- From: <meetings@w3c-ccg.org>
- Date: Wed, 5 Nov 2025 18:09:47 -0500
- To: public-vc-wg@w3.org
- Message-ID: <CA+ChqYc2Ov7-F4T+8cK_FW1fa7fpuJA=sGxAMCxcpYNZNDheBg@mail.gmail.com>
Meeting Summary: VCWG Spec Refinement - 2025/11/05
*Meeting Attendees:* Benjamin Young, Dave Longley, Denken Chen, Hiroyuki
Sano, Joe Andrieu, Patrick St-Louis, Ted Thibodeau Jr
*Summary:*
This meeting focused on refining the VCWG specification, with a particular
emphasis on confidence methods and related issues. The attendees discussed
existing and potential issues, labeling them for future action (needs
discussion, ready for PR). Due to the holidays, the meeting schedule was
adjusted, and the next meeting will be coordinated with Dimmitri post-EPAC.
*Topics Discussed:*
-
*Meeting Logistics:* Confirmation of the meeting schedule and
cancellation of the current series of meetings.
-
*FPWD and Next Steps:* Review of the published FPWD and planning for
future issues, particularly focusing on confidence methods.
-
*Confidence Method Issue Triage:* Review of existing issues related to
confidence methods.
- *Issue 10:* Issuer adds a confidence method that allows a set of DIDs
to present the VC. The discussion led to linking it to the newly created
issue 20. (Needs discussion, Ready for PR)
- *Issue 11:* Did confidence method. (Ready for PR)
- *Issue 12:* Does spec have a verification key confirmation?
(Duplicate of the previous issue) (Closed)
- *Issue 14:* Confidence method to authentication. (Needs discussion,
Ready for PR)
- *Issue 16:* Align with motive claim 169. (Needs discussion, Ready
for PR)
- *Issue 18:* Confidence levels from the issuer. Discussion around
the concept of assurance levels and their relation to confidence methods.
- *Issue 19:* Adding more confidence method based on multi-factor
authentication. (Needs discussion)
- *Issue 17:* Confidence level is not sufficient on its own. (Needs
discussion)
- *Issue 9:* Did as initial confidence method. (Needs discussion,
Ready for PR)
*Key Points:*
- The group is prioritizing the addition of a confidence method,
potentially based on proof of control or proof of access.
- Dave Longley highlighted the importance of privacy characteristics and
selectively disclosing confidence methods.
- The meeting reviewed existing issues, tagging them for discussion or
PR readiness.
- A key focus was on the relationship between DID authentication,
confidence methods, and levels of assurance.
- The discussion touched upon the use of confidence methods for
pseudonyms and wallet binding.
- The meeting concluded with plans to coordinate the next meeting with
Dimmitri after the TAC meeting, and before Thanksgiving.
Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2025-11-05.md
HTML:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2025-11-05.html
Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2025-11-05.mp4
*VCWG Spec Refinement - 2025/11/05 10:59 EST - Transcript* *Attendees*
Benjamin Young, Dave Longley, Denken Chen, Hiroyuki Sano, Joe Andrieu,
Patrick St-Louis, Ted Thibodeau Jr
*Transcript*
Benjamin Young: So Joe, was this one supposed to be cancelled?
Joe Andrieu: I don't know that was that your take.
Benjamin Young:
Benjamin Young: Yeah, that was the impression I got. I reached out to Monu
about it and he's like, " let Brent and Joe and whoever else be I'm
traveling." So,…
Joe Andrieu: Yeah, we should cancel.
Joe Andrieu: I don't know who can delete the event.
Benjamin Young: yeah, I tried to and that's when I reached out to Monu and
said, "I don't have access to it." And he was like,…
Benjamin Young: "Yeah, let it be somebody else's problem. so it looks like
you probably can. You're listed as an organizer if you use the event link
and log into your W3C account. it looks like Patrick here can as well.
Patrick St-Louis: I think it's too late can for me it's grayed out.
Benjamin Young: Yeah, you don't Yeah,…
Joe Andrieu: I mean through the W3. Interesting.
Benjamin Young: through the link that's at the top of the invite. And you
don't have to delete Just, mark it as cancel. the edit button.
