04:32:01 rrsagent, bye 04:32:11 I see no action items 06:41:26 RRSAgent has joined #vcwg 06:41:26 logging to https://www.w3.org/2026/06/03-vcwg-irc 06:41:28 RRSAgent, make logs Public 06:41:30 please title this meeting ("meeting: ..."), ivan 06:41:45 Meeting: Verifiable Credentials Working Group F2F, Brussels, 2nd day 06:42:20 agenda: https://www.w3.org/events/meetings/5a380851-00b0-4c47-a28f-e3b687db5800/ 06:42:40 date: 2026-06-03 06:43:02 ivan has changed the topic to: Meeting Agenda 2026-06-03: https://www.w3.org/events/meetings/5a380851-00b0-4c47-a28f-e3b687db5800/ 06:49:11 present+ 06:49:17 present+ ganeesh 06:49:23 present+ brent 06:54:03 denkeni has joined #vcwg 06:56:16 present+ phila 06:58:24 present+ pchampin 06:58:37 present+ elaine 06:58:46 present+ manu 06:59:12 present+ wip 06:59:51 present+ ivoladenius 07:01:16 present+ capell 07:01:30 phila has joined #vcwg 07:03:10 present+ suzanne 07:03:46 JennieM has joined #vcwg 07:03:53 present+ 07:05:52 present+ michaelshea 07:06:33 exe has joined #vcwg 07:07:16 michaelshea has joined #vcwg 07:07:22 present+ schmittner 07:07:32 present+ joe 07:07:54 present+ carsten 07:07:56 present+ 07:08:41 gannan has joined #vcwg 07:08:46 manu_ has joined #vcwg 07:08:46 JoeAndrieu has joined #vcwg 07:08:54 SteveC has joined #vcwg 07:08:54 IvoLadenius has joined #vcwg 07:09:07 present+ 07:09:26 Wip has joined #vcwg 07:09:51 pchampin has joined #vcwg 07:10:01 present+ 07:10:30 Chairs go over logistics for activity and dinner. 07:10:30 present+ Waheed 07:10:40 present+ 07:11:16 present+ 07:11:29 present+ carolynn 07:11:58 brent has joined #vcwg 07:12:02 scribe+ 07:12:22 present+ kevin 07:12:37 phila: phil opens the meeting 07:12:41 michaelshea has joined #vcwg 07:12:57 KevinDean has joined #vcwg 07:13:03 present+ 07:13:21 Sebastien: EECC introduces himself - interest in EU wallet 07:13:45 phila: Sebastiens company supplies GS1 with VC tech 07:14:13 Ganesh: From digital Bazaar says hello 07:14:37 present+ 07:15:27 Elaine has joined #vcwg 07:15:32 Topic: Business Wallet Vocab 07:15:37 s 07:16:43 Pierre Antoine: W3C staff contact of DID WG and JSON-LD WG. Interested in vocab discusion 07:17:25 present+ 07:17:28 present+ 07:17:31 wes-smith has joined #vcwg 07:18:03 -> Charter https://www.w3.org/groups/wg/vc/charters/active/ 07:18:12 present+ wes-smith 07:18:29 csteocker has joined #VCWG 07:18:30 https://w3c.github.io/vc-charter-2026/ 07:20:14 csteocker: Will introduce DPP vocab and (tentative) business vocabulary - for business wallet. Company registry, membership credentials, etc. Alot of work done in europe - but reaching out to US and Asia. 07:21:27 csteocker: Looking at UNTP and also W3C recognised entitites as basis to create interoperable voacb. Scope is things like KYC for supplier on-boarding - hopes to facilitate change from months to minuters. 07:21:27 brent8 has joined #vcwg 07:23:09 csteocker: Also power of attorney as a use case for business wallet vocab. EU WeBuild consortium had 150 companies in large scale pilot. One challenge is distinction between corporates and sole traders - (companies vs individuals) 07:25:18 csteocker: Some debate needed about SD-JWT vs W3C VC - Carsten is pushing W3C and is here so that W3C VC can avoid being de-scoped - because EU is writing tech standards into legal text and we need to maintain VCDM presence. 07:25:38 https://w3id.org/ebwv 07:26:50 csteocker: presentBW vocab - four business registers participating (Finland, Germany, Netherlands, one more) 07:29:13 q+ 07:29:16 ... draft use cases show the way identifiers are linked. company, related natural persons, related entities. Can be 100's of related entities. THis is the key value prop for linked data - each linked entity is a linked ID. 07:29:18 q+ 07:29:22 ack phila 07:29:33 q+ in the linked web voc https://w3id.org/ebwv there is e.g. LEIs but not (party)glns or any other GS1 IDs. but you are considering those IDs? 07:29:54 wes-smith has joined #vcwg 07:30:28 oh this IRC is not for actual chat but rather using admin commands? 07:30:28 q+ exe 07:31:47 q- 07:31:56 I think phil is making my point anyway ;) 07:32:04 phila: realisation that carsten is talking about the entire company relationship vocabulary, not the business wallet metadata. THis is complicated and important - but are they only VC based? this needs to be relevant to this group. Not only that but needs to be perceived as valuable but groups outside VCWG that may perceive this as too locked-in 07:32:04 to VCWG. What is your end goal? 07:32:16 present+ exe 07:32:34 q+ 07:33:44 q+ 07:34:38 ack manu_ 07:34:38 csteocker: we want to build vocabularies that can be used for all these business use case for corporate records and identity. AML, KYC, Export complaince, etc etc - are a heap of use cases. Due diligence on company structure. 07:38:21 olvisgil has joined #vcwg 07:38:29 manu_: Often a concern about overlap of vocabulary owners - and whether this group is the place for this. Work going on in US - convenience store ecosystem - 150,000 stores with lots of KYB (KYC?) challenges. This would be super helpful to them. We dont have retailers here, but we do have people representing retail (eg GS1?). US chamber of 07:38:29 commerce - interested in KYB, and many others. We perhaps cant do the work to identity the detailed attributes but perhaps we can connect different communities together. 07:39:09 ack SteveC 07:39:31 ... Yes this is the value of working here - connecting with other groups. EU wants to work across border 07:40:14 scribe+ 07:40:42 s/commerce -/... commerce - 07:40:45 SteveC: Concern - any time you develop standards, you need representative stakeholders. Potential users of those. 07:40:59 s/to VCWG. What/... to VCWG. What 07:41:05 ... W3C is a tech SDO, it's not a place where you get banks, freight forwarders and retailers etc 07:41:15 q+ 07:41:31 q+ 07:41:32 ... I understand Carsten's desire but I'm not sure that W3C has the people to do it, 07:41:35 q+ Carolynn 07:42:03 q+ 07:42:08 steveC: You don't want to be tarnished with the anti-JSON-LD brush 07:42:11 ack ivan 07:42:11 ack ivan 07:42:37 waj has joined #vcwg 07:42:47 SteveC has joined #vcwg 07:42:59 Stevec: Along the same lines, what is it that we as a WG will have to standardize? Example of ontology, should that be standardized by W3C? These seem to be use cases put into a vocab? It could be published in a W3C space. Not a recommendation, fine line between the two. 07:43:02 q- 07:43:13 q+ 07:43:13 s/Stevec: Along/iherman: Along/ 07:43:27 carolynn has joined #vcwg 07:43:34 ack manu_ 07:43:34 ack manu_ 07:43:51 scribe+ 07:44:06 SteveC7 has joined #vcwg 07:44:28 scribe- 07:44:28 scribe- 07:45:30 q+ 07:46:08 q+ 07:46:47 ack carolynn 07:47:24 q+ 07:47:26 manu: My hope is that we can perform some kind of alignment mechanism between the business registry alignment. 07:49:13 q+ to talk about how DCAT works 07:49:17 carolynn: Agree with manu. We dont have a place like "world business vocabulary association" so maybe this is the place to do it. For the moment - we are knocking on the door of this group for it. For example - where is the "world education forum" - maybe one day it'll exist. For now we need a place that is a JSON-LD fanbase to host this stuff. 07:49:19 ack csteocker 07:50:29 q+ to speak to how vehicle vocabulary was developed at CA DMV. 07:51:37 ack pchampin 07:51:40 csteocker: This is the value - we are connecting people and that is the value. EUBW is starting to put a wallet group together. "Corporate Register Forum" exists but have no idea what a business wallet is.. Maybe bring them into this group. For the time being, is this group the intersection of business and technical organisations around the 07:51:40 world. Business value is huge - just germany, banking, enterprise KYC - Euro 3Bn. 07:52:01 s/world/... world/ 07:53:57 q? 07:54:07 +1 to Pierre-Antoine 07:54:57 ack ivan 07:55:00 pierreAntoine: Agree with what has been said - including Steve's concern about the right stakeholders. There are two sides to this - maybe a community group or interest group (especially because these are open to non-w3c members). But a WG brings formality. So what is a WG actually endorsing int he end? Could the WG work at "meta-level"? Who 07:55:00 would be responsible to figure out who checks the details? Odd for a WG to publish something without standing behind the content. Maybe this is a registry function. 