: Thank you for being here, welcome to GS1. 08:21:07 brent2 has joined #vcwg 08:22:01 https://w3c.github.io/vc-dpp-bw/ucr/index.html 08:22:17 https://www.w3.org/TR/vc-use-cases/ 08:22:28 phila: Let's talk about use cases -- some triggers for this -- Ingo has done some work, business vocabulary work -- Carsten working in WEBUILD, Carolynn been working in DPP done in CIRPASS2. 08:22:44 phila: Joe and Kevin worked on it, how long ago? 08:23:06 JoeAndrieu: It's been stable for years, but looking at how we can collaborate w/ others in the group 08:23:39 phila: Carsten has been working on use cases -- are these use cases for the business wallet, DPP, confidence method, quantum resistant cryptosuite? What are these use cases for? 08:23:56 phila: Use cases document are well written -- we need use cases that will guide our work that we're doing now. 08:24:38 cstoecker: We did use cases for legal persons -- in WEBUILD, large scale pilot of European Commission -- focus on legal persons (companies and companies that are regisered). 08:25:18 cstoecker: Natural person identity, birth certificate, to phone to natural person wallets... mDL, identity card, add digital identity to phone, secrity, holder binding, and othe stuff for natural persons. 08:26:17 q+ 08:26:31 cstoecker: We are doing same sort of thing for businesses... entry in business registry, inherting in business wallet, identity credentials that we're starting to use in European... eu unique identifier, european company certificatite, european company certificate... all of this can be generalized, link to identity in business registry... identifier of company. 08:27:39 cstoecker: EU idetnfieri identifiers business registry, unique identifier for company, same approach for US. .Other jurisdictions it's simpler (Singapore has one registry, for example). 08:27:49 ack next 08:27:57 cstoecker: What GLEIF was doing w/ vLEIs is also interesting. 08:28:29 +q 08:29:39 Carolynn: We need to come out of this meeting with agreement on use cases -- diplomas, etc. In our task forces, we need to agree, what is use case for DPP and wallet TF, we might have different leel of use cases. There are thing that already exist that are similar to legal trustworthiness of org.. look sand feels like business wallet attestation -- no interop between them. The business wallets between countries mimght not align. 08:31:28 Carolynn: How do we get interop between different nations? US Business wallet, DPP, many DPP systems out there -- UNTP DPP, EU DPP, we want to create interop between different DPP, use case is examples of where inerop needs to happen. KYC between borders. General VC use cases is one thing, need to agree on what was just said. 08:32:47 ack SteveC 08:32:50 cstoecker: We could move use cases elsewhere once we discussed them. We should also talk about GLEIF and work with German registry, etc. 08:33:21 SteveC: The use cases are broad, need to be chunked up to align w/ the work that we're doing here. 08:33:45 q+ to speak re: applicability / focus 08:33:55 SteveC: The recognized entities work and UNTP work might be able to be collapsed down to certain business space, can discussed which WG does which use case. 08:34:53 q+ 08:35:38 SteveC: My personal view is that a Swiss non-profit is not a authority of a business registered in any national jurisdiction. We are a mission at UN to issue membership w/ verifiable proof of membership -- want to re-use recognized entity, want to align w/ recognized entties -- let's focus on what problem we're addressing. 08:35:40 ack JoeAndrieu 08:35:40 JoeAndrieu, you wanted to speak re: applicability / focus 08:35:52 q+ carolynn 08:36:39 JoeAndrieu: How we've thought about use cases here -- how we expect this technology to be used. We want to document and focus feature debates. What we're seeing is task force specs are putting use cases in the spec itself. 08:36:40 q+ 08:36:52 ack shigeya 08:36:54 JoeAndrieu: There are use cases in DPP, don't know if we want to aggregate, will leave it there. 08:36:55 SteveC has joined #vcwg 08:37:27 q 08:37:35 q+ 08:37:35 shigeya: LEI adoption is not unevent among jurisdictions, it's problematic in certain context that we use LEI -- like idea of focusing use cases not toward specific technology 08:37:45 ack carolynn 08:37:59 IvoLadenius4 has joined #vcwg 08:38:11 q+ 08:38:12 ack manu_ 08:38:13 carolynn: For DPP won't align with W3C, different standards will exist, we can't control what happens in China, we have to create interop between that. 08:39:07 manu: Joe mentioned: how are these use cases popping up? One reason is because Horizontal Review often asks for a set of use cases, that's why they are being added to each document 08:39:39 q+ to suggest linking from VC Use Cases to use cases in specific specs 08:39:46 ... hving the VC Use Cases document is great. but having a few tight use cases in each extensiuon spec to help justify the reason for the features is helpful. 