[MINUTES] CCG Atlantic Weekly 2025-09-30 from meetings@w3c-ccg.org on 2025-10-05 (public-credentials@w3.org from October 2025)

From: <meetings@w3c-ccg.org>
Date: Sun, 5 Oct 2025 08:33:58 -0700
To: public-credentials@w3.org
Message-ID: <CA+ChqYcEgutfwejdnVyeWYzsBDG0g6skb+fFNMA2cqtgUodbvA@mail.gmail.com>
CCG Atlantic Weekly - 2025/09/30 12:00 EDT - Summary

*Meeting Summary:*

The meeting was a quarterly review of the Credential Community Group (CCG),
focusing on the progress of work items over the last three months. The
agenda included administrative items, introductions, announcements, and a
review of work items. Key topics discussed included:

*Topics Covered:*

   - *W3C Code of Ethics and Introductions:* The meeting began with a
   reminder of the W3C's code of conduct and an invitation for introductions.
   - *Announcements and Reminders:* Announcements included upcoming APAC
   calls organized by Will Abramson and the Internet Identity Workshop (IIW)
   and the Agentic Internet workshop.
   - *Specification Priorities Poll:* Manu Sporny discussed the results of
   a poll indicating a preference for moving incubated specifications to the
   global standards track.
   - *VC Render Method:* Dmitri Zagidulin and Manu Sporny discussed the VC
   Render method, highlighting its importance for display preferences and
   accessibility, and readiness for promotion to standards track.
   - *VC Confidence Method:* Manu Sporny provided an update on the VC
   Confidence method, which addresses issues related to user identity, key
   ceremony, and key ownership.
   - *VCOM/DC API:* Kayode Ezike and Manu Sporny discussed VCOM (Verifiable
   Credential Open Messaging) and its lifecycle and its integration with the
   DC API.
   - *Verifiable Credential Barcodes:* Manu Sporny discussed verifiable
   credential barcodes, highlighting their production usage and integration
   with Seaborn LD and VC barcode.
   - *VC of Wireless:* Manu Sporny discussed the VC of Wireless, and the
   problems the specifications has around the standardization process.
   - *Verifiable Credential Refresh:* Manu Sporny discussed the verifiable
   credential refresh. The discussion included the refresh service and privacy
   implications and possible attacks.
   - *Verifiable Issuers and Verifiers:* Dmitri Zagidulin discussed the
   need for identifying issuers and verifiers and related directory services.
   - *VCWG Test Suites:* Benjamin Young provided an update on the VCWG test
   suites and how vendors can use them to demonstrate interoperability.
   - *VC Education:* Dmitri Zagidulin discussed the activities of the VC
   Education group and its focus on implementer feedback.
   - *DID Link Resources:* Will Abramson briefly mentioned the DID Link
   Resources specification and its discussion in the DID working group.

*Key Points:*

   - Several specifications are ready to be promoted to the W3C standards
   track.
   - The VC Render method, Confidence method, and Barcodes are progressing
   with production deployments and implementations.
   - VCOM is a mature specification with many implementations, potentially
   integrating with DC API.
   - The VC Wireless specification faces challenges due to the lack of
   support from one browser vendor.
   - The VC refresh specification is ready for promotion, with privacy
   considerations.
   - The VC Education group focuses on implementer discussions and use
   cases.
   - Test suites are crucial for interoperability and should be used by
   implementers.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-09-30.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-09-30.mp4
*CCG Atlantic Weekly - 2025/09/30 12:00 EDT - Transcript* *Attendees*

Benjamin Young, Dmitri Zagidulin, Erica Connell, Fireflies.ai Notetaker
Ivan, Geun-Hyung Kim, Greg Bernstein, Gregory Natran, Harrison Tang, JeffO
- HumanOS, Jennie Meier, Kaliya Identity Woman, Kayode Ezike, Leo Sorokin,
Manu Sporny, Phillip Long, Przemek P, Will Abramson
*Transcript*

Will Abramson: Give up for few moment.

Harrison Tang: Watching out.

Will Abramson: maybe I'll get started with standard stuff. Seems like seven
of us. Give it one more minute.

Will Abramson: Okay, let's get started. So, welcome everyone to todays
today we'll be doing a quarterly BCG review. So looking back over the
progress we've made on work items in the last three months. Before I get
into that, I'll just run through the administrative stuff. So first up,
code of ethics and professional conduct. so we adhere to the W3C's code of
conct. treat people with respect.

