[Openid-specs-digital-credentials-protocols] 2024-02-21 (NZT) DCP call meeting notes

Tobias Looker tobias.looker at mattr.global
Tue Feb 20 22:23:33 UTC 2024 

Call notes for DCP WG 21st Feb 9am (NZT)

Attendees

Daniel Fett
Tobias Looker
Joseph Heenan
Paul Bastian
Christian Bormann
John Bradley
Kristina Yasuda
Michael Jones
Chris Cox
Sudesha Shetty
Tom Jones
Gabe
Brian Campbell
Dima Postnikov

Kristina: Agenda Bashing, highest priority discussion is probably PR 266 in OpenID4VCI, does anyone else have any items they would like to discuss?

OpenID4VCI

https://github.com/openid/OpenID4VCI/pull/276

Daniel:  *Introduced the rationale for the PR and what it aims to fix*, high level as the PR describes it fixes issues 272, 271 and 266. Also see here for a related reference https://github.com/vcstuff/sd-jwt-vc-types/pull/5

Brian: I didn't actually read this PR yet, but from what I saw in the other PR its a great improvement

Tobias: Same, haven't reviewed the OpenID4VCI PR yet, I think this is a big improvement.

Kristina: Daniel I think you will move this from draft to ready to review PR?

Daniel: Yes thats correct, will do

Issue Triage

Kristina: Joseph and I have triaged the current issues and added suitable GH labels, see the "priority" label.

Tobias: I still have to open a new issue on the topic discussed last week, will do that before next WG call.

Kristina: Issue 202 looks to be ready for PR, who would be able to assist with this one?

Paul: I can try file a PR for it

Joseph: I think #91 should be labelled for priority too

Kristina: **Briefly re-described issue 172**, consensus is to add general guidance on naming guidance for new formats, would you mind filing a PR Oliver

Oliver: Yes if its not time critical

OpenID4VP

Kristina: PR 99 looking for more reviews and approvals on please

Kristina: Are there any other PR's we should look at Oliver?

Oliver: 108 looks ready

Kristina: Looks like there is a pending suggestion that has just come in?

Oliver: I'd rather not fix in this PR it needs to be fixed in a separate PR.

Joseph: Agreed there are other places to fix it too

Kristina: Will merge after this call

Paul: One question on the last new sentence in this PR, is the response endpoint terminology consistently used

Kristina: Yes its intended to be, could be clearer though I will follow it up.

Kristina: Is there any progress on PR 59?

Oliver: I made a proposal to decouple the feature negotiation from the rest of the proposal.

Oliver: The problem is with the verifier signing the request is that the wallet may not be able to verify the signature.

Oliver: There is a concern that the capability negotiation phase to resolve the request uri could profile and fingerprint the user

Tobias: I agree this is a concern

John: Web browsers are also concerned about this possible source of fingerprint, I dont think it is something we can ignore

Daniel: +1 to everything John said

Kristina: If I understand correctly the issue isn't really about whether the initial request is signed it more what the wallet sends back to the verifier w.r.t capability negotiation?

John: I just want to confirm sending the information before there is user interaction is the core issue as that is where fingerprinting is powerful

**Lots of discussion on this topic, difficult to capture all points, please review recording :)**

John: **Spoke more generally about the negotiation model and different tradeoffs**

Kristina: Not confident, but I will try and summarise what I heard, there is concern that the capability negotiation of the wallet sending its capabilities to verifier is a source of fingerprinting. The second point is that the verifier signing the initial request might not solve the problem that was first identified.

John: I think Brian's point here about our relationship to OAuth2 here is a good one, perhaps we need to backup a step and consider that more?

Kristina: Brian would you mind providing a comment here on the point you raised?

DCP WG In person meeting and OpenID Workshop

Kristina: Just wanted to remind folk to register for the DCP in person session that is in April around IIW

Mike: There is also the OpenID Workshop at the start of the same week

Thanks,
[MATTR website]<https://mattr.global/>

Tobias Looker
MATTR
+64 273 780 461
tobias.looker at mattr.global<mailto:first.last at mattr.global>
[MATTR website]<https://mattr.global/>
[MATTR on LinkedIn]<https://www.linkedin.com/company/mattrglobal>
[MATTR on Twitter]<https://twitter.com/mattrglobal>
[MATTR on Github]<https://github.com/mattrglobal>

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it – please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 22001 bytes
Desc: image001.png
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 872 bytes
Desc: image002.png
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 528 bytes
Desc: image003.png
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 921 bytes
Desc: image004.png
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 1045 bytes
Desc: image005.png
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240220/66f0c16f/attachment-0009.png>

More information about the Openid-specs-digital-credentials-protocols mailing list