[Openid-specs-ab] New Digital Credentials Protocols WG

Tom Jones thomasclinganjones at gmail.com
Wed Aug 16 16:09:44 UTC 2023 

the new team really needs to understand the threats that come with
supporting bluetooth.
I will not be attending these meetings so i am sending this link with the
hope that you do not create a privacy nightmare with this spec.

https://www.foxnews.com/tech/detect-creeps-unwanted-bluetooth-tracker-googles-safety-feature


Be the change you want to see in the world ..tom


On Wed, Aug 2, 2023 at 2:07 PM Torsten Lodderstedt via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi all,
>
> I would like to inform you that the specs council has accepted our
> proposal to create a new working group as a dedicated home of the OpenID
> for Verifiable Credentials specs family. The new working group is
> designated as “Digital Credentials Protocols WG” (DCP WG). Please find the
> charter below.
>
> I would like to share our plans for starting the working group with you
> and get feedback.
>
> Our first suggestion is to migrate all specs to Github as soon as we can
> and a timetable is being developed how to do this. In our experience,
> GitHub is easier to work with for specification development and this move
> should speed up our work as well as attract further contributors. GitHub
> would be used in the same way as BitBucket is used (e.g. emails would be
> sent to the mailing list when issues are opened), except that we suggest
> there is one repository per specification with dedicated issue/PR tracker.
> If anyone objects to the specs moving to GitHub please let us know.
>
> Moving spec management and development from the Connect WG over to the new
> Digital Credentials WG will be a little more complex.
>
> For the three core specs, specifically:
>
>    - OpenID for Verifiable Presentations
>    - OpenID for Verifiable Credential Issuance
>    - Self-Issued OpenID Provider v2.0
>
> These need to remain under Connect WG, until they have been through an
> Implementers Draft review process to ensure IPR protection for all of the
> contributors during the past few years. There are outstanding topics we
> need to solve before moving the specs to the first/next Implementers Draft.
> So our plan is to migrate to OIDF Github repos, evolve the specs up until
> the point where we can enter Implementers Draft and subsequently move them
> into the DCP WG.
>
> For the following, more recent drafts:
>
>    - OpenID for Verifiable Presentations over BLE
>    - OpenID Connect UserInfo Verifiable Credentials
>
> We will seek the approval of the initial contributors to directly adopt
> them in the Digital Credentials Protocols WG and move them to OIDF Github
> repos.
>
> The remaining two drafts:
>
>    - Security and Trust in OpenID for Verifiable Credentials
>    - OpenID4VC High Assurance Interoperability Profile with SD-JWT VC
>
> These are not adopted yet by the Connect WG, so the initial contributors
> would propose them for adoption by the DCP WG.
>
> We will keep http://openid.ne/openid4vc as the central place to publish
> links to all the specifications.
>
> A roadmap for these steps is being developed (with target dates) and will
> be communicated once the DCP WG co-chairs are confirmed and comfortable
> that the plan is clear and achievable.
>
> The first Digital Credentials Protocols Working Group meeting is scheduled
> for the 31st August 2023 at 4pm CEST in place of the regular SIOP Special
> Topic Call. Co-chairs for the WG will be confirmed at this first meeting.
>
> best regards,
> Torsten.
>
>
>
>
>
>
>
>
> Digital Credentials Protocols WG - Charter
>
> 1) Working Group name:
> Digital Credentials Protocols Working Group
>
> 2) Purpose:
> In the Issuer-Holder-Verifier Model, Issuers issue Digital Credentials to
> the Holder’s Wallet, which the End-User can then use to present the Digital
> Credentials to the Verifiers. Digital Credentials are cryptographically
> signed statements about a Subject, typically the Wallet Holder. Verifiers
> can check the authenticity of the data in the Digital Credentials and
> optionally enforce Key Binding, Biometrics Binding and/or Claim-based
> Binding i.e., ask the Wallet to prove that it is the intended Holder of the
> Digital Credential.