08:39:59 ... then we can decide later if they should be combined 08:40:04 ack cstoecker 08:40:07 phila: We have to expand overview document, too. 08:40:49 Elaine has joined #vcwg 08:41:22 q+ 08:41:27 cstoecker: We should discuss ater -- small section of use cases, use that to talk to people so we are doing relevant work, easier to have multiple buckets for use cases in beginning and then collect themm together later. 08:41:34 ack SteveC 08:41:38 cstoecker: We just need to have something that helps people see what we're working on. 08:42:16 Carolynn: Yes, standards bodies will do their own thing, but if there is willingness to align, then we can align. 08:42:36 ack JoeAndrieu 08:42:36 JoeAndrieu, you wanted to suggest linking from VC Use Cases to use cases in specific specs 08:43:02 q+ 08:43:05 q+ 08:43:10 ack Wip 08:43:13 +1 to JoeAndrieu 08:43:19 JoeAndrieu: We probably want to avoid setting up vc use cases document as a bottleneck -- people are going to wonder -- we should link to the use cases in these other documents via vc use cases spec. 08:43:24 ack Wip 08:43:32 ack SteveC 08:43:38 Wip: The use cases document is quie dense, diagrams would help 08:44:29 q+ 08:45:06 ack phila 08:45:09 SteveC: Trying to distinguish on technical standards, which can be used for all kinds of business use cases. When we write a trade use case, are we implying that we're going to develop a trade vocabulary. There is risk involved in a technical body -- be careful w/ use cases -- how do we distinguish? 08:45:20 ack phila 08:45:29 phila: Yes, standards bodies need to stay in their area of focus. 08:46:02 Carolynn has joined #vcwg 08:46:07 q+ 08:46:30 ack cstoecker 08:46:33 phila: We can transclude information from one spec to the other. 08:46:44 q+ 08:47:29 cstoecker: Discussions around JSON-LD security, vocabularies (people working on them) will disappear... W3C could have base vocabulary to keep it around -- might be desirable for medium assurance use cases 08:47:41 q+ to speak to "archival of vocabularies" 08:47:44 q+ 08:47:48 q+ 08:47:54 cstoecker: It's important for some sort of "semantic hub" to exist. 08:47:56 ack Carolynn 08:49:01 ack ivan 08:49:04 Carolynn: Use cases, each task force will have relatively detailed use cases to dig down into problem each task force is trying to solve -- we don't need all the detailed use cases directly into general use cases. I think it would make more sense to have high-level use case to add to general use cases. Infinite posibility of use cases for VCs... task force wants to give specific examples of problems we're trying to solve. 08:49:42 ivan: One thing that we need to care about -- network of specs have core technology -- we can't really change those items... for new use cases coming up, what are problems w/ current VC network/family that we have to solve for use case to work. 08:50:40 q- later 08:51:09 ivan: We don't have to write use cases from scratch... example of using VCs with one of the vocabularies -- From VC point of view, you can do X -- VC for that, but then there was requirement for new features into VCDM that are not there -- seems like there is something in VCDM missing, maybe we have to look at core tech... we don't want to start like we're starting from scratch... we are extending. 08:52:10 -> https://lov.linkeddata.es/dataset Is the nearest thing I know of as a register of known vocabs 08:52:38 ack manu_ 08:52:38 manu_, you wanted to speak to "archival of vocabularies" 08:52:42 ivan: Should W3C set up registry of vocabularies -- we've talked about it for a while, but we want decentralization -- VC can handle it, JSON-LD structures can do that -- you don't have to re-register the data and you're done. ALl vocabularies put in W3C account, goes against foundation of decentraization. There might be cases where it's required, but first reaction should be, if there is a vocabulary out there that's stable and used, use that. 08:53:49 manu: +1 to Ivan. I want to underscore Carsten. We're seeing in market verticals that are outside of W3C concerns using W3C Credentials, creating vocabularies, that want their vocabularies here. 08:54:08 q? 08:54:09 ... we need a formal response to them if we're going to tell them to not bring them here. 08:54:29 q+ 08:54:37 ... we need to figure out how to walk people through the process of setting things up on the web for long term availability 08:54:54 ... vital records agencies are completely rudderless here. 08:55:23 ack SteveC 08:55:29 ... we can help them build the vocabulary, but they want to keep it elsewhere, and we need to help them figure out what to do. 08:55:35 (off q) Sounds like a good interest group, for publishing/hosting appropriate/mature vocabularies 08:57:41 ack ivan 08:57:45 SteveC: I want to draw a huge distincntion between W3C setting up a erver vs. W3C publishing meaningful schema -- any standards groups that develops standards should look to membership to decide what they're doing. W3C Members are tech companies, long-term sustainability, UN Trade Data Element Vocabulary -- long running places where things live, membership is right characteristic of where this should exist. In UNTP, org that has authority to develop 08:57:45 vocabulary but doen't know how to host it. We should give people instructions on how to create and host vocabularies. 