- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 24 Mar 2026 09:52:00 -0400
- To: public-security@w3.org, public-privacy@w3.org
Hi W3C Security and Privacy groups, We are getting ready to move a few Credential Community Group specifications over to the W3C Verifiable Credentials Working Group. We need to complete the Privacy and Security Considerations sections /or/ replace them with a "Threat Model" section before we request horizontal review. We would prefer to do the latter (just one Threat Model section), as the former feels like it will repeat a lot of the information that ends up being contained in the latter. We have not yet published FPWDs for these documents, and so would like to use our time most effectively on the privacy and security / threat model work. The worst outcome for us is to have to create a privacy, security, AND threat model. At this point in time, what is considered the best practice? For example, is it considered a best practice at present to replace the Privacy and Security Considerations sections with a Threat Model section? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Tuesday, 24 March 2026 13:52:41 UTC