- From: <meetings@w3c-ccg.org>
- Date: Wed, 21 Jan 2026 15:49:48 -0800
- To: public-vc-wg@w3.org
- Message-ID: <CA+ChqYfPChF-fWC5q9CAnFOLh+wm514ztyfBG0G0-MeEv33qvg@mail.gmail.com>
*VCWG Spec Refinement - 2026/01/21 11:00 EST - Summary*
*Attendees:* Benjamin Young, Dave Longley, Denken Chen, Dmitri Zagidulin,
Elaine Wooton, Hiroyuki Sano, Ivan Herman, Joe Andrieu, Kevin Dean, Manu
Sporny, Michael Jones, Patrick St-Louis, Phil Archer, Phillip Long, Ted
Thibodeau Jr, Will Abramson
*Topics Covered:*
-
*Recording Infrastructure and Off-the-Record Discussions:*
- Manu Sporny provided an update on improvements to the recording
infrastructure.
- The process for recording meetings and obtaining consent was
discussed, with Phil Archer clarifying that an explicit verbal
statement at
the start of the meeting is sufficient if there are no objections.
- The use of breakout rooms was presented as a method for having "off
the record" discussions, although acknowledged as more convoluted than a
simple scribe stop.
- A mechanism for linking chat messages (specifically GitHub links)
to timestamps in the transcript was proposed, which could then
be used for
issue linking.
-
*Issue 12: Confidence Levels Not Sufficient on Its Own:*
- The discussion clarified that the VCDM already supports multiple
credential subjects, and the need is to provide better examples and
descriptions within the confidence method specification.
- Ivan Herman confirmed that recent charter changes allow for
modifications to published recommendations, meaning updates to VCDM are
possible if necessary for new recommendations.
- Manu Sporny agreed that there are no charter issues and that the
group has the necessary components to create an example.
-
*Issue 14: Biometrics and Confidence Methods (Ready for PR):*
- There was consensus that this issue is complex and requires engagement
with MOSIP due to their production work.
- Manu Sporny highlighted the privacy concerns and potential patent
minefields associated with biometric templates, suggesting a focus on
simpler biometric methods like facial portraits initially.
- The group agreed to split the work into two PRs: one for a simple
facial biometric method and another to engage with MOSIP for more complex
integrations.
- Denken Chen will draft the first PR focusing on facial portraits,
and Joe Andrieu will take the lead on coordinating outreach to MOSIP.
- The importance of selectively disclosable confidence methods, even
for biometrics, was emphasized.
-
*Issue 16: Confidence Levels and Charter Change:*
- The discussion revolved around whether changing the specification
title from "Confidence Methods" to "Confidence" required a
charter change.
- Ivan Herman clarified that the working group has the right to
change specification titles at any time and that a charter change is not
strictly necessary.
- Phil Archer noted that while possible, updating VCDM requires a
rigorous process.
- Manu Sporny suggested making the change to "mechanisms" (plural) in
the charter to better reflect the scope.
- Joe Andrieu agreed to handle the commentary on the charter change.
-
*Issue 17: Passkey Support:*
- This was identified as an area for future research and discussion,
with a note that Brent had expressed interest in exploring
passkey support.
- The group agreed to keep this issue open for future discussion.
-
*Issue 20: Confidence Method Example (Ready for PR):*
- The group agreed that this issue is ready for a PR, with Joe Andrieu
taking the lead on drafting it.
- Manu Sporny and Ivan Herman provided feedback on the example,
suggesting the need for new types and clear definitions within existing
vocabularies (security or verifiable credential vocabularies).
- The example should specify the use of decentralized identifiers and
potentially reference protocols for utilizing confidence methods.
-
*Issue 21: Privacy Concerns and Biometrics:*
- This issue will address privacy concerns, including the suggestion
that all confidence methods should be selectively disclosable.
- Manu Sporny elaborated on the tracking vectors associated with
biometric data and the importance of understanding the policies
of entities
processing this data.
- The need for further R&D on verifiable fuzzing of biometric
portraits was mentioned.
- The group agreed to include warnings about the dangers of sharing
biometric portraits and to emphasize a "do not share by default"
approach.
- Manu Sporny will find a URL for the EFF's response on online age
verification.
Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2026-01-21.md
HTML:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2026-01-21.html
Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcwg-spec-refinement-2026-01-21.mp4
*VCWG Spec Refinement - 2026/01/21 11:00 EST - Transcript* *Attendees*
Benjamin Young, Dave Longley, Denken Chen, Dmitri Zagidulin, Elaine Wooton,
Hiroyuki Sano, Ivan Herman, Joe Andrieu, Kevin Dean, Manu Sporny, Michael
Jones, Patrick St-Louis, Phil Archer, Phillip Long, Ted Thibodeau Jr, Will
Abramson
*Transcript*
Joe Andrieu: Howdy, folks. There you go.
Phil Archer: Hey Joe.
Phil Archer: Hey Phil everyone.
Joe Andrieu: All right, Are we expecting anyone else? Thank you're
responding. You have to be muted. All right. we'll at least give it another
minute or so for Den to get connected. I'll try chat to let him know we
can't hear him.
Joe Andrieu: I'm a little worried about Den.
Manu Sporny: He in chat said just get back to him. I guess he's having
audio issues.