Patrick St-Louis: So I can edit on the page the confirm cancelled is grayed
out.
Benjamin Young: Yeah. I think you're probably …
Joe Andrieu: It is letting me for what?
Patrick St-Louis: Okay.
Benjamin Young: is it?
Patrick St-Louis: So I listed as organizer but yeah.
Benjamin Young: Yeah. useful,…
Joe Andrieu: Yeah, I'd never seen that interface. So, if that's all we
learned today, that's some progress.
Benjamin Young: right? What I cancelled the whole series.
Patrick St-Louis: Okay. …
Joe Andrieu: It just canceled everything.
Patrick St-Louis: because to me it says this event is part of a big meeting
and…
Joe Andrieu: Yeah,…
Patrick St-Louis: some of its field can only be edited by the events team.
Benjamin Young: Weird.
Patrick St-Louis: So that's like a note.
Benjamin Young: Which are you on the November 5th specific event?
Patrick St-Louis: Yeah.
Benjamin Young: Because there is a series I'm never too late to cancel.
Joe Andrieu: I edited the series. So, that was my mistake. So, I'm just
going to update that one. so here's specifically this next event.
Patrick St-Louis: Might be too late to cancel because it's started.
Benjamin Young: No, I don't know.
Joe Andrieu: Yeah, that might be why.
Joe Andrieu: But I'm also not seeing how I can cancel a future event. I
see. you have to click through to the events. So, if I click through to
today's events,…
Joe Andrieu:
Benjamin Young: Yeah, that sounds right.
Joe Andrieu: edit this events, and I think, yeah, now they're grayed out.
I'm up to speed with where you were, Patrick. I found the UX…
Patrick St-Louis: Okay. okay.
Joe Andrieu: where it's all grayed out. Probably because it started. So,
Benjamin Young:
Benjamin Young: There we go. So now I see it as in progress tentative for
today and next week is cancelled and then the rest are tentative which is
fine.
Patrick St-Louis: So next week cancel and then the weeks after we will see
until at least December is
Benjamin Young: I know the immediate week after TAC a lot of people are
also cancelling those but it's kind of on each of the organizing groups to
decide.
Patrick St-Louis: All right.
Joe Andrieu: So we could make that decision now.
Joe Andrieu: Was anyone on this call last week when it was the render
method.
Benjamin Young: last week. Yeah, I was there and…
Joe Andrieu: So…
Benjamin Young: thank you that
Joe Andrieu: if we keep to the rhythm then we would be the next meeting in
the cycle. If we did we're skipping tack which is render method we're
skipping post tack because we went to a face toface we'll skip the next
meeting. If we do that…
Patrick St-Louis: 36.
Joe Andrieu: then am I doing that math right? Dimmitri would be the next
one meeting on the 27th, but the 27th is in the middle of Thanksgiving. 26
for Wednesday, But also the same problem. not as bad as Thursday. so I
think I should round the circle with Dimmitri and figure out…
Joe Andrieu: what we want to do post EPAC in terms of coordinating our two
groups. seems like the right thing to do.
00:05:00
Patrick St-Louis: Yeah, as long as we can update the meetings accordingly.
Patrick St-Louis: The meeting status for the coming week, that'd be great.
if…
Joe Andrieu: Cool. Yes,…
Patrick St-Louis: if they're canceled to cancel it and so on.
Joe Andrieu: I will close the loop with Dimmitri and update the calendar.
and my understanding is it the spec refinement call is always just either
week it's render method or…
Benjamin Young: Yeah, the main WG calls are on their own
Joe Andrieu: confidence method and if there's any VCWG meetings, Brent's
scheduling that in a different rhythm. Is that All right. then I will deal
with that scheduling logistics with Dimmitri. we could talk a little bit
about what's next. I'm not sure who's familiar with the process. sort of
where we're at.
Joe Andrieu: I understand we published the FPWD, and that is out in the
world and I think we need to queue up probably issues for what we're going
to do next. and then we should start processing those issues. the one issue
I know of, although I have to go find the repo because I don't have that
handy, we need to put at least one confidence method in the confidence
method. Dave, do you know what's the shortest route to getting spec text
for a confidence method?
