- From: Simone Onofri <simone@w3.org>
- Date: Wed, 21 Jan 2026 00:00:19 +0100
- To: public-security@w3.org
Dear Group, This is a Call for Consensus (CfC) for the Group publishing the “Threat Model for Digital Credentials API” and for enabling autopublish. [[ This document describes the threat model for the W3C Digital Credentials API, first identifying the API's scope and considering adjacent layers in the Credentials ecosystem, and then identifying and evaluating threats and key countermeasures. It is also used as the basis for writing the Security Considerations section of the specification. ]] During the 2026-01-20 meeting, the participants had already agreed. To ensure everyone has an opportunity to weigh in, this will serve as a record of the group's decision, one way or another. The content of the deliverable is available for inspection here (before the publication, it will be converted into the proper format, and it will have its own repository): https://docs.google.com/document/d/1BpBBiv7GgkGi1_Y7NvyD3Mkalj0g857Qw-aan3NqYwU/edit?tab=t.0 In response, please state one of the following: * I support the publishing of the "Threat Model for Digital Credentials API". * I do not support the publishing of the "Threat Model for Digital Credentials API", but it's fine if we decide to proceed * I object to the adoption of the “Threat Model for Digital Credentials API" due to Issues filed in the open issue <#number> of the securityig repository If there are no further objections, we will confirm the decision by 2026-01-27, at midnight Pacific time. Just so you know, if the deliverable is published, it will be marked as a First Group Note Draft, which does not imply W3C endorsement. Thank you, Simone
Received on Tuesday, 20 January 2026 23:00:52 UTC