Will Abramson: let's continue to foster a collaborative, pleasant
environment for us to work in here. Thanks for doing So, anyone can
participate in these calls. However, substantiative contributors to any CCG
work items must be members of the CCG with full IPR agreements signed. And
if you have any questions about that, particularly if you're interested in
getting involved in any of the CCG work items we discussed today, do reach
out to any of the chairs and we can help make that possible. next
introductions and reintroductions. Is anyone new to the group community
today and wants to introduce themselves or anyone want to just say hi?
00:05:00

Will Abramson: not said hi for a while. Please jump on the queue. Not
seeing anybody, so I'll move on. next, announcements and remind Does
anybody have any announcements or reminders for the community today? And I
can start. I have one. my announcement is about the APAC calls that I've
been working to organize in October. I'm going to send out an email
probably after this call, but I have managed to finalize an agenda for us.
So this will start on the 8th of October. We have some group from Taiwan
talking to us about Turing certificates.

Will Abramson: and then on October the 15th, it's the Bhutan National
Digital Identity Implementation. And then on October the 22nd, we have the
Indonesia Cyber Education Institute. So, they're all taking place at 12:00
p.m. UTC. So, I think that's 8:00 a.m. East Coast. It's kind of in the
evening for APAC, but that was decided to be a good time based on the group
of people who joined to coordinate this. So, I mean, it's an experiment,
right? We'll see who took shows up and probably I'll host another call on
the 29th, which will just be an open discussion for anyone who has been
showing up to these events to kind of decide what we should do next. do we
want to run some AP pack moving forwards? So, I think we've got quite an
excited bunch of speakers. If you're interested and can make it, I would
love to see that. yeah, that's it from me.

Will Abramson: so yeah, I think you're next.

Kaliya Identity Woman: Sure, just to share the internet identity workshops
coming up October 21st to 23rd in Mountain View, California. And following
IW, we're hosting Andrew Kessleman and I are the main protagonists of the
Agentic Internet workshop which is an inspired event this time hosted by
IIW Foundation. So, we'd love to see you there if you're doing authentic AI
work.

Will Abramson: Great. Thanks, K. Yeah,…

Manu Sporny: Yeah, just on both your and Kalia's mentions. I know that I'm
pretty sure MOSAP puts on a big event where they bring a bunch of people
together. I don't know if you've tapped into their network yet, but they're
doing a lot of stuff, using DIDs and VCs and you might try to pull them in.
let me try and connect you if you need connections there. …

Will Abramson: that'll be great.

Manu Sporny: and people for whatever reason are being very shy about
engaging with the community. I've tried multiple times with multiple
different kind of Pacific, organizations that are deploying in production,
but they continue to not necessarily engage in the work. I don't know why.
because when you ask they are typically like we'd love to join and then all
of a sudden it's just like people don't show up. So I don't know what's
driving that. it may be partly cultural but hopefully all we can do is keep
inviting and then see if folks show up. So that's that item. Kalia on the
Agentic AI workshop thing.

Manu Sporny: I don't know if you've talked with what is it vouched ID the
model context protocol for identity folks but if you haven't I'm happy to
put you in touch with them I think they'd be a good to join your event and…

Manu Sporny: I'm pretty sure they're west coast as well so just let me know
if you don't already have their contact and I can do that intro

Will Abramson: Great. Thanks,…

Will Abramson: final call announcements, reminders, or introductions.
That's everyone. over to the main agenda. So today we're going to
unfortunately I only have one screen today but today we're going to be
reviewing the current state of the credential community group.

Will Abramson: So, I'll share my screen just yeah, and I'm just going to
whiz through these and hopefully people on this call are going to, talk
about the work items that they're involved in and share what changed in the
last three months. Great. So you should be able to see my screen present.
How you see can you see the presentation? Think so. okay. Yeah.
00:10:00

Will Abramson: So the agenda is just going to be reviewing the work items
and then any proposals and upcoming changes I guess to the work item train.
do you want to speak about this slide I don't know…

Manu Sporny: Yeah,…

Will Abramson: if we put this slide.

Manu Sporny: I went and updated a bunch of slides. I might be doing updates
for a fair number of them only only because,…

Will Abramson: Great. Thanks,

Manu Sporny: we've kind of centralized the incubation into a single call
and a lot of us the same folks are showing up to many of these incubation
calls.

Manu Sporny: But the first link on it I don't know if you can share the
link to the slides in the chat so others can see them.

Will Abramson: Yeah,…

Will Abramson: let me do that.

