[Openid-specs-digital-credentials-protocols] DCP WG Minutes

Andreea Prian andreea.prian at idakto.com
Thu Jun 20 17:20:58 UTC 2024 

Hi All,

Please find the meeting notes below.

Date 20.06.2024

Attendees:

  *   Kristina Yasuda
  *   Joseph Heenan
  *   Ryan Galluzzo
  *   Pedro Felix
  *   David Chadwick
  *   Brain Campbell
  *   Judith Kahrer
  *   Sudesha Shetty
  *   Nemanja Patrnogic
  *   Rajvardhan Deshmukh

Agenda

  *   volunteers for the editorial PRs
  *   browser API PR
  *   batch endpoint merge - ready for PR
  *   transaction data (Andreea)
  *   ARF 1.4 comments from DCP WG (not covered)

Not sustainable if only a few people do PRs, need more volunteers.

Topics:
Delete batch endpoint and allow credential endpoint to issue multiple credentials:

  *   https://github.com/openid/OpenID4VCI/issues/18
  *   Should we allow asking for multiple types of credentials with the credential endpoint? Consensus in the meeting is to not allow it; allow only multiple credentials of the same type, same dataset. For another type, make another request
  *   Pedro Felix to open a PR

Correct example in VCI spec section 4.1.2

  *   https://github.com/openid/OpenID4VCI/issues/348
  *   replace “credentials” with “credential_configuration_ids” in the example and re-encode it
  *   Rajvardhan Deshmukh to open a PR

  *
Make path_nested path relative in the presentation submission example
  *   https://github.com/openid/OpenID4VP/pull/184/files
  *   Asking people for opinions on this
  *   Sudesha to have a look on it

Browser API

  *   https://github.com/openid/OpenID4VP/pull/155
  *   Asked opinion on the text on expected origin - good to go for now but it will be discussed on a separate issue
  *   Asked opinion on client id and client scheme that are outside of the signed request object. It seems this was needed when the request was encrypted as it would provide info on how to decrypt it. They do not seem useful anymore when the request is signed so it was suggested to drop them. Brian and Joseph agree

Transaction data

  *   Proposal in google doc: https://docs.google.com/document/d/1E_UlB3fh9zbWiPrzFThEnt69hYN60CWk/edit#heading=h.xna85ltnyeg6
  *   Andreea made a comment on adding personal data to a request that used to contain only generic data and sending it to a wallet that is not authenticated
  *   Brian: unpopular opinion about the transaction data; we should not encroach on the specificities of all use cases and only focus on keeping the spec generic
  *   Andreea to look into how Potential want to use OID4VP for QES
  *   Kristina to contact payment people

Make credential_identifiers mandatory for authorization_details flow

  *   https://github.com/openid/OpenID4VCI/pull/346<https://github.com/openid/OpenID4VCI/pull/346/files>
  *   People to review
  *   Question from Pedro on credential request when using RAR, would credential_identifiers be enough? Answer is yes

Problems in Authorization Code with scope and multiple Credential Datasets

  *   https://github.com/openid/OpenID4VCI/issues/342
  *   Pedro - there are things we cannot do with scopes
  *   Use RAR instead of scopes but not everyone supports this

On making the c_nonce optional

  *   https://github.com/openid/OpenID4VCI/issues/331
  *   No consensus yet
  *   Brian to explain why we should remove the c_nonce from the token endpoint
  *   See also https://github.com/openid/OpenID4VCI/issues/39
  *
Suggested to eliminate the optional and the complications it brings

Best regards,


Andreea Prian

Standardisation Officer

iDAKTO


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240620/18625fe3/attachment-0001.html>

More information about the Openid-specs-digital-credentials-protocols mailing list