- From: Tom Jones <thomasclinganjones@gmail.com>
- Date: Tue, 24 Mar 2026 11:04:40 -0700
- Cc: public-security@w3.org
- Message-ID: <CAK2Cwb4oywWKEPtoKiA+o6xHbces3Fu=3XsNDgyacFugwsi_WA@mail.gmail.com>
i guess i was unaware that this was expected. Do we have anything like that for general consumption? Do we need one? Should it combine with privacy? Peace ..tom jones On Tue, Mar 24, 2026 at 6:52 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > Hi W3C Security and Privacy groups, > > We are getting ready to move a few Credential Community Group > specifications over to the W3C Verifiable Credentials Working Group. > We need to complete the Privacy and Security Considerations sections > /or/ replace them with a "Threat Model" section before we request > horizontal review. We would prefer to do the latter (just one Threat > Model section), as the former feels like it will repeat a lot of the > information that ends up being contained in the latter. > > We have not yet published FPWDs for these documents, and so would like > to use our time most effectively on the privacy and security / threat > model work. The worst outcome for us is to have to create a privacy, > security, AND threat model. > > At this point in time, what is considered the best practice? > > For example, is it considered a best practice at present to replace > the Privacy and Security Considerations sections with a Threat Model > section? > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ > >
Received on Tuesday, 24 March 2026 18:04:58 UTC