07:55:13 +1 to a registry maintained by the group (without normative assertions about the entries in that registry) 07:55:53 Business Register Hierarchy Example 07:55:53 1. EU Memberstate (or European Country, which is not a EU Member) 07:55:53 2. European Business Register Association (EBRA) 07:55:53 3. Corporate Registers Forum (CRF), global association of corporate registries 07:55:54 EBRA: https://ebra.be/ 07:55:54 CRF: https://www.corporateregistersforum.org/ 07:56:12 ivan: this working group can/should prove that these vocabs can work in VC world. Consider the vocabs as "black boxes" then the question for this WG is "can I create a VC from this?". 07:57:22 ack SteveC7 07:57:23 ... eg some group was using external vocabs for VCs but demonstrated a misunderstanding of what goes where in VCDM - which can be a feedback loop for what should be added to VCDM in future. Registry might be the place for it 07:58:07 SteveC7: Just to clarify the question -- I don't think we're heading toward publishing these vocabularies as W3C Recommendations, possibly a place to put them in the registry -- if content of vocabulary needs standards-based consensus/authority, that is likely to happen somewhere else. 07:58:58 SteveC7: Different hosts that have membership structure -- what we're talking here is a framework for how to allow proposed vocabulary that's not group output as register for Linked Vocabs -- vocabulary itself has no authority, in standards sense -- that's not a bad thing, people look at registry and say that's something I can use 07:59:29 q+ 07:59:34 ack wip 07:59:36 ack SteveC 07:59:39 SteveC7: Vocabulary may or may not be in W3C namespace, could register all UNTP vocabs... is that your expectation, Caresten? That's two differnt things. 08:00:03 q+ to ask about terms not normatively defined elsewhere 08:00:21 q- later 08:00:24 ack manu_ 08:00:24 manu_, you wanted to speak to how vehicle vocabulary was developed at CA DMV. 08:00:28 +1 communication about what the registry means and does not mean will be important 08:00:33 q+ 08:00:40 wip: agree that W3C is not the place to design these vocabs. But the quesitons is what does it rteally mean to add somethign to a W3C registry? Does it imply endorsement? 08:02:09 Wip has joined #vcwg 08:02:55 manu: Example of California DMV. It's in prod now - but there was no logical home for the vocab and the logical owner (eg state govt) wants to do it but isnt ready / has no place for it. Meanwhile stuff happening in Europe. Question was "can W3C do this?" answer was no but state decided to do it. 08:03:43 s/manu/manu_ 08:03:52 q? 08:04:20 q+ 08:05:37 ack csteocker 08:05:41 ... these vocabularies often have no home - or many competing homes. So there's a common tendnancy to ask "can this go to W3C?". The tech is fundamentally decentralised anyway - and these vocabs, even if they start here, can move elsewhere when there is a viable home. Lets focus on making sure that the vocabs are VCDM compatible - and we could 08:05:41 have a test suite for that 08:06:11 WIP has joined #vcwg 08:06:16 q? 08:06:36 s/have a test/…have a test/ 08:06:56 q+ 08:07:11 csteocker: agree with manu. Many EU consortium (even with very large funding) build vocabls but have time limited funding / existence. So where to put the vocabs where they can endure? W3C perceived as neutral. Gives people confidence. 08:07:14 q- later 08:07:30 ack JoeAndrieu 08:07:30 JoeAndrieu, you wanted to ask about terms not normatively defined elsewhere 08:07:33 q+ to suggest other guidance we can provide -- alignment on things like Organization, Address, Person, etc. 08:08:25 ack ivan 08:08:27 q+ 08:08:30 JoeAndrieu: Entry in registry is required - but even if not a W3C rec, it WILL be perceived as an endorsement. Because it's in the W3C register. 08:09:48 cstoecker has joined #VCWG 08:10:01 q+ 08:10:12 q+ to say maybe entry into test suite just requires WG review and a test suite. 08:10:22 ivan: important for those that are new - the DID registry is not a formal registry. a home grown thing. There is a registry track now which more clearly defines rules for registry entry. The AC must approve the registry framework, but not the content of the registry. risk is that people confuse approval of registry framework with aproval of 08:10:22 registry content. 08:10:23 ack pchampin 08:10:42 s/aproval/approval/ 08:11:00 s/registry content/…registry content/ 08:12:08 cstoecker has joined #VCWG 08:12:53 ack wes-smith 08:12:56 pchampin: To joe's point, a vocab doesnt need to be in the registry to be used in a VC but IF a vocab is in the registry then at least people know it's VC compatible. Like Manu's suggestion for a test suite. How can community add terms? maybe vocabs in register have contact points. Heard people say that, although W3C is not the ideal authority 08:12:56 for vocabs, many want W3C to take a role. Perhaps an interest group is the place for this - because non-w3c members can meet there 08:13:12 s/for vocabs/…for vocabs/ 08:13:18 q+ to propose we create the registry with intent to hand off running the registry to a new interest group 08:14:51 ack me 08:14:51 phila, you wanted to talk about how DCAT works 08:14:59 https://www.w3.org/TR/vocab-dcat/images/dcat-all-attributes.svg 08:15:35 wes-smith has joined #vcwg 08:16:18 present+ olvis 08:16:50 SteveC7: Want to speak to DCAT, worked on by W3C over a long time -- many terms in W3C DCAT vocaulary are not defined at W3C, lots coming from Dublin Core, Provenance vocabulary, etc -- what should we do with most effect? How can we help move things forward in a way that allows us to show value of VCDM. If we go to expert org, they don't have LD vocabulary -- is it about persistent hosting? Persistent domain name. There are rules around w3.org 08:16:50 namespace. 08:17:18 SteveC has joined #vcwg 08:17:20 s/namespace/…namespace/ 08:17:39 SteveC7: CGs and IGs, different ways of doing it? Is it about reputation? Seen as endorsement? Is it about getting an ISO standard or through PAS -- or about good practice? 08:17:53 cstoecker: It's at WEBUILD 08:18:13 s/SteveC7: Want/Phila: Want/ 08:18:24 s/SteveC7: CGs/Phila: CGs/ 08:18:54 phila: Is challenge on persistence? What do we want to do to achieve what we want to achieve? I don't know the answer here, just asking questions. 08:18:56 q+ 08:18:59 q? 08:19:02 ack manu_ 08:19:02 manu_, you wanted to suggest other guidance we can provide -- alignment on things like Organization, Address, Person, etc. and to say maybe entry into test suite just requires WG 08:19:05 ... review and a test suite. 08:20:15 q+ to disagree with manu… 08:22:09 ack ivan 08:22:09 ivan, you wanted to disagree with manu… 08:22:18 zakim, close the queue 08:22:18 ok, phila, the speaker queue is closed 08:22:26 q? 08:22:28 manu_: Concretely, what can we do? Lets look at the vocabs and say "hey there are three of these already, why do you want somethign different?". We can act as a kind of linked data vocab expert group. +1 to Joe & Will, we dont want bad vocabs in the registry but also need to manage scalable review processes. Some sort of review / test suite - 08:22:28 can add value. Can we do it in a generalised way that can scale and does not impose heavy burden on this group. Rigorous technical testing can be a valuable entry point - even if we dont make value judgement on vocab content. 08:23:39 ack next 08:23:39 q+ 08:23:40 ivan: The vocabs must be a black-box from W3C VCWG perspective. No judgement on content. So we need clear discussions abotu how this registry is managed. We need to go down this line of formal registry management. 