[Openid-specs-digital-credentials-protocols] [minutes] APAC-friendly DCP WG + SIOP call (PST midday)
Jan Vereecken
jan.vereecken at meeco.me
Thu Mar 14 18:19:16 UTC 2024
Hi All,
Please find the minutes for the meeting below
* Participants
* Joseph Heenan
* Kristina Yasuda
* Brian Campbell
* Daniel B
* Daniel Fett
* Gabe
* Jin Wen
* Kim Duffy
* Michael Jones
* Oliver Terbu
* Orie Steele
* Tobias Looker
* Tom Jones
* Torsten Lodderstedt
* Jan Vereecken
* Tim Cappalli
* Bjorn Hjelm
* Agenda
* IPR reminder/ Note-taking
* Introductions/re-introductions
* Agenda bashing/adoption
* Events/External orgs
* Proposal from chairs on next steps for query language discussion
* Discuss what a profile of presentation exchange could look like
* Discuss outstanding questions on request_uri extension, https://github.com/openid/OpenID4VP/pull/59
* Minutes
* OID4VP Query language (JH)
* https://docs.google.com/presentation/d/1Ax6H9CDcOVvBNlUpkJ50nIljapGqF4_Zc7_DJXmmWqI/edit#slide=id.g2c1958bc4c0_0_0
* Michael: What is the methodology. How to make decisions that everyone wants to live with.
* Kristina: Follow usual process to take time and discuss
* Tom: How will a wallet know it needs to act on a request
* Torsten: This topic does not deal with how a wallet is opened, but starts from the moment the wallet is opened
* Minimum PE profile for OpenID4VP (KY)
* https://docs.google.com/document/d/1r7S36RFNsnCOrYbkyTFE5ybPBalT-hERSnzKQ2rzcX8
* Possibilities of PE are massive, this is an attempt to make it more approachable, less intimidating
* Need for implementor feedback (for example presentation definition filter attribute)
* Tobias: Queries become format specific. Path single element.
* Torsten: A verifier knows what format they are asking for. The main benefit here is to use the same query language.
* Orie: Finds defining a minimum profile not a good use of time. Fix it to a version.
* Kim: PE v2 and v2.1 moves more to a feature model to address some of the concerns and make it easier to implement.
* Oliver: PE can't be used for mdoc. Not a format agnostic query language, except for json parsing. Finds it better to embrace the differences in credential formats
* Kristina: PE already used for mdoc without major complaints, so why is it an issue
* Oliver: From own experience finds that there is almost no reuse when implementing PE for different formats.
* Michael: Suggest considering the presentation of 1 credential only, so we truly have a minimal profile.
* Torsten: never a goal to maximise reuse
* Tobias: when syntax looks similar, but processing is different (based on credential formats with completely different profiles) might promote ambiguity and might be potentially dangerous
* Kristina: Looks for confirmation if this document describes where implementors have started
* PR 59: request_uri (wallet picks up request from verifier)
* Torsten: who defines the response
* Orie: lots of libraries throw errors when using alg: none, therefore suggests returning pure json response.
* Joseph: server can use accept header, but in the end decides
* Torsten: Need decision if we need state parameter
* Joseph: if someone needs it, they should open issue.
* Accept this move forward
* Torsten: Issue brought up by Oliver to change encode on the request. Mixed encoding for different endpoints doesn't make sense. Needs to be consistent. OAuth style is request is form encoded and response json encoded
Regards,
Jan
p.s. sorry for the delay, there was an issue with me posting to the list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240314/1cbc78d4/attachment-0001.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list