Charter Review

Sarven: I haven't looked at this yet.

Yves: we have until 1 February, ideally before so that if we have feedback they can act on it.

Hadley: Is this a charter update?

Sarven: Yes.

Hadley: Haven’t they rechartered? I’m not sure if we can actually add given feedback.

Yves: Think there is a timeout soon (1st of February).

Sarven: Will have a review ready by next Monday.

Yves: In history, we didn’t review all the charters. If there are no important changes, we can let the AC review it, if things don‘t change in an architectural way.

Sarven: https://github.com/w3ctag/design-reviews-private-brainstorming/issues/234#issuecomment-3816374234

Sarven: There a lot of new deliverables, lots of maintenance deliverables. It looks like it's in AC review now? Is the TAG response relevant now? I can't assess all of the new deliverables they're putting forward, but it looks like they're all incubated in some form in the Credentials CG, or adopted from a WG.

... They're extending the core work. How they're doing this looks good. Can't say whether that extension is useful. They have things such as verifier confidence that came out of known use cases, and seem sensible to me.

Hadley: Procedurally, we have until 2026-02-01. Sounds like none of us are into the architecture of VCs enough to have an opinion on what they're proposing.

Sarven: What they have seems to be cutting edge. My assessment would be that there aren't any issues. Was looking for an appropraite label.

Hadley: Does anyone have any further thoughts on the conclusion? Do we have consensus there?

Martin: Looks fine. The quantum safe thing is dangerous, but it's tentative, so they may not take it on. Relates to digital signatures. I have opinions on the rest of it. Concerned about multi-@@@. Interop is more important than that, though, and they are working on it.

Sarven: How do we approach whether this is helping or advancing the web? A lot of this is plumbing, low-level. They're using a more advanced encryption model. If that's the latest standard out there then fine. But what is our role in assessing that? Is there some higher-level thing we should be looking at? I don't know how to assess this as it's in the weeds of how VC works. If a form of VC is a generally useful thing for the web, then the rest of it is effectively implementation. From the TAG's perspective, what can we say that's really useful here? I'm not sure how to give useful feedback.

Yves: In general it's quite difficult to assess if the product of a WG will be used or useful in the long run. E.g. ActivityPub - many people were against it, and now it's used in many places. Can be difficult to assess this based on the spec itself.

Martin: What Yves said is true. ActivityPub was not as well adopted until outside events occurred. For this at a high level we can look at the model they are using and the positives and negatives. The three-party model, someone who can make claims about a person and then someone who can take those credentials and @@@@. In the past I would go to Hadley's IdP to get info about her, for example, and Hadley would not have control over this; action at a distance.

... VC has the basis of some of the things that we're talking about in the Credential Abuse finding. There are potential downsides. Thinking about those may help. Hard to anticipate how things could be used. ActivityPub may not have worked out. We can try to anticipate where things might be used. Ultimately the low-level things are hard to reason about.

Hadley: Second that. Would add that as the TAG we're building our own library of resources and authoritiaive documents (that members feel are authorititve at the time). We have the credential abuse finding, and EWP, to point to later on. Both came from us reacting to design proposals and activities that were happening and made us think 'this can cause trouble; let's explain why'. Some of it is stuff there may not be a method for, but if it feels wrong to you, let's check we have consensus, and then see if we can use something we have, or write something new, to offer opinion to spec/charter authors. We never really sat down and wrote out all of how we are going to review the things we review, and how we think about the low-level stuff - it's constantly evolving. I think it's better we were not too prescriptive.

Sarven: This helps. I think we should dive deeper into what use cases led to their proposal. TAG could pershap more look at it, not so much from the minute details from the spec, but whether those use cases are aligned with the direction we want to see. Did they pick the right use cases?

Matthew: +1

Hadley: Can we work on this in the next couple of days?

Sarven: I saw them for the VCs doc, but not for the new proposals. What are the next steps?

Hadley: Sounds like you're not confident you have enough info to say this is great, whcih is fair. Procedural concern: if they're able to produce more use cases, we don't have time to have a TAG discussion about it before 2026-02-01. Yves, is it a hard deadline?

Yves: I think so. It can be done later as an FYI.

Sarven: Could we write a response that makes our concerns more apparent to them? 'If you can share a use cases document when you go for FPWD, and when the TAG reviews again we can probably come up with a better assessment'

Hadley: Makes sense

Sarven: Then a short review can be put out there. It's not going to change the charter much.

Yves: It makes more sense to send feedback on the document rather than the charter.

Sarven: For the charter itself then, let it pass by?

Yves, Hadley: Yes.

Hadley: You're responding in such a way as to say that we want to see the document when it's done but we have not had the capacity to review the whole thing. It's also helpful for future reference regarding what the TAG said.

Sarven: We responded to this last week, shared it with Strategy. There’s nothing new here. There is thumbs-up from others. The charter is up for AC vote. Can we close this on our end?

Yves: Yes, we can close the TAG issue.

Sarven to close it.