[MINUTES] CCG Incubation and Promotion 2025-06-04 from meetings@w3c-ccg.org on 2025-06-04 (public-credentials@w3.org from June 2025)

From: <meetings@w3c-ccg.org>
Date: Wed, 4 Jun 2025 15:03:10 -0700
To: public-credentials@w3.org
Message-ID: <CA+ChqYfFSHwOMNwPoVc7MsKq2wLgqfjpVH=+kKCXN1LoLeFO4A@mail.gmail.com>
CCG Incubation and Promotion Meeting Summary - 2025/06/04

*Topics Covered:*

   -

   *Community Updates:* Discussion deferred to the Verifiable Credential
   Working Group (VCWG) regarding concerns raised about "phone home"
   mechanisms in verifiable credentials, in light of the No Phone Home website
   initiative. The Geneva meeting in early July was also noted as a potential
   venue for further discussion.
   -

   *Verifiable Credential (VC) Barcodes:*
   - Several pull requests were reviewed, including one requiring merge
      conflict resolution.
      - Updates to test vectors reflecting the newly registered Seabore LD
      tag (CB1D) were merged. This involved significant changes due to
delays in
      the ITF registration process. Legacy mode was documented for backward
      compatibility.
   -

   *Seabore LD Compression Table Registry:*
   - A new, unopinionated registry for Seabore LD compression tables was
      presented. This aims to manage the potential scale of custom
tables through
      a first-come, first-served system with automated PR merging and package
      generation for different programming languages. Dynamic loading of
      compression tables at runtime was also discussed.
   -

   *Respec Updates:*
   - The respec-vc specification was updated to use the latest Seabore LD
      version. New binary and QR code tabs were added to generate and display
      compressed, digitally signed credentials.
   -

   *Credential Refresh:*
   - Discussion on credential refresh versus embedding refresh information
      was postponed to a future meeting.

*Key Points:*

   - The group is actively preparing several specifications for handover to
   the VCWG.
   - The delay in Seabore LD tag registration significantly impacted the VC
   barcode specification.
   - A new registry aims to address the scalability challenges of managing
   custom Seabore LD compression tables.
   - Updated tooling, including the JSON-LD playground and respec-vc,
   improves the development and testing of verifiable credentials.
   - The "phone home" discussion will be addressed by the VCWG.
   - The next CCG meeting will be skipped due to travel, resuming the
   following week.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-incubation-and-promotion-2025-06-04.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-incubation-and-promotion-2025-06-04.mp4
*CCG Incubation and Promotion - 2025/06/04 10:58 EDT - Transcript*
*Attendees*

Benjamin Young, Dmitri Zagidulin, Hiroyuki Sano, John's Notetaker, Kayode
Ezike, Manu Sporny, Parth Bhatt, Phillip Long, Ted Thibodeau Jr, Will
Abramson
*Transcript*

Hiroyuki Sano: Hi my son. Good morning.

Manu Sporny: Hi, Sonosan. How are you?

Hiroyuki Sano: Hi. Thank you. How are you?

Manu Sporny: I'm looking forward to a somewhat relaxing summer. I don't
know. We'll see if that actually happens, but so far so good. Hey, Phil.

Phillip Long: I want…

Phillip Long: what you're drinking.

Manu Sporny: Exactly. Phil. How you doing? Hey, Ted.

Phillip Long: I'm doing well.

Manu Sporny: We will get started in about 30 seconds. Let me pull up the
agenda. Today is going to be a little shorter call. I need to drop about 20
minutes before the top of the hour.

Manu Sporny: All right, let's go ahead and get started. this is the
incubation and work item promotion call for the CCG. we are just going over
a number of work items and slowly working through them to make sure that
they're ready for the verifiable credential working group to pick up. the
agenda today is going to focus on processing pull requests for verifiable
credential barcodes. we will talk about the new seabore LD compression
table registry which is related to the verifiable credential barcode stuff.

Manu Sporny: we will provide some updates that we've made to respspec again
based on the new seabore LD stuff and maybe have a discussion around
credential VCs versus embedding refresh information. I think that's largely
it for the call today. are there any other updates or changes to the
agenda? anything else we need to cover today? If not, we can go ahead and
get started. Again, a reminder, I think we're only going to spend about 35
minutes on the call and then we'll have to leave. So, a little bit of a
shorter call today. okay.

Manu Sporny: let's go ahead and get started then. any community updates of
relevance? Anything else that we need to a community update related. I've
got one item which is that as folks have seen there's a good healthy
discussion on the no phone home website that went up that ACLU and
Electronic Frontier Foundation and Brave Software and a number of other
large organizations Epic signed on for and as well as a number of other
people in the community.