Joe Andrieu: because it's probably something like proof of control,…
Joe Andrieu: proof of access, whatever we're calling that.
Dave Longley: Yeah, I thought we had some of that.
Dave Longley: Maybe we didn't in the CCG final report for did off. If we
don't, it seems to me that's the shortest path to having a implementable
confidence method.
Joe Andrieu: I am going to add that as an issue if we don't already have
one. And I did find the repo from what that's worth. I'll put that in my
bookmark so it's faster. I'll also share it in chat for folks who are
curious.
Joe Andrieu: And then the issues we have there levels adding more
confidence method types with multiffactor. most should it be name That's an
interesting question. I guess the did confidence method issue number 10. Is
that the same thing? Okay. So, I'm going to create a new issue for this.
Joe Andrieu: And I'll just call it Go ahead, Dave.
Dave Longley: Yeah, we definitely have an example in the spec today.
Dave Longley: It probably is lacking sufficient spec text, but we have an
example in the spec today. It shows a biometric portrait image as the first
one, but it's got several others. It's got a JSON webkey, a multi key, and
a decentralized identifier document. Each of those is listed but we need
spec text on if you have these types of competence methods what would you
do to prove the confidence proof of use whatever proof of control I put a
link in the chat here to the example we have spec
Joe Andrieu: I'll include that link in my issue here. So, we do have an
example. We just don't describe what you do with it. do we have any more
detailed discussion of did off anywhere? I agree. It feels like we have
talked about it more…
Joe Andrieu: but it probably got excised as the spec matured.
Dave Longley: Yeah, I mean…
Dave Longley: where we talk about it is in the VCOM spec. here is a link to
that other specification. That's the response format that talks about what
you would provide and then above that is the did authentication query
format.
00:10:00
Patrick St-Louis: Okay.
Dave Longley: So we have a query format and response format over in the
VCOM spec. So we might need to figure out how to best reference these and
with the rechartering and process that might become a lot easier. There
would also be in the oid forvp spec in the oid for vci spec I believe there
are sections where you provide a proof that is based on a did and those
could also be referenced as ways to do proof of control with did oid for vp
yeah that's Yes,…
Joe Andrieu: What were the two oid for VC and okay so for VP and for VC and
VP basically LVC is a VCI Yeah,…
Dave Longley: There's three letters for that one. Yep. The distinction
between those two protocols is the VCI one is for issuance which is what
the I for is for and the VP is for presentation.
Joe Andrieu: I'll withhold comment. So, I'm putting those into the issue
and I will track that down to try and create some spec text.
Joe Andrieu: do we know of any other issues that are not currently in
issues like people on this call? do we know of things we should be adding
to this list? I just knew about that one because that was something we had
already talked about.
Dave Longley: Nothing jumps to mind, but I don't know if you intend to go
through the issues list after this,…
Dave Longley: that might jog people's memories if there's anything that's
left out. I don't know if we wanted to go one by one. it's up to you
obviously.
Joe Andrieu: Yeah, I'm torn.
Joe Andrieu: 10 minutes ago I had been expecting we were just going to
cancel because I think a lot of us thought this was cancelled. but we
figured out how to start up the meeting and now I feel like we're being
productive. what's the sense of the folks who aren't me? What do you guys
think? there were only 10 issues, eight issues, something on the order of
half a dozen issues. we could go through them real quickly.
Dave Longley: Something that is minimally done sometimes is marking the
issues as a level of effort even if we don't want to dig into them. I don't
know if we have the tags for that low effort high or whatever just as
something to mark as we don't do full triage or anything but just something
to flag them so that we have an outcome from looking at them.
Dave Longley: is a suggestion.
Joe Andrieu: Okay. Yeah,…
Joe Andrieu: it's a good idea. I'm checking the labels that we have. So, I
don't think we quite have what you were suggesting. yet. So as a class 1 2
3 4. We can flag future ready for question but we don't have any other
traction. So I guess what triage makes sense. Dave, you seem to have an
idea.
Joe Andrieu: It could be accepted or assigned. You were thinking level of
effort.
Dave Longley: Yeah. …
Dave Longley: how much freedom do we have to create these labels? I mean
you are the first editor on the spec. We can always delete the labels later
if that's a problem. I don't think it's a huge issue. Do you have the
permission to create a loweffort or…
Joe Andrieu: Yeah. Is it mechanically?