Joe Andrieu: Yeah, I did not see that as I was looking in other chat
channels. we can go get started. our plan was to just go through our issues
together. go to any final decisions on labels we might need. specifically,
to the version of the first that's going to go to CR. so let me pull that
up and share screen. Does anyone else have anything to add to the agenda
other than reviewing issues?
Joe Andrieu: Go ahead,…
Joe Andrieu: Manny. …
Manu Sporny: I have one thing on a request from Avon about the recording
infrastructure.
Manu Sporny: Just a very quick three minute update on that.
Joe Andrieu: that would be great. I was actually curious. I saw that Jim
and I asked we wanted to transcribe stuff. So, let me get an update.
Manu Sporny: So, that was the first thing. when you join the meeting, it
asks you if you're okay with recording or not. I don't know if that
replaces or does anyone object to recording the meeting thing. that's a
question for Brent probably or one of the Phil W3C process is not clear on
what exactly is acceptable does you clicking on a button saying that the
meeting's being clicking okay mean that you're okay with it? would imagine
so but that's the first question.
00:05:00
Manu Sporny: but Joe, I'd just probably do the standard, is until we have
an answer, just ask if anybody objects to the recording. the other update
is that one of the things that was a challenge was not being able to say
things off the record. I found out that if the chairs create a breakout
room, you can say things off the record. So, you go into the breakout room,
the breakout room is not recorded. it does not show up. In fact, all of us
can jump into the breakout room. Someone can say, we can have a whole
discussion off the record and then once we're done with the discussion, we
can come back into the main room. that is not nearly as nice as just
telling the scribe to stop scribing, but it is possible. So, I don't know
if that meets your saying things off thereord concern.
Manu Sporny: and then the final concern is getting the issues and the
minutes linked together with topics. I'm still thinking about the best way
to do that. the only option I can think of is that as people drop issues
into the chat channel, they are timestamped. we can have the bot scan
through the links that people posted and inject them into the minutes. and
at that point, I think the issue the script that we have might be able to
pick up on that and do the appropriate linking.
Manu Sporny: So I think those are the proposed upgrades to the
infrastructure that would hopefully meet upon your remaining concerns about
using the infrastructure and…
Manu Sporny: everyone else's, I mean, it's not just with the concerns. so
I'll stop there. people yeah that would be just the chat channel in Google
Meet,…
Joe Andrieu: I have a question about the last bit you said I heard you say
there's a mechanism whereby someone on the call could list an issue in some
chat channel and…
Joe Andrieu: that would be processed. Could you just walk through what that
flow is again? Yeah.
Manu Sporny: so we're meeting right now and then there's a little text box
in the bottom right of the screen. You click that, you paste the link in
there and that goes into a separate file for whatever reason. It goes into
a separate file. We would have to update. Currently, we totally ignore that
file. it's just dropped on the floor, And then deleted after 30 days. and
nobody has access to it but the meeting organizers. we can modify the
process so that the bot retrieves that file and it only looks for GitHub
links or it just looks for URLs and if it finds a URL it'll inject that URL
at the appropriate timestamp in the transcript.
Manu Sporny: So it will show up in the transcript and then if it shows up
in the transcript I think Avo PA's tool can then do the appropriate linking
to the GitHub issue for example. Yep.
Joe Andrieu: Cool. Thanks,…
Joe Andrieu: Okay.
Phil Archer: Just very briefly,…
Phil Archer: I think what Brent said about this was as long as you say at
the start of the meeting, this is what we're doing. This is how we're
recording Any objections? and if there are no objections, you're good to
Carry on. I think it's as simple as that. But I think you do need to say it
out loud every time.
Joe Andrieu: Appreciate that, Phil.
Ivan Herman: Yeah. …
Ivan Herman: two questions. So, I try to answer both. I don't really know
what it means to go to another room. I mean, maybe we will find some time
to test it. Not necessarily today, but at some point. I mean it sounds very
convoluted. does it mean that some people will leave this chat and going to
another one so we don't hear them anymore or I don't know what it means.
but it sounds extremely convoluted in any case. The other thing with the
URL that's not necessarily enough because we need two things. one is in
some way or other control the sectioning and then the adding of the links.
Ivan Herman: the adding of the links okay you can do that and that's great
and that's part of the answer but what Pant one script does is at the
moment I think that he picks the link at the very beginning of a section
either in the section title or in the first line of that section and then
he copies the section itself into the GitHub. at the moment, the sectioning
is a bit Yeah, I see Dave Longlin do that. So, that we could use the topic
like we do it in the usual IRC channel and add the URL into the topic or
right after the topic.
00:10:00
Ivan Herman: If you can pick these two things together and pull it into the
generated minutes, then I think that Panton's script will roll.
Ivan Herman: And I haven't written that one, so he is the final arbiter on
that, but I think it would work.
Joe Andrieu: Okay, thanks Ivon.
Joe Andrieu: Let me interrupt myself. I should have done this as soon as
you recommended it, Phil. I do think we're recording this. So, this is
notice that we are recording this and your continued participation is
acceptance of that fact. So, thank you for being on the call and Phil,
thanks for mentioning that and saying that's what we should do. back to
you, You're next.
Manu Sporny: Yes. So, what Dave said is what we could do. I think that
would address the concern or, it would address that. Right now, the topics
are autogenerated by the LLM. So the LLM reads the entire transcript and
then it breaks it into four to six topics and then bunches stuff as it sees
fit. we can get that back into a manual mode so that if somebody explicitly
puts topic subtopic colon in a GitHub issue, it'll have the same function
as it does today.
