<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Alen Horvat</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Anthony Nadalin</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Justin Richer</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Oliver Terbu</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
David Chadwick</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Jeremie Miller</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Mike Jones</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Adam Lemmon</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Juan Caballero</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Kaliya Young</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Bjorn Hjelm</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
David Waite</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Pam Dingle</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Torste Lodderstedt </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Kristina Yasuda</div>
<div>
<div dir="ltr">
<div lang="JA" style="word-wrap:break-word">
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black"> </span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span style="color:black; font-family:Calibri,sans-serif">- IPR reminder & introductions/re-introductions</span><br>
</p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">- <span class="x_x_marka6v39w0tx">Agenda</span> adopted</span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">- DIF Presentation Exchange/OIDF WG update</span></p>
<blockquote style="margin-top:0; margin-bottom:0">
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">- Notes:
<a href="https://hackmd.io/zKvmu5erTC-osNeU-XqCCw?both" id="LPlnk350481">https://hackmd.io/zKvmu5erTC-osNeU-XqCCw?both</a></span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span style="color:black; font-family:Calibri,sans-serif">- Next call: 8/4</span><span style="color:black; font-family:Calibri,sans-serif"> (Calendar placeholder attached)</span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span style="color:black; font-family:Calibri,sans-serif">- Agreed on the direction to take modular-approach, where PE will consist of modules (input_descriptor, format, presentation_submission, etc.) and OIDC4VP draft will outline how these modules be used
 in OIDC</span></p>
</blockquote>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black"><br>
</span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">- PRs</span></p>
<ul type="disc" style="margin-bottom:0mm; margin-top:0mm">
<li class="x_x_MsoListParagraph" style="margin:0mm 0mm 0mm 42pt; font-size:12pt; font-family:SimSun; color:black; margin-left:24.0pt; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C1ac37ea74cf74792ba1508d9410101c2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637612296111617770%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VcVKQaPMdGgS7YT3CPPQrYFSCqGmB6Lq6urvWx6vT2w%3D&reserved=0" originalsrc="https://bitbucket.org/openid/connect/pull-requests/" shash="u3JB6L2oN94rYi5WPWWXjotC4NH5BUadWLOdI/rJzOkEjRUhvl/oNXa6Cp7dtSXSXMZNlJ4st7JcGwOvWLQvn99LqJsN/+mfXdenf1t6c+eeWo/HzuDAutAqlbCV144NydTxK1bpjqeF3aYopRaMvXbqtVUjL1sUSrr/exHXg6M=" id="LPlnk468405">https://bitbucket.org/openid/connect/pull-requests/</a></span></li><li style="margin:0mm 0mm 0mm 24pt; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">We walked through what each PR is about - please review. two are OIDC4VP related and two are SIOP V2 related</span></li></ul>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<span lang="EN-US" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">- Issues</span></p>
<ul type="disc" style="margin-bottom:0mm">
<ul>
<li style="display:block">
<div class="x__Entity x__EType_OWALinkPreview x__EId_OWALinkPreview x__EReadonly_1">
</div>
</li></ul>
</ul>
<ul type="disc" style="margin-bottom:0mm">
<li class="x_x_MsoNormal" style="margin:0mm; font-size:12pt; font-family:SimSun; color:black; background:white">
<span class="x_x_markuclqdxk1g"><span lang="EN-US" style="font-family:"Calibri",sans-serif">SIOP</span></span><span lang="EN-US" style="font-family:"Calibri",sans-serif"> V2</span></li><ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<span style="display:inline!important"></span><a href="https://bitbucket.org/openid/connect/issues/1260/identifier_uri-in-siop-v2-example" style="margin:0px">https://bitbucket.org/openid/connect/issues/1260/identifier_uri-in-siop-v2-example</a><br>
</li><ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
editorial, assigned to Kristina to modify in the next PR to SIOP V2 draft</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Resolved in <a href="https://bitbucket.org/openid/connect/pull-requests/31" title="https://bitbucket.org/openid/connect/pull-requests/31">
PR #31</a></li></ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<a href="https://bitbucket.org/openid/connect/issues/1212/siop-chooser" id="LPlnk">https://bitbucket.org/openid/connect/issues/1212/siop-chooser</a></li><ul>
<li style="margin:0mm">David C. mentioned that we also need to address a use-case where one request from RP is expected to be fulfilled by VCs from several issuers</li><li style="margin:0mm">Jeremie said they have thought about it. The use-case would require all wallets to co-operate, and use PF level features to talk to each other, and ask the operating system to open another wallet if that is required to fulfill the request.