Dave Longley: a high effort label? Seems useful to me.
Joe Andrieu: That's interesting. Can I create a level? edit labels. Yeah, I
think I can. So, technically I do have the capacity. So, low effort.
00:15:00
Joe Andrieu: I guess ready for peers in a different dimension. although do
we have a needs discussion? Nope. So I will add that.
Dave Longley: Yeah, that's always a good one.
Joe Andrieu: So, I think some of these we may not know what the effort is
because we don't know how we want to treat it. Let me add these real quick
Joe Andrieu: And then maybe I'll just share my screen and we talk through
the issues.
Dave Longley: Sounds
Joe Andrieu: Thanks, ve. And I will go through them in reverse order. So
the oldest one here is confidence method 10.
Joe Andrieu: The issuer adds a confidence method that allows a set of DIDs
who are authorized to present the VC. Stankin mentioned three weeks ago.
Dave Longley: So, this dimension is a little bit different. just reading
what's on the screen there, they're talking about who is authorized to
present a VC, which doesn't really match the VC model.
Dave Longley: An issuer doesn't get to decide who's authorized. they can
certainly put a confidence method in a VC and a verifier could decide that
you must use that if they want to accept your VC. But this is not an
authorization model.
Joe Andrieu: That's right.
Dave Longley: So you could approximate this. but it seems like hey there I
am. I said that. you could approximate that but I think either way what's
missing here is putting more spec text to a particular conference method.
this isn't quite a duplicate of the issue that was just filed …
Dave Longley: because there is some discussion here about how people are
looking at it from an authorization perspective. I don't know how much we
need to dig into the issue.
Joe Andrieu: Yeah no that's good rehydration.
Joe Andrieu: So now we have two issues that we are talking about. but what
tag? So if we're doing a triage Dave this just needs discussion
Joe Andrieu: clearly. Okay,…
Dave Longley: Yeah, let's put this one down for needs discussion and…
Dave Longley: maybe link it to the one that was just filed.
Joe Andrieu: I think that makes sense. So he had linked it here by the way.
Dave Longley: I meant the one you just filed. I think might also cover this
one. If we just add to the spec a confidence method that I wonder if we
want to instead of calling it possible duplicate why don't we just this is
related to issue whatever was just filed that one issue 20 could possibly
be solved by addressing in the same
Joe Andrieu: Okay.
Dave Longley: I mean my personal view on it is if somebody I think it's ill
advised to build a authorization model on top of ECS but if somebody wanted
to do that and model something out then they would be able to use this spec
which would show how you could model at least one type of confidence method
and put it wherever you wanted and they could build some model around that,
but I would not have this spec say here's how you do authorization with
VCs. So, in light of that, I think a PR to solve the issue you just raised
would enable someone to go off and make an authorization model if they
really wanted to.
00:20:00
Dave Longley: But the verifier's business rules don't go in the issuers's
statement.
Dave Longley: primarily because they're not the same party.
Joe Andrieu: Yeah. Yeah,…
Joe Andrieu: I'm with you on that. So, we flagged this as needs discussion.
does it now that we've moved it over to 20? I think we just put on a needs
discussion tag…
Dave Longley: Does it
Joe Andrieu: but then I think we discuss it such that we're moving the
momentum of this question over to the new issue number 20 and then when we
resolve 20 we will come back to this issue and say hey did this also fix 12…
Dave Longley: That seems right to me.
Joe Andrieu: then I'm going to remove the needs discussion oops that's not
how I remove
Joe Andrieu: And is there a way we would describe this as needs Ready for
PR?
Joe Andrieu: It's not quite ready.
Dave Longley: Yeah, let's put it as ready.
Dave Longley: Ready for PR.
Joe Andrieu: All that's one issue addressed. Let's go back to the did
confidence method. so this predated what we just put in, right, about
creating a did off, but it seems like it's similar. Okay.
Dave Longley: Yeah, I think it's the same thing. I think this is just a
duplicate of the one that was just filed.
Joe Andrieu: And then this one also ready for PR. Is that still the right
tag? Okay.
