<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi Kristina</div>
<div class="moz-cite-prefix"> can I add a correction to the minutes
please. Instead of</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">David C. described how in their
implementation user sets up a WebAuthn connection with the issuer
using the wallet. Ie user uses WebAuthn to log in on device A
using device B, so that the Issuer can recognize device B later in
the issuance flow</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">it should read</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">David C. described how in their
implementation user sets up a WebAuthn connection with the issuer
using the wallet. Ie user uses WebAuthn to establish a key pair in
on device A (the wallet), so that the Issuer can recognize device
A later in the issuance flow and in subsequent interactions e.g.
to revoke, refresh or delete the credential</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Many thanks</div>
<div class="moz-cite-prefix"><br>
David<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 11/03/2022 09:55, Kristina Yasuda
via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR00MB0887F21DCA67C30C8CD16E99E50C9@BYAPR00MB0887.namprd00.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p style="margin:0in">David Chadwick<o:p></o:p></p>
<p style="margin:0in">John Bradley<o:p></o:p></p>
<p style="margin:0in">Joseph Heenan<o:p></o:p></p>
<p style="margin:0in">Nat Sakimura<o:p></o:p></p>
<p style="margin:0in">Torsten Lodderstedt<o:p></o:p></p>
<p style="margin:0in">Brian Campbell<o:p></o:p></p>
<p style="margin:0in">Filip Skokan<o:p></o:p></p>
<p style="margin:0in">David Waite<o:p></o:p></p>
<p style="margin:0in">Jeremie Miller<o:p></o:p></p>
<p style="margin:0in">Jo Vercammen<o:p></o:p></p>
<p style="margin:0in">Kenichi Nakamura<o:p></o:p></p>
<p style="margin:0in">Kristina Yasuda<o:p></o:p></p>
<p style="margin:0in"><o:p> </o:p></p>
<p style="margin:0in">(Connect call notes followed by subsequent
SIOP call notes)<o:p></o:p></p>
<p style="margin:0in"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1
lfo1;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1456/scopes-metadata-parameter-needs-to-be"
moz-do-not-send="true">openid / connect / issues / #1456 -
scopes metadata parameter needs to be defined — Bitbucket</a><o:p></o:p></li>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="mso-list:l2 level2
lfo1;vertical-align:middle">Two options to address
undefined `scopes` parameter underneath
`openid_relying_party`<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l2 level2
lfo1;vertical-align:middle">Roland and John agrees to
define a new `scopes` parameter<o:p></o:p></li>
</ul>
</ul>
<p class="MsoNormal"
style="margin-left:.75in;text-indent:-.25in;mso-list:l2 level2
lfo1;vertical-align:middle">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:"Courier New""><span
style="mso-list:Ignore">o<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->Nat pointed out that
`scope` (existing) and `scopes`(new) might be confusing and
better name for scopes should be considered. <o:p></o:p></p>
<p
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in"> <o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1
lfo2;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1433/oidc4vci-role-of-the-id-token"
moz-do-not-send="true">openid / connect / issues / #1433 -
[oidc4vci] role of the ID Token — Bitbucket</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo2;vertical-align:middle">Torsten pointed out that
OIDC4VCI is different from JWT assertion spec because in
OIDC4VCI Access token is opaque to the client<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo2;vertical-align:middle">David C. made three
suggestions how to improve OIDC4VCI specification. Issues
have been filed for each item.