08:24:11 Amir has joined #vcwg 08:24:39 ack carolynn 08:24:58 carsten: not sure about registry. Wants to reach consensus on vocabulary content. 08:25:11 phila, there are caveat on what a REC can normatively reference, though 08:26:10 ack JoeAndrieu 08:26:10 JoeAndrieu, you wanted to propose we create the registry with intent to hand off running the registry to a new interest group 08:26:32 carolynn: we need to distinguish core vocabs from others. The registry can include any existing vocabs from EU etc - but this W3C registry can be used as a "core" vocabulary - that can be the basis for global extnesions. 08:26:50 Amir has joined #vcwg 08:27:04 ack SteveC 08:27:12 JoeAndrieu: VCWG is not the expert group and will not survive long term. Endorse carsten's suggestion to get started. 08:27:14 scribe+ 08:27:49 SteveC: I think a consensus is emerging here - this is the wrong place to have authoritative discussions about content. 08:28:13 ... There are cases where obvious authorities don't want to do something, and then down the line that perspective changes and they want to take it over. 08:28:24 ... We should be talking about the qualification criteria for entry into the registry. 08:28:41 ... Any vocabulary that isn't in the W3C namespace but is VCDM compliant should be allowed in the registry. 08:28:49 ... The interesting question is around the metadata and usage of the registry. 08:29:08 ... There could be interesting metrics surrounding volume of use of registry entries. 08:29:28 SteveC: Feels like a consensus emerging -- this is the wrong place to have authoritative discussions about content -- however, if an authority can't do work yet, but then we do it, and they want to take it over -- that's fine and might be useful. We should be talking about qualification criteria for entry into the register, should accommodate any vocabulary that is VCDM compliant. What is the register metadata and how do they use it? What metrics 08:29:28 should we establish about volume of use? Could we track use? Which ones are more popular, etc? That could be valuable. 08:29:53 s/should we/…should we/ 08:30:05 SteveC: My only nervous concern is "Core vocabulary" -- look for content, look for overlap -- is that our role or note. 08:31:09 Topic: Coffee 08:44:44 waj has joined #vcwg 08:48:43 wes-smith has joined #vcwg 08:49:07 SteveC has joined #vcwg 08:52:01 scribe+ 08:52:16 Topic: DPP Vocaublaries 08:52:19 Wip has joined #vcwg 08:52:50 wes-smith0 has joined #vcwg 08:52:57 scribe+ 08:52:59 carolynn: A brief intro on DPP - I want to know who is interested in this work. 08:53:04 Elaine has joined #vcwg 08:53:07 IvoLadenius has joined #vcwg 08:53:23 ... What's important to understand is that DPPs are being introduced as both mandatory and voluntary instruments 08:53:37 ... In Europe, this was introduced for sustainability and market surveillance reasons. 08:54:01 ... Market surveillance authority people don't understand what this technology can do for them, so we do education on what opportunities it provides. 08:54:14 waj has joined #vcwg 08:54:20 ... DPPs will be mandatory compliance tools on the European market, starting with batteries in 2027. 08:54:29 ... Iron and steel will be mandated in 2028. 08:54:40 ... Not only finished goods, but also intermediate products. Garments will be mandatory in 2029. 08:55:19 ... The European Product Act is a review of product regulations to harmonize work done by different people. 08:55:33 ... Term definitions and semantics must be unified across different legislation. 08:55:51 ... What compliance means for a DPP is not entirely understood. 08:56:09 ... There are different serialization options for DPP - JSON is mandatory, JSON-LD and XML are optional. 08:56:58 ... The need for something called a "semantic repository" was published recently - we are trying to convince regulators of explicit semantics. 08:57:25 ... Now people agree we need explicit semantics, whether via JSON-LD or some other form. 08:57:47 ... Industry has been introducing DPP for a while - the tire industry has DPP in production for every truck tire, for example. 08:57:51 Amir has joined #vcwg 08:58:01 ... Michelin in France introduced DPP for business reasons. 08:58:14 ... The tire industry agreed on a data model and semantics, and they designed an RFID DPP tire system. 08:58:31 ... There is a widely used industry resolver. 08:59:06 Amir has joined #vcwg 08:59:16 ... Industry is supportive of DPP. The United Nations transparency protocol is a different type of DPP with different objectives - to improve the traceability of ESG information. 08:59:32 ... Here, proof is not required that data is correct. 08:59:57 ... What SteveC has been providing with the UN is a layer of assurance that the data is correct. 09:00:23 ... The US has introduced a voluntary DPP for customs clearance. Vietnam has introduced a consumer protection DPP. China has several DPP initiatives for different product segments. 09:00:39 ... The EU correctly requires a unified DPP approach, while the Chinese approach is more chaotic. 09:00:52 ... The goal in China is to digitize the product economy. 09:01:20 present+ amir 09:01:43 Amir has joined #vcwg 09:01:47 ... In the EU both JSON and JSON-LD will be used for DPP. UN DPP is solely JSON-LD, and we are trying to convince China to use JSON-LD. 09:02:38 ... Some DPPs will be issued as VCs. UN DPPs MUST be issued as VCs. In the EU, the standards can be read differently w.r.t whether VCs are mandatory. 09:03:04 ... Vocabularies will be highly political things, with questions of sovereignty in different places. 09:03:12 q+ 09:03:21 ... We must accept and expect that there will be different vocabularies. 09:03:25 zakim, open the queue 09:03:25 ok, brent, the speaker queue is open 09:03:33 q+ Amir 09:03:52 ... Personally, I want to make it easy to reuse data across all DPP schemes while respecting the sovereignty of nations to create their own vocabularies. 09:04:08 ... DPPs can be linked - products can have subcomponents with their own DPPs. 09:04:18 ... Product related attestations and claims can also be linked. 09:05:33 ... There are two major challenges for the success of global DPPs: Companies may be forced to put different data carriers to conform with different regulations, and there could be conflicts of law yielding regulations shutting down DPPs as barriers to trade. 09:05:51 ack Amir 09:06:02 KevinDean has joined #vcwg 09:06:06 present+ 09:06:24 q+ 09:06:44 IvoLadenius has joined #vcwg 09:07:05 q+ to answer Amir if KevinDean isn't about to do it 09:07:17 ???: What about attacks where data carriers are swapped onto counterfeit goods? 09:07:40 s/???/Amir/ 09:07:46 carolynn: There are protections that directly link products to DPPs. There are multiple options to create trust on the authenticity of the product. 09:07:48 ack KevinDean 09:07:52 q- 09:08:09 ISO/IEC 15459 09:08:35 KevinDean: Depending on the regulator there could be different restrictions - for example, EU regulations could preclude usage of a DID. 09:08:57 carolynn: EU regulation does not preclude usage of a DID in this case. 09:08:58 -> https://ref.gs1.org/guidelines/digital-signatures/ GS1's guidance on how to use ISO/IEC 20248 which is the relevant standard for checking that a data carrier is attached to the thing it identifies 09:09:35 ... Harmonized standards are clear that many different identification schemes can be used. 09:09:48 ... Louis Vuitton has a blockchain based product identification system. 09:09:53 +1 to what Carolyn has said. (I have been part of the JTC24 process) 09:09:57 q+ 09:09:59 q- 09:10:24 ... Different sectors will use different identification schemes, and this should be a per-sector decision. 09:10:58 +1 09:12:04 carolynn: Among the things we might want to achieve in this group, one of the first things I am interested in understanding is why to use VCs for DPP. 09:12:18 My statement regarding ISO/IEC 15459 came from Annex III at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202401781. 