 (on iOS, called action)</li><li style="margin:0mm">DW noted that this is a combination of what is possible today, and is not a standard discussion - very limited by what APIs platforms allow to interact with</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Assigned to Jeremie & DW wrt implementation guide, and Kristina to tune the language in
<a href="https://bitbucket.org/openid/connect/pull-requests/25" title="https://bitbucket.org/openid/connect/pull-requests/25">
PR #25</a></li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Probably a good idea to file a separate issue on multiple wallets fulfilling a one request</li></ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<a href="https://bitbucket.org/openid/connect/issues/1257/cross-device-flow-in-siop" id="LPlnk">https://bitbucket.org/openid/connect/issues/1257/cross-device-flow-in-siop</a><br>
</li><ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
A lot of use-cases exist where RP and SIOP are on the different devices, inspired by mDL. </li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Alen commented that they have faced the similar use-case, and the only issue they found was phishing, if the user using SIOP accesses malicious RP's endpoint</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Oliver noted the previous discussion in DIF: <a href="https://github.com/decentralized-identity/did-siop/issues/3" id="LPlnk861340">https://github.com/decentralized-identity/did-siop/issues/3</a></li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Torsten noted that SIOP cross-device flow communicates back to the RP, not using Form POST method<br>
</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Mike said we need to know who are the players in cross-device flow</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Assigned to Torsten. Planning to do the PR to clarify the idea. Security analysis needed. CIBA and device flow might be used as alternatives</li></ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<a href="https://bitbucket.org/openid/connect/issues/1261/how-does-rp-determine-sub-type" id="LPlnk">https://bitbucket.org/openid/connect/issues/1261/how-does-rp-determine-sub-type</a></li><ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Currently how RP can determine which subject identifier type (jkt or which did method) is used in particular ID Token.</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
We discussed two approaches: 1/ add additional metadata `sub_type_used` to the ID Token, 2/use URI as a sub, so that RP can determine sub's type by looking at
<code>sub</code>​ itself</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Mike said it would be easy to define JWK thumbprint as URN. Adam has been considering that last year.</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
David C. suggested using HTTP URL with a DNS name, with DNS name being VPC, but it was pointed out that using current sub types would be sufficient</li><li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
Assign to Kristina to describe the way the relying party determines subject_identifier_type as part of the ID token validation</li></ul>
<li style="margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<a href="https://bitbucket.org/openid/connect/issues/1262/example-of-did-based-sub" style="margin:0px">https://bitbucket.org/openid/connect/issues/1262/example-of-did-based-sub</a><br>
</li><ul>
<li style="margin:0mm">Currently, sub_jwk is required even when DID is used in a sub, because of backward compatibility with SIOP in OIDC.Core ch.7.</li><li style="margin:0mm">Torsten suggested that because SIOP already changes the way RP interprets sub, no need to worry about backward compatibility. No objections were made.<br>
</li><li style="margin:0mm">People commented in favor of not requiring sub_jwk when DID is used as a subject type, as it would be a duplication of the keys. and lead to the unspecificed behavior is a key in sub_jwk does not match the key based on DID resolution.</li><li style="margin:0mm">We discussed how can SIOP can declare which key is used to sign a particular ID Token. </li><ul>
<li style="margin:0mm">DID Document can include several keys and leaving it to the DID Document to specify purpose of each key is a problem.<br>
</li><li style="margin:0mm">Torsten and Kristina suggested kid in the header to determine concrete key.  </li><li style="margin:0mm">Oliver suggested putting DID URL in kid (e.g., did:example:alice#signing-key). DW said he would expect kid to be just 'signing-key', as the kid in JWS today doesn't refer to the JWKS URL. Mike agreed with the JWKS URI observation. Passing
 the keys by reference vs by value.</li></ul>
<li style="margin:0mm">Jeremie pointed out that for the use-cases when external key look up is not needed (ie sub is not a DID), sub_jwk needs to be included</li><li style="margin:0mm">The WG agreed to continue the discussion.</li></ul>
</ul>
<li class="x_x_MsoNormal" style="margin:0mm; font-size:12pt; font-family:SimSun; color:black; background:white">
<span lang="EN-US" style="margin:0px; font-family:Calibri,sans-serif">OIDC4VP</span></li><ul>
<li style="margin: 0mm; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">
<span lang="EN-US" style="margin: 0px; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">We did not have the time to cover, please review: </span><span lang="EN-US" style="margin: 0px;"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DVerifiable%2520Presentation&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C1ac37ea74cf74792ba1508d9410101c2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637612296111627765%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JMU%2BW33L8QnmPq5Nb0q2vBWzwBt9XMwx%2BAKgFfpA0sc%3D&reserved=0" shash="jThQ8l1Y1udMY/HK0JLr1MgQKXOOMMxhKBohKu4Ntmg215v4B3MeWHa3kFmWn0dyJxt7VYSo7WTfq41G1spZX1h8vduUkyvp0PTuLLY7Pcs8y6vY8lVA3qrjvjMMTERmP5c+OezbPCBAIZO2uzZmu8RwOiijCvCpWUXiGvcltEQ=" style="margin: 0px;"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Verifiable%20Presentation</span></a></span></li></ul>
</ul>
<div>
<div></div>
</div>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; background-image:initial; background-position:initial; background-size:initial; background-repeat:initial; background-attachment:initial; background-origin:initial; background-clip:initial">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> </span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun; background:white">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">Best,</span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun">
<span lang="EN-US" style="font-family:"Calibri",sans-serif; color:black">Kristina</span><span lang="EN-US" style="font-size:11.0pt; font-family:"Noto Sans CJK JP Medium",sans-serif; color:#4472C4"></span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun">
<span lang="EN-US" style="font-size:11.0pt; font-family:"Noto Sans CJK JP Medium",sans-serif; color:#4472C4"> </span></p>
<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin:0mm; font-size:12pt; font-family:SimSun">
<span lang="EN-US" style="font-size:11.0pt; font-family:"Noto Sans CJK JP Medium",sans-serif; color:#4472C4"> <br>
</span></p>
</div>
</div>
</div>
</body>
</html>