Manu Sporny: As far as the meeting,…
Ivan Herman: The you said GitHub issue.
Ivan Herman: You mean put the topic into the meeting chat?
Manu Sporny: that's correct. Yeah, but I think…
Ivan Herman: That's not…
Manu Sporny: if you put subtopic colon in the GitHub link,…
Ivan Herman: what you said.
Manu Sporny: it will go and create a subtopic and title it appropriately
and all that kind of stuff. I think that works with one of the tools. I
don't know which one. sure.
Ivan Herman: That works only the old one. that's the whole script which I
put aside. so you cannot get the title back from the issue and generate the
normal title or you have to somehow compromise P want to do the work for
that because he took that over yeah of
Manu Sporny: I mean it's all software.
Manu Sporny: we can add the feature where right it's clear how to do the
technical implementation we just need to find out who gets to carry that
ball. the other thing about breakout rooms it's not really that complicated
that the chair there's a little button in the bottom right see all those
little dots right by the padlock icon.
Ivan Herman: Come on.
Manu Sporny: the chair would click meeting tools, they would click breakout
room, and they would force all of us into the room if somebody wants to say
something off the record. it is more involved. but, I don't think it's
complicated. It's just, the chairs push, someone says, "I want to say
something off the record." they type that into the chat, the chairs see it.
Manu Sporny: the chairs force everyone into a breakout room or even a
subset you can pick a subset of people and then once the conversation's
over the chairs close the breakout room and…
Ivan Herman: Okay.
Manu Sporny: we're all pushed back into this room. So it's just the chairs
clicking two buttons that does that process.
Manu Sporny: That's it.
Joe Andrieu: Okay. …
Joe Andrieu: I wanted to add two things. one, I agree with most of what you
just said, Manu, about the breakout rooms. It's not as complicated as it
sounds, but I do think it's a really high threshold compared to, hey, I
need to say something that's off the record. and so that's just
unfortunate. but if we have a topic that we're getting heated about, we
could say, "Hey, let's move this to off the record so we have that option
at least. it's just not ideal." But it sounds like we have some general
consensus towards let's mine the chat log and we'll figure out how to
leverage some of the tools and techniques in that we've been using in IRC
over there. But my question is how do we prioritize and resource that work?
Joe Andrieu: as Ivon mentioned, we have to get PA to help or someone else
to help. Someone's got to actually write some code.
Phillip Long: Oops.
Manu Sporny: I can always do it in my spare time which is how we're
currently using the system we have now that doesn't mean that I can commit
to a timeline would love some help if somebody else wanted to jump in but
if not it'll just happen when it happens especially I just need to know
that, if I go to the effort of building this thing that we're actually
going to end up using it.
00:15:00
Manu Sporny: I don't want to spend a bunch of time building something and
then find out that someone's going to object to, the upgrades. That's it.
Joe Andrieu: Yeah, that makes sense.
Joe Andrieu: So, let me ask the group. is there anyone…
Ivan Herman: Sorry I wanted to answer money.
Joe Andrieu: who has any concerns about using the chat in this way? I see
Ivon's on the queue. Go ahead, Ivon.
Ivan Herman: So I would propose with you or you and I as you prefer money
talk to Kanttoan because he does maintain that script which is also an
action which is used on various different working groups and some of the
changes that he did was because so he is answering to pushes in some sense.
Ivan Herman: So if we talk to him and he will tell us the whole thing is
written in rust. I don't know whether that's a problem.
Joe Andrieu: That's great.
Joe Andrieu: Okay, thanks Ivon. So this feels like we have a direction.
Phillip Long: Okay.
Joe Andrieu: We have folks who are interested in making it happen in Manu
and we have resource constraints issues. So we'll put it on the queue but
not expect it tomorrow. Manu I know it'll take Any other thoughts on that?
All right. Let's move on to the issues. we have cherry picked a few of them
although we don't have them flagged for that. But the first one is 12.
confidence levels not sufficient on its own.
Joe Andrieu: Dan, why did we choose this one to talk about today? He said
blocked by charter.
Denken Chen: Yeah, let me take the look at this. So we had a agreement to
add multiple subjects in the VCDN for more example description about the
possibility of delegating mechanism or any relationship between the
different subjects within the VC. So for example, I could add my family
members to my medical pre prescriptions. So any of my family could hold
that VC and present it to the drugstore to help me to get a drugs medicine.
Denken Chen: So I think it's blocked by we need a next VC charter to have
some modification within BCDM.
Denken Chen: Yeah, that's it.
Joe Andrieu: …
Joe Andrieu: I thought we were just going to add some examples in our
document. And it seems to me, at least as I am understanding how we're
going to tackle this, we are not changing anything that's conformant. just
giving an example. So, where did we get into trouble with the charter? I
see Evvon. Are you still on the queue? Or is that old? Ivon, you're both
muted and you have your hand raised, but I'm assuming that's old.
Joe Andrieu: they can do I'm not sure why there would be a charter conflict
if we're just adding an example into the confidence method spec.
Denken Chen: Is it reasonable to lead in the competence method because it
probably …
Denken Chen: how do we describe the mechanism in the confidence method
about different credential subjects.
Joe Andrieu: So today the VCDM has support for multiple credential subjects.
Joe Andrieu: It's not usually led with.
Denken Chen: Yes. Okay.