>
> The goal of this WG is to develop OpenID specifications for the
> Issuer-Holder-Verifier-Model use-cases to enable issuance and presentations
> of the Digital Credentials of any format (IETF SD-JWT, ISO/IEC 18013-5,
> etc.) and pseudonymous authentication from the End-User to the Verifier.
> These specifications are aimed at enabling End-Users to gain more control,
> privacy, and portability over their identity information; cheaper, faster,
> and more secure identity verification, when transforming physical
> credentials into digital ones using digital credentials; and a universal
> approach to handle identification, authentication, and authorization in
> digital and physical space.
>
> The work is planned to be done in liaison with the European Commission,
> Decentralized Identity Foundation (DIF), the European Telecommunications
> Standards Institute (ETSI), and ISO/IEC SC17 WG4 and WG10, which have
> expressed interest in profiling specifications proposed to be worked on in
> this WG. There is also a liaison with the OpenWallet Foundation (OWF), to
> foster implementation of the standards developed by this WG.
>
> 3) Scope:
> Creation of specifications describing:
> ·        Issuance of Digital Credentials from the Issuer to the Wallet
> (acting as RP). This includes the mechanisms to specify which Digital
> Credentials the Issuer is capable of issuing.
> ·        Presentation of Digital Credentials between the Wallet (acting as
> IdP) and the Verifier via online (over the Internet) and proximity (near
> field communication) communication channels. This includes the mechanisms
> to specify which Digital Credentials are being requested.
> ·        Pseudonymous authentication from the End-User to the Verifier.
> ·        Interoperability profiles of the above specifications
> Out of Scope:
> Legal or regulatory advice, Identity Proofing, Identity information
> verification, new Credential formats
>
> 4) Proposed specifications:
> OpenID for Verifiable Presentations
> OpenID for Verifiable Credential Issuance
> Self-Issued OpenID Provider v2.0
> OpenID for Verifiable Presentations over BLE
> OpenID Connect UserInfo Verifiable Credentials
> Security and Trust in OpenID for Verifiable Credentials
> OpenID4VC High Assurance Interoperability Profile with SD-JWT VC
>
> 5) Anticipated audience or users
> ·        Issuers of Digital Credentials
> ·        Verifiers Digital Credentials
> ·        Wallet Providers
> ·        Trust Framework operators
> ·        Regulators
> ·        Security Researchers
> ·        Developer tools & infrastructure/service provider
> 6) Language:
> English
>
> 7) Method of work
> Mailing list and telephone/internet conference calls combined with
> face-to-face (where needed) and
> information sharing/collaborative working via online tools.
>
> 8) The basis for determining when the work is completed:
> Approved “final” specifications consistent with the purpose and scope that
> have been through the OpenID Foundation process including vote by the
> membership and running code in one or more proof-of-concept,
> interoperability event or commercial project.
>
> Background info:
> Related Work
> The work is planned to be done in liaison with the European Commission,
> Decentralized Identity Foundation (DIF), ETSI, and ISO/IEC SC17 WG4 and
> WG10, which have expressed interest in profiling specifications proposed to
> be worked on in this WG.
> https://openid.net/sg/openid4vc/specifications/
>
> Proposers:
> Kristina Yasuda, Microsoft
> Torsten Lodderstedt, yes.com AG
> Joseph Heenan, Authlete
> Mark Haine, Considrd.Consulting Limited
> Oliver Terbu, Spruce Systems Inc.
> Takahiko Kawasaki, Authlete
> Vittorio Bertocci, Okta
> Giuseppe De Marco, Dipartimento per la trasformazione digitale
> Brian Campbell, Ping Identity
> Michael B. Jones, independent
> Jacob Ideskog, Curity AB
> Morteza Ansari, independent
> David Luna, ForgeRock
> Timo Glastra, Animo Solutions
> Judith Kahrer, Curity AB
>
>
>
> Anticipated contributions:
> https://openid.net/sg/openid4vc/specifications/
> https://github.com/vcstuff/oid4vc-haip-sd-jwt-vc
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230816/891db9a7/attachment-0001.html>

More information about the Openid-specs-ab mailing list