Dave Longley: If we're going to mark a duplicate, we would normally close
this one and go mark the other one as ready for PR. So, we'll keep the
issue open that spawned this one cuz it's sort of like we had two. we in
effect had three different issues all doing the same thing.
Dave Longley: But we'll keep the one that spawned it Close that
intermediate one and put this one ready for PR.
Joe Andrieu: It's not quite.
Joe Andrieu: Arguably the one we just closed was the first one, but I don't
think that's relevant.
Dave Longley: Yeah, that might be true.
Joe Andrieu: All So, that's 11 and 12. we didn't talk about 12, but I think
that's going to be I guess the question on this one is what do we call
this? I see these are two different.
Joe Andrieu: Does a spec have a verification key confirmation?
Dave Longley: It does. I don't think it's called that anymore. I think this
is probably out of date with what is that example I linked to. Let's see.
The types that were listed in there were just keys and decentralized
identifier document were listed. So, they weren't listed as a confidence
method type. Yeah. there's some inconsistency clearly. Yeah.
Joe Andrieu: It's an example is the issue, Not a description of what the
method is. so I think this one
00:25:00
Joe Andrieu:
Dave Longley: It's really a duplicate of the one we just filed as well.
Joe Andrieu: So, we're going to close this.
Dave Longley: That seems right to me.
Joe Andrieu: Giving a pause in case anyone wants to chime in with an
alternative. this one's easy because it's needs discussion. My view this is
confidence method to authentication.
Joe Andrieu: Manda was a fan of this and when it came up maybe two weeks
ago, I spoke up and said, I think it's importantly different." so we can
just flag it for discussion. And as much as it would be fun to discuss it
now, I think I want to go look at rest of the comments. But I do see we
have good comments both ways. Thanks for your comment, Ted. Thanks. thank
you. Align with motive claim 169.
Dave Longley: I would say if nothing else this probably needs discussion
and ideally some engagement from some res representatives. I don't know how
easily that can be accomplished but the time zone so it might need to be
done asynchronously but I would just leave it at needs discussion.
Joe Andrieu: So, yeah, I think we should cue that up and hopefully get some
of the most guys to show up if we can. this should be fixed maybe not.
Dave Longley: I saw an email thread somewhere with that. It must have been
this. There's the ID number. So, yeah.
Joe Andrieu: It's a different number than I put in there.
Dave Longley: And they just joined the meeting. So, the question's there.
should they open a poll request? How do we get the number in
Joe Andrieu: Very good. Yes. Denin, can we say you joined us?
Denken Chen: Yes.
Joe Andrieu: All right, we were just going over the W3C ID value and we saw
you commented on it. So yeah, just put in a pull request. it is an edits
right on that index file. So you could just change that one line and we
will get it accepted.
Denken Chen: Sure.
Joe Andrieu: So I'll just note here yes please and we'll mark this as ready
for PR. confidence levels from the issuer. So, Denin, we are right now just
hydrating through the issues that we have on the confidence method.
Joe Andrieu: spec and labeling them as low effort or needs discussion or
ready for PR. we haven't come up with other ratings but the next one that
we want to talk about is one that you raised. So could you tell us about
this confidence levels from the shorter question?
00:30:00
Denken Chen: Yes So this is one of our internal research when we receive
some requirement from the banking service and the re reason is that there
are lots of different banking functions that requires different kind of
levels of confidence methods. For example, when they are open opening a
bank account, they need very high assurance level of the certific
credentials. however, when there are only just to make sure you approve
some transactions from the foreign countries, they could just need some low
level of the assurance levels to make sure that you are indeed the person
that approved that transitions.
Denken Chen: So I think that's one of the overall trust framework that
could suit different needs of different behaviors. so that we put the
frameworks here. but we are open to discussion to see that whether there's
any real application scenarios that would be helpful for them. Guest.
Joe Andrieu: Okay, thanks go ahead Dave. I also tell Ted we probably want
you to chime in,…
Joe Andrieu: but go ahead Dave.