Joe Andrieu: So some people don't understand that and are like, " how do I
do these complex use cases that have different subjects involved? so the
mechanism is already there as I understand it in VCDM. What do you think
would need to be changed? Thank you.
Denken Chen: So I'm thinking about what to describe for this confidence
method. So for example, we already have spouse description in the
credential subject in example 10 of VCDN. So we could take that example and
describe more use cases in the compet in a new competence method. Right? Is
that your visioning?
00:20:00
Joe Andrieu: So, right, we could build an example based off of example 10.
So, I agree with that.
Joe Andrieu: Not sure yet where the charter is getting involved. Ivonne, I
see that you're off mute and you reactivated your raised hand, so please go
ahead.
Ivan Herman: Yeah, I am sorry for the previous step.
Ivan Herman: I was looking for the charter and got messed up with the
windows.
Phillip Long: Okay.
Ivan Herman: So, there was a recent change on the charter proposal. I don't
remember exactly when and that recent change allows us to change the
already published recommendations. so I will read out loud. no, put it in
the chat to make it clear. This is what the charter says about in this case
VCDM.
Ivan Herman: And I draw your attention to the point that if to support the
new recommendations produced by the group. So put it clearly we have the
right under the new charter to modify in this case the VCDM…
Joe Andrieu: Go ahead, man.
Ivan Herman: if the new recommendations which is the one they are
discussing require that convoluted way to say that we don't have to do
anything with the chartered proposal in my view.
Manu Sporny: Yeah, plus one. I don't think there are any charter issues.
with addressing this, I think we are ready for R in looking at the example
on the screen. I think if we wanted to add a confidence method and
associated with each spouse or sorry we just put it in each object the
Jaden do would have a confidence method that would allow them to assert
that they're that subject and then you'd have a confidence method for
Morgan Doe as well.
Manu Sporny: and it would allow either one of those people to say that
they're the holder and then assert, that they're also that particular
credential subject. so I hope this is a fairly straightforward thing. I
think we have everything that we need to create an example here. That's it.
Joe Andrieu: Thanks, V. I wrote down something that doesn't make any sense
to me. my question was for you, ne. obviously if I looked at the charter
text, I might be able to figure it out, but this says no new normative
feature for those specifications. are render method and competence method
in the set of those or are the things that really we haven't even quite
gotten to a full 1.0 still open to normative changes?
Joe Andrieu: I no that's a good point.
Ivan Herman: Phil was in the queue or…
Ivan Herman: do you want to answer me right now? so no those refer to we
are maintaining a bunch of recommendations the ones that we had published
about a year ago and…
Phil Archer: Go forever.
Joe Andrieu: Okay go ahead.
Phil Archer: Don't worry.
Joe Andrieu: Thanks. Okay.
Ivan Herman: there are those original restriction that no new normative
features will be introduced for the VCDM. So in this case the one that we
are allowed to modify for these things is the VCDM.
Phil Archer: So the confidence method or any of the other ones that are
already in flight or planned we have the ability to update VCDM if we need
to. but there will be screams around the room if we do that because if we
need to update this BCDM and let's be honest we might but you've got to go
through the whole process again with all the candidate w implementation
reports and everything else. So yes, if we're working on a new
specification which includes the confidence method, we can make it changes
to the VCDM, but you got to be really sure you need to before you do that.
Joe Andrieu: Okay, thank you, Phil.
00:25:00
Joe Andrieu: Okay, I think that's a great closure on this. I think I
captured it on screen. Thanks, Phil. Any other thoughts on this issue?
Otherwise, we'll move on to the thanks folks. Next one is 14 which we have
as ready for PR and needs discussion.
Joe Andrieu: Dacon, did you want to talk about this today or just review
its status as we need to set up a deeper call? Thank you.
Denken Chen: Okay, sorry. Okay. So, I'm just want to make sure the status
like wait make it ready for today or do I need to prepare some early
example for the spec before label it into ready for PR.
Joe Andrieu: That is a great question. I'll give you my first blush
response and people can chime in. I think if you see a clear path that
makes sense to you that doesn't feel controversial, you can go and do a PR
and my sense of it. But if you want feedback because there are choices you
have to make and you'd like to get some input from the group before you
commit to specex then we can talk about it some more. Manu go ahead.
Manu Sporny: Yes, plus one to that. I don't think we should raise a PR
before we talk to MOSIP about this because they have work in flight, that
they are deploying in production. and if this doesn't work for them, then
we're not doing the right thing, in my opinion. So we really need most
engagement on this. I will also note that the biometric stuff is not as
simple as it seems on the surface. There are all kinds of privacy concerns
that It is probably going to be one of the most difficult features that we
would do for confidence method. So I don't think we should underestimate
how difficult this thing is going to be.
Manu Sporny: for example, if we look at the MOSEP thing, there's a choice
that you need to make around biometric templates. Which ones are you going
to use? They are including things like iris template, all fingerprints,
facial template, that makes me nervous. but it's the only way that they can
identify some of the people that are in rural areas because those
individuals have no other legitimate or government issued ID and they're
not going to right yet they need to receive aid from the government to
plant crops and raise livestock and things of that nature.
Manu Sporny: So, all that to say, this is not a simple PR. and we should
talk to MOSIP and we should try to see if we can align with them. And
ideally, they would be the one proposing it. and ideally we start out with
something easier. I don't know what an easy biometric is. I mean even the
template formats there are multiple different template formats for
everything Iris has three different standards facial templates have 50
different standards then so on and so forth.