08:57:58 zakim, close the queue 08:57:58 ok, phila, the speaker queue is closed 08:58:57 wes-smith has joined #vcwg 08:59:23 ack me 08:59:27 ivan: I had a discussion last weekend with Pierre-Antoine on vocabularies -- set up formal registry for vocabularies -- my reaction was for VC-related vocabularies -- no, goes against ethos of VCs, maybe we need registry like DID Method registry -- registry for vocabularies, loose set of requirements for vocabulary, don't want to get into details. some sort of mechanism like DID Methods. Don't know how well that works. 08:59:28 manu: Not very well :) 08:59:58 rrsagent, draft minutes 08:59:59 I have made the request to generate https://www.w3.org/2026/06/02-vcwg-minutes.html ivan 09:00:40 phila: I think there is consensus -- if you're working on new spec, render method, those documents should have use case section that discusses why we've done this. Avoids putting everyhing in one place. Use case that motivates particular piece of work. We can collect later. 09:00:54 phila: Ok, thank you! 15 minutes and then we discuss confidence method 09:00:57 scribe- 09:00:59 Topic: Coffee 09:08:38 wes-smith has joined #vcwg 09:13:37 Elaine has joined #vcwg 09:18:32 Amir has joined #vcwg 09:22:57 brent has joined #vcwg 09:23:05 KevinDean has joined #vcwg 09:23:12 present+ 09:23:28 JoeAndrieu has joined #vcwg 09:23:52 wes-smith has joined #vcwg 09:23:53 Topic: Confidence Methods 09:23:53 https://docs.google.com/presentation/d/1dKqNIYX2i9MuJ0WppUjOylHqmUXTQVf9VFgZbNHTF1k/edit?usp=sharing 09:23:56 scribe+ 09:24:03 Carolynn has joined #vcwg 09:24:09 JoeAndrieu: presents those slides 09:24:42 Wip has joined #vcwg 09:25:29 Zoom has joined #vcwg 09:25:42 https://docs.google.com/presentation/d/1dKqNIYX2i9MuJ0WppUjOylHqmUXTQVf9VFgZbNHTF1k/edit?usp=sharing 09:25:54 IvoLadenius has joined #vcwg 09:25:55 SteveC has joined #vcwg 09:26:39 JoeAndrieu: I'm going to share the work Denken and I are leading on the Confidence Method 09:26:51 ... Increasing confidence about a particular subject 09:27:02 brent7 has joined #vcwg 09:27:16 q? 09:28:08 Elaine has joined #vcwg 09:29:41 [Slides provide text] 09:32:57 JoeAndrieu: Biometrics are super-powerful, also super-dangerous. It's easily abused. 09:33:09 q+ 09:33:30 denkeni: When we issue a VC, is the subject the holder, and when presented, is the presented the subject 09:33:37 zakim, open queue 09:33:37 ok, phila, the speaker queue is open 09:33:47 q+ cstoecker 09:34:26 denkeni: We need to be very careful when sharing your portrait image online. Are there other methods for increasing confidence? 09:34:54 ... Talking about online confidence 09:35:04 ack cstoecker 09:35:28 cstoecker: Do we need confidence for legal persons as well as natural persons? 09:35:43 JoeAndrieu: Yes. We just need someone to come forward to propose it 09:36:30 JoeAndrieu: Goats, and dogs also need VCs. The owner offers the confidence. But hang on, dogs can have chips. Might have a point of extensibility there. 09:36:43 [back to slides] 09:36:43 present+ simone 09:39:14 JoeAndrieu: Talks about use of DID and CID for the example of a "marriage certificate". Use CID to get the public key simply 09:39:15 JennieM has joined #vcwg 09:39:17 q+ 09:39:28 Amir has joined #vcwg 09:39:32 ack manu_ 09:40:07 manu_: +1 to that. There are use cases where the VC is attached to a person, or can be associated with a card (chip & pin etc) 09:40:16 ack manu_ 09:40:34 manu_: There are use cases coming out of mDL wanting the whole thing in the card. 09:41:12 ... Another use case is everything is the card - it's the card that is legitimate. So you need confidence method work to associate that card with a person 09:41:52 JoeAndrieu: The marriage cert doesn't say anything about whether Jayden Doe and Morgan Doe are who they say they are 09:42:02 [Assurance level slide] 09:42:34 JoeAndrieu: External assurance systems can be plugged in 09:42:52 Sub-topic: PR 38 09:43:01 present+ scott 09:43:11 s/Sub-topic/Subtopic/ 09:43:22 https://github.com/w3c/vc-confidence-method/pull/38 09:43:48 scott: The intention is to add a Biometric Vector Confidence method to the spec 09:43:56 ... We added a challenge/response flow 09:44:07 ... Updated to cover multibase... 09:44:19 ... Renamed relevant ZKP suite 09:45:02 Joe: There's a note, but if you add a class of "atrisk" then it will be shown as such 09:45:32 Scott: I resolved some merge conflicts. There are open issue and review comments 09:45:34 q+ 09:46:03 JoeAndrieu: I want to go through the comments from Manu and Amir but... 09:46:13 q+ 09:46:19 JoeAndrieu: Confused about the workflow 09:46:20 ack manu_ 09:47:15 manu_: This is probably the first time a lot of people ere have seen this. Let's go back to the use case. We're trying to do a privacy-preserving biometric check. Ideally with the user's device and the biometrics ever leave the user's device. 