[Openid-specs-ab] SIOP Special Topic Call Notes 2023-06-29

Thu Jun 29 19:39:56 UTC 2023

Attendees:

Michael Jones
Giuseppe De Marco
Joseph Heenan
David Luna
Nander Stapel
Brian Campell
Mark Dobrinic
Pedro Felix
Kristina Yasuda
Thakahiko Kawasaki
Bjorn Helm
George Fletcher
Torsten Lodderstedt
Oliver Terbu
David Waite
Judith Kahrer


External Events 
	OSW coming up in London in August - deadline for submission is on 2023-07-02 AoE: https://oauth.secworkshop.events/osw2023
	OID4VC Due Diligence Task Force (just join the conversations on Discord): https://openwallet-foundation.github.io/tac/task-forces/OID4VC-due-diligence/

Charter
	Charter for new WG: https://docs.google.com/document/d/10pzVIpYF8gWVp2F6l0kinsBC9XVS5xZt4n55TzIcNLg/edit
	There were some suggestions up regarding the name of the new working group but at the end the group agreed on calling the new WG
	
		- Digital Credentials Protocols WG

	The reasoning was to include “Digital Credentials” in the title to have a format agnostic term (compared to “Verifiable Credentials” which commonly is associated with W3C Verifiable Credentials).
	Also, the group saw the need for a second term that describes the purpose of the WG. After discussing some alternatives (transfer vs transport vs exchange) the meeting agreed on adding “protocols”. 
	Thus the complete name of the new working group is “Digital Credentials Protocols WG”.
	
	SIOP is an OpenID Connect spec but the charter lists SIOPv2 in the Digitals Credentials Protocols WG. This concern was already raised during the last meeting with the conclusion that
		“[…] protocols such as SIOPv2 [are] required for issuer-holder-verifier use cases that don’t require credentials directly but contribute necessary supporting functions such as authentication in the case of SIOPv2.”
	Kristina will add a sentence to the charter for clarification.

	Charter will be open for more comments until end of day.

PRs
	PR 543 - ready to merge
	PR 533 - ready to merge

	PR 520: `scope` replaces the `id` in the `credentials_supported` metadata parameter but it is not necessarily unique (but it can be). Note that the  `scope` parameter in the Credential Issuer Metadata holds a “scope value” (i.e. single string without spaces) and differs from the definition of scope as in section 3.3 of RFC 6749 that is a list of space-delimited strings. To be merged soon.

	PR 524: There’s a need for a JOSE header claim to hold the verifier-attestation-jwt. Still discussion the name.  Torsten suggests to add discussion regarding supporting multiple verifier-attestations in one request to a separate issue.
	
Issues
	Please help with:
https://bitbucket.org/openid/connect/issues/1920/add-sd-jwt-credential-format-profile-to
Need agreement that this is ready for PR
https://bitbucket.org/openid/connect/issues/1969/wallet-instance-attestation-for-openid4vci
https://bitbucket.org/openid/connect/issues/1940/is-the-acceptance-token-one-time-use
Need direction if “Will it be mentioned in the spec that it is one-time use, or is that not important?”
https://bitbucket.org/openid/connect/issues/1923/oid4vci-enable-issuance-of-the-same
Needs discussion. This is a problem
https://bitbucket.org/openid/connect/issues/1922/oid4vci-unique-id-for-each-element-in
Need consensus that we are not following this path (which seems to be the direction, I might be wrong)
	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230629/a5065372/attachment-0001.html>