<o:p></o:p></li>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level3
lfo3;vertical-align:middle">Clarify how user interacts
with the wallet in the swimlane<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level3
lfo3;vertical-align:middle">Add text on the trust model<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level3
lfo3;vertical-align:middle">Clarify how authorization
works<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level2
lfo3;vertical-align:middle">No objections to moving
oIDC4VCI to an Oauth based flow. PR would be useful<o:p></o:p></li>
</ul>
</ul>
<p class="MsoNormal"
style="margin-left:1.0in;vertical-align:middle"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1
lfo3;vertical-align:middle">Transferring PoP across devices
(discussion continued from Pacific Connect Call on Monday)<o:p></o:p></li>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Use-case being user logged
into an app on device A (laptop), but wants to receive
credential into an app on device B (smartphone)<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">John said caBLE is becoming
increasingly promising – being deployed across major
browser OS and mobile OS
<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">David C. described how in
their implementation user sets up a WebAuthn connection
with the issuer using the wallet. Ie user uses WebAuthn to
log in on device A using device B, so that the Issuer can
recognize device B later in the issuance flow<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">John pointed out that that
usage of WebAuthn can be looked at in both ways at a
higher level:<o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level3
lfo4;vertical-align:middle">Using FIDO as a proof for VP
or other tokens (issue to someone who controls private
keys to this public key)<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level3
lfo4;vertical-align:middle">Purely having a stronger
authentication using FIDO
<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">It was pointed out this is
close to how we use sender-constraint tokens<o:p></o:p></li>
</ul>
</ul>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:middle"><<transition
to the SIOP call>><o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/pull-requests/128"
moz-do-not-send="true">openid / connect / Pull Request
#128: Adds an option to make a credential request via
scopes — Bitbucket</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Merged<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/pull-requests/134"
moz-do-not-send="true">openid / connect / Pull Request
#134: Removing an option to submit a VC in the
Authorization Request (#1443) — Bitbucket</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Waiting for Mike to come back
from vacation, since he has requested changes<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">There might be concerns around
clarifying why nonce endpoint is not effective in
preventing replay<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/pull-requests/101"
moz-do-not-send="true">openid / connect / Pull Request
#101: Fetching presentation definitions from a remote
repository — Bitbucket</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1440/choosing-how-to-transfer-presentation"
moz-do-not-send="true" class="moz-txt-link-freetext">https://bitbucket.org/openid/connect/issues/1440/choosing-how-to-transfer-presentation</a><o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">We agreed that passing
presentation_definition by value should be mandatory to
implement, while passing it by reference can be turned on
via a new Registration/Discovery metadata<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">We agreed that passing it by
reference has a lot of value. Right now, most
implementation pass by value and with request object
already being passed by reference in many implementations,
size of a presentation_definition is not a problem. We
might revisit this set up if majority of implementations
switch to passing by reference.<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Will merge once David C.
updates a PR<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1451/oidc4vci-mandatory-vs-optional-credential"
moz-do-not-send="true" class="moz-txt-link-freetext">https://bitbucket.org/openid/connect/issues/1451/oidc4vci-mandatory-vs-optional-credential</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">We agreed that it is Issuer’s
responsibility to ensure that all mandatory claims are
included in a VC<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Kenichi pointed out that in
mDL, user would not have much choice over optional claims,
probably only over organ donation claim<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Selective release of optional
claims might still be useful in other credential types<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">David C. made a distinction
between user providing consent in the wallet, and user
providing consent directly to the Issuer<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">John asked what if the Issuer
issues more or less credentials then
<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1453/oidc4vci-holder-binding-material-without"
moz-do-not-send="true" class="moz-txt-link-freetext">https://bitbucket.org/openid/connect/issues/1453/oidc4vci-holder-binding-material-without</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">Kristina described how there
is a use-case for this in SMART Health Cards<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">David C. described another
use-case where credentials for multiple users are stored
in one wallet (airplane ticket for example)<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">WG agreed to document such use
cases and extend specification to support them
<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list:l0 level1
lfo4;vertical-align:middle"><a
href="https://bitbucket.org/openid/connect/issues/1454/oidc4vci-defining-a-credential-type"
moz-do-not-send="true" class="moz-txt-link-freetext">https://bitbucket.org/openid/connect/issues/1454/oidc4vci-defining-a-credential-type</a><o:p></o:p></li>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">David C. pointed out that type
in vc-data-model is defined as URI, so URIs need to be
supported<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level2
lfo4;vertical-align:middle">We ran out of time while
discussing this issue, will resume with this issue at the
next call<o:p></o:p></li>
</ul>
</ul>
<p class="MsoNormal" style="vertical-align:middle"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:middle">Thank you!<o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:middle">Kristina<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>