09:48:00 ... Trying to get it so that there are 2 improvements. 1. you don't know where your video is going to. Maybe you get to choose which video service is used. 09:48:45 ... 2. Better - you have software on your phone that has been audited and spits out a signal that your detailers were checked and verified. 09:49:18 manu_: If you're at a store buying alcohol, you want to send them an unlinkable check that you're over 18 09:50:01 manu_: We want a proof something like "with 94% confidence, this person's government ID checks out and is over 18" 09:50:10 ... The retailer doesn't get to see any PII. 09:50:34 Elaine has joined #vcwg 09:50:38 ... Assumes that there is a gov-issued ID on your device (and mDL or VC) 09:50:47 s/and/an/ 09:51:19 ack Wip 09:51:34 wes-smith has joined #vcwg 09:51:37 q+ 09:51:47 q+ 09:51:57 q+ to speak to "how do they know the things are bound together" 09:52:01 Wip: I'm a little confused. What is the binding? I have some proof but how does the relying party know that the gov ID that was checked is for the presenter? 09:52:14 ack wes-smith 09:52:15 ack wes-smith 09:52:33 wes-smith: I'm looking at example 4. I'm interested in how the proof is linked to the presentation 09:52:46 ... I'd think some or all of that proof should be in the VC? 09:52:51 ack manu_ 09:52:51 manu_, you wanted to speak to "how do they know the things are bound together" 09:53:07 manu_: I don't think we have good answers to those speicific questions yet. 09:53:23 ...How does a verifier ask for a check to be carried out 09:53:37 q+ 09:53:40 manu_: Scott may have more to say. 09:54:24 q+ 09:54:40 manu_: It could work sth like: I need a proof of likeness of you. Perhaps include a challenge, and might then specify the biometric matching models that it allows. 09:55:04 ... For example, I'll accept a Real Eyes check against a gov-issued ID. 09:55:05 q+ 09:55:47 ack JoeAndrieu 09:56:46 JoeAndrieu: I think... we might have a slight error in example 3. It's a VC that has a biometric vector... you can achieve confidence by applying this method using this kind of issued ID 09:56:53 q+ 09:57:05 q+ to point out some other interesting things about BiometricVectorConfidence 09:57:15 ack cstoecker 09:57:17 ack cstoecker 09:57:30 q- 09:57:53 cstoecker: Physical goods don't have biometrics, they might have product characteristics 09:58:32 cstoecker: I wonder if we need a list of authorized, qualified ID verification companies? 09:58:34 q+ 09:58:37 ack wes-smith 09:59:12 q+ to speak to product verification 09:59:35 q+ 09:59:38 wes-smith: Going back to the ZKP concept... something that might be a challenge - a lot of the models we're describing are based on proprietary mechanisms. We can't specify that in the W3C doc 09:59:51 q+ to resond to wes about zkps within zkps 09:59:57 ack manu_ 09:59:57 manu_, you wanted to point out some other interesting things about BiometricVectorConfidence 10:00:29 q+ 10:00:33 manu_: The biometric face matching is highly proprietary. Everyone has own method and models 10:00:55 IvoLadenius has joined #vcwg 10:01:04 ... There are some open models, but they're not nearly as accurate 10:01:58 phila, to be clear, my concern was not about W3C documentation, but a technical concern about ZKPs on proprietary computation 10:02:05 manu_: If an open model were to become competitive then there might be a shift. 10:02:48 manu_: Because the models are unreversible, meaning if someone gave you the template, you couldn't reconstruct the person's face. I think 10:03:34 manu_: If you needed to communicate the biometric vector to another system, at least you're not uploading a picture of your face. It's a slight improvement. 10:04:10 manu_: You could potentially put this on a card. 10:04:49 manu_: There's a problem when someone clones all the data on a card and then uses a fake image 10:05:12 ... Very hard to get even a low-res image into a barcode 10:05:15 ack SteveC 10:06:02 ack JoeAndrieu 10:06:02 JoeAndrieu, you wanted to speak to product verification 10:06:06 SteveC: I'm interested in the relationship between confidence methods and recognized entity. Imagine an RE issues a credential, how do you know that it was issued to that entity? 10:06:54 JoeAndrieu: These confidence methods we have been talking about have been about persons. For businesses, it's how can I be confident that the business is the subject. 10:07:17 q+ 10:07:55 JoeAndrieu: I like to idea of a service around registry of products. I don't like centralization but it seems unavoidable here for the likes of Gucci. 