Manu Sporny: So just some feedback on this. this is not an easy thing. and
it may be something that we want to wait until we pick some super simple
thing and…
Joe Andrieu: I want to plus one that last thought you had and…
Manu Sporny: then wait for all the other complicated things in a next
revision. that's it.
Joe Andrieu: I think it moderates what I was expecting you might do. Denin
I think with the Taiwan's digital ministry you are working on digital
biometrics and so it may be that the incorporating MOSIP in that work may
be too early but we can go to PR on your proposal for what would work for
you in that context as a starting point and that feels like what you just
said man let's do a simple one and…
Joe Andrieu: then we can tease out how we might plug in MOSIP because they
are dealing
00:30:00
Joe Andrieu: with far more complexity than most of us have had exposure in
this space. Thank you.
Denken Chen: So I think today I will try to limit the scope to face
portrait.
Denken Chen: I mean in this draft we already have a biometric portrait
image encoding the image in base 64 and most has a type of biometric for
person's face biometrics.
Denken Chen: So I think that's one I will look at as a first example to
incorporate into our competence method. in our case we are mostly concerned
about using the face portrait image.
Joe Andrieu: does it make sense to create another PR that is this first
pass at a biometric method and…
Joe Andrieu: and have it be distinct from this let's reach out to MOSIP
let's get a deeper sort of engagement and support that because that seems
like a simpler PR to work with. Thank you.
Denken Chen: I think it's also available in most of the government issued
credentials and I have a regular meeting with most now so I will reach out
to them for advice or comments.
Joe Andrieu: Okay. go ahead, man.
Manu Sporny: Yeah, a plus one to what you said, Joe, plus one to what Denin
said. I do think facial biometric is the easiest one. and a picture is it
definitely makes it much easier. things to avoid there are biometric facial
vector templates that are a patent minefield. anytime you get into
biometric, templates, it's like patent minefield, right? So we would have
to do some pretty good due diligence to pull those in. but a picture of a
person fairly easy, to Denin, one of the other things plus one to splitting
it and working in two different PRs and just focusing ultra focusing on
just facial picture.
Manu Sporny: Denin, one of the other things that I'm hoping that you would
put in there is I'm wondering if we should put some kind of mandate that
you should make it selectively disclosable. Meaning you should not have to
just hand over a picture of yourself whenever you're disclosing these
things. And we should really start pushing the industry towards selectively
disclosable confidence methods in general. I might maybe that that's a
general confidence method thing like all confidence methods should be
selectively disclosable. we'd love to go The only reason I think we might
not want to go to must is because some people are just using technologies
where you just don't have the selectively disclosable option.
Manu Sporny: …
Joe Andrieu: Cool. Thanks,…
Manu Sporny: but maybe we should do a little bit of lecturing in the
specification of you really should be making these selectively disclosable
if you can. That's it.
Joe Andrieu: Okay, this sounds straightforward. thanking that suggests
we're going to create a new issuer PR for the simple version.
Joe Andrieu: Do you want to take that on or would you like me to? One of us
should.
Denken Chen: Yeah. Yeah.
Denken Chen: Just take that.
Joe Andrieu: Okay, And I'm not closing the issue, but we'll close this
stage of the agenda and move on to the next issue.
Joe Andrieu: Okay, the next one was 16 and Dan, you had also thought this
was blocked by recharter. and your notes that you sent me charter PR to
change from confidence methods to confidence. I think this is on me so you
have charter PR to change from confidence methods to confidence. I remember
having that discussion and then adding assurance le level as an evidence
field in the VCDM.
Joe Andrieu: Okay, I'm remembering that now. Thank Anyone speak to
Denken Chen: So we had a discussion about whether to put this confidence
levels.
Denken Chen: So in the discuss discussion we agreed that this should be one
confidence level or one assurance level corresponding to one VC. So that
would be VC level of things and the most appropriate way to express that is
in the evidence field in BCDN. So I think the most proper way is to
describe how we could use the field evidence property to express that level
of assurance. Yes.
00:35:00
Denken Chen: So we should make it clear that whether we should wait for the
recharter of the VC
Joe Andrieu: I feel like this should have been assigned to me.
Joe Andrieu: I think I verbally said I would take care of that. Ivonne, go
ahead. in this case we wanted to change the title of the spec from
confidence methods to confidence…
Ivan Herman: Before I don't fully understand…
Ivan Herman: what is the charter issue here. I have two reactions on that.
Joe Andrieu: which lets us open the scope a little bit. So it's just that
one word
Ivan Herman: It's not strictly necessary because the working group has the
right to change the specification title at any time.
Joe Andrieu: okay.
Ivan Herman: This is not a chartering issue and the document has already
been published in the first public draft with the current title. So that
would be necessary anymore. the second answer independently of the previous
one. if you want to change something in the charter proposal then you have
about a week because I have gathered all the green light to move on to the
AC vote and…
Ivan Herman: I plan we will have to discuss with the chairs to Friday but I
plan to move on to the AC sometimes next week but as far as I am concerned
I don't think that you need to change distractor.
Joe Andrieu: Okay, great.
Joe Andrieu: I think I'm keen to just close this then. anyone think that's
crazy? Go ahead, Manner.
Manu Sporny: not crazy and I certainly won't stand in the way. it's good to
have the charter is going to stick around for a long time and we sometimes
refer other people to the charter and it's good to align as much as
possible before the thing set in stone and we definitely can't change it,
So, we have an opportunity here to change some words to make it easier for
people to kind of understand what we're working on.