09:12:25 q+ 09:12:40 ... For SteveC it's clear, but in the EU context I don't think that this is what is going to happen, since for example when I make a request for a DPP I am querying the manufacturer's site and using HTTP to retrieve the data. 09:12:50 ... As I understand the harmonized standards, this data does not need to be signed. 09:13:19 ... In most cases for DPP, the issuer is the holder, but there could be multiple holders. 09:13:30 q+ 09:13:50 ... So why issue the DPP as a VC? What are the properties that the VC brings that are of use in such use cases? 09:14:12 q+ to note publishing DPP in a way that can be transferred can be useful (schema.org) -- for use in agentic commerce, for example. 09:14:22 ack SteveC 09:15:15 SteveC: For "Why VCs", it's not about revocability, it's about "who is the issuer"? This could be hosted anywhere - many providers will use a DPP service provider to host things, but this tells you nothing about who issued it. 09:15:41 ... When you have a register, issuer identity is linked by the register. 09:15:58 ... In a decentralized architecture, there can be many copies of a DPP. 09:16:18 cstoecker has joined #VCWG 09:16:28 ... There is a problem - the DID of the issuer is largely an opaque value - but there are efforts to solve this via business registration and Recognized Entities. 09:16:28 q+ 09:16:55 ... I envision a future where VCs can be used as transactional messages rather than authoritative credentials. 09:17:32 q+ 09:17:37 ... You must know who issued something in a way that is decoupled from storage. 09:18:17 q+ to talk about brands 09:18:27 scribe_ 09:18:29 scribe+ 09:18:30 ack wes-smith 09:19:18 wes-smith0: Steve spoke to valu ethat VCs bring, getting data over HTTPS over trusted channel -- are there not use cases today that require some sort of P2P transfer where you can't inherit trust via protocol? Give DPP to someone else? Move product to another product? Where HTTPS doesn't match domain? 09:19:22 q+ 09:20:00 wes-smith has joined #vcwg 09:20:20 q+ 09:20:56 q- 09:21:19 q+ 09:22:09 Amir has joined #vcwg 09:22:22 ack manu_ 09:22:22 manu_, you wanted to note publishing DPP in a way that can be transferred can be useful (schema.org) -- for use in agentic commerce, for example. 09:22:27 q+ to speak to one value add of VCs 09:23:36 q- 09:23:41 manu_: there is another benefit of VCs. As a creator of a product, why would you publish digitally signed information? One example, going back to the convenience retail sector in the US, is that it is difficult for small merchants to understand the latest that is going on with a product (identifier numbers, images...). These are things that it 09:23:41 would be nice for them to go out and fetch. 09:23:52 ... Also, the relationship between that product and other things (such as a G10). 09:24:17 s/G10/GTIN 09:25:08 ... Specifically, having core product descriptions as a bag of knowledge that an AI agent can work with is useful - relying on an agent to derive things can be inconsistent, and there can be regulatory requirements surrounding that. 09:25:21 waj has joined #vcwg 09:25:22 carolynn: You are talking about liability of publishing or using this data? 09:25:37 GTIN = Global Trade Item Number, the number you see printed beneath a typical barcode. It's a super-class of Universal product Code (USA) and European Article Number (EAN) seen elsewhere. GTIN is the bedrock of GS1. 09:26:16 manu_: Using - the consumer of the data must be able to say that they were acting on the fact that there was a confirmable certification about some aspect of the product (such as being allergen free). 09:26:33 i think what's not well understood is that almost every integrity verification use case involves a linked set of more than one credentials. The DID is the cryptographic glue that links credentials. You cant do this for example with an EU register issued VC identifying the economic operator if it is linked only to PDF or unsigned DPPs 09:27:49 ack cstoecker 09:28:32 cstoecker: To add to this - DPPs are coming to all products. For cybersecurity purposes and other purposes. VCs have main use cases including data provenance on the data plane, but also authn/authz on the control plane. 09:28:59 ... We should distinguish between data plane and control plane. 09:29:52 ... There is a pattern in supervisory bodies - how do we define trust. GenAI content is flooding mainstream information streams, leading to insurance fraud and similar - people are starting to see the value in provenance and authenticity. 09:30:24 q- 09:30:43 ... When it comes to ISO certificates relating to this, people are starting to put a trust infrastructure in place. 09:30:53 ... Europe is investing massively into trust infrastructure for conformance assessment bodies. 09:31:25 ... E2E verifiability of data is important. 09:32:00 carolynn: I think we need to distinguish between issuing claims and the DPP itself, which can contain links to claims to things. 09:32:03 ack waj 09:32:24 waj: We perceive this as an identity problem, which is why we see VCs as the solution. 09:32:57 Amir has joined #vcwg 09:32:59 ... VCs provide built in proof that products have rights to exist. 09:33:32 ack shigeya 09:33:39 ... Commerce sites often have many manufacturers related to some IP and it is hard to tell what has the right to exist. 09:34:14 shigeya: VCs have time-limited credential functionality built in. What is the use case for revocation? 09:34:18 ack wes-smith 09:34:18 wes-smith, you wanted to speak to one value add of VCs 09:35:16 q+ 09:36:04 q+ 09:36:32 qq+ to offer an answer to Carolynn 09:36:53 ack phila 09:36:53 phila, you wanted to react to wes-smith to offer an answer to Carolynn 09:37:13 ack cstoecker 09:37:21 q+ Green Transition directive 09:37:31 q+ 09:37:34 q+ michaelshea 09:37:34 cstoecker: The Pharma industry is interested in privacy related to lookup. 09:37:55 ack IvoLadenius 09:37:59 wes-smith1 has joined #vcwg 09:38:01 scribe+ 09:38:39 ack michaelshea 09:38:57 Amir has joined #vcwg 09:39:11 michaelshea: On the privacy issue, within the context of the EU, tracking access to DPP data, legally the economic operator is bound not to track consumer access. 09:39:20 ... Outside the context of the EU, it's anyone's guess. 09:39:32 q? 09:39:42 carolynn: Issuers can track but cannot store data. 09:40:33 michaelshea: Empowering consumers also gives some legalities around the content that can go into the DPP. Having the ability to legally prove things about data in a DPP is relevant, and where VCs are very valuable. 09:40:56 carolynn: Are you saying that the signature on the data provides a timestamp for the data which limits liability issues? 09:41:15 michaelshea: correct, DPPs, especially in the fashion world, have been on the market for years - the question is just on how trustworthy the data is. 09:41:35 ... This new directive goes into effect in July and assigns liability around making claims as a brand. 09:42:27 caroylnn: Coming back to vocabularies, the different vocabularies across all product domains create a need for core vocabs and semantic anchors. 09:42:37 s/caroylnn/carolynn 09:43:00 ... We need to determine what a use case is in this context, and determine vocabulary requirements from there. 09:43:02 q+ 09:44:09 ... Another question about the applicability of the VCDM to DPPs - we want to double check if there are compatibility issues for the EU there. 09:44:18 q+ 09:44:21 q+ to note use cases vs. thing that are more concrete 09:44:22 ... What are the next steps for our task force? 09:44:24 ack ivan 09:44:32 q+ to talk about next steps 09:44:43 ivan: I have the impression that what we have is not a use case document in the traditional sense. 09:45:05 ... What I want to see is a document that contains the entire use case completed with VCs. 09:45:19 ... This is use case + solution, at least a proof of concept. 