Dave Longley: Yeah,…
Dave Longley: just real quick I wanted to say another area there's a true
age program that uses something similar to this. and the way that that
program went about implementing it is by issuing a level of assurance
credential that included within it a confidence method. And so it might be
that this is clearly a valuable use case, but it might be that the way to
go about solving it is if a particular party has done performed
authentication themselves on a particular subject, they could issue such a
credential and they could include in it a confidence method that could
potentially be checked again somewhere else…
Dave Longley: if desired used during presentation of that level of
assurance. Trans credential.
Joe Andrieu: Okay, thanks.
Joe Andrieu: There 10 Canadian.
Ted Thibodeau Jr: most of what I had to say is already written there which
is primarily that level does not make sense to me when applied to a method.
your confidence may be high if you checked the passport but that's not a
confidence level checking a passport. really that's it.
Dave Longley: And I think that kind of speaks to the alternative way to do
this, which is if you issue a level of assurance credential, it's bound to
a specific level from one of these NIST documents or so on. You say the
level that you performed, which if you follow those documents, it says what
was required for you to do And then you list a confidence method optionally
in that VC that someone could use to provide along with the presentation of
the level of assurance credential they received from someone else.
Joe Andrieu: Okay, I'm calling on myself. yeah. to me it feels like because
if I understand where you're coming from, Denin, what the verifier is
looking for are sort of externalized signals that have been vetted by an
external authority to say, "Hey, this satisfies my government compliance
requirements like it it meets NIST LOA3 or whatever."
Joe Andrieu: that makes sense to me but I think it is a function of the
method not of this credential itself. which is to say I think if we had a
specific confidence method that for example the verification key method
that we touched on earlier that has the example in the spec. I believe that
method will provide an LOA. I don't know that it provides different LOAs in
different situations. I think that we could probably address it there if
the type in fact maps that way to Go ahead, Dave.
Dave Longley: Yeah, I think that's true. And I think sometimes there might
be requirements to provide multiple methods of authentication and I think
we might find in order to achieve a particular level you might need to
provide multiple methods and so we might find it difficult to represent
that in the competence method itself rather than something that wraps one
or…
00:35:00
Joe Andrieu: Okay, thank you.
Dave Longley: more confidence methods as needed or just something else that
declares. I did indeed check this to this level because that level might
have required the person to be in person, present two pieces of
documentation, whatever else.
Denken Chen: It probably started from our special cases that in Taiwan we
try to issue different credentials. in most country they started with
driving license, right? but in Taiwan we have lots of different credentials
already and even the most common one including the driving license and the
health insurance card and student card. And for some scenarios for example
we are building a merchant pickup at a convenience store. They don't really
cares about your assurance level is pretty high.
Denken Chen: they just even a student card with pretty low assurance level
will be good enough. so I think this whole assurance level is for different
kinds of credentials to suit different kinds of verifier scenarios to make
the whole ecosystem broader. Yeah.
Joe Andrieu: what did you think about I guess Dave also disagreed with it
but in my head maybe this was a little bit simplistic or over
oversimplifying that a particular confidence method in its execution
established a particular LOA. and it's not clear to me that a particular
confidence method would be usable for different LOAs. In other words, if
you wanted a different LOA, you would probably use a different confidence
method.
Joe Andrieu: Please go ahead.
Dave Longley: And just a jump. No one's on Q. It's not clear to me that I
agree with some of what you're saying, but it's not clear to me that it
would be useful to mark certain confidence methods with a certain level,
especially when you provide the two of them together, you get to a third
level potentially. or if you provided them in a particular setting, for
example, in person, if you use this in person, it changes the level of
assurance. And so, it seems to me like it would be a challenge or less
useful to put that marker on the confidence method itself, which then
you're also trusting that the issuers stated that properly.
Dave Longley: It's really going to be verifier is going to analyze what the
thing is that is being used and put that into their workflow and say you've
got to do this this and that establishes a level of assurance three for
example. So it seems to me like there's some external thing that has to
wrap these confidence methods or put them together or reference them as
opposed to each confidence method being able to declare something like that
and have it be useful and…
Dave Longley: be composable.
Joe Andrieu: Okay, that sounds right to me.
Joe Andrieu: Dankin, does that feel aligned with the use cases you're
trying to resolve here or…
Denken Chen: Yeah, I need to digest a little bit. Yeah.
