<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">SIOP Special Topic Call Notes 24-Aug-23<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Mark Haine<o:p></o:p></p>
<p class="MsoNormal">David Waite (DW)<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">David Luna<o:p></o:p></p>
<p class="MsoNormal">Nander Stabel<o:p></o:p></p>
<p class="MsoNormal">Daniel Fett<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">Giada Sciarretta<o:p></o:p></p>
<p class="MsoNormal">Amir Sharif<o:p></o:p></p>
<p class="MsoNormal">Jean Snyman<o:p></o:p></p>
<p class="MsoNormal">Pedro Felix<o:p></o:p></p>
<p class="MsoNormal">Andrew Hughes<o:p></o:p></p>
<p class="MsoNormal">Oliver Terbu<o:p></o:p></p>
<p class="MsoNormal">Takahiko Kawasaki<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Digital Credentials Protocols Working Group<o:p></o:p></p>
<p class="MsoNormal"> The first call is in a week, as announced at<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OAuth Security Workshop (OSW) 2023 is in progress in London<o:p></o:p></p>
<p class="MsoNormal"> Formal methods<o:p></o:p></p>
<p class="MsoNormal"> Mike led discussions on the features Presentation Exchange<o:p></o:p></p>
<p class="MsoNormal"> We talked about which of that functionality we need and don't<o:p></o:p></p>
<p class="MsoNormal"> Mike will send out notes<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #577: add security considerations on TLS (Issue #1621)<o:p></o:p></p>
<p class="MsoNormal"> Merging<o:p></o:p></p>
<p class="MsoNormal"> PR #570: clarify requirements when credential offer is not signed (issue #1687)<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe needs to re-review<o:p></o:p></p>
<p class="MsoNormal"> PR #604: ed: change CONDITIONAL to OPTIONAL in VCI (Issue #2005)<o:p></o:p></p>
<p class="MsoNormal"> Daniel pointed out that using OPTIONAL doesn't always fit when there are conditions<o:p></o:p></p>
<p class="MsoNormal"> Mike said that we sometimes say things like "REQUIRED when ..." and "REQUIRED except when ..."<o:p></o:p></p>
<p class="MsoNormal"> We'll close this PR and create a new one using the new language<o:p></o:p></p>
<p class="MsoNormal"> Other editorial PRs are #605, #610, and #611<o:p></o:p></p>
<p class="MsoNormal"> PR #612: VCI: Adding a credential identifier (issue #1923)<o:p></o:p></p>
<p class="MsoNormal"> Mike and Joseph asked what the proposed identifiers are to be used for<o:p></o:p></p>
<p class="MsoNormal"> Mike observed that this is somewhat parallel to the PE descriptor_map "id" property<o:p></o:p></p>
<p class="MsoNormal"> Kristina described having arrays of objects within arrays of objects<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that the kinds of credentials that can be issued should be in the credential metadata<o:p></o:p></p>
<p class="MsoNormal"> Joseph said that it's the issuer that knows what kinds of credentials it can issue<o:p></o:p></p>
<p class="MsoNormal"> Joseph asked whether the wallet can ask for a credential and get returned five of them<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that issuance only happens one at a time unless the batch endpoint is used<o:p></o:p></p>
<p class="MsoNormal"> DW said that the issuer already knows a lot about the user<o:p></o:p></p>
<p class="MsoNormal"> We talked about whether the wallet can distinguish between different credentials from an issuer without inspecting their contents<o:p></o:p></p>
<p class="MsoNormal"> Daniel said that we may need more specificity about whether multiple instances of the same credential are issued or different credentials<o:p></o:p></p>
<p class="MsoNormal"> Pedro said that identifiers are created at runtime knowing the context of the user<o:p></o:p></p>
<p class="MsoNormal"> He views the potential identifiers as being very dynamic<o:p></o:p></p>
<p class="MsoNormal"> He said that there could be hundreds of kinds of vaccine certificates<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that the credential response could dynamically add identifiers<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that if display identifiers are different that could be put in the credentials<o:p></o:p></p>
<p class="MsoNormal"> That could be a huge simplification<o:p></o:p></p>
<p class="MsoNormal"> Kristina will revise the PR<o:p></o:p></p>
<p class="MsoNormal"> The approach is to remove credentialSubject from credential_definition<o:p></o:p></p>
<p class="MsoNormal"> Taka said that implementations are needed to confirm that the spec can be implemented interoperably<o:p></o:p></p>
<p class="MsoNormal"> PR #608: Wallet notifying the Issuer of acceptance/rejection of issued credential (Issue #1929)<o:p></o:p></p>
<p class="MsoNormal"> David said that we need a way of binding which credentials the wallet successfully stored out of the credentials that were issued<o:p></o:p></p>
<p class="MsoNormal"> One possible identifier is the proof value<o:p></o:p></p>
<p class="MsoNormal"> Another possible identifier might be added by PR #612<o:p></o:p></p>
<p class="MsoNormal"> Pedro described circumstances in which proofs might not be unique<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance">
https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance</a><o:p></o:p></p>
<p class="MsoNormal"> #1922: OID4VCI: Unique ID for each element in credentials<o:p></o:p></p>
<p class="MsoNormal"> Taka agreed with Kristina's last comment in the issue<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There was a hallway conversation this week about dropping authorization_pending because it makes the pre-authorized code long-lived<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Daniel is in favor of merging the credential endpoint and the batch endpoint<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call will be Monday, August 28th at 4pm Pacific Time<o:p></o:p></p>
</div>
</body>
</html>