09:46:21 ack cstoecker 09:46:22 ... I think there could be discrepancies, and this document would let us take care of those discrepancies. 09:46:27 q- later 09:46:38 cstoecker: Eventually this will go into a test suite? 09:46:47 ivan: yes, eventually runnable code with a test suite. 09:48:09 ack manu_ 09:48:09 manu_, you wanted to note use cases vs. thing that are more concrete 09:48:36 manu_: I want to focus on concrete outcomes for the DPP work. Use cases are helpful, but my hope is that we would be able to provide something more concrete - actual tests, as ivan and cstoecker mentioned. 09:49:19 wes-smith has joined #vcwg 09:49:25 scribe+ 09:49:27 manu_: I want to focus on concrete outcomes for the DPP work. Use cases are helpful, but my hope is that we would be able to provide something more concrete - actual tests, as ivan and cstoecker mentioned. 09:49:48 q? 09:49:53 q+ 09:50:03 carolynn: There are vocabularies hosted by various organizations. We might create a core vocab for test purposes. 09:50:04 q+ 09:50:08 ack phila 09:50:08 phila, you wanted to talk about next steps 09:50:45 phila: There is no need to write a use cases for DPP - just documentation of how to use what exists today. 09:51:00 Amir has joined #vcwg 09:51:32 ... Another question is what W3C document this would correspond to. 09:51:54 ... Notes are easier than recommendations - recommendation is only required for standardization at some other standards bodies. 09:52:03 ack ivan 09:52:22 ivan: You said that vocabularies are available - are they in formats compatible with VCs? 09:52:30 carolynn: Some yes, some I don't know. 09:52:56 q+ to be encouraging about EU Vocabs 09:53:25 q+ 09:53:26 ... With respect to standardizing at other organizations, there could be value in bringing vocabularies there - this could help with regulatory bindings. 09:53:43 ack wes-smith 09:54:18 q+ 09:54:29 wes-smith: There is an eternal challenge with VCs -- it would be wonderful for the test suites and use cases displayed the extensibility for the solution. If someone can see how they can extend their own vocabulary on top of DPP, that would be wonderful 09:54:35 q- 09:54:47 q+ susanne 09:54:48 wes-smith: Ideally, there would be tooling like VC Playground to show how things interoperate concretely. 09:54:57 q+ Susanne 09:55:33 wes-smith: The VCWG knows the extensibility is a core feature, it's not obvious to people new to the technology. DPP folks that might not know about the technology could use playground to see thing working in reality. 09:55:33 q- 09:55:37 waj has joined #vcwg 09:55:42 ack michaelshea 09:56:16 michaelshea: In the context of Australian agriculture/raw materials/textile sectors, there is a VCDM based DPP solution. 09:56:30 ... There are probably half a dozen use cases in these sectors that exist today. is that what you are requesting? 09:56:39 ack susanne 09:57:18 q+ 09:57:19 SteveC has joined #vcwg 09:57:23 susanne: Thank you for taking the discussion. I want to suggest that the European Commission doesn't know much about VCs and how to provide schemas - it would be great if we could produce something to demonstrate this. 09:57:33 for ivan - https://untp.unece.org/docs/specification/DigitalProductPassport#sample-credential 09:58:12 ... Creating something and showing people is important for driving these discussion. 09:58:31 ack pchampin 09:58:37 ... Discussions regarding vocabulary creation and hosting could be positively impacted if we had demonstrable materials. 09:59:02 pchampin: The people in the European Commission we are talking with are certainly interested in following up regarding VCs. 09:59:07 unsigned examples - https://untp.unece.org/docs/specification/DigitalProductPassport#v070-schema-and-samples 09:59:22 carolynn: There are lots of different parts of the commission that do not regularly communicate with each other. 09:59:38 susanne: The discussion is fragmented, and publishing something in public is the simplest solution. 10:48:07 waj has joined #vcwg 10:55:07 kezike has joined #vcwg 10:55:12 present+ 11:01:34 wes-smith has joined #vcwg 11:01:46 SteveC has joined #vcwg 11:02:01 Elaine has joined #vcwg 11:02:02 present+ 11:02:07 scribe+ 11:02:20 brent: welcome back to the VCALM session. 11:02:32 Topic: VCALM 11:02:44 docs.google.com/presentation/d/1F0RtWg5sUzgym8hRa501sxq2WCLiGQHAPtGjVFASO94/edit 11:03:31 gannan has joined #vcwg 11:03:43 WIp has joined #vcwg 11:03:50 gannan has joined #vcwg 11:04:11 kezike: I've been involved in this space for some years now, primarily as a contributor and implementer of various components of this ecosystem. 11:05:02 ... Today I want to give a rundown of VCALM - motivation, overview, demo, and status. 11:05:43 present+ kezike 11:05:46 ... Prior to VCALM, there was no standardized way for issuers, holders, verifiers to manage and move credentials around. 11:06:16 ... This puts organizations at the mercy of credential vendors, i.e. vendor lock. 11:06:35 ... We need a modular way to enable the different components and roles to manage the credentials within their systems and communicate them to other roles in the ecosystem. 11:07:03 ... VCALM enables the roles in the three party model to engage with each other via standard interfaces. 11:07:14 q+ to ask about DC-API and OID4VC 11:07:42 ... a workflow is a repeatable template of steps that any role in an ecosystem can use to facilitate a sequence of actions. 11:08:04 ack brent 11:08:04 brent, you wanted to ask about DC-API and OID4VC 11:08:42 brent: As you go through VCALM if you could talk briefly about how it relates to the Digital Credentials API for credential interactions in browsers as well as the OID4VC/OID4VP specifications that are already being used. 11:09:28 kezike: We look at OID4* family of specifications as technologies that can be naturally layered on top of VCALM, and we directly support them - that family of protocols mostly concerns itself with issuance and presentation, but not other lifecycle considerations such as status management. 11:09:55 q+ 11:10:05 ... DC API is a browser-centric solution, the hope is for us to have a way to hook into that specification as well. 11:10:11 q+ to speak to OID4 and DC API 11:10:26 ... Currently DC API does not support VCALM but we hope that will change. 11:10:33 ack phila 11:10:49 phila: When those other groups say "credential" do they mean the same thing as we do? 11:11:27 kezike: For OID4*, they are talking about VCs, for DC API it is arbitrary but you can set up queries/schemas/matchers that can be used to understand the data being delivered. 11:11:49 ack manu_ 11:11:49 manu_, you wanted to speak to OID4 and DC API 11:12:09 Amir has joined #vcwg 11:12:23 manu_: VCALM existed before OID4 was a thing - we started 5-6 years ago at the behest of the US federal government that was concerned about vendors creating systems with vendor lock. 11:12:39 ... For reasons both technical and political the OID4 work began, focusing on creating a protocol for delivery only. 11:14:05 ... These protocols say nothing about what happens in the backend systems. In OID4 implementations, when you get into the backend of government systems, this vendor lock-in was happening with proprietary APIs. So OID4 does not address locking problems on the backend. 11:14:28 wes-smith9 has joined #vcwg 11:14:32 scribe+ 11:14:59 manu_: VCALM has this protocol selection mechanism that allows interoperability for things like frontend protocol selection. 11:15:16 ... Recent high assurance profiles from other standards organizations do not support W3C VCs. 11:15:40 ... There are concerns that specifications are being written in a way that W3C VCs are specifically being excluded. 11:16:04 ... In initial discussions, W3C VCs and VCALM were in scope in these other technologies. 