Joe Andrieu: So, I'm going to make my comments here. Happy to adjust it.
I'll leave it on screen as I can't scroll up. I was gonna go just mark it
as needs discussion. and we can come back to this, Denin, after you've had
a chance to see how that addresses doesn't address where you're coming
from. All right. Let's look at our next issue.
Joe Andrieu: adding more confidence method based on multiffactor
authentication. I see Ted made a comment on 16. That was basically your
same note that you just raised, right Ted? That confidence level seems a
little weird.
00:40:00
Ted Thibodeau Jr: Yep.
Joe Andrieu: So this feels like just a proposal to include more confidence
method types which I think is we're open to. I think it's just a matter of
timing. I'm not sure what our timing threshold is especially with the new
BC charter process going through.
Joe Andrieu: but my hope is that we're going to get a minimalist something
through with this cycle. does anyone else understand more what the time
frame on quote unquote this cycle is? I guess I'll bring that up at TAC
next week and just try and get a sense of, when do we need to get to what
deadline and we can review that next week because I think, there's one
version of this spec we can do that has it just has some form of did off or
some form of crypto use, proof of access, proof of control. and that's it.
And we ship that and publish it.
Joe Andrieu: and then deal with adding more confidence methods when we have
a little bit more time. But I don't know what those horizons are. so I
think here maybe needs discussion. Does that label make sense?
Dave Longley: Yeah, I think
Joe Andrieu: Thanks Dave and All And I think we're getting close. I think
there's just one more we already talked about we haven't assigned these.
So, I'm going to go I think did that's me. I will take that on. and then I
think the one that we just tagged for confidence levels from the issuer.
I'm going to tag you for that, Dan, if that works for you.
Joe Andrieu: So you can come back and let us know how this discussion
landed with your team.
Denken Chen: Sure.
Joe Andrieu: We have a ready and also this one. that is assigned to you
already. Confidence level is not sufficient on its own. Go ahead Patrick.
Patrick St-Louis: Sorry, I might have zoned out and…
Patrick St-Louis: missed that part. I want to talk about did as initial
confidence method. so how exactly did a confidence method and how would
that look like?
Joe Andrieu: Okay. …
Joe Andrieu: that is a great question. what you triggered for me is that
maybe it did to me was a shorthand for you've got a public key and we're
going to do a challenge exchange. but to…
Patrick St-Louis: Okay.
Joe Andrieu: but to your point, maybe we don't need to entangle in this
confidence method. We could just do the public key proof of control. Dave
Patrick St-Louis: I'm trying to think cuz for me, data is a presentation
exchange basically like you it's a very simple presentation with no
credential that a verifier ask from a holder. and when I think about
confidence meta that's a property on a credential that has a type and an
ID. I'm just curious how does the confidence method what does it have to do
with it did not what would it signal or how would this work?
Patrick St-Louis: because for me did the main use case I think the most
common use case is the credential subject is of the ID that's going to did
right it's did of the holder that will do the odd so it's kind of just
implicitly a verifiable credential feature just curious how does that
relate to a
Patrick St-Louis: which confidence method for me currently as I understand
it is whatever means can add a little bit more legitimate to the
presentation of that credential to the use case that the credential is
presented to add a little bit of confidence in…
00:45:00
Patrick St-Louis: whichever goal the verifier wants to achieve.
Joe Andrieu: Yep. let me respond.
Joe Andrieu: I see you on the queue. my sense of this is that a confidence
method that might be of a type did off or did something would indicate that
here is the did for which you can did off ceremony to get confidence that
this person is the person who is represented by the ID. so the property in
the VC is just an indicator of other processes you might go through. for
example I imagine a confidence method eventually will have some sort of
biometric template or a hash of a biometric template or that kind of thing
and the way that you actually get the confidence is you go through an
independent execution of that same protocol but you have the template.
Joe Andrieu: So the verifier would say step up to my biometric scanning
device and I'm going to perform that ceremony. And I think in the same way…
Patrick St-Louis:
Joe Andrieu: if there's a dead off confidence method then we're expecting
the verifier is then going to go perform that ceremony.