Manu Sporny: I suggest we do that since we have a week to do it
Joe Andrieu: Okay, I'll assign this to me.
Joe Andrieu: Whoops. That was not how I do that. and I think this is
something I can probably do today now that I'm on the other side of the
threat modeling Any other thoughts? I think we can move on. go ahead, Will.
Correct.
Will Abramson: Yeah, just something You said you're going to rename it to
confidence. I think there's another issue linked here maybe verifiable
credential confidence.
Will Abramson: I think just having a spec called confidence feels a bit
strange to me.
Joe Andrieu: Yeah that's a valid point.
Joe Andrieu: My thought is this is much broader than VCs. right I can see
confidence levels is simply being part of how you do authentication with a
DID right independent of a VC. that said the spec is called VC confidence
method as a short title. maybe the long title should also have it. Manny
Manu Sporny: Yeah, I thought we were just going to remove the word method
and then we would expand it to say defines mechanisms. So it's strike the
word meth from the charter strike the word method and make mechanisms
plural.
Manu Sporny: And that was the change we were talking about.
Joe Andrieu: Hey, Could you restate that?
Ivan Herman: Yeah. Getting to follow up to one…
Ivan Herman: what money said if getting to the way of saying that this goes
beyond the verifiable credentials etc. that would raise a lot of eyebrows.
I would not go there even if it's on long term your intention but let's not
go that way because then it becomes a totally different ball game.
Joe Andrieu: I didn't follow what you were.
Ivan Herman: You said that this is something that goes beyond the
verifiable credentials. I would not put anything into the charter that
would suggest that because that would raise lots of eyebrows.
00:40:00
Joe Andrieu: Plus one. I appreciate that, Dave.
Dave Longley: Yeah, I was about to put my hand back down. I think it's been
covered now. but I'll just reiterate. I think changing the singular a
mechanism that's in the current charter text to mechanisms would be
sufficient because then it would read that this spec defines mechanisms
that can be used with the BCDM to increase a verifier's confidence about a
particular subject identified in a verifiable credential.
Dave Longley: I think that includes defining new evidence mechanisms or
evidence extensions which there's already an extension point in the VCDM
for evidence. We can define evidence types in this new spec that would have
whatever is needed.
Joe Andrieu: Okay, cool.
Joe Andrieu: All right, I'm going to go and comment on this and we can move
on to the next issue and I will make an effort to subtopic before we start
typing. Sorry about that. so the 17 is next and I'll let you introduce it
Dan. It seems like you mostly just wanted to have a conversation.
Denken Chen: Yeah, I would like to keep this as the open discussion. I'm
probably not going too deep today. but one thing I would like to highlight
is in the last meeting Brent mentioned he would love to in include pass key
support for this or at least do some early research on it and so we can
keep human eye on it. And so for now today we try to understand our first
draft. The scope will probably limited to the first one is a facial image
and the second one we will talk about it later. Yeah.
Denken Chen: So that's why I would like to share and so I suggest that we
today should really go through all of the issues and…
Denken Chen: make final decision for our first draft. Yeah. this one just
keep it or…
Joe Andrieu: Okay. I'm not sure…
Joe Andrieu: what the decision is you're looking for on this one.
Denken Chen: need discussion as is.
Denken Chen: So I think if there is anything that people would like to talk
about this issue please raise your hand or I suggest we go through all the
issues today.
Joe Andrieu: All right.
Joe Andrieu: So, this is a heads up for folks to dive into this if you care
about these items and we will be revisiting this discussion likely in the
future. All right. We'll move on to the next one.
Joe Andrieu: Okay. 20.
Joe Andrieu: You want to introduce this one? Thank you.
Denken Chen: Yeah, I think we talked about this to added also a initial
competence method example and…
Denken Chen: Joe you will be drafting the first PR. So we could remove the
need discussion and…
Joe Andrieu: Excellent. …
Denken Chen: just make it ready for unless there's other concerns.
Joe Andrieu: I think this is ready for PR. let me see if the conversation
suggests otherwise. And I see Manny raised his hand. Go ahead, Manny.
Manu Sporny: Yeah, I mean plus one. I'm looking at Denin's proposal down at
the bottom and it looks good. the only thing that I was wondering about was
the last part of your example Denin where we use a decentralized identifier
document. that might need to be just decentralized identifier and then the
question becomes which one of the verification methods are you going to use
I would presume it's authentication and maybe that's what we say in both of
these cases the expectation is that it is used in some kind of
authentication process the other thing about specifying a multi
Manu Sporny: key is you have to run it over a protocol and we should
probably talk about the protocols where you can utilize these confidence
methods. So we have one protocol that is in scope for our next charter VCOM
it does specify how you do a D off in it. so we should at least reference
that. other things to consider are JSON web keys and the DOP stuff that you
can do over OOTH. I don't know if we're going to say anything about that
either.
00:45:00
Joe Andrieu: Go ahead. I
Manu Sporny: And I would expect we would have to say that at some point for
people to be able to actually use confidence method within a protocol.
Manu Sporny: That's it.