Manu Sporny: we had a discussion briefly on the VC API call yesterday on
where what should we do should we do anything about that as everyone knows
verifiable credentials don't have the same kind of phone home mechanism
that MDL has built into it on purpose that was definitely something that we
didn't want to do however there are also things that could be viewed as
phone home such as retrieving any resource that's listed in a verifiable
credential.

Manu Sporny: a picture and a common image a logo could all be used as
tracking vectors you are contacting the issuer or someone that's working
with the issuer when you do that same thing for status list things like
that and so there was a question on should we say anything about it based
on the conversation I think most of the folks on that call felt that the
right place to have that discussion is on the CCG mailing list and the
verifiable credential working group. we have raised an issue on the VC data
model to have that discussion when that group comes back online after the
summer. and also made a decision that the VC API group probably doesn't
have anything to say or doesn't need to say anything there. It'll be
handled by I think the same kind of question could be raised in this group.
00:05:00

Manu Sporny: I don't know if anyone has an opinion, but I think the general
thought is we will defer to BCWG. So would anyone object to that path like
we're just going to let the VCWG handle that discussion? I don't know if
any of the specs that we're working on are really impacted by that. And
then Phil in please vocalize Phil because the minutes doesn't Yeah.

Phillip Long: No, I'll be happy. objections for I think it's appropriate
for the VC workg group to do that. their public comments about this.

Manu Sporny: I appreciate that. and a reminder to everyone that whatever we
type into the chat is not saved and so that stuff gets lost. great. thanks
Phil.

Manu Sporny: Any other comments on Mhm.

Phillip Long: The only other thing I don't know whether to what extent it
pertains at all to this, but there is the Geneva meeting coming up at the
beginning of July where a whole bunch of this stuff is all being I mean the
agenda is far too packed from the look of it but there's Ira is going to be
making statements about where their progress and things like that. So
that's just a mess.

Manu Sporny: Right. Yeah. And I think second day is an unconference and I
expect it to Yeah.

Manu Sporny: But I expect, this to come up during the unconference,
sessions. All That sounds good. Any other community updates? Anything else
that we should be aware of? All so we're going to look at some pull
requests for VC barcodes and the new Cabore LD compression table registry
and respspec next.

Phillip Long: Yeah, I do too.

Manu Sporny: As a reminder to everyone, we are tracking everything that
we're incubating on this issue 250 in the CCG community. we have said, VC
barcodes and core LD and render method are pretty much ready to be handed
over to VCWG and we continue to work on these other specifications.
although I think as of last week should probably move confidence method
over as well. let me check. I don't think yeah, this one was ready. So, Why
don't I just go ahead and make that edit here while we're here? confidence
method is ready to go. quantum safe crypto suites, we made some good
progress on that last week in the, data integrity group.

Manu Sporny: VC API we're making good progress triaging and pull requests
continue to go in there. VPR we need to triage. but that's after we do the
triage and get the loweffort PRs in. That should be ready to go. I haven't
heard from David and Isaac on the verifiable issuers and verifiers stuff.
but that needs a little more work before we move that forward. I have yet
to request support for the VC wireless thing. It's two weeks delayed. Just
haven't been able to get to it. And we'll talk a bit about credential
refresh today. but we are making, progress on these things at a decent
clip. I think by the time BCWG comes back to life, we'll have a number of
specs ready to go for them. So that's good. Okay.

Manu Sporny: So, today we're going to look at some poll requests for VC
barcodes. I think the majority of these, there's one here. So, Ted, I
looked at your PR and was, getting ready to pull it in, but, there are all
kinds of merge conflicts. and apologies.

Manu Sporny: It's been almost a year since you put this and there's quite a
decent bit of stuff that I don't want to lose, but would require you to
resolve.

Ted Thibodeau Jr: Yeah, that happens if you just tag it for result complex.
I'll figure out whether it makes sense to do that or create a new PR.

Manu Sporny: Thank Sorry, I know that's extra work for you. but not all
conflicts here or slide to raise PR. Okay. Thanks Ted.
00:10:00

Manu Sporny: appreciate you taking a look at all right, so that's one of
The other PR is an update to the test vectors that Wes did and these are
largely so just to give some background on what's been happening. a year
ago we put in a request for our Seabour LD tags to be registered at ITF.
they had to ping the designated expert I think upwards of 36 times over the
course of the year to get them to respond. We were not getting a response.