11:16:25 ... There are politics being played in the protocol work that this group should be aware of. 11:16:42 q? 11:17:10 a+ 11:17:49 kezike: We don't have appropriate diagramming for credential life cycling, which I'd like to discuss today. 11:18:14 q+ 11:19:44 ack ivan 11:19:52 q+ 11:20:10 q- 11:20:43 q+ to note backend verification, backend status management, scanning of QR, etc. 11:20:44 ivan: I'm interested in more complex examples, discussing things like render method, selective disclosure, zero knowledge proofs. Those details would add a lot of complexity but are important approaches to describe. 11:21:20 q+ 11:21:45 kezike: We could add multiple clarifying steps to a lot of the pieces in the existing diagram. 11:21:58 ack manu_ 11:21:58 manu_, you wanted to note backend verification, backend status management, scanning of QR, etc. 11:22:56 manu_: Backend verification and status management would be valuable to have in this diagram, also things like scanning a QR code/interaction URLs. 11:22:57 Elaine has joined #vcwg 11:23:11 q+ 11:23:13 ack wes-smith 11:23:46 wes-smith9: I think that differentiating between VCALM and OIDVC*, for example, would be an important thing to include in the spec 11:24:06 q+ 11:24:11 q+ 11:24:16 ... Show what's possible with VCALM that is also possible in other ways and what only VCALM can do, would be good. 11:24:26 q+ 11:24:28 ... One concise diagram won't cover it - it will need more 11:24:44 wes-smith9: Differentiation for VCALM - we might not want to use terms like verifier, holder, what is credential lifecycle management? This looks a lot like OID4, can alreaady move things between credentials/issuers/verifiers -- breaking down internal components is what this diagram wants to do. This might be a bit of a pain to do everythign vcalm does, might need to make diagrams on what vcalm does that other protocols don't do. 11:25:12 ack SteveC 11:26:06 SteveC: There is a requirement where a credential needs to be passed from an issuer through parties without credential infrastructure and reach a party who wants to verify. How do we do that consistently? 11:26:29 ... One idea is to put a QR code on something that you want to pass along, and the QR code is two URLs - a hosted verifier and a parameterized credential. 11:27:01 q+ to talk about dual use URLs 11:27:01 ... When you scan this, you see a rendered credential - and an advanced verifier can just look at the credential. 11:27:05 Amir has joined #vcwg 11:27:15 q+ to speak to Interaction URLs 11:27:19 ... Where would be put this practice in this collection of specs? 11:27:20 ack shigeya 11:27:23 s/be/we 11:27:46 shigeya: manu_ mentioned backend systems in OID4. A diagram can express the difference with other protocols. 11:27:48 ack brent 11:28:22 brent: The OID4* perspective might be that we don't need to standardize these backend things, those decisions are up to the individual architectures. 11:28:34 q+ 11:28:40 ack pchampin 11:29:39 pchampin: This diagram is important context and useful as a starting point that can then branch into more detailed diagrams. 11:29:44 ack phila 11:29:44 phila, you wanted to talk about dual use URLs 11:29:49 https://id.gs1.org/01/09506000164908 11:29:59 phila: With respect to dual use URIs, here is an example ^ 11:30:06 Note: (I also channel some OIDF context ;) ) OIDF has SSRF. 11:30:16 ... We are switching from linear barcodes to QR codes with that structure. 11:30:20 Elaine has joined #vcwg 11:30:27 JoeAndrieu has joined #vcwg 11:31:02 ack manu_ 11:31:02 manu_, you wanted to speak to Interaction URLs 11:31:09 ... The idea of splitting identifiers and lookup mechanisms is valuable although can cause layering issues. 11:32:01 manu_: The VCALM spec has a section on interaction URLs, which is not the same thing that you are talking about, but might be something that we should talk about. We should discuss - the interaction URL stuff in the VCALM spec is protocol independent at the moment. 11:32:22 is this related at all to VC Barcodes? 11:33:33 ... To respond to "why standardize all of this backend stuff", we have seen vendors selling these backend services as proprietary product, especially with governments - and many of these governments want to move away from vendor locked solutions. 11:33:59 q+ to add to Manu's point about backend lock 11:34:15 ack kezike 11:34:27 ack wes-smith 11:34:27 wes-smith, you wanted to add to Manu's point about backend lock 11:35:11 wes-smith9: One of our jobs is descriptive messaging. The VC paradigm is now well accepted, but people are trying to push proprietary systems in 11:35:40 ... So we need to work on the messaging of why VCALM is necessary and show why it's important 11:36:28 kezike: A short illustrative example of an issuance workflow. This is a VC playground interface, which is a community application that does issuance and verification. 11:36:53 ... This is an example of an issuer coordinator - it holds business logic and allows the user to engage with the credential ecosystem. 11:37:15 ... An example could be a student portal for a student to claim credentials related to a university. 11:37:39 ... On the screen is a QR code containing an interaction URL, which contains the multiplicity of protocols we're talking about. 11:38:26 ... Next we see a wallet that understands this QR code and shows you the origin. 11:39:51 ... The main VCALM components were the issuer, the holder, and a workflow in the middle. 11:40:48 ... VCALM was added to the WG charter recently. We have many implementations and production deployments. 11:41:07 brent9 has joined #vcwg 11:41:13 q? 11:41:20 ... We spend a lot of time discussing the threat model, which has spawned the threat model template for the other task forces. 11:41:57 ... We are also exploring test suite designs as well as PR/issue processing. 11:42:15 ... Our goal is horizontal review for candidate recommendation readiness. 11:42:53 q+ to ask if this is an appropriate time for general points around VCALM 11:43:09 q+ to talk about wide review 11:43:33 q+ to propose potential CR timeline 11:43:41 ack wes-smith 11:43:41 wes-smith, you wanted to ask if this is an appropriate time for general points around VCALM 11:44:07 wes-smith9: Is this a good time for a more general discussion about VCALM. People on the queue for other things 11:44:15 q+ to ask a general question 11:44:17 wes-smith9: Is this a good time to talk about VCALM? See others have process questions. Let me know when the right time would be to discuss VCALM more generally. 11:44:49 ack phila 11:44:49 phila, you wanted to talk about wide review 11:44:54 kezike: the goals for this discussion are largely around knowledge sharing and standardization strategy. 11:45:26 phila: You say you are getting ready for wide review. Wide review will take many weeks to get a response, so put in a request before you want the actual review to occur. 11:46:10 q? 11:46:14 q+ 11:46:18 ack manu_ 11:46:18 manu_, you wanted to propose potential CR timeline 11:46:20 manu_: We have most of the pieces for wide review ready, the best we could possibly do by TPAC would be "ready for CR but without the horizontal review" 11:47:00 ack JoeAndrieu 11:47:18 Aside - TPAC 2026 is 26 - 30 October in Dublin 11:47:20 JoeAndrieu: The threat modeling lego work that we did was advancing the threat model from VCALM, and Simone is converting that into updating the google document to help flesh that out. 11:47:47 ... We need to convert that down into a renderable form, and then the threat model will be ready for CR. 11:47:59 q+ 11:47:59 ... The timeline there for internal review is on the order of weeks. 11:48:20 ... There is also some desire from the team to leverage either the DID resolution threat model or the VCALM threat model to show other groups. 11:48:22 q- later 11:48:41 ack ivan 11:49:01 ivan: Are you discussing review by the task force or the working group 11:49:06 JoeAndrieu: The WG 11:49:26 ack brent 11:49:26 brent, you wanted to ask a general question 11:50:00 q+ to talk about an improvement to VCALM's accessibility 11:50:29 brent: Under the VCALM model, does VCALM define its own transport from issuer to holder interaction? 