[MINUTES] CCG Incubation and Promotion 2025-03-26

CCG Incubation and Promotion Meeting Summary - 2025/03/26

*Topics Covered:*

   -

   *Specification Prioritization and VCWG Transition:* The primary focus
   was on prioritizing specifications ready for transition to the Verifiable
   Credentials Working Group (VCWG). The group aimed to identify
   specifications nearing completion and establish a roadmap for their
   handover within the next three months.
   -

   *Specification Readiness Review:* Individual specifications were
   assessed based on maturity, implementation status (pilots, production), and
   community engagement. The following specifications were discussed:
   - *VC API:* Mature but requires significant PR work before VCWG
      handover. A dedicated group is actively addressing this.
      - *Verifiable Credential Barcode Specification:* Technically mature
      and seeing production deployments, but needs more CCG engagement.
      - *Verifiable Credential Rendering Methods:* Has deployments and test
      vectors but requires updates to improve usability and address security
      concerns.
      - *Confidence Method:* Considered relatively simple to finalize and
      handover to VCWG.
      - *VC over Wireless:* Requires further incubation, particularly the
      Bluetooth aspect; NFC portion is considered more mature.
      - *DID Key:* Progressing well in the DID Methods Incubation Working
      Group.
      - *Verifiable Issuers and Verifiers Lists:* David Chadwick will
      provide an update next week.
   -

   *Action Items and Next Steps:* The group agreed on a prioritized list
   for handover to the VCWG: VC API, Verifiable Credential Barcode
   Specification, Verifiable Credential Rendering Methods, Confidence Method,
   and VC over Wireless (with NFC prioritized over Bluetooth). The next
   meeting will focus on the Verifiable Credential Barcode Specification and
   an introduction to Verifiable Issuers and Verifiers Lists. Subsequent
   meetings will address Verifiable Credential Rendering Methods and other
   specifications. The CCG will serve as a dedicated work item group for
   several of these specifications.

*Key Points:*

   - Several specifications are nearing readiness for transition to the
   VCWG.
   - A prioritization scheme was established based on maturity and
   readiness.
   - The CCG will continue incubating and refining several specifications
   before handover.
   - Security concerns and usability improvements will be addressed for
   several specifications.
   - The group will focus on a rotating schedule of specifications in
   upcoming meetings.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-incubation-and-promotion-2025-03-26.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-incubation-and-promotion-2025-03-26.mp4
*CCG Incubation and Promotion - 2025/03/26 10:58 EDT - Transcript*
*Attendees*

Benjamin Young, Dave Lehn, Harrison Tang, Hiroyuki Sano, John's Notetaker,
Kayode Ezike, Manu Sporny, Manu Sporny's Presentation, Nivas, Phillip Long
*Transcript*

Phillip Long: to point out you have to ask yourself questions why is the
governors of states

Manu Sporny: Hey Harrison. Hey Phil. We're going to hold for another two
minutes and see who else we Got

Harrison Tang: No problem. I'm in the car, by the way. So, I'll be in and
out.

Manu Sporny: All right, I'm going to go ahead and get started. It's a very
light group today. hopefully other people will join. let me jump on the
other channels. some people probably have the old meeting link. Give me one
second.
00:05:00

Manu Sporny: All Yep. We had a couple of people on the old line. I don't
know how to get updates out. I sent three of them, over the past couple of
days, and clearly people aren't getting them. So, I think that sooner we
can, I guess, get these on the CCG calendar and just delete every, instance
of them. hopefully that'll prompt people to move over to the new channel.
this is the final meeting location. So if you've got calendar entries,
please update it to this meeting location. and we'll just hope people
eventually get their calendars updated. okay.

Manu Sporny: real quick agenda for today is to basically go over the
specifications that we went over last week. And let me go ahead and share
that. this is the meeting summary from last week on what we covered. so we
were able to go over all of the specifications and kind of give a state of
where they are. this week I think we need to prioritize which
specifications are more ready than other specifications and then figure out
what our priority order in moving them over to the VCWG is going to be and
then we will prioritize the work that needs to be done in the CCG to
prepare the documents to move over.