Manu Sporny: the first link is to the specification priorities poll that we
ran. we were asked to get feedback from as broad of a community as we could
on what we should do. meaning what the next verifiable credential working
group charter should focus on. We get a lot of feedback, 40 plus responses
to it. 40 people representing organizations responded. so we got good data
back. but the poll effectively showed that the vast majority of the stuff
that we've been incubating people would like to see it moved on to the
global standards track and us move forward on it. because of that we have
been over the past couple of months incubating specifications.

Manu Sporny: We currently have seven of those that are ready to hand off to
the verifiable credential working group. that are pretty mature relatively
speaking to some of the other stuff that has moved into W3C over the past
what 8 years. So we're in much better shape with a some of the specs are
not ready like the quantum safe crypto suites is suffering from I think not
having everyone thinks it's important work to do but nobody's volunteering
to edit it and if that happens then it doesn't go forward. verifiable
issuers and verifiers I think we've got some core kind of design issues to
work out there before we can put that onto the standards track.

Manu Sporny: Zcaps really people wanted to see them happen but they don't
necessarily have anywhere to land in W3C. We would probably have to
refactor some working groups at W3C to catch that work. and then there's
other stuff data integrity VC education link resources that I'm sure others
could speak to. but I think the takeaway here is these specs that we have
been incubating over the past year plus to two years VC API has been five
years now in incubation are ready to go over to VCWG that's

Will Abramson: Thanks, I did have one question actually and if anyone else
has questions, do jump on the queue. My question is maybe you can speak a
little bit more about the refactoring that might need to happen for the
Zcaps to get in. I think I saw is an issue where you discussed this, but
it'd be great if you could share that the group.

Manu Sporny: Yeah, I mean I think and this kind of goes to the agentic AI
stuff. people specifically I think Dimmitri's got an angle from one
community. Bango's got an angle from another community. The agentic AI
stuff has made this even more important. me meaning Digital Bizarre have
deployed this in production for years large deployments. and so we want to
see Zcaps move forward. they're very well incubated at this point. but
verifiable credential working groups a weird the did working group's a
weird place to put it.

Will Abramson: Mhm.

Manu Sporny: So there are a couple of us that are talking about approaching
W3C and going like look we need to refactor the way this work is done like
BCWG has got way too many specs that it's working on is branching out into
DD methods and there's all this self-s sovereign storage and agentic AI
capability delegation stuff that needs to happen like C. If you want to set
up and set up a better pipeline for this stuff, we've got to refactor And
so what that might result in is a verifiable credential working group
that's doing less with a lot of the data integrity stuff moved to a
decentralized security technologies working group or something like that.
00:15:00

Manu Sporny: that would do data integrity and ZCAPS or self-s sovereign
technology working group that would also pull in work on things like web
attached storage or encrypted data vaults and things like that. basically
base level technologies for people to truly own their credentials and…

Manu Sporny: that sort of thing. So I think that's the discussion we're
hoping to have. we're going to, have some hallway discussion at TAC this
year to see if there's an appetite to restructure things in that way.

Will Abramson: Great. Thanks for that context.

Will Abramson: Okay, next slide. Matt, I think I haven't missed any one on
the Q. Next slide. So, first up, BC random method. I guess this is for you
again, man.

Manu Sporny: I don't know if you'd want to take this instead.

Manu Sporny: I think I saw Dmitri jump in here.

Dmitri Zagidulin: So, I think you might have a better handle of …

Dmitri Zagidulin: what the past couple of calls, if there have been, but
basically here's an overview for those unfamiliar with this. there's great
need for issuers to be able to hint or state their preferences. If you're
going to display this verifiable credential, here's how you can display it.
here's an image that you can display. Here's an HTML template that you can
fill out and…

Will Abramson: What the f***?

Dmitri Zagidulin: use it in your application or your wallet or whatever.
So, the VC render method is a spec or a set of specifications that help you
do that. So, they're useful for reusing displays between projects. they're
helpful for accessibility meaning this is how you would render this
credential visually. This is how you would voice and so on and it might be
helpful in the future for internationalization as well. so it's a really
important use case. I do think that it is ready for promotion to standards
track.

Dmitri Zagidulin: I'd love to connect with more people either using this or
interested in this so that we can organize work item etc.

Will Abramson: Great. Thanks,…

Will Abramson: Commission. Anything to add?

Manu Sporny: That was great. I think one thing to add so this is where the
Pacific stuff comes into play. we've got Singapore AMOSIP which is
deploying in a bunch of Pacific Middle East Africa use cases are using
render method in some pretty those are the most advanced render method use
cases that I've seen is the stuff happening in Asia Pacific.