11:50:33 manu_: Yes 11:50:57 q+ 11:51:01 brent: The question from folks in another WG will ask is "why not point to OID4VCI"? 11:51:06 q- later 11:51:11 ack manu_ 11:51:35 manu_: Yes, you can do those things and swap out protocols. 11:52:04 q+ 11:52:14 q+ to channel Mike Jones 11:53:45 q+ to ask about the harmonized presentation thing 11:56:43 q+ 11:56:47 ack wes-smith 11:56:47 wes-smith, you wanted to talk about an improvement to VCALM's accessibility 11:56:51 q+ to peak to general strategy 11:57:56 wes-smith9: general point about VCALM, I'm not actively engaged in VCALM, but do design/build VCALM compliant systems -- real messaging problem, developer experience starting to hoook into VCALM is difficult, no concrete actions to support -- difficult building VCALM initial integration, need to improve the developer experience. 11:58:24 ack ivan 11:58:26 wes-smith9: A lot of reason is what we have is extensible, general, powerful, but it comes across as complicated. Appreciate power flexibility modularity, but need to make it easier. 11:59:43 wes-smith has joined #vcwg 11:59:57 ack brent 11:59:57 brent, you wanted to channel Mike Jones and to ask about the harmonized presentation thing 12:00:08 ivan: One way to achieve this is with an appropriate high level conceptual model of what is happening. If that is a focus of the spec the accessibility of the spec could be improved. 12:01:35 brent: Other organizations are working to develop OIDF/ISO technologies to incubate some of these technologies - this group should be aware that rules regarding who can participate in an OIDF working group are changing. 12:01:51 ... There will be minimal requirements around who can join this joint working group even if you are not an OIDF member. 12:01:59 ack manu_ 12:01:59 manu_, you wanted to peak to general strategy 12:04:28 q+ 12:05:05 manu_: In the worst case, DC API will sideline VCALM. We should ask them to integrate VCALM, but should prepare for cases where that does not happen. 12:05:40 ... Ideally other groups are not in the critical path for VCALM. 12:07:23 dmitriz has joined #vcwg 12:07:31 ack phila 12:08:15 phila: The TAG is designed to support standards cooperation, they might be able to help here if we communicate these issues to the TAG appropriately. 12:09:07 present+ dmitriz 12:14:41 IvoLadenius has joined #vcwg 12:17:26 scribe+ 12:17:29 Topic: Render Method part two, the Reckoning 12:18:31 q? 12:18:41 Wip has joined #vcwg 12:18:53 gannan has joined #vcwg 12:19:36 Elaine has joined #vcwg 12:19:38 dmitriz: overal goal: how things are displayed, making implementing easier, handle different devices, handle multiple languages 12:19:58 ... number 1 thread model: issuer 12:20:39 ... looming thread from issuer about tracking, caching, etc 12:20:50 rrsagent, draft minutes 12:20:51 I have made the request to generate https://www.w3.org/2026/06/03-vcwg-minutes.html ivan 12:22:03 ...render methods is different types, trade-off to link to rendering instructions from VC. a notion of remote integrity, 12:22:38 ...digest tags and hashes 12:23:26 q+ 12:23:37 ... with other extensions we need notion of types, selectors: the consuming client, wants to display VC, and render the information, 12:24:23 ...the client needs to pass selectors into a rendering engine, "i want to rendering method for a purpose to print" 12:24:24 denkeni has joined #vcwg 12:24:31 q- 12:24:46 ... what is the device that is rendering it? Printer, colour printer, 12:25:09 ... click to expand, can this device do this? 12:25:25 ... can you hover or is it a pointer based screen 12:26:01 q+ to talk about a11y, mobile web etc (when Dmitri has made his presentation) 12:26:10 q+ 12:26:13 ... think about these selectors, also multilanguage, which language display 12:26:30 ... questions about selectors? 12:26:33 ack phila 12:26:33 phila, you wanted to talk about a11y, mobile web etc (when Dmitri has made his presentation) 12:26:56 SteveC has joined #vcwg 12:27:19 phila: He was a young man, he was in a mobile web best practises, they were also talking about this, and progressive enhanchment 12:27:33 ... is there is 1 then X, if there is 2 then Y, 12:27:41 q+ to ask to what extent this is a solved problem 12:28:08 wes-smith has joined #vcwg 12:28:21 ... 25 may 2010: revolutionize web design, progressive enhanchment got an upgrade for example mobile web, 12:28:38 ack ivan 12:28:43 ... W3C recomendation, that tells how big a certain screen is, that was made redundant 12:29:16 q- 12:29:18 ivan: html + css rendering diagram, isn't it on that level that should be dealt with? 12:29:35 q+ to mention Amir Hameed's email to the group "Brainstorming: Accessibility-First Interaction Negotiation for Decentralized Identity" 12:29:50 bigbluehat has joined #vcwg 12:30:17 q+ 12:30:24 dmitriz: we have a lot of tools like CSS to solve this stuff. But our case in progressive enhancment in general there are still tough corners with regards to modality, multilanguage, accessability 12:30:31 present+ bigbluehat 12:30:38 ... it solved a lot of problems but with a * 12:31:19 q+ to ask about a11y 12:31:19 ... it is for this group expectations to highlight challenges, pitfalls and how those to comply to credentials 12:31:25 ack JoeAndrieu 12:31:25 JoeAndrieu, you wanted to mention Amir Hameed's email to the group "Brainstorming: Accessibility-First Interaction Negotiation for Decentralized Identity" 12:32:12 joeAndrieu: statement of expected needs: the group has explored html features like SVG, PDF, points out to the email: "Brainstorming: Accessibility-First Interaction Negotiation for Decentralized Identity" that raised about accessability 12:32:36 ... ways to approve accessability tools, it is in line with what amir said (the e-mail) 12:32:37 ack ivan 12:33:03 wes-smith has joined #vcwg 12:33:29 ivan: fully understand but still worry going down the path, instead of solving the missing corners, push the relevant working groups that it is html problems, 12:34:09 q+ 12:34:21 ... usually we avoid our own solution that become outdated in a few years, think that CSS-like media, we should not deal with it. acknowledge, and let the world solve it 12:35:05 ack phila 12:35:05 phila, you wanted to ask about a11y 12:35:07 dmitriz: agreed, we are dealing with inside-out, in a JSON, we are inviting the browser to the web, we still need to make a technical decision to offload to the web 12:36:07 phila: we not only need a review but also expertise, it is not just about html or SVG, Member of accessability group could help possibly 12:36:38 ack bigbluehat 12:36:40 dimitriz: awesome! we need the accessability people to help, phil will write to the group 12:37:41 bigbluehat: we have a layer inside the JSON object where there is a handfull of render specs but not all are full on HTML or Javascript. 