Manu Sporny: since last week, I also got an email from David Chadwick, who
noted that, he wants to include the, verifiable issuers and verifiers,
lists, in the work. he's talking with Etsy in the European Union, to, move
that stuff, forward. they are doing an updated version of the verified
issuers and verifiers list over there. So that is work that's going on and
David Chadwick said that he will be here next week to present on it and
give an update and kind of take us through where he thinks the other spec
that we forgot to include last week was the key spec.

Manu Sporny: there is a presentation going on for that in the diff did
methods incubation working group. just as a reminder to everyone the status
of the work over there is that group has approved a preliminary charter
text to be reviewed at the worldwide web consortium. that chart text has
been uploaded to W3C space. and we are waiting on the request for charter
review just a preliminary charter under development announcement to go out
to the W3C. so did key is among the specifications that is included in that
proposed charter.

Manu Sporny: And so since that's a CCG work item some work is going into
updating that specification just modernizing it to what's actually deployed
in the field and what our experiences were during the verifiable credential
test suite usage of DID key and that sort of thing. So that is a spec that
we probably also need to cover that wasn't in the list last week. So really
only two specs that we forgot to cover last week. Did key and in the
verifiable issuers and verifiers lists thing. are there any other specs
that people think we should be considering for moving over to the VCWG in
the next 3 months or so?

Manu Sporny: Okay, people can always come in later and say, "Hey, I wanted
this spec, included." But I think that we'll say that that's the list for
now. And if other people come in and have other things they want to move
over, then that's good. we can talk about it then. we could do a little bit
of discussion around how ready people feel certain specs are. I'll propose
a list.
00:10:00

Manu Sporny: I think that might be the easiest thing to do is just
concretely based on at least what I know where these specs are their kind
of readiness levels and based on if they're in pilots or production things
of that nature. So, on this list that probably has had the most amount of
incubation in the CCG is the VC API. This has been incubating for 3 years.
now in the CCG, we have regular meetings. We have processed all the issues.
There are a bunch of ready for PR things.

Manu Sporny: The only issue with this spec right now is that we need to
write a bunch of PRs and get those PRs in before we hand them over to the
BCWG. So, there's still a significant amount of PRs that need to be
processed here. I don't think this group needs to do anything about it. The
VC API spec is being handled in another CCG work item group on Tuesdays. So
it's a dedicated group and they're making progress on it. So this thing is
the most incubated thing and that group feels it's ready to be moved over
to VCWG as soon as we get a bunch of PRs addressed there. So that is I
think where we are on it.

Manu Sporny: So if we needed to rank something, at the top of the list
versus VC API, is probably at the top of the list from a maturity
standpoint. but it needs significant PR work to just close out, the issues
before we hand it over to VCWG. So still, from incubation standpoint, top
of the list, from readiness standpoint, probably middle of the list. So
that's the other thing that is probably very close is the verifiable
credential barcode specification.

Manu Sporny: I know that it hasn't lived for as long as the VC API but it
has been developed to the point that it is being released into production
settings. So we're a bit behind on getting this thing on the standards
things we're going to see very large scale deployments of this technology
probably before it's even on standards track which is not usually something
we want to see but that's just kind of the way it's worked out and as a
result of that a lot of the technical stuff in the BC barcode spec is ready
from technically implemented we have multiple implementers

Manu Sporny: that kind of perspective. but as far as CCG engagement on it,
that hasn't been, super high. primarily because it's a fairly new spec and
so on and so forth. So, it is much more ready to hand over to the VCWG than
the VC API. So VC barcodes is probably the most technically mature
specification that we have out of the entire group of specifications that
we're looking at. Coyote, you're asking about controlled identifiers. it's
not on the list because it's already standards track. So the SIDS spec it's
already a proposed standard.

Manu Sporny: I think that happened. Yeah, it's a proposed recommendation at
this point. So it's undergoing a vote right now. it was one of those things
that was kind of like so this is almost through the global standardization
process. and that's why it's not on the list. but good question. okay, so
that's that item. So, we did next up here is probably verifiable credential
rendering methods.
00:15:00

Manu Sporny: and this one is probably the least sorry that it has
deployments like we've got, multiple people doing verifiable credential
rendering and it's in the VC playground and we've got test vectors and all
that kind of stuff and we've had a one full round trip of kind of,
implementation against it. render method has existed and has been incubated
for probably about a year and a half two years in the CCG. it hasn't gotten
a lot of kind of focused work from us. primarily because people kind of
deployed stuff to see what they could learn from it and now we've learned
from it and we know that we want to update it.