Manu Sporny: India Africa so that's good more implementations as Dimmitri
mentioned we are ready for standards track the final commuted group
specification has been published this was a medium high priority I was
thinking people want to see it get done it's being deployed definitely so I
think it would have been nicer to gotten it on the standards track, 6
months ago or 8 months ago, but here we are. We're ready now.

Dmitri Zagidulin: Hey, if I could jump in. So, two things. Clea has her
hand up on the queue and two, …

Will Abramson: Cool.

Dmitri Zagidulin: question nano. So, going back to what you said previously
of where does this stuff live is this is a good shoe in for the verified
credentials working group though, right? Because it's directly Okay.

Manu Sporny: Yep. Exactly.

Dmitri Zagidulin: Right. Right.

Will Abramson: Thanks, Demetri. And Clea, did you raise your hand again or
is it just from before? I think it's just wrong before.
00:20:00

Dmitri Zagidulin: Just wanted to make sure

Will Abramson: Appreciate that, Demetri. Any questions about BC render
method before we move on? I'm going to lower your hand for you. That's all
right.

Will Abramson: okay, great. Next slide. VC confidence method. Great.

Manu Sporny: I can do this one. so, confidence method was originally raised
by Oliver Turboo in the verifiable credential working group that's wrong.
During the 20 work and we couldn't get it done in time, so it got bounced
to CCG. we have since, worked on it. updated a bit, gotten the examples in
line. we made good progress. The Final community group specification has
been published. It is ready for promotion to standards track. However,
there are zero implementations of it. it's not difficult to implement it.
but engagement on this hasn't been super great. which was originally true.

Manu Sporny: I think there's some interesting stuff happening here though
again with in Asia Pacific India Middle East Africa through Mosup there are
deployments of verifiable credentials today increasingly on paper and
people are trying to figure out and the reason for this is like you're
trying to reach a farmer that is way rural that does not have cell phone
coverage doesn't have a mobile phone, any of that stuff. But the state
still wants to give them, credentials so that they can prove that they're
approved to farm a particular piece of land and they have valid government
credentials which then lets them get loans and rights to plant and things
of that nature. So those types of credentials are important, but they want
to be able to put some kind of biometric on that piece of paper so the
person can identify themselves, more strongly.

Manu Sporny: That's a new interesting use case that I think is legitimate
but also raises a whole bunch of privacy concerns and questions. but
putting that thing to the side everything else is pretty standard did off
proof of possession of a cryptographic key type stuff. things that were
kind of presumed to exist because you're using dids but confidence method
kind of makes it explicit if the person is showing this credential you can
have a higher level of confidence that they're the actual person that the
credential is about by checking a cryptographic key doing a key ceremony of
some kind.

Manu Sporny: So this is ready and it's a really simple spec it's, just a
couple of pages and ready to go. That's it.

Will Abramson: Great. Thanks,…

Will Abramson: M. Anyone have any questions about confidence method? Seeing
any I guess the main thing with this would be just getting the
implementations in, So,…

Will Abramson: it's moving on. BC Amn DC API, You want to say this too, man?

Manu Sporny: Yep. Yeah.

Manu Sporny: Coyote, do you want to take this one since you've been pretty
involved?

Kayode Ezike: So there's a few things to note about this. VCOM was we once
called a credentials recently we decided to rebrand it. just because of the
similarity to digital credentials API and also in order to better capture
the full scope of this spec which is to specify the entire life cycle with
credentials right the issuance the status management presentation the
verification etc and so that was a pretty good change but outside of that
things are going as planned as you might have mentioned it's been incubated
for about five years now there's been a

Kayode Ezike: few new things that we've introduced since it's started. I
think one of the more recent ones is the support for QR codes and enabling
the ability for wallets to pick up credentials using a new sort of URL
format by way of query parameter. And then also another big change was that
we decided to merge the verify presentation request spec which is a spec
that kind of is a generic kind of like query container so to speak
specification that enables the ability to specify different ways to query
credentials.
00:25:00

Kayode Ezike: that was once a standalone spec because I think the vision at
the time was to potentially have that be used across specs which might
still be a thing but we still felt like for now it makes sense to just
merge it into VCOM directly anything else I'm missing on maybe workflows
yeah that's mostly I think the high level we still meet Tuesdays at 3 p.m.
BT if I was interested until it gets picked up by the working group. Let's

Will Abramson: I don't know if there's anything to add. I have one
question, but if man, you want to add something?