Ivan Herman: So I'm looking at that example and…
Ivan Herman: that rings a more generic bell for me. It uses in this case
Who defines that type? Where is it defined? Is it an example this
definition or just it come out of the blue air? remember that I am the one
who is always shouting about the proper vocabulary and this is in the
vocabulary area where does it come from and this is not only on this
example in general both documents that we are working on have this kind of
examples…
Ivan Herman: where I don't know what is formally defined I don't know is
there for the purpose of an example or it comes from elsewhere and that
always bothers me.
Joe Andrieu: cool. Thanks,…
Joe Andrieu: Ivon. I agree that, yes, we are going to have to create a new
type. We're going to have to do all the work that entails. and we have not
yet done this. I actually think this type probably did or it's u
verification method. and I think that's one of the things that's missing
here, Denin, is that I think the identifier for the confidence method in
example the second layer here doesn't have the details to get to a specific
verification method.
Joe Andrieu: to Manu's point what are we supposed to just use any
authentication method in that did document I think that's probably not as
appropriate as the first one which points to a specific key although I want
something in here that says this is a did off confidence method so that's
my feedback go ahead manu
Manu Sporny: Plus one to what you just said, we probably do want it to
speak to I guess a protocol more than I mean although the verification
method thing sounded fine to me as well which is not necessarily protocol.
So that's interesting. we can try and sort it out in the PR, but I don't
want Denin to put in the time to put in a, that, is going to be pushed back
against. So maybe more discussion As for, Ivon, yes, we need a new type. My
expectation is that it would go in the security vocabulary.
Manu Sporny: I don't think we should have a separate confidence method
vocabulary. That feels like it would be kind of ick. security vocabulary
and then if we can't fit it in security vocabulary, the verifiable
credential vocabulary, but again, I think that's the second option. and
then we would need to include it in the next the VC21 context or the 20
context or whatever we end up doing. but I think there's a semi clear path
there. The we'll work out the details, but I think we can go in that
general direction with the vocabulary
Manu Sporny:
Joe Andrieu: Plus one for that.
Joe Andrieu: That seems to make sense. I wanted to add that I think that
the way I'm approaching this particular one I think this should be assigned
to me. so I think I'm the one stuck with the PR man. is at least for did o
I'm approaching that as conceptually free but I will mention two protocols
as examples and one is hey you may have gotten this in a VP and the
signature on the VP is one way to have that confidence and then separately
you have this verification method you can engage in any protocol you want
and I think at that stage it's also appropriate to pull in BCOM to the
extent that
00:50:00
Joe Andrieu: that's mature enough to reference. but I think in essence the
verification method itself is like an atomic element that however you
manage to interact around it is sort of at another layer in my thinking. So
I saw a thumbs up from so maybe that's So this seems straightforward for
me. I just need to wrap my head around what all do I need to write for the
did off but otherwise I think it's on me and I think the issue labels I
don't know that we need any more discussion. Does anyone feel we need to
keep talking about this? We can revisit in a future call but feels like I
could remove that label and the roaring science endorses my executive
decision.
Joe Andrieu: So, let me go and get rid of the needs discussion. Thanks,
next up then 21. And I see Danken that you queued up for that.
Denken Chen: Yeah, I will address privacy concern including suggesting that
all competence methods should be selective disclosable. I think it's a good
reminder from Ted and also Manuel mentioned it as well. Yes. So I think if
there's anything others we would like to be included please have a
discussion here or…
Joe Andrieu: Go ahead, man.
Denken Chen: we can just take it as ready for PR.
Manu Sporny: Yeah, plus the selectively disclosable thing. I think we
should also maybe speak to what happens if you don't selectively disclose
this, I mean, it is a tracking vector. for example just because an MDL
portrait image is selectively disclosable the second you disclose those
unique bytes are a unique token which can be used to track you globally
right so the next time you present that same thing the identifier is the
same even if the signature is different even if it's a totally different
thing unless there's some fuzzing that's done on the biometric image which
we are not talking
Manu Sporny: about doing that creates a unique thing. so there is I think
future R\&D to be done around verifiable fuzzing of biometric portraits so
that when you do show it over and over again it's not the exact same bite
sequence. but even if we are successful in doing that and get there it
doesn't matter. LLMs are way good enough at recognizing faces now that no
amount of fuzzing that we do is going to probably protect an individual
once they've shown their biometric photo through the credential.
Manu Sporny: So, we should talk about, what happens when you do share,
images of yourself. and maybe focus on some of the less known kind of
dangers, global tracking and again I mean the harms are different than you
just going to the grocery store and using a selfch checkckout kiosk you
don't necessarily know what they're doing with those images or your face so
we should say a lot about using biometric portraits and photos in these
credentials and I think the general position of
Manu Sporny: the specification should be don't share it by default don't
share it right and then if you do share it you should really understand
what the policy on the other side is clearly like the general population
can't do that and so understanding something like retention policy right
lambd has we promise we're not going to retain this thing although I don't
know necessarily how that sort of thing becomes important right intent to
retain intent to use that sort of thing.
00:55:00
Manu Sporny: we should also probably mention what hap you can have an
entity where its intent to retain is they don't intend to retain it but
they pass it to an upstream vendor who may not follow that same policy
right to do the betting these biometric things go through third party
vendors not every single one of them has the same privacy policy so we
should speak to
Manu Sporny: those dangers as we should probably also refer to the EFF's
latest response on online age verification and the things to look out for.
they specifically mention a company and their policies that are concerning
and problematic. That's it.
Joe Andrieu: Do you have a URL for that That would be great.
Manu Sporny: I will find it.