Dave Longley: Yeah, I wanted to add something vital to that which is around
the privacy preserving aspect of this. So it's one thing to say a person in
a VC is identified by this did and it's another thing to say there's a
person in this VC they don't have a global identifier associated with them
but they have these confidence methods that can be used biometrics may it
something that might be considered like a device or just it's just a
confidence method that has a date associated with it.
Dave Longley: You could use any of these things to establish additional
confidence that the person that is presenting this VC is indeed that
person. And that also allows you to selectively disclose those confidence
methods as that person deciding which one you might want to use to help
establish confidence at that verifier. So there are important privacy car
characteristics around it and it's also important to coup Not everybody
wants to use a DID to identify a person. it doesn't always make sense to do
so. it frequently does not. and you might want to use it instead to
identify a competence method that you could use to establish confidence
that you are a particular person.
Patrick St-Louis: Okay. That's interesting. So then the first thing I think
about when you mention that is the topic of pseudonyms, So from how I
understand it is it's a way that a holder can generate a unique public key
for a specific verifier. so is that an example of something that could be
enabled with this did confidence method is that it's a way there's a
mechanism by…
Joe Andrieu: Go ahead, David.
Patrick St-Louis: which by interacting with this confidence method the user
could generate a pseudonym of some sort.
Dave Longley: Yes, I think that is another way it could be done. Certainly,
that is an option. I don't know if we'll get to specking something like
that out. the simplest version is just there you can choose to reveal a did
associated with this person in some way or associated with a device they
control. but it is certainly the case that if we had enough time and
interest and implementers that you could implement what you just said as
Patrick St-Louis: Okay, think I understand it. So for use case that there's
not necessarily a credential subject id did value that can be used for
whichever reason they can include did in a confidence method that can be
used for did odd.
Joe Andrieu: Correct.
Patrick St-Louis: Okay that makes sense. So I guess it could be for some
things that the credential subject is not the person itself but the
confidence method would show the did of the person owning what is depicted
by the credential subject. Could it be used if I have a health card, I
don't have a dead on my health card. but it's in my wallet.
Patrick St-Louis: So if you would have the health card as the credential
subject and you had a confidence method that kind of maybe bound that
health card to the holder's wallet.
00:50:00
Dave Longley: So without getting too deep into the data modeling there, the
short answer of that is you could model a card in some way and also express
a confidence method in the same VC.
Dave Longley: Don't want to deep dive into how exactly that would look, but
yes, that use case would be supported.
Patrick St-Louis: But the conference method could be used as a wallet
binding component that happened during issuance that doesn't necessarily go
in the I guess it is a credential…
Dave Longley: Yes. Yeah,…
Patrick St-Louis: but doesn't go in the credential subject but is kind of
just adjacent to it.
Joe Andrieu: So yeah,…
Dave Longley: just quickly you might want to think of it instead as a
confidence method for presenting the card as opposed to making it into a
person every time.
Patrick St-Louis: Yeah. Yeah.
Dave Longley: So that was one reason I didn't want to dive into data
modeling
Joe Andrieu: we should wrap. my quick comment on that is I think of it as
this is a confirmation to establish that the presenter is the And so it is
about the subject. it is a mechanism by…
Patrick St-Louis: Right. That confused me.
Joe Andrieu: which you have confidence that the current presenter is that
subject. So it cannot depend on having already figured out who the subject
is if that makes sense.
Patrick St-Louis: But okay,…
Dave Longley: Yeah.
Joe Andrieu: Very good.
Patrick St-Louis: maybe we can resume the conversation because I would say
in this case, why not just have just use a subject ID?
Patrick St-Louis: interesting.
Joe Andrieu: …
Joe Andrieu: I think this then is back to needs discussion, which is fine.
And I'm going to keep the ready for PR because I think it is also ready for
PR. all right. I think that's a wrap for our first confidence method
focused meeting and thank you all for showing up and surviving through our
technical questions about how do we get this started and what are we doing
together. So I will sync up with Dimmitri who's running the
counterprogrammed confidence method or render method meeting and we will
let everyone know when we resume after TEC. So thank you all. Appreciate
your input.
Patrick St-Louis: Thank you. Have a good day.
Meeting ended after 01:04:38 👋
*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Wednesday, 5 November 2025 23:09:55 UTC