Manu Sporny: Nope. That was

Will Abramson: Yeah, my question would be so I mean this seems pretty
extensively there's 27 implementations right and a bunch of production
deployments like what do you think the work of the working group is going
to be to of it's just sort of pushing it through the process but do you
expect much changes

Will Abramson: Mhm.

Manu Sporny: There are a couple of things. I mean, the working group has to
actually do a full top tobottom review. this is an example of a
specification that probably got too much incubation. and I think everyone
knows that the reason it wasn't pulled into the verifiable credential
working group was there was a lot of politics that was going on. Didn't get
pulled in for whatever reasons. And so here we are with an over incubated
spec that's already in production. that said the working group can decide
to remove different things.

Manu Sporny: I think it's very important to see if the DC API is going to
kind of keep their word and be an actual browser API specification that
allows multiple protocols to be used for credential exchange. VCOM is
capable of moving all types of different credential formats. you use all
kinds of different query languages. It does support OID4 VCI and OID4VP
over it. It is totally capable of being supported in the DC API. But some
of the most recent discussions in DC API have been around whether or not
the browser vendors, have to say they're going to implement it.

Manu Sporny: when the DC API work was started with the presumption that it
would be agnostic to the protocols and there'd be a registry of protocols
and…

Manu Sporny: the browsers were going to stay out of it. so it's stuff like
that where it has to be an official work item for us to kind of engage in
that kind of discussion with the Fed CM and…

Will Abramson: Mhm. could you just explain to me and…

Manu Sporny: DC API work. So still, yeah, there's work to be done.

Will Abramson: probably other people how does this VC com and the DC API
how would they ideally work together in the best case of course

Manu Sporny: DC API is supposed to be a higher level protocol. It's just
supposed to do matchmaking.

Will Abramson: All right. Mhm.

Manu Sporny: So, you go to a website, the website's like, "Hey, I need to
see these types of credentials from you." And then the credential that the
request for credential effectively gets broadcast through the browser to
all the digital wallets on the platform and the platforms can respond back
with different protocols. So that the query can say I support both this
protocol and that protocol and this other protocol that's broadcast the
wallets and the wallets can come back and basically be like I can engage
with you over this protocol or that protocol. so that's how they're
supposed to fit together, right? so DC API currently, is using OID4VP and
the top level high layer is DCAPI, the lower level is oid4 VP. The question
is and it's supposed to support different things.

Manu Sporny: the question is so DC API is supposed to be high level it's
supposed to connect the parties that want to communicate and then those
parties communicate over whatever protocol they pick where the VC API can
be one of those protocols.
00:30:00

Will Abramson: Right. Great.

Will Abramson: Thank you. That helps. Last call for any other comments or
questions on this before we move on. See anybody?

Will Abramson: Next we have verifiable credential barcodes.

Manu Sporny: I can take this one unless Wes is here. I'll take this one.
not much has changed with verifiable credential barcodes. this is again
another specific this is already production in a massive deployment. I
don't know tens of millions of people. I don't know if that's massive or
not but it's a lot for an incubated specification that's pretty standard.

Manu Sporny: So the feedback we got on this though was yeah it was medium
high priority can be used on driver's licenses vital records birth
certificates paper documents that's how it's being deployed again a lot of
interest in Asia Pacific Middle East Africa US is deploying this as well
got another implementation for it not much has changed. this requires both
Seabore LD, to be, standardized, as well as the VC barcode stuff. On the
Seabore LD stuff, I don't know, Benjamin, if you wanted to kind of speak to
where we are on that.

Benjamin Young: So, Seabore LD is planned to be one of the specifications
for the JSONLD working group recharter. we're going through that process
which takes however long it takes. the working group new charter is in
horizontal review. we hope to hear from everybody pre-Tac and to make some
announcements about that. But if anybody's interested in Seabar LD
specifically, we'd love your involvement there. but…

Benjamin Young: if that goes to plan, there should be a new recharter
JSONLDD working group which includes Seabor LD as a specification starting
before the end of the year.

Will Abramson: Great. …

Will Abramson: anybody have any questions? And where is this work taking
place currently? Is this just in the Wednesday calls? Y

Manu Sporny: But honestly it hasn't gotten that much time because there are
some companies that have worked on it and deployed it in production and we
are talking with some other companies that are also deploying it in
production. So unfortunately most of the discussion for this specification
is happening among vendors instead of in an actual group

Will Abramson: All right.