10:07:57 q- 10:08:57 JoeAndrieu: On the reversibility question - it's mathematically possible. I could generate loads of images and pick the ones that match the template 10:09:10 JoeAndrieu: The goal is non-revisbility 10:09:11 ack Wip 10:10:28 Wip: There are two VCs being talking about. A university one and you'd see the confidence method. Maybe a biometric method. That makes sense. I think I'd like to see the two credentials presented at hte same time. 10:10:30 ack KevinDean 10:10:44 q+ to timecheck 10:11:17 KevinDean: An FYI - we did a lot of work at GS1 on anti-counterfeiting. Even if the algorithm is publicly known, it's still impossible for the counterfeit to fake a genuine. 10:11:23 ack brent 10:11:23 brent, you wanted to timecheck 10:11:27 brent: 20 mins to go 10:11:47 JoeAndrieu: This is most of what we want to talk about - this biometric stuff. 10:12:12 ... I really like the simultaneous cf. interactive discussion. 10:12:35 JoeAndrieu: The receiver may not care about the confidence method, or they may care deeply. 10:13:05 JoeAndrieu: The confdeince method might be an email. That's common even though it's not crypto. 10:13:17 ... Might be the handshake of the might Pooh-Bah association 10:13:28 JoeAndrieu: Are there topics you want to cover here? 10:13:36 denkeni: no, carry on... 10:14:04 https://github.com/w3c/vc-confidence-method/issues/32 10:14:19 JoeAndrieu: Issue 32 started with a question - does this example need an id within the doc. 10:14:48 JoeAndrieu: Ivan asked whether the Credential subject needed an ID 10:15:14 JoeAndrieu: Sometimes you don't want an ID for privacy purposes. 10:15:55 q+ 10:16:17 q+ to speak to selective disclosure and identifiers 10:16:37 JoeAndrieu: Dave also brought up the issue - he talked about the wrong lesson of putting personal IDs in a VC. A VC might have other PII in there, so you're not disclosing anything rextra. 10:17:05 q+ 10:17:05 ack ivan 10:17:14 JoeAndrieu: We are aware that we're creating points of correlation. It's necessary. Maybe we should be in something about selectuve disclosure. 10:18:13 ivan: I'm looking for some consistency across all our docs. In our other docs, we always have an ID for the subject. So it looks as if it's mandatory. Maybe we need to go back to the VCDM spec 10:18:13 ack manu_ 10:18:13 manu_, you wanted to speak to selective disclosure and identifiers 10:18:34 s/selectuve/selective/ 10:19:15 manu_: I think that Dave's probably talking about is deep in the technical weeds. If you put a subject ID and make it selectively disclosable, you're going to be giving at out every time. Might be an issue for long-lived creds. 10:19:17 q+ 10:19:42 manu_: Businesses and things have different privacy needs than people. 10:20:07 q+ to ask about selective disclosure (backwards) 10:20:35 manu_: If I put an ID for the credential subject and I allow the country of residence to be SD, then you'll give away the ID every time. 10:20:36 ack cstoecker 10:21:10 q+ 10:21:19 cstoecker: From a privacy POV, culture matters. Some people don't care about their privacy. Others do of course. 10:21:51 cstoecker: Diff between employer ID and natural person ID and have different privacy expectations. 10:22:03 ack ivan 10:22:50 ivan: This sounds like a VCDM issue, so I think the issue should e transferred to the VCDM repo. It's nothing to do with confidence method. 10:22:55 ack JoeAndrieu 10:22:55 JoeAndrieu, you wanted to ask about selective disclosure (backwards) 10:23:08 JoeAndrieu: It's my responsibility and until I move it ;-) 10:23:17 ... I like the on behalf of pattern 10:23:26 ... When someone is acting on behalf of someone else 10:23:56 q+ +1 to transfer the issue to VCDM 10:24:07 ... That often happens with employees. We don't want everything about an individual to be mixed up with their life as an employee. 10:24:11 q+ denken 10:24:19 q- +1 10:24:49 JoeAndrieu: technically, Manu was talking about BBS. Others might have a different SD method. With BBS, the ID must be disclosable 10:25:08 ack wes-smith 10:25:28 JoeAndrieu: I hadn't realised that the subject ID would be revealed if something below it was. 10:25:49 ack denken 10:25:58 denkeni: I agree that this ID issue should be transferried to VCDM 10:26:13 https://github.com/w3c/vc-confidence-method/issues/25 10:27:03 ... especially as it's already in wide use. We prefer the device binding. But what does it solve? Do we need an ID for everything? We're trying to increase the confidence in an VC 10:27:08 q+ 10:27:11 q+ 10:27:17 JoeAndrieu: Thanks - this was really good engagement 10:27:22 ack manu_ 10:27:44 manu_: Great work on the spec so far - thanks to Scott, Denken and Joe. How far away from CR are we? 10:28:10 manu_: Can we get a version 1 out fairly soon? 10:28:18 zakim, close the queue 10:28:18 ok, brent, the speaker queue is closed 10:28:31 ... And then come back and add in other features that might take longer to work through. 10:28:49 manu_: Maybe 6 months for the image. Biometric later. 10:29:17 JoeAndrieu: 6 months sounds doable? 