[Openid-specs-digital-credentials-protocols] 2023-11-30 SIOP/DCP meeting notes

Joseph Heenan joseph at authlete.com
Thu Nov 30 17:13:36 UTC 2023 

Spec Call Notes 2023-11-30

Attendees:

Joseph Heenan
Kristina Yasuda
Paul Bastian
Michael Jones
Brian Campbell
Christian Bormann
David Chadwick
Jan Vereecken
Judith Kahrer
Pedro Felix
Rajvardhan Deshmukh
Torsten Lodderstedt




Kristina talked with Torsten and their suggestion was there was no need to merge credential instance related PRs before doing implementer’s draft. The current plan is to leave the credential endpoint as is and batch endpoint would likely have a breaking change after ID1 to merge. The naming changes also would be post ID1 as it was felt that this might take a while for the working group to go through and agree as there’s not even a PR yet. No one objected to this.


Draft 12 of VCI has been published to openid website.


Agreed Mike will publish SIOPv2 and VP drafts to openid website very soon too. Kristina asked that ‘draft’ is added to the SIOP title first and Mike agreed.


https://github.com/openid/OpenID4VCI/pull/95 - add user_pin_length and user_pin_description to Credential Offer

Discussed potentially adding text about keyboard but it wasn’t needed.

Joseph spotted a typo, Kristina fixed it & Joseph approved it. Consensus to merge and Kristina merged it.



https://github.com/openid/OpenID4VCI/pull/70 - Wallet notifying the Issuer of acceptance/rejection of issued credential

Mike J had made a comment about making wallet support optional.

Joseph/Kristina argued it was simpler to keep it as mandatory for the wallet. We don’t really have a way for wallet to pass capabilities/feature support to issuer currently so there’s no obvious way to allow the client to indicate if it’s supported or not.

Mike J still felt like we shouldn’t make it mandatory.

Joseph said we have implementers telling us this is essentially for good UX and getting users successfully through the credential issuance flow the first time. We shouldn’t constrain

Mike J appreciated the “getting users successfully through the flow” angle was important and will update his review. He’s still keen that we collect data on how much this is used.

David said they didn’t see the need for this ux in their operations.

Paul said he worried this only addresses cross device and not same device flow and maybe one solution would work for both (a redirect uri for the wallet to launch after flow has launched).

Kristina said it was true that we don’t have a solution for same device but doesn’t think redirect uri doesn’t help for cross device so the current solution is still needed.

Kristina time boxed the discussion. PR to remain open until next week and hopefully merged next week if we can get consensus on next week’s call.


https://github.com/openid/OpenID4VCI/pull/116 - support HTTP Accept-Language in the request for Credential Issuer Metadata to request a subset for display data

Discussion about recommended vs may for issuer support for this.

Joseph said if it’s ‘recommended’ the conformance suite really has to raise a warning if issuers don’t do it, and it’s a chunk of complexity that issuers that have small datasets don’t need to return.

There was a consensus around ‘may’. Kristina is to try suggesting new language, Paul/Joseph will review Kristina’s suggestion.


Discussion around the more complex example Joseph had mentioned. People felt it was valid but to make clear that issuer only has to return a single language such that it can easily make the files be static (rather than generated on the fly). Kristina added a comment to the PR.

Consensus to merge after these two issues are resolved in that way.

https://github.com/openid/OpenID4VCI/issues/62 - IACA Metadata for Credential Issuers

Mike said some ecosystems need this.

Torsten didn’t think we should put credential format specific things into the vci metadata.

Mike replied that it’s in the format specific area of the metadata.

Torsten said it’s metadata that verifiers need as well so shouldn’t be in the VCI issuer.

Joseph asked if root certificates should be part of the list of trusted issuers that wallets/verifiers have. Mike asked Joseph to make that comment on the PR and Joseph has.

David said it should be a higher level thing.

Kristina said mdl in USA they have two alternate mechanisms already and adding this third way may not be helpful.

Christian says verifiers need a form of trust list or some other mechanism.

Mike responded to Kristina’s comment, US mdl are definitely going to do things other ways. Mike doesn’t think everyone will use this, but providing a standard way for people to do it (when they don’t already have a propertiary) way has value even if it’s not already used.

Mike would like to get agreement that we should have agreement that we have a way to publish this information, and if so we can then talk about the mechanism.

Kristina said we should get agreement on the issue on that point. Please can everyone comment on the issue.




AOB from Kristina:

Userinfo profile of VCI was adopted in Connect. We would like to move this to DCP WG, spec author (Richard) will send out a message offering the work to DCP WG and then maybe we can start a call for adoption after next weeks wg call.

The call for adoption for HAIP has now been two weeks and has strong support and no objections, so it is now adopted. Kristina asked Torsten to move it into the WG GitHub.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20231130/aa67abd5/attachment.html>

More information about the Openid-specs-digital-credentials-protocols mailing list