[Openid-specs-digital-credentials-protocols] [agenda] Atlantic DCP WG + SIOP call (PST 8am)

Thu Feb 8 23:55:21 UTC 2024

The meeting notes:

Introduction
- Kristina: hopefully we can start OpenID-wide review after this call
- Juba(Lissi) asked to talk about 
https://github.com/openid/OpenID4VCI/issues/61

OpenID4VCI
- PR #244: https://github.com/openid/OpenID4VCI/pull/244
   - resolved various issues in Tuesday's APAC Call
   - discussed remaining suggestion on potential privacy leakage with 
Custom URL scheme for Credential Offer
   - resolved remaining suggestions about headlines
   - PR has already many approvals
   - merging after the call
- PR #252: https://github.com/openid/OpenID4VCI/pull/252
   - editorial, mentioning of SD-JWT in the introduction
   - PR has already many approvals
   - merging after the call
- PR #253: https://github.com/openid/OpenID4VCI/pull/253
   - unsure if this gets in before ID-1 as its normative
   - Paul thinks not that it is a duplicate, but sentence belongs to 
other paragraph
   - Brian/Pedro think existing language may be enough, but it doesn't 
hurt keeping it in
   - agreement that existing text without second query statement should 
be good enough
- PR #246 https://github.com/openid/OpenID4VCI/pull/246
   - agreed to do this after ID-1
- PR #155 https://github.com/openid/OpenID4VCI/pull/155
   - Torsten expected this to be merged before ID-1
   - Daniel said its mostly editorial and some important normative 
renaming is already done
   - it could make sense, but Daniel doesn't have the resources
   - PR#254 is changing similar stuff in the introduction
- Kristina says we are good to start ID-1
   - Philipp asks for estimate when ID-1 is finished
   - after review 45 days and another 7 days after this
   - decision to start the ID-1 process today after the call
   - ID-1 triggers OpenID-wide review with voting and IPR protection, 
also serves for conformance tests etc, but does not mean that no 
breaking chances may occur
   - potential breaking changes have been processed in the last weeks to 
bring them in before ID-1
- Issue Issue #61 https://github.com/openid/OpenID4VCI/issues/61
   - Paul presents ideas around adding optional redirect_uri to let the 
issuer get back screen control after (successful) issuance for improved 
user experience
   - see 
https://github.com/openid/OpenID4VCI/issues/61#issuecomment-1933863876 
for details
   - Brian: User may not be present but credential endpoint is used 
automatically
   - Torsten: it doesn't make sense in all cases
   - Kristina: we need more time to discuss
   - Joseph: if it only makes sense for credential offer, then insert it 
there?

OpenID4VP
request_uri extension PR #59 https://github.com/openid/OpenID4VP/pull/59
   - have GET as fallback for POST method?
   - reach out to JAR authors why request_uri was excluded from Request 
Object?
   - Torstens analysis is that the ideas trend towards having a new, 
optional mechanism separate from request_uri that requires signing (Paul 
agrees)
   - Oliver suggests splitting discussion/PR up into signing request and 
wallet capabilities, Torsten thinks they are closely related
   - Kristina/Oliver would prefer progress on wallet capabilities with 
less focus on signed request/privacy
   - Torsten mentions that ideas and previous PR circling for half a 
year already, further progress is needed

Best regards, Paul