Manu Sporny: but that's largely because the vendors are just like whatever
let's deploy it and then the presumption here is that it's going to survive
largely intact through the standardization process.

Will Abramson: And do you think those vendors would participate in their
standard process?

Manu Sporny: No, which is really frustrating.

Will Abramson: Right. Okay.

Manu Sporny: But they're just kind of like, "Yeah, we don't care about
standards, but our customers have said they want us to implement this. So,
tell us how to implement it and good luck with the standard.

Will Abramson: Okay. Let's move on. VC of wireless

Manu Sporny: Yeah, I can take this one too. this is another one that kind
of falls into the vendors are just deploying so this one probably has the
lowest priority out of the poll. So, we did take a poll and a lot of people
are just like I don't see the point in this. unless you've got use cases
like driver's license or first responder credential where you could be on
the side of a highway or totally offline with infrastructure down. and
that's what this is for. This one's really interesting because it builds on
top of web NFC and web Bluetooth. which for those of you that have been
watching the saga over the last 15 years, Google has deployed this stuff in
production. It's out there. They wrote the specs.

Manu Sporny: they're 100% ready to go. Apple has basically been saying, "We
don't provide timelines on implementation for anything. We don't object to
web NFC or web Bluetooth, but we don't have any timelines for you." And
they've been doing that for 15 years. and without two implementations, you
don't have a global standard. So, WebN NFC and Web Bluetooth have been
stuck in the candidate recommendation phase for, I don't know, a decade.
and so because this work kind of depends on that work because that work's
not, past candidate wreck, we don't know if we can get this thing to a
full-blown standard, because of the way Apple has decided to engage on the
NFC and Bluetooth stuff. that said,…
00:35:00

Will Abramson: Any questions?

Manu Sporny: it is totally deployable on Android and Samsung and everything
that's not in iPhone. so that's where we are on this one. while we're here,
I will point out that this is a textbook example of the problems with
standards organizations in centralization of implementations like browsers
like this is a textbook case of it.

Manu Sporny: So, there's no subtext here. We can't have a global standard
to do this because we have one very powerful browser implement that has
refused to implement NFC and Bluetooth on their platform in a way that you
can use it through the browser. And because of that we are getting told by
the standards organizations that we can't start the standardization work on
this because why even put in the effort when one of the largest
implementers in the world is that only has a certain percentage of market
share is refusing to implement it. So it's a example of really gaming the
standards process. how large corporations have figured out…

Manu Sporny: how to really game the standards process.

Will Abramson: Okay, not seeing anyone on the queue.

Will Abramson: I'll move on. verifiable central refresh.

Manu Sporny: Yeah, let's see. I could take this one as well. This is just
if your credentials expiring, how do you refresh it? We've got a good
update to the specification. It aligns with the new VCOM stuff. It's ready
to be promoted. this is one of the things that's still in scope for the
VCWG. …

Manu Sporny: we have one implementation, but there are a couple more that
said that they'll implement as soon as we have this ready to go.

Will Abramson: Great. …

Will Abramson: I have a question. Can you speak to some of the push back
people have around the phone home, and what the answers like how that is or…

Manu Sporny: Yeah. I mean,…

Will Abramson: isn't Yep.

Manu Sporny:

Manu Sporny: yeah. I mean, so, we could probably have an entire call on
this, but the whole thing kind of came to a head with the MDL server
retrieval stuff, So, there was a bunch of people from this community that
joined a bunch of other people and said, "Hey, we think Phone Home's really
bad." specifically the server retrieval stuff in MDLM doc. if folks have
seen the latest interop targets, we had heard that server retrieval was
going to be removed. It has definitely not been removed. It has been down
prioritized as an interop target,…

Will Abramson: Mhm.

Manu Sporny: but it's still there as an interop target. The US AMA has said
they don't believe server retrieval is a good thing to say. other countries
have been silent on whether or not they agree or disagree with it. But it
continues to be, supported. So that is the bad sort of phone home is the
idea that your digital wallet could switch modes on you without you
knowing. or for example when people show up to let's say the Olympic games
in some country where that country either does or does not do server
retrieval and you've got people showing up that either do or do not do
server retrieval what's the right thing to do policy wise all that kind of
stuff.

Manu Sporny: So those are the complications with server This refresh
service you could say that you are going back to the issuer and you in this
case you're phoning home because your credential is about to expire and you
want a new one. you can always configure your wallet to just not go back
and try to refresh the credential. there are definitely some privacy
concerns that we need to address with this mechanism, because one of the
attacks here is that the issuer creates super short-lived credentials that
are refreshed every single day. and they do that because they want to
figure out when you stop using your credential, for example.
00:40:00

Manu Sporny: It's a kind of a lame attack but there are things like that
that we need to be really careful about in the refresh service and…

Manu Sporny: those are the types of things that I would expect we will have
to discuss with the privacy and security working groups during horizontal
review.