Manu Sporny: and then as software goes these systems got built and deployed
and all that kind of stuff and then they had to reassign get a new set of
designated experts and when the new folks were put in place they were
basically like we don't think you should have this tag range that you're
requesting which threw us into a whole bunch of negotiations with them and
resulted in them basically rejecting the tag range that we wanted. what we
then had to do was pick a single f** and do it in a way that was backwards
compatible with the stuff that had already gone out to production and
created a whole bunch of headache for everyone. But we have done that and
they have now finally I believe approved the tag that we registered.

Manu Sporny: this is why we are not fond of reg at least I am not fond of
these types of registries because the decisions made tend to be debatably
arbitrary. okay so what we had to do then is we had to change all the
CoreLD algorithms and pick a different header for the Cabor the tag is now
CB1D for Seabore LD which is nice. and we have a bunch of other stuff that
happened. But as a result, we had to regenerate every single one of the
test vectors in the specification and add a bunch of text on legacy mode
and things like that. We don't expect anyone's going to have to implement
legacy mode.

Manu Sporny: but because things leaked out into production because we've
been delayed in getting into the standards process we felt it necessary to
document stuff. So these are just PDF 417 barcodes the things that go on
the back of driver's licenses mostly in the US that now contain the new
updated Seabore LD stuff. Same thing for the employment authorization
document and the demonstrations. and then the test vectors if you'll see
the CB1D this D9 tag in Seabore LD says this is a tagged Seabore object
meaning The type is Seabore LD.

Manu Sporny: so CB1D Core LD is the header. And so basically if you see
this in the front of a binary string, there's a very high likelihood that
it's a Core LD payload. And then there's some other header information that
goes in here that we describe. and so all of the test vectors, had to be
updated there. and then we added a section on version and how you process
it and that sort of thing. So that's all this thing is it just updates the
test vectors for the latest Seabore LD implementation which we really hope
is the final one before we put it into the working group.

Manu Sporny: and of course this is done in a way so that if we have to
change everything in the future we can do that. It just becomes painful to
the implementers. okay. I think that's largely it for this PR. I don't know
if we really need any reviews on the PR. it's just a pretty editorial
manual update to it. would there be any objections on merging this on the
call? Does anyone here want to take a deeper look at this before we do the
merge?
00:15:00

Manu Sporny: Okay, I'm going to take that as a no objections and then I
will just go ahead and merge this so that the spec will reflect the latest
implementation and the latest things that have been registered at INA. I
think it's up. I don't remember if yeah, so there's our tag value 51,997
which is the CPLD one. so that's registered which is nice. only took a year
and a half.

Manu Sporny: All right. I think that's it for VC barcodes. does anyone have
any other comments or business that they'd like to discuss with the barcode
spec? Benjamin, I don't know if it's worth noting the updates you've done
to the JSONLDD playground. I know I'm putting you on the spot, but I don't
know if you want to share the Seaborld support. Yep. And you might be
muted, Benjamin.

Benjamin Young: I was and saying all kinds of great things. so let me Happy
to do this. we just merged the playground next or whatever we're calling
it. this morning and we'll start linking to it. We haven't displaced the
old playground yet to be clear. the new one needs a couple more practical
features like the codes, the query parameters and fragment identifiers for
passing in u things from the open and playground buttons on specifications.
That's not implemented on this new one yet. So once that is done, that
should be the last remaining feature.

Benjamin Young: but it's merged into main now and we'll link to it and
happy to drop this link if folks want to kick the tires. Please do. And
file issues. so you wanted to see the Seabor LD stuff. So over here there's
a little robot guy that shows the default compression ratio and the hex
value of the seabboard LVD using just the base compression setup. There's
no type table or any additional mapping done in this case to optimize the
compression.

Benjamin Young: But with this playground foundation in place, we can
continue to work that direction where there'll be more handles in the
Probably something similar like what you see on compacted where you have a
side pane where you can do more stuff. will likely enable something like
that when you click on the seabboard LD tab and you can, update those
things to get higher compression and watch your compression change. So
that's what it does currently. guideline. Oops,…

Manu Sporny: Yeah, that's great. Wonderful work, Benjamin. I wanted to
might as well click on the YAML LD thing. That was a nice surprise, at
least to me. yep.

Benjamin Young: there we go.

Manu Sporny: Which is, nice to see. I mean, it's nice and clean and the
nice thing is it's kind of like you I don't want to say you get it for
free, but I mean, it's kind of a, fairly easy translation and demonstrates
kind of the power of hey, look, we're using, one kind of technology and we
can put it into all these other serialization formats and YAML's nicer to
look at and Seabore LD is super compact, but she even gives

Manu Sporny: gives us the capability of even having the possibility of
cramming this stuff down into a QR code or a driver's license. and then the
signature stuff is the same across all of them. we don't have to keep
reinventing the signature mechanism or the selective disclosure mechanism
to go between all these different great job Benjamin on updating the
playground with these new features.