10:29:37 JoeAndrieu: We need to get the original draft spec text for what we think is simple before we get to what's complex 10:29:40 ack ivan 10:30:03 ivan: The problem I see is horizontal review as we mentioned earlier 10:30:45 JoeAndrieu: Every one of these methods needs a threat model. a11y will ask questions. Maybe not i18n. I suggest the horizontal review should begin soon. 10:31:03 rrsagent, draft minutes 10:31:05 I have made the request to generate https://www.w3.org/2026/06/02-vcwg-minutes.html ivan 10:31:17 Topic: Lunch 10:41:39 exe has joined #vcwg 11:30:24 kezike has joined #vcwg 11:30:48 present+ 11:34:54 zakim, open the queue 11:34:54 ok, brent, the speaker queue is open 11:37:03 present+ 11:40:14 JoeAndrieu has joined #vcwg 11:40:27 Topic: Threat Modeling 11:41:00 slides for the Threat Modeling session: https://docs.google.com/presentation/d/1xqSOsRsu-PmfrBKgpA6K2hIyNRp6g4fbrZdNpnPB2co/edit?slide=id.g3c86ce85bb8_0_237#slide=id.g3c86ce85bb8_0_237 11:41:04 present+ tallted 11:41:11 slide 11 for remote folks 11:41:15 present+ kezike 11:41:25 if you would not to sleep or observe 11:41:52 Wip has joined #vcwg 11:42:50 present+ hadleybeeman 11:43:01 wes-smith has joined #vcwg 11:43:09 https://us02web.zoom.us/j/89771982204?pwd%3DYVh1dURSWjdaRlJnTWZBbDUvdEg3Zz09&sa=D 11:45:05 manu_ has joined #vcwg 12:22:09 present+ 13:07:20 Dropping off for another call. Back in 1.5 hours. 13:23:21 PDL-ASU has joined #vcwg 13:23:29 Present+ 13:57:32 brent has joined #vcwg 13:57:46 Topic: Threat Modeling 13:58:04 The group explored threat modeling around VCALM using Legos 13:58:36 Manu: at what point can we know our threat model is mature enough to bother the Security folks? 13:59:39 phila has joined #vcwg 13:59:41 Simone: We are having a long discussion about that. You can consider the first iteration done when you have at least one threat per category of stride, ideally with a mitigation. One for each flow 14:00:10 ... for example, not all threats apply to datastores 14:00:35 Joe: noting we didn't introduce 'stride' to this group 14:00:53 Manu: so, 20 threats for 4 flows? 14:01:19 JoeAndrieu: we want to elicit the threats we've had in mind as we developed our tech. 14:02:04 ... If you feel you have closure, that's good enough. Worry less about the numbers and more about addressing what keeps you up at night 14:02:51 ... make a flow diagram, tie your threats to the flows, start socializing with others to find new threats, then fill in 14:03:44 Amir has joined #vcwg 14:03:48 brent2 has joined #vcwg 14:04:17 simone: we are using a similar method for reviewing the standards. 14:04:39 ... for security, you can use stride as a category for discovering threats 14:05:06 ... some threats are in multiple categories. 14:05:25 STRIDE is an acronym for the different threat categories 14:06:24 Simone shares a google doc, linked in the presentation from earlier 14:08:50 JoeAndrieu: for each interaction, go through STRIDE. Also, what is the most interesting of each category for the whole system. 14:08:56 https://docs.google.com/document/d/13yPjrkenSj6AsErIkFzePiGeZPksCacprOx5F3VcBn4/edit?tab=t.0#heading=h.o67rv1dznoke 14:09:36 simone: if you need help, there are also threat modeling card decks that may be helpful 14:09:47 ... some ideas in the document 14:10:22 simone: starting with the diagram, then at least one threat and mitigation for each interaction is the goal 14:12:17 ... probably we need to introduce other things: STRIDE per element, STRIDE per flow interaction, ping me so I can give you more information., plus also take one threat type and take it through the diagram, i.e., threat per interaction. 14:13:00 ... when you have one for each, then it is ready for review 14:13:17 Amir has joined #vcwg 14:13:37 manu: I'm concerned about the amount of work this represents. We could spend as much time on threat modeling as we spend writing the spec. 14:14:21 ... There are some attacks that may introduce additional elements, that adds more. 14:14:47 ... one thing I was hoping to get out of this: can we do security and privacy in the same model? 14:14:59 ... there's going to be a lot of duplicate work as well 14:15:42 Joe: also, when it's the same mitigation every time (e.g., TLS), then do we need to indicate each threat? 14:16:10 manu: we'll need to make some judgement calls, worried the Security Group is going to say it's not good enough. 14:16:19 q+ Carsten 14:16:44 present+ 14:16:48 ... threat modeling might be a lot of extra work,. At least 3x 4x more than previous security consideration 14:17:15 q? 14:17:19 manu: most CISOs aren't even asking about threat modeling when we talk to them. 14:17:28 ack next 14:17:33 q+ 14:17:57 carsten: what we do here is educational. 14:17:59 ack next 14:18:17 shigeya: useful to have data flow diagram, needed for STRIDE. 14:18:47 Joe: we have that already, we didn't show it today. 14:19:09 May I have the link to the document which has DFDs? 14:19:17 phila: I'm also concerned with the amount of work this represents and how it will affect our timelines 14:19:40 simone: You are hoping for CR after TPAC? 14:19:49 ivan: for some of them, TPAC would be too late 14:20:32 simone: my suggestion for finishing on time: start and close the high level DFD, this may be enough for the review 14:20:42 Amir has joined #vcwg 14:21:39 Topic: Render Method 14:21:49 present+ dmitriz 14:22:18 phila: is 40 minutes enough, or do you want to continue past that, some people need to go early? 