Manu Sporny: in a couple of significant ways that is just going to help
usability among it. So that is work we should probably do in the CCG and it
is work that we might use this call for in the coming weeks. so during our
last call, Dave Lane noted, that, we need to do, some work here. And so,
because of that, we just need to do some work on it. it shouldn't take a
lot to update the spec. I mean, it's probably a week or two of work to
upgrade it to the new thing and then get, a week or two of more input from
folks.

Manu Sporny: but I think that's kind of where we are in the render method
spec. So from a maturity perspective, is it ready to hand over to the VCWG?
it's probably number three on the list. and there's also some overlap with
the wireless spec and the render method thing. it is possible to express a
wireless data model through render method without specifying how you move
it over a wireless protocol. So we can specify an NFC render method and
then leave the protocol stuff out of it completely where the wireless spec
would contain the exact protocols that you would use to move that payload.

Manu Sporny: So render method Wireless spec would specify the protocol that
it's moved over. so there's a split there. Coyote maybe if you don't mind
vocalizing which the notes are not saved at all.

Manu Sporny: So everything you're typing is going to be lost because of our
new meeting infrastructure.

Kayode Ezike: Sorry.

Kayode Ezike: I just noted that you mentioned that that might be touched on
in a few future calls, but I know that there's been some discussions and
issues in the past around PDF and HTML use cases and the potential security
risk and things of that. So, I think it'll be good to get into that as well
as other kind of interfaces.

Kayode Ezike: for rendering that's not just like a static visualization.
But that's just a general thought there.

Manu Sporny: Yeah, plus one.

Manu Sporny: I mean, that's come up. I mean, one of the big issues that we
have with render method right now is like the Singapore government, who has
a very significant render method. This is a bad time for them. And so, we
really need to get their input to mature this stuff. At least they're part
of the spec. and I mean, they've deployed it in production, right? So I
don't think they're but that speaks to the kind of more programmatic
mechanisms that you're talking about coyote and then you're right there's
some security concerns issues that we need to discuss as well.

Manu Sporny: So, all are things I would imagine that we would talk about
here first, clean that stuff up a decent bit before moving it over to the
VCWG. yeah, plus those are going to have to be a part of the discussion we
have on render method. the next, It's kind of a tossup between confidence
method and the wireless spec. I would probably argue that it would be
easier for us to get a fairly simple straightforward confidence method
spec. I mean just effectively did off thing with confidence method, right?
00:20:00

Manu Sporny: you're just given a key and you're supposed to do a
authentication with that key over some protocol to build confidence that
the individual that is giving you the credential is actually the one that
should be is the one that's in control of it. So this is basically
specifying right now we presume that the subject identifier if it's used a
is used. we presume that the subject identifier is a DID because DID
document and see how they authenticate and you can do a protocol based on
that.

Manu Sporny: But it's a valid assumption to make if you're using DIDs, but
if you're not using DIDs, like someone using the SIDS spec or you want to
decouple the credential from any kind of attachment to any kind of
identity, meaning it works like a cryptographic tap to pay credit card.
something with a chip and pin in it. That's an example of that payment
instrument isn't tied to anyone. you can give it to somebody else and they
can use that credit card to pay for something. and so if we want use cases
like that, which we do, that is where confidence method with just a simple
specification of a public key would come into play.

Manu Sporny: it allows you to have much more pseudonmous interactions if
you want to. So there are some pseudonym use cases that are useful there
and the only thing we need to specify is here's a key and So that kind of
spec can be put together in a weekend and then we can hand it over pretty
quickly as just what the first confidence method. okay so that's probably
number four on the list. and then the very last one is the wireless spec.

Manu Sporny: that primarily because we're still experimenting with the NFC
and the Bluetooth stuff and it probably needs to be incubated a little
longer. but at the same time it's demonstrable. it is possible for us to
get to multiple implementations in pretty short order. and as a result of
that we could moving that onto the standards track. it's not a very complex
thing.

Manu Sporny: when you get down to it because if you're just using web NFC
in the browser it works right so there's a potential here to we just
reference the web NFC spec for all the NFC functionality and we put the
payload in a verifiable credential and we're done with the NFC thing like
it is really that straightforward forward and simple. There's not a lot of
new protocol stuff that we need to work on. the Bluetooth stuff is a little
more of a long-term thing. but again, that's something that, we could use
web Bluetooth for the web Bluetooth spec and base it off of that. and as
everyone probably knows, there are some challenges with, using that web
Bluetooth spec on Apple devices.