Benjamin Young: Thanks. couple things we're headed towards are YAML LD and
Seabore LD being input formats which will then I think sort of seal the
deal about what you were saying monu sort of one system able to move around
in the same sort of data space. And then the other feature is getting more
examples. These ones are antique. They're eight years old or something.
00:20:00

Benjamin Young: So we'll probably have collections of examples pulling in
VCs and activity streams and things like that for different communities web
of things that are using JSONLD. So promote the wider family and then also
give them much easier way to play with their stuff in the JLD playground.

Manu Sporny: I'm wondering, as everyone can tell, Benjamin and I haven't
been able to talk about this yet, so might as well on an open call. I'm
wondering VC playground would be a nice place to pull some…

Manu Sporny: because we already have example credentials in there. were you
thinking of that being one of the places we pull stuff in from?

Benjamin Young: So there's the VC examples repo that sits separate from The
playground consumes So, the JSONLDD playground would do the same load all
or some of those examples from that same repo and then we'd have the
different communities like activity streams and whoever create similar sort
of repos of publish your examples and sort of provide a manifest that
points to the examples with descriptions or whatever and then we'll just
pull them either into this at production time or dynamic

Benjamin Young:

Benjamin Young: dynamically probably we'll do it at publication time and
then re republish the playground when new examples are released because
this whole thing now is a static site generated website so there's no
database or anything running behind it to be hacked no PHP or

Manu Sporny: Great. Thank you for showing us kind of the update there.
super exciting stuff. and of course, as everyone knows, the whole reason
we're doing this is to provide better tooling for the ecosystem. It, make
it easier to create these objects and see what they look like in different
modes and things of that nature. okay. let's see what was next on our
agenda. Seorld compression table registry. So this kind of goes on top of
what Benjamin was talking about providing better tooling. So one of the
things when we compress these barcode things the way you get maximum
compression is you use a compression table.

Manu Sporny: So there's basic seabboard LD compression which it will do its
best but it doesn't know how to compress did web URL or a verification
method URL but you can feed it a compression table with well-known values
and then it will use those well-known values to compress everything even
further. one again just to remind everyone that one of the things we're
trying to get to is we're trying to get every single key value pair in
here. We're trying to maximize reducing all those down to one bite or two
bite values at most, right? and we can do that with compression tables.
that's the whole thing that allows this use case to happen here is the
semantic compression that we're doing with the compression tables.

Manu Sporny: the downside is that the application has to know about the
compression table and so if everybody in the world is using different
compression tables there can be I think 18 quadrillion compression tables
is the current limit that we have. enough compression tables for everyone
to create their hundreds of thousands of compression tables per human being
on the planet. probably more and the question is how do you discover those
compression tables? How do you pull them in? that kind of stuff that then
you have this big decentralized, problem. and of course, a registry is one
way to solve that. But this registry is an unopinionated registry. It's
just like first serve and you pick a number that you want and then you get
your own compression table that you can create based on that.

Manu Sporny: So let's see so this is the compression table for the
verifiable credential barcodes example specification right it's 100 that's
the ID number and then we say you in the context if you see the credentials
v2 URL compress it down to this number and if you see the VC barcodes URL
in the context compress it down to this number and so on so forth or if you
see a property that has a type of cryptosweet string. So if something's
digitally signed and you see this text so again it's just text compress it
down to the value of one or…
00:25:00

Ted Thibodeau Jr: Just pointing the things on the screen. We're not seeing
them.

Manu Sporny: two. So you're not seeing these. I I totally failed to share.
Okay sorry I was pointing at all kinds of things.

Manu Sporny: going back this is the thing we're trying to compress down
into single bite values and then you can use a compression table to do it.
There's this thing called the seabore LD registry. so this thing exists
I'll provide the link there and then in the tables directory you see this
is the compression table for the verifiable credential barcodes
specification you've got some header information like what kind of domain
does the compression table it's just kind of like use case domain who's the
contact and this

Manu Sporny: can also put GitHub handles in here. We're going to automate
it so that it's first serve. You register it, you've got a list of owners,
and if this same GitHub handle is updating this compression table. It's an
appendon table. then the dream and we're very close to it is that the PR is
lint checked and merged. The end of story. So we don't even have to have
maintainers for the vast majority of PRs that'll go against the registry.
the mode is the seabore LD processor mode. All we have is default for now.
you say whether this is a provisional regist or not. Provisional
registrations may be deleted in the future. They may go away to just let
everyone know how stable it is. And then there are compression tables for
context.