Joe Andrieu: Okay. I think I captured all that. I one of the things I want
to honor is trying to wrap up five minutes before the end because that Zoom
insanity that happens when you're back to back. but before we actually
wrap, Denin, did you have anything else you wanted us to discuss before we
do that?
Denken Chen: Yeah. No, the remaining issues are minors. So, okay.
Joe Andrieu: Anyone else have anything to add to the agenda or we will
yield the last few minutes of the hour. I do manage link so I will get that
into the comment. Thanks I think that's a wrap then. Thank you all very
much. Danken, thanks for the prep work and…
Joe Andrieu: the help running this. And we will see folks. When's our next
one, Danken? I guess that's a good question.
Denken Chen: I think next week is for rendering method and…
Denken Chen: we will be the week after next week.
Phil Archer: the fourth.
Joe Andrieu: So, the 4th of February,…
Phil Archer: Yeah. Yeah.
Joe Andrieu: Phil, is that right with regard to the rest of the ECWG
meetings?
Phil Archer: And then 11th is full working group meeting that I can't
attend for reasons I won't bore you with. so I guess then it'll be render
method on the 18th and…
Phil Archer: then confidence again on the 25th. I think that's the way
it'll be.
Joe Andrieu: Okay, excellent.
Joe Andrieu: Thank you all very much. That's a wrap and we will see you on
those dates, I hope. Cheers, folks.
Phil Archer: Thanks. Thanks everyone.
Joe Andrieu: Hey, Dimmitri, are you actually still around? I can't end this
call. That's very weird. someone edit it.
01:00:00
Joe Andrieu: Welcome, A little bit of Moving over to this because I just
ran the spec refinement call.
Hiroyuki Sano: Yes, I attended the busy working group call
Joe Andrieu: This is just a different mode for your head to be in. mean I
now have to have fun? you've got nothing on Dallas this weekend. man who's
flying in on a different day.
Joe Andrieu: is going two days early because either Saturday or…
Joe Andrieu: Sunday is looking at as much as one inch of ice which means
the airport will not be open. I don't care how prepared it is.
Hiroyuki Sano: Okay, thank you.
Hiroyuki Sano: Okay, thank you.
Joe Andrieu: Yeah. yeah, that's cold. Yeah. Wow. Yeah, that's cold. Yeah.
Joe Andrieu: That's right. yeah. I've never grown up in a place that had
ice storms. I just know the poor South gets the weird behavior. I guess
you're saying Kansas does too. Thought they were Jelly.
Joe Andrieu: Yeah, that's pretty gnarly. Whip. I was messaging Rob when we
got in. I've got whiplash from having run that meeting and now I'm supposed
to have fun. What do you mean? How am I supposed to have fun? The
confidence method, the VCWG spec refinement call with Denan. he's a rock
star. he's the one who put that agenda together while I'm sitting there
slacking. I don't know. Whenever I woke up in the middle of the night last
night, I had a message from him and he's like, "Yeah, let's go over these
issues. here's the thing." So yeah, he's solid. I'm glad he's also co-chair
over at CCG. It's a good move.
Joe Andrieu: yeah, Dennis is no fun. yeah. Hopefully it'll turn out all
right. Is your face all numb? I hate that feeling. even if you're not, it
feels like if you try and drink that you're just dribbling out the side of
your face. all right. we are all here.
Joe Andrieu: Erica, were you trying to get a word in? Hi, we had talked
about potentially continuing with the Jackbox stuff. or we could pick one
of the other options, including Don't Starve Together, which I think is
maybe the leading alternative. What are you guys in the mood for? It didn't
feel as conversational to me, but Go ahead, Will. Sorry.
01:05:00
Joe Andrieu: All right, the momentum seems going. All right, let's all get
into Don't Starve. Yeah, let's do it. Let's focus. Let me take my
methamphetamines. I'm ready. Let's do it. You did. That's funny. And I
didn't even have one.
Joe Andrieu: So, do we have any strategy? So, my biggest sadness is that
Eric is such a plugger at this game. we're going to miss him. It's like
having your most productive defensive back not in the game. he just keeps
going. I think somehow he's internalized, so much of the game that he
doesn't need to think strategically about what am I supposed to do next?
He's just like, I do that. It's awesome.
Joe Andrieu: Yeah, it's just a map you lose. Yeah, better not to die.
That's relaxed. No, that's like
Joe Andrieu: Baby, maybe that's like going to Disneyland instead of But I
mean, Paris is great, but it's also caves. Yeah, we'll help Will stay out
of the caves. Might have been Kevin last time.
01:10:00
Joe Andrieu: bizarrely. that would help explain it.
Joe Andrieu: Thanks for the update. I don't remember. It is some vacation.
I think this was more friends and family, but I don't recall. All right.
Joe Andrieu: So given what you suggested, Erica, I'm going to try and map
as much as possible in that first day. Just run along any roads I can find
and that's right for you poor suckers who don't play Willow. I feel like
she's cheating. the fact that she is a little lighter just it makes the
game so much easier, especially in the winter. No, I'm not saying they're
bad. I'm just saying especially in winter when sometimes you might not be
able to find flint if you die.
Joe Andrieu: But I can burn a tree down. Yep. I saw join came up in the
Steam interface. I went with m*** disaster. It's been an MFT, man, I tell
you.
Meeting ended after 01:14:24 👋
*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Wednesday, 21 January 2026 23:49:58 UTC