14:22:44 dmitriz: I will make sure that's enough 14:24:27 Wip has joined #vcwg 14:27:32 Wip2 has joined #vcwg 14:27:51 scribe+ 14:28:00 KevinDean has joined #vcwg 14:28:04 present+ 14:30:11 Topic: VC Render Method 14:30:35 dmitriz: Today we will do an overview and lay out our main questions and challenges 14:30:57 slides: https://docs.google.com/presentation/d/1021kLfcC1BFYNKBCV5WxVNJXdLiCsKzz8vCCUykckHc/edit?slide=id.p#slide=id.p 14:31:03 manu_ has joined #vcwg 14:33:33 dmitriz: VC render method is a way for issuers to provide rendering suggestions for VC handling software. See slides above 14:33:49 q? 14:34:16 ... render method is not just about display but general purpose transformation. E.g. print to PDF problem 14:34:30 ... Anything that touches VCs with a user interfaces is going to need this 14:34:34 JoeAndrieu2 has joined #vcwg 14:35:14 ... See the goals of VC render method in the slide deck. 14:36:28 ... We expect this to support multiple languages for both the keys and the values 14:37:06 ... In many use cases, different locals influence more than just the words but the entire UI e.g. the color scheme 14:37:09 q+ 14:37:31 ack Wip 14:38:24 Wip: Is rendering always for humans or are you also looking at rendering for other machines, especially AI? 14:38:25 Wip: Is VC render method specifically for rendering to human users, or could it include AI agents? 14:38:55 dmitriz: Good question, we need to learn what AI systems prefer 14:39:30 ... Visual to audio or visual to text could also translate to AI 14:39:41 q+ 14:39:43 ... I think this framework will help us render information in whatever ways agents prefer 14:39:48 ack KevinDean 14:39:52 Amir has joined #vcwg 14:40:20 KevinDean: Wondering why we would be catering to agents, rather than agents adapting to what we provide 14:40:34 dmitriz: there is a lot wrapped up in that 14:41:01 ... Yes we want the agents to help us, but also humans often end up serving the agents 14:41:08 Great observation Kevin! 14:41:31 KevinDean: understand some provision needs to be made for agents, statement a bit to strong rather than a give and take 14:41:47 dmitriz: agreed, i believe if we focus on accessibility in general it will be accessible to the agents 14:42:09 dmitriz: Threat modelling - the key question is how much do we trust the issuer? 14:42:50 ... What are the current approaches to render method? 14:43:34 ... We have seen "baked" images where an issuer lays out how the credential is going to look and embed this into the VC 14:44:03 ... Or we have seen this the other way round. Where the json is encoded into the EXIF. However, this doesn't work as well as lots strip this information 14:44:39 ... This locks in the way to render the VC at issuance time by the issuer 14:44:46 q+ 14:45:54 ... This is similar to a printable PdF that includes a QR code linking to a VC 14:46:14 q+ 14:46:17 ... Not having a render method approach initially, people opted for this baked in route 14:46:25 ack shigeya 14:46:36 shigeya: How do you deal with accessibility with this method? 14:47:25 dmitriz: This is exactly right. We also have to deal with this right to paper in the VC space. It should be possible to go from a digital VC to paper based 14:47:44 ack phila 14:47:56 ... There are two approaches, you prerender it at issuer time or you create some form of template to render it at render time in some structured way 14:48:31 phila: Linking this to the barcode work. Could there be some link between rendering and the representation of a VC as a barcode 14:48:48 s/deal with accessibility with this method/deal with accessibility with these methods/ 14:49:00 dmitriz: I see this as two direction. VC barcode from plastic to digital. Render method from digital to paper 14:49:08 q+ 14:50:11 wes: Agree that barcode and render method could be linked. But more work is required. In a render method that goes on a credential you could specify a barcode representation of that credential 14:50:44 ... The other way is a bit more challenging. Putting a render method in a VC barcode is harder due to space constraints. You would need a compelling reason to want to do that round trip 14:51:04 ... If the use case is there, its possible 14:51:28 ... You can do what you want with VC barcode. VC barcode accepts any VC, including ones with render method today 14:51:57 ... Some of the usecases for VC barcode include digitally signing over data in a machine readable form that is not in the VC itself 14:52:06 ... Might be hard to support this in a render method 14:52:16 ... render method would have to do the work here to support this 14:52:32 dmitriz: agree with everything you said. Major challenge is the space constraints 14:52:46 ack manu_cccccbvnrhdgfthkfinheelgrkjttkbhtnujgkfhiekv 14:52:55 ack manu_ 14:53:27 s/manu_ cccccbvnrhdgfthkfinheelgrkjttkbhtnujgkfhiekv// 14:53:40 ... As soon as you want to embed any images or large text content in the VC it gets too big for VC barcodes. That is before you consider post quantum 14:53:56 q+ wes 14:54:09 ... There are two basic tools to deal with this. Omission and linkage. 