Manu Sporny: They're compression tables for data types and they're also
compression tables for URLs. So if we look at California DMV for their
physical identification documents these are the compression tables for the
URLs that are going to be used specifically verification methods and method
status list URLs. So this thing the seabboard LD registry whenever you add
a new entry it compiles the registry contents. So that's this thing here
and then it gives you the registry entry number the description of the
entry and then who's in charge of the entry and then you can click on each
entry to look at the contents of that entry.

Manu Sporny: the other thing that we're doing here tables I think there's
an index file that contains absolutely everything. And the next step for
the seabore LD registry is to automatically build library packages for
different programming languages. So we will autogenerate an npm package
that you can npm install beside your seabore processor that will
automatically have all of the tables that you want in there. so this is
kind of the solution for how are we going to manage this thing at scale
with tens of thousands of different development teams wanting their own
custom compression tables.

Manu Sporny: there will be a registry if they want to their compression
table to be known globally and be globally interoperable they just add it
here and then software packages build as a result of that. so that's the
current plan for kind of autob building everything from this registry. we
have the spec autogeneration stuff working now. we do not have all the npm
python packages building automatically rust what have you building
automatically but we are capable of doing that sometime soon and the other
thing and this don't want to do this in production but you can also
dynamically load the compression tables off of this URL so that your
compressor and decompressor always have the latest compression tables
00:30:00

Manu Sporny: So you can do that at runtime. okay all that to say that we
have core LD registry the other update is that we have also updated respec
VC to the latest version of seabore LD. so now in any specification at W3C
or any specification that uses respspec there's an extension to do
verifiable credential things. we were largely using to generate examples.
So you can have an example here that's got comments that are marked up.

Manu Sporny: You can sign it with ECDSA and EDDDSA and the selective
disclosure suite and BBS. So you can do all those signatures. Now there are
two extra tabs here. Binary which will take your initial credential. It'll
do a digital signature on it and then it will compress it to Seabore LD. So
we can see that this is the Seabore LD payload. it'll tell you how much
compression was achieved. So, this one's not much, 40% compression, but it
gets, a 760 byt payload down to about 460 bytes. it will show you the
payload that was input and then it will show you seabor diagnostic mode,
the types of compression it was able to achieve. So, this is using the
default compression which doesn't have compression tables for the context
URLs.

Manu Sporny: it doesn't have compression tables for the issuer URL or the
type so those things don't get automatically compressed but the keywords do
so this at context gets compressed down into a single bite value this is
issuer this is type and so on and so forth you can map all these things
back and forth so there's the seabore diagnostic mode and then

Manu Sporny: We can also show what the QR code for that looks like. So this
is the entire alumni of credential with a digital signature on it
compressed to core LD and then expressed as a R code here. so this is the
contents of the QR code. So VC1 says it's a verifiable credential QR code
format it's multibbase enco R means it's base 45 encoded because of weird
thing weirdities with QR codes and how they work. Base 45 is fairly optimal
for encoding binary into the QR code. And so this entire thing is the
Seabore LD payload compressed as encoded in base 45.

Manu Sporny: and then if you scan this, this is again one of the tooling
things that we're hoping to do, is add a scanner to the playground. So if
you scan this, it'll input it in as, Seabore LD. It'll decode it and you'll
get back to the original JSON LD signed object. so that's The QR code and
binary tabs are new feature. and you can add that to any VC example. I
think we have one specifically down here. This is driver's license encoded
seabore LD. This one gets really good 50% compression. which is, down here.
but again, this is the default compression. We can actually do a bit better
than what's being done by default here.

Manu Sporny: and then the driver's license as a digitally signed QR code. I
think that's largely it for the respect updates. the final thing is kind of
a discussion around credential refresh versus embedding refresh
information. I'll note we only have about 4 minutes left before we needed
to drop. So, I think what we'll do is push that discussion off to the week
after we won't have a meeting next week. I'm traveling won't be able to run
the meeting. So all the CCG meetings that I run or cancel for next week.
and we'll meet again the following week. okay, I think that's largely it
for the call today.

Manu Sporny: anything else folks want to announce anything new happening?
anything we should be aware of happening next week or the week after? If
not, then that's our call for today. thanks everyone. have a wonderful rest
of your week and as I mentioned, no call next week, but we'll start up the
following week and start that discussion off with credential refresh and
see what other things came up on our incubation items. All right, that's it
everyone. thank you. Have a great day. and we'll talk again soon. Bye.
Meeting ended after 00:35:48 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Wednesday, 4 June 2025 22:03:17 UTC