Manu Sporny: I believe still after eight years plus Apple has not
implemented but you can implement some of the web Bluetooth stuff in native
apps on Apple devices if I remember correctly. So that's probably the last
one. It's the least incubated one. it's the one that's least ready to go
except for maybe the NFC bits and maybe we carve out the NFC bits and kind
of push the Bluetooth stuff a little further down the road. there's also
postquantum signature stuff. and it should be pretty trivial to put
together that crypto suite. but we're not seeing a lot of development on it.

Manu Sporny: and that needs to happen before things are moved forward. We
do have a separate call for data integrity and it is up to that group to
pick something and recommend something as being put in the charter. okay so
I think that's the concrete proposal is we order the specs from a
incubation ready to go perspective it would be VC API as the first thing
verifiable credential barcodes as the second
00:25:00

Manu Sporny: thing, render methods as the confidence method, as the fourth
thing, I think. and then, VC over wireless as the fifth thing. and then as
far as the things this group should probably spend most of its time on, it
is probably making sure the VC barcode spec is ready to go.

Manu Sporny: it probably is by and then the rendering methods spec next.
And I would expect we would spend the most amount of our time over the next
month or two on the render methods spec and then the confidence methods
spec and then the wireless spec. so I think that that order seems to make
sense to me. based on where we are. does and of course, sorry, did keys in
there, but I don't think it needs a lot of work. It's pretty much ready to
be handed over and I think most of that work's going to happen in the diff
did methods group. So, with all of those kind of that as a kind of a
concrete proposal, any thoughts?

Manu Sporny: Plus minus ones, other things we should be considering, orders
that people would switch up.

Harrison Tang: Sounds good to me Thanks for some

Manu Sporny: Thanks, Harrison. And Phil is saying plus one in just
vocalizing that because we'll lose the chat in the minutes. go ahead Cody
for some of them.

Kayode Ezike: Just really quickly is the idea that this group is going to
serve as something like a work item like seri has its own group that needs
it. This group would basically be that at least for some of them.

Manu Sporny: I think this group ends up being that group for render
methods, confidence method and NVCB in wireless. So, everything but VC API
and the data integrity work, we would just cycle through and incubate all
of these things. And I think we spend each week focusing on a specific
specification and just keep cycling, kind of finish up the one that's the
most imperative to get done and then move to the next one. We might cycle
back and forth. but hopefully that would allow us to, get these specs the
rest of the way before we hand them over to the working group.

Kayode Ezike: Okay. Verex.

Manu Sporny: All right. any other kind of questions, concerns, any other
specs we should be thinking of? Anything of that nature? Okay. if not,
let's say that's our preliminary plan. and then we'll go from there. So I
think what that means is the next meeting maybe we'll focus on kind of
going over the verifiable credential barcode specification and seeing what
other things need to be done there.

Manu Sporny: I think we'll pull Wes in who's the primary lead on that spec
to see if he thinks we should do anything else there. and then we'll just
start kind of processing that and then we'll cover David Chadwick's
verified issuers verifiers list next week too. just him giving an
introduction and where he thinks we are on moving that over. and then the
week after that we might do a full call on render methods. any other
thoughts on any other ways that we would want to do Next week's call is
basically going to be verifiable.
00:30:00

Manu Sporny: issuers, verifiers list, an introduction to that, and then
we'll spend the entire rest of the call on the verifiable credential
barcode specification. And then the week after that, we'll do a full pass
on the render method specification. and then we might, come back to BCBs or
we might keep going on on render methods, if folks feel like there's more
stuff we need to do on BCBs. with that I don't know, there's no reason for
us to kind of, meet further if we're done with kind of the agenda for this
week. Is there anything else that folks wanted to cover today on the
agenda? Okay. If not, that is our call for today.

Manu Sporny: Thank you everyone for attending and the input on kind of the
plan forward and we meet again next week to talk about verifiable issuers
and verifiers in the verifiable credential barcode spec. Thanks everyone.
Have a wonderful rest of your week. Take care. Bye.
Meeting ended after 00:31:43 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*