12:38:07 ... but they could work together to solve certain problems, but it start a layer above with rendering 12:38:51 ... or render method array, to give 4 or 5 render methods that is going to be influenced by render method devices, for example non browser devices 12:39:14 wes-smith has joined #vcwg 12:39:42 dimitriz: reminder: render methods, do we reinvent them, link to them, do we want connectivity or front-end caching, 12:40:22 ... downsize, logo could be changing in the future, so the template can be changed upstream by the issuer, hasher is compatible for it. 12:40:35 ... flipside is embedding, but great usable offline 12:40:58 ... regardless of the method, html, iframe, etc, we want to keep in mind sandboxing and standardisation 12:42:28 ... challenges come across various methods: we have a couple special cases, one is, printing and screen displays, you want to link a raw JSON, it is laid out in the screen, you can also use your own source code. But you can't have a source code in the credential, you need a special tag 12:42:51 ... that says: when you are rendering, you need to do some kind of processing 12:42:55 q+ 12:43:45 q+ 12:43:47 ... print pdf functionality, share the credential, in the printed version there is a placeholder for the QR code, it goes to the raw source code but also a specifiek rendering for raw source code 12:44:23 ... you cannot hard-code the QR code, it is a special case field that the client knows where it is located 12:45:56 ... special case number 2: there are some cases where the rendering method is gonna need to do special processing: date format function, time stamp in VC is location independent. the consuming client and engine need to work together to pass the information like templating information like mustache 12:46:04 ack SteveC 12:47:05 q+ to note QRs land in various places - vc-barcodes, VCALM, and Render 12:47:11 wes-smith has joined #vcwg 12:47:28 ack carolynn 12:47:32 SteveC: nightmare of QR code templates: how do you know which QR code you need to print without the product beeing made yet. Question: We need to be able to pass credentials that don't have a wallet, maybe a phone, solution: resolver. 12:47:33 Do you put that in VCALM or in VC render method? Yes in the last one 12:48:19 s/Do you put that in VCALM/... do you put that in VCALM/ 12:48:48 example for passing a VC by passing a link (in a QR Code) which is in this case even usable by people withtout any ssi tech https://ssi-gs1-verifier-stage.prod-k8s.eecc.de//?input=https%3A%2F%2Fcompany-wallet-dev.prod-k8s.eecc.de%2Fapi%2Fregistry%2Fvc%2Flicense%2Fgs1_prefix%2F4007111 12:49:08 this is a demo credential on a demo stage, but you get the idea 12:49:16 carolynn: conversation with amazon right now because of law, you need a link to the DPP that might have a VC that needs to be accessable before purchase, the UI is a design problem for them. Is the rendering problem the way to access with the VC or the way for rendering. 12:49:17 ack manu_ 12:49:17 manu_, you wanted to note QRs land in various places - vc-barcodes, VCALM, and Render 12:49:22 s/Do you put that in/….Do you put that in/ 12:50:52 q+ 12:50:59 manu: yes, it is multiple things, 3 potential taskforces, VC barcodes, VCALM, VC render methods, where does it land? we should all be carefull, because we do not know all the use cases that they mean. use case: i want the thing in a rendering template within a QR, etc, there is no clear answer in which taskforce certain things land 12:51:08 ack phila 12:53:10 phila: gs1 hat on: GS1 would see the code that reads the code and do the verification on the device. They are moving to a QR code, the retailer will use a resolver within their system, i would like to do without online lookup or notice that there is an identifier and then look for the VC. i know a few scanner manufacturers 12:54:02 dmitri, could you put that link in irc please? 12:54:06 dmitriz: one example of a degree template of a qr code. at the time of sharing the wallet goes where it is hosted, 12:54:21 https://github.com/digitalcredentials/test-files/blob/main/html-templates/mock-MIT-bachelors-template.html 12:54:26 thank you 12:55:46 ... these various types of embedded jsons or wrapped in a renderer. the render methods spoke so far has been put in these 5 categories; pre-baked payload, JSON card style, Templated text, sandboxed approach, "other" 12:56:08 q+ to say in general people seem to be doing card style 12:56:49 ... pre-rendered: issuer knows all the properties, no processing, just display it. example: pre-rendered pdf. 12:57:58 ...it is just a binary stream for example. and easily parameterized, type, version, contenttype, payload 12:58:56 ... second method: JSON card style: at least: make, description, icon, style is a card with maybe a couple colours and key values. Google, apple and samsung wallet are doing it right now with this method. 12:59:08 wes-smith has joined #vcwg 12:59:25 ... it is a bag of key values with a couple of colours, like airline tickets, concert tickets, 13:00:26 ... it is really easy to display for the client. Not as easy as a pre-baked image or pdf but some have well-known card components and do not have a long list. 13:01:27 ... third method: templated text, some text with variables for text substitution, clients perfoms text processing and display's it 13:02:02 here's a signed VC with linked render template - displayed in an aware verifier. https://untp.showthething.com/verify?uri=https%3A%2F%2Funtp-storage.s3.ap-southeast-2.amazonaws.com%2Fde0ef9bd-f1b1-4804-88cb-fadda5b7dd51.json 13:02:12 ... challenge: how to sanitize it? we learned how to display arbritrary javascripts and show html safely 13:02:28 ... example: "print to pdf" in wallets 13:02:30 https://xkcd.com/327/ ;) 13:02:41 I think its closest to Dmitry's version 4 13:03:23 q+ to ask about the need for platform implementation support of iframe/html/css method 13:03:32 ... fourth example: sandboxed iframe approach: javascript app in a iframe. the app handels display 13:03:46 q+ iframe VS svg templates 13:03:52 q+ 13:04:18 ... drawback: it has challenges with special fields, the iframe knows where to display it. but for example the wallet not (yet). print to pdf is a problem then. 13:04:44 ... issue 53 points out some of his findings about pdf rendering in Iframe 13:05:04 ... the fifth one is other. 13:05:35 ack brent 13:05:35 brent, you wanted to say in general people seem to be doing card style and to ask about the need for platform implementation support of iframe/html/css method 13:05:36 rrsagent, draft minutes 13:05:37 I have made the request to generate https://www.w3.org/2026/06/03-vcwg-minutes.html ivan 13:06:06 q? 13:06:08 q+ 13:07:13 q+ 13:07:18 brent: how few of these method need to be standardizing? i think i understand conceptually for Iframe sandbox method by default in a browser but does that work out of the box for google or apple wallet? because it is logical place for VC's 13:07:36 ... is there a plan to reach out? 13:07:43 ack exe 13:08:14 q+ to note what the minimum set could be 13:08:49 exe: regarding iframe rendering method: we are already at SVG rendering, if we use this with mustache for example with HTML, why do we need complicated web-apps, what is the rational? 13:08:49 ack bigbluehat 13:10:27 mustache spec: https://github.com/mustache/spec 13:10:48 q+ 13:10:50 bigbluehat: mustache has it's own limitations, but they are not really standardized specs, instead of borrow it and make it a spec, the iframe thing came over and do the whole thing, you can do it in a sandboxed iframe with security, 13:11:43 ack SteveC 13:11:45 dmitriz: sandboxed mechanism can displayed in iframe, we can use iframe for both of these methods, method 3 it takes place outside the iframe, method 4 inside iframe 13:12:51 ack manu_ 13:12:51 manu_, you wanted to note what the minimum set could be 13:12:53 SteveC: there are very strict lay-out regulations in train regulations, rendering requirements are much more complex for the world, 13:13:41 -1 to eliminating 3 (in favor of 4). 3 has the same security properties, and is much simpler 13:13:50 manu_: +1 to that, we do have to do sandboxed app, we can probably 3 as 4. we need to do probably 2. method 1 could be 13:14:21 ... singapore work could be replaced the iframe, the OCA bundle could be in javascript or HTML 13:14:56 ... we are not saying we can do it in this order, but for now, do we freak out about priority: iframe, card style, prebaked payload 13:15:18 q? 13:15:44 q+ JoeAndrieu 13:16:04 ack bigbluehat 13:16:07 bigbluehat: who is providing render methods? 13:16:22 ack JoeAndrieu 13:16:27 dmitriz: openbadge just use prebaked, but questionable 13:17:08 JoeAndrieu: is not listed as a challenge, but it is a security problem if it is interactive, if we make it a javascript 13:17:19 rrsagent, draft minutes 13:17:20 I have made the request to generate https://www.w3.org/2026/06/03-vcwg-minutes.html ivan 13:18:46 rrsagent, bye 13:18:46 I see no action items