<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:941381765;
mso-list-template-ids:1721636246;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1296374294;
mso-list-template-ids:-494629510;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2
{mso-list-id:2013411267;
mso-list-template-ids:167155944;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2 lfo3
{mso-level-start-at:0;
mso-level-numbering:continue;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level2 lfo4
{mso-level-start-at:0;
mso-level-numbering:continue;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p style="margin:0in">David Chadwick<o:p></o:p></p>
<p style="margin:0in">John Bradley<o:p></o:p></p>
<p style="margin:0in">Joseph Heenan<o:p></o:p></p>
<p style="margin:0in">Nat Sakimura<o:p></o:p></p>
<p style="margin:0in">Torsten Lodderstedt<o:p></o:p></p>
<p style="margin:0in">Brian Campbell<o:p></o:p></p>
<p style="margin:0in">Filip Skokan<o:p></o:p></p>
<p style="margin:0in">David Waite<o:p></o:p></p>
<p style="margin:0in">Jeremie Miller<o:p></o:p></p>
<p style="margin:0in">Jo Vercammen<o:p></o:p></p>
<p style="margin:0in">Kenichi Nakamura<o:p></o:p></p>
<p style="margin:0in">Kristina Yasuda<o:p></o:p></p>
<p style="margin:0in"><o:p> </o:p></p>
<p style="margin:0in">(Connect call notes followed by subsequent SIOP call notes)<o:p></o:p></p>
<p style="margin:0in"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo1;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1456/scopes-metadata-parameter-needs-to-be">openid / connect / issues / #1456 - scopes metadata parameter needs to be defined —
Bitbucket</a><o:p></o:p></li><ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="mso-list:l2 level2 lfo1;vertical-align:middle">Two options to address undefined `scopes` parameter underneath `openid_relying_party`<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level2 lfo1;vertical-align:middle">Roland and John agrees to define a new `scopes` parameter<o:p></o:p></li></ul>
</ul>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l2 level2 lfo1;vertical-align:middle">
<![if !supportLists]><span style="font-size:10.0pt;font-family:"Courier New""><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Nat pointed out that `scope` (existing) and `scopes`(new) might be confusing and better name for scopes should be considered. <o:p></o:p></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in">
<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo2;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1433/oidc4vci-role-of-the-id-token">openid / connect / issues / #1433 - [oidc4vci] role of the ID Token — Bitbucket</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo2;vertical-align:middle">Torsten pointed out that OIDC4VCI is different from JWT assertion spec because in OIDC4VCI Access token is opaque to the client<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo2;vertical-align:middle">David C. made three suggestions how to improve OIDC4VCI specification. Issues have been filed for each item.
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level3 lfo3;vertical-align:middle">Clarify how user interacts with the wallet in the swimlane<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level3 lfo3;vertical-align:middle">Add text on the trust model<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level3 lfo3;vertical-align:middle">Clarify how authorization works<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level2 lfo3;vertical-align:middle">No objections to moving oIDC4VCI to an Oauth based flow. PR would be useful<o:p></o:p></li></ul>
</ul>
<p class="MsoNormal" style="margin-left:1.0in;vertical-align:middle"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo3;vertical-align:middle">Transferring PoP across devices (discussion continued from Pacific Connect Call on Monday)<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Use-case being user logged into an app on device A (laptop), but wants to receive credential into an app on device B (smartphone)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">John said caBLE is becoming increasingly promising – being deployed across major browser OS and mobile OS
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">David C. described how in their implementation user sets up a WebAuthn connection with the issuer using the wallet. Ie user uses WebAuthn to log in on device A using device B, so that
the Issuer can recognize device B later in the issuance flow<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">John pointed out that that usage of WebAuthn can be looked at in both ways at a higher level:<o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level3 lfo4;vertical-align:middle">Using FIDO as a proof for VP or other tokens (issue to someone who controls private keys to this public key)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level3 lfo4;vertical-align:middle">Purely having a stronger authentication using FIDO
<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">It was pointed out this is close to how we use sender-constraint tokens<o:p></o:p></li></ul>
</ul>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:middle"><<transition to the SIOP call>><o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/pull-requests/128">openid / connect / Pull Request #128: Adds an option to make a credential request via scopes — Bitbucket</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Merged<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/pull-requests/134">openid / connect / Pull Request #134: Removing an option to submit a VC in the Authorization Request (#1443) — Bitbucket</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Waiting for Mike to come back from vacation, since he has requested changes<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">There might be concerns around clarifying why nonce endpoint is not effective in preventing replay<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/pull-requests/101">openid / connect / Pull Request #101: Fetching presentation definitions from a remote repository — Bitbucket</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1440/choosing-how-to-transfer-presentation">https://bitbucket.org/openid/connect/issues/1440/choosing-how-to-transfer-presentation</a><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">We agreed that passing presentation_definition by value should be mandatory to implement, while passing it by reference can be turned on via a new Registration/Discovery metadata<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">We agreed that passing it by reference has a lot of value. Right now, most implementation pass by value and with request object already being passed by reference in many implementations,
size of a presentation_definition is not a problem. We might revisit this set up if majority of implementations switch to passing by reference.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Will merge once David C. updates a PR<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1451/oidc4vci-mandatory-vs-optional-credential">https://bitbucket.org/openid/connect/issues/1451/oidc4vci-mandatory-vs-optional-credential</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">We agreed that it is Issuer’s responsibility to ensure that all mandatory claims are included in a VC<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Kenichi pointed out that in mDL, user would not have much choice over optional claims, probably only over organ donation claim<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Selective release of optional claims might still be useful in other credential types<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">David C. made a distinction between user providing consent in the wallet, and user providing consent directly to the Issuer<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">John asked what if the Issuer issues more or less credentials then
<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1453/oidc4vci-holder-binding-material-without">https://bitbucket.org/openid/connect/issues/1453/oidc4vci-holder-binding-material-without</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">Kristina described how there is a use-case for this in SMART Health Cards<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">David C. described another use-case where credentials for multiple users are stored in one wallet (airplane ticket for example)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">WG agreed to document such use cases and extend specification to support them
<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo4;vertical-align:middle"><a href="https://bitbucket.org/openid/connect/issues/1454/oidc4vci-defining-a-credential-type">https://bitbucket.org/openid/connect/issues/1454/oidc4vci-defining-a-credential-type</a><o:p></o:p></li><ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">David C. pointed out that type in vc-data-model is defined as URI, so URIs need to be supported<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo4;vertical-align:middle">We ran out of time while discussing this issue, will resume with this issue at the next call<o:p></o:p></li></ul>
</ul>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:middle">Thank you!<o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:middle">Kristina<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>