Will Abramson: Great. Thanks for that.

Will Abramson: Okay, not seeing anyone on the queue. Let's keep going.
Verifiable issuers and verifiers. Do we have anyone able to talk to this?

Manu Sporny: David here today.

Dmitri Zagidulin: I mean I can say a few words if so this is spec about
sort of related set of problems we have this ecosystem of issuers and
verifiers and holders and we need to be able to identify them one to the
other. We need to be able to say, "Hey, this entity is issuing you a
diploma. Are they authorized to issue a diploma? Are they recognized by any
party as legitimate or even at the sort of lowest denominator case?

Phillip Long: What the f***?

Dmitri Zagidulin: Can I think you're not muted, Phil. but it is a common
sentiment that I share or at very low lowest denominator just identifying
the parties to each other meaning you have a popup on your wallet some
entity is requesting your credential. What entity is that? Who is actually
requesting the credential? are they authorized to request redential? This
of course matters more in high value government identity sort of use cases
but this whole complex of problems is really important. It all comes down
to we need lists we need these directories of KYC entities and…

Dmitri Zagidulin: statements about those entities. So that's a spec that
touches on that.

Will Abramson: Great. Thanks for that overview.

Will Abramson: And I see this isn't going to get promoted right to the
standardized yet. That's fine.

Will Abramson: Not seeing anyone on here going 15 minutes left. BCWG test
suites. I don't know. Benjamin, do we need are these kind of old now?
What's the status on this?

Benjamin Young: Yeah, I wouldn't call them old.

Benjamin Young: That's going to send people the wrong direction. They are
in so far as these specs are not old. they've all just been released and
they're what everyone should be implementing and not the specs from two to
three years ago. and the test suites will continue to be the test suites
for these specifications. the current activity though for any future work
on the test suites sort of bridges the working group in its next formation
and the CCG participants like anybody can contribute to these BSD license
repos but it falls to the working group primarily to oversee their future.

Benjamin Young: We are working with the W3C to donate the canivc.com
community compliance dashboard code which surfaces how everybody's doing on
these. And at some point that will either end up in its own community group
to oversee its code or the governance that happen probably in the
credentials community group. That's something still in discussion with the
W3C. But ultimately the hope is to get a group that's more focused on
keeping an eye on these results and bringing in new impleers at least to
the CCG if not also as active participants in the working group.

Benjamin Young: But yeah don't call these old Yeah,…
00:45:00

Will Abramson: Yeah. No,…

Will Abramson: that's a great point. I think what you're saying is, if you
are an implement of the VC data model, you should be trying to, de
demonstrate your implementation passes these test suites, right? Yeah.

Benjamin Young: and one of the best things that happened in the past year
was DHS had a profile of the Department of Homeland Security in the US had
a profile of VCs and drove a whole lot of vendors into the test suites as a
means for the DHS to be able to vet those vendors.

Benjamin Young: So, being in the test suites, showing up, with your
homework done and passing it is a good commerce move as well as just
proving that you can interop with your peers. and it can to some extent be
used for your own implementation targets to make sure that…

Will Abramson: All right.

Benjamin Young: what you've implemented is actually compliant with the
specifications. So, …

Will Abramson: That's great.

Benjamin Young: if you say you have an implementation and aren't passing
these test suites, somebody will question that claim. We hope

Will Abramson: And this actually reminds me I don't think we have a slide
for the DID test suite. It's really the DID resolution test suite which I'm
trying to develop at the moment.

Will Abramson: I'll just use this as a brief call out. if anybody on this
call or listening to this call is working on an implementation of the DID
resolution specification, I would love to hear from you and I would love to
help you submit your implementation to this under development test suite.
That would be great. I think no one on the queue. Keep going. Not sure how
many more slides we've got. We want I think this might be the last slide.
BC education. So, we don't really have a good slide for this, but I would
love to hear from anyone working in the VC edu space.

Dmitri Zagidulin: Yeah, I'll say a few words about that. so just like the
label says, it's a group of verifiable credential implementers and
interested parties specifically in the area of education whether it's
higher education like universities and so on. And we're seeing it overlap
with sort of jobs, employment, human resources kind of data models and
credentials. so in classic education tradition, we've been on sbatical
during the summer because most of our members are not at their desk during
the summer. so we've just resumed calls.