14:54:41 ... E.g. we could compress html and css into a URL 14:55:25 ... Even considering embedding something like an issuer logo into a VC can quickly cause the VC to get too large for some json parsers / handlers 14:55:53 ... If we trade space for linking, this does not work aswell offline and it can also cause correlation and phone home risks 14:56:02 ... This comes back to the question of how much you trust the issuer 14:56:15 ack wes 14:56:45 wes: Might be worth considering CBOR-LD for compression. Possibly render method could be designed to work well with CBORLD 14:57:08 dmitriz: Keep embed vs link and the space constraints in the back of your mind 14:57:26 ... This is a persistent problem across the threat model of the vc ecosystem 14:57:53 ... Whenever linking to external data via a URL 14:58:48 dmitriz: Then there is the template approach. You define some template and structure for the data in html,css or svg etc. Then on render you fill the template with the VC data 14:59:20 ... The challenge here is how do you sanitize these templates. This led us to browser sandboxing primitives e.g. iframes 15:00:27 ... The last approach is card style, we can describe each of the fields and how they should be rendered. Give some display directives but let the UI code make their own judgements 15:00:39 bigbluehat has joined #vcwg 15:00:42 ... This is used throughout the openid4vc and sd-jwt world 15:00:50 present+ 15:00:54 ... We should keep it in mind and have a provision for this 15:01:13 dmitriz: any questions? 15:01:13 wes-smith has joined #vcwg 15:01:20 q+ 15:01:28 brent: Nobody on the queue, we will revisit at 2.15 CET 15:01:45 rrsagent, draft minutes 15:01:47 I have made the request to generate https://www.w3.org/2026/06/02-vcwg-minutes.html ivan 15:01:55 ack wes-smith 15:02:08 wes-smith: back on vc barcodes. The only way to do what you do would be the not prebaked render method. You cant have the VC contain the barcode that will contain itself 15:02:14 dmitriz: Thanks 15:02:29 phila: Thanks to everyone who joined us online 15:02:35 rrsagent, draft minutes 15:02:36 I have made the request to generate https://www.w3.org/2026/06/02-vcwg-minutes.html ivan 15:02:44 ... We reconvene tomorrow 15:04:17 manu_ has joined #vcwg 15:04:17 denkeni has joined #vcwg 15:04:17 dmitriz has joined #vcwg 15:04:17 TallTed has joined #vcwg 15:04:17 hadleybeeman has joined #vcwg 15:04:17 shigeya has joined #vcwg 15:04:17 jyasskin has joined #vcwg 15:04:17 dlehn has joined #vcwg 15:04:17 manu has joined #vcwg 15:04:17 dlongley has joined #vcwg 15:05:50 manu_ has joined #vcwg 15:05:50 denkeni has joined #vcwg 15:05:50 dmitriz has joined #vcwg 15:05:50 TallTed has joined #vcwg 15:05:50 hadleybeeman has joined #vcwg 15:05:50 shigeya has joined #vcwg 15:05:50 jyasskin has joined #vcwg 15:05:50 dlehn has joined #vcwg 15:05:50 manu has joined #vcwg 15:05:50 dlongley has joined #vcwg 15:07:57 manu_ has joined #vcwg 15:07:57 denkeni has joined #vcwg 15:07:57 dmitriz has joined #vcwg 15:07:57 TallTed has joined #vcwg 15:07:57 hadleybeeman has joined #vcwg 15:07:57 shigeya has joined #vcwg 15:07:57 jyasskin has joined #vcwg 15:07:57 dlehn has joined #vcwg 15:07:57 manu has joined #vcwg 15:07:57 dlongley has joined #vcwg 15:11:15 denkeni has joined #vcwg 15:11:15 dmitriz has joined #vcwg 15:11:15 TallTed has joined #vcwg 15:11:15 hadleybeeman has joined #vcwg 15:11:15 shigeya has joined #vcwg 15:11:15 jyasskin has joined #vcwg 15:11:15 dlehn has joined #vcwg 15:11:15 manu has joined #vcwg 15:11:15 dlongley has joined #vcwg 15:13:46 denkeni has joined #vcwg 15:13:46 dmitriz has joined #vcwg 15:13:46 TallTed has joined #vcwg 15:13:46 hadleybeeman has joined #vcwg 15:13:46 shigeya has joined #vcwg 15:13:46 jyasskin has joined #vcwg 15:13:46 dlehn has joined #vcwg 15:13:46 manu has joined #vcwg 15:13:46 dlongley has joined #vcwg 15:15:05 denkeni has joined #vcwg 15:15:05 dmitriz has joined #vcwg 15:15:05 TallTed has joined #vcwg 15:15:05 hadleybeeman has joined #vcwg 15:15:05 shigeya has joined #vcwg 15:15:05 jyasskin has joined #vcwg 15:15:05 dlehn has joined #vcwg 15:15:05 manu has joined #vcwg 15:15:05 dlongley has joined #vcwg 15:47:30 denkeni has joined #vcwg 15:47:30 dmitriz has joined #vcwg 15:47:30 TallTed has joined #vcwg 15:47:30 hadleybeeman has joined #vcwg 15:47:30 shigeya has joined #vcwg 15:47:30 jyasskin has joined #vcwg 15:47:30 dlehn has joined #vcwg 15:47:30 manu has joined #vcwg 15:47:30 dlongley has joined #vcwg 16:50:21 klea has joined #vcwg 17:28:28 Zakim has left #vcwg 20:06:24 klea has joined #vcwg 20:49:55 manu_ has joined #vcwg