Dmitri Zagidulin: this past week we had a good conversation about can we
have a functional definition of what a credential wallet is. and I'm happy
to share the slides. we usually have a mix of show and tell from
implementers and mix of here are the problems that we've encountered while
implementing. for example some of the energy towards both render method
issue of registries and some other related work has come from discussions
in VC edu task force.

Dmitri Zagidulin: So it's a good group in that there's a lot of
implementers which means we hit up against stumbling blocks and limitations
of the VC data model early.

Dmitri Zagidulin: So it's good to keep an eye out for reports from the
field.

Will Abramson: Great. Thanks.

Will Abramson: And you're still meeting at Mondays 11 Eastern.

Dmitri Zagidulin:

Dmitri Zagidulin: Correct. Yes.

Will Abramson: Any questions on the BCU or I think maybe I have a question
Dimmitri. I guess it's a bit late. Do you have participants from the APAC
attending this? Yeah.

Dmitri Zagidulin: Yeah, good question. So, much with other groups, we do
struggle with scheduling it at a proper time. So, we do have some
participants, but I'm sure not as many as we would if we had other time
yeah,…

Will Abramson: Okay.

Dmitri Zagidulin: time slots.

Will Abramson: I think the last one did link resources, but I don't think
we have anyone on the call to talk about this. I guess I will just briefly
say tomorrow the did working group is going to be talking about kind of
more broadly. So did link resources is a kind of specification that defines
what you do with the path part of did URL to link to specific resources
that are stored in certain spa places and those places are kind of defined
by the DID method at least that's my kind of high level understanding of it
and tomorrow the DID working group is going to discuss kind of a more
generalized discussion around did paths and what does
00:50:00

Will Abramson: the DID resolution spec want to say about DID path versus
leaving it up to DID methods or other specifications to define how the path
will be used. okay, I think that's the last slide. So, I mean there's a few
minutes left. If anyone has any questions about this or any comments or…

Will Abramson: want to bring up anything that we haven't discussed that
maybe we should be discussing or things that we should be working on in the
future that aren't in work items yet or leave the floor open. yes.

Phillip Long: …

Phillip Long: how does the did link specification you just mentioned, align
with the hashlink, work that Manu and others have done in the past? Or does
it?

Will Abramson: I think it doesn't maybe my but for me it's like the did
link resources is allowing you to create a did URL that can link to a
resource.

Will Abramson: I don't know if there's even a hash in there,…

Will Abramson: if it's content addressed or not. maybe Benjamin. Mhm.

Benjamin Young: So, I can't speak specifically to did length resource.

Benjamin Young: I think it totally could have a hash, but I don't think it
does necessarily. but I wanted to invite Philip and anybody interested in
the sort of hashlink space to the JSLD working group because one of the
other things we're hoping to tackle is specifically around JSONLD context
retrieval and providing content hashing in that space via the API spec and
a sort of a document loader call out space for that so that you could
provide a hash on the end of a JSON URL and then a document loader

Benjamin Young: which is what we call the thing that gets a JSON LD context
would take that into account for either retrieving it or pulling it out of
cache or some other local storage and validating it. So, Philip, if that's
something you're struggling with or been curious about, I know Dimmitri has
been as well. that is something we're addressing in the Jason LV working
group and…

Benjamin Young: I'm just going to keep shelling for that group, until Will
throws me out.

Will Abramson: No, that's great.

Benjamin Young: Our next meeting is next Wednesday at noon Eastern.

Phillip Long: What does it mean?

Will Abramson: Yeah, but not Great.

Benjamin Young: And they're mostly working group meetings,…

Phillip Long: Got it.

Benjamin Young: but often they're joint meetings with the CG.

Benjamin Young: So if you're a W3C member, you can, join the WG and if not,
you can join the CG and come to at least some of the meetings.

Phillip Long: Thank

Will Abramson: Okay. Last call. Any comments, questions, or we can just
close early. Think it's been a good three months. I'm not sure if we'll
have one of these before Christmas.

Will Abramson: probably we'll have one in the new year and it'll be more in
terms of looking ahead at the future more the new year and what do we hope
for it as a group? What do we want to work on and focus our time on? Thanks
Manu and thanks everyone else for sharing with the community what we've
been working on is appreciated. Have a great rest of your day. See you
later.
Meeting ended after 00:54:25 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Sunday, 5 October 2025 15:34:09 UTC