[Openid-specs-digital-credentials-protocols] OIDF DCP WG meeting notes for 2024-07-04

Pedro Felix pedro.felix at curity.io
Fri Jul 5 08:42:18 UTC 2024 

# OIDF DCP WG meeting notes for 2024-07-04

## Attendees

Andreea Prian
David Chadwick
Javier Ruiz
Joseph Heenan
Lukasz Jaromin
Nemanja Patrnogic
Oliver Terbu
Paul Bastian
Pedro Felix
Sebastien Bahloul
Sudesh Shetty

## OpendID4VP

* Joseph presented the goals for the next Implementers Draft version (ID-3).
   * GitHub milestone is here -
https://github.com/openid/OpenID4VP/milestone/1.
   * Main item to include in ID-3 is the profile for the W3C Digital
Credentials API.
       * PR for this work (https://github.com/openid/OpenID4VP/pull/155) is
almost ready to merge.
   * Other items in the milestone may roll into ID-4.

* There is still no PR for the new query language. It will probably not be
done for ID-3 and eventually be available for ID-4.
   * It was noted that this may result in breaking changes between ID-3 and
ID-4.

* There was a brief discussion about the feedback emailed by Guiseppe De
Marco (not present in the meeting).
    * The main item discussed was the wallet attestation to the verifier.
        * The attestation-based authentication specification being defined
in IETF probably does not fit well into what is needed for OpenID4VP.
        * An hypothesis is to specify wallet to presenter attestation in
HAIP, however attestation may be relevant in scenarios that will not use
HAIP, namely when using mdoc.

* There was a discussion about what goes into the client metadata. Joseph
shared the list defined in this comment
https://github.com/openid/OpenID4VP/issues/17#issuecomment-2123350290.
Since there seems to be consensus about the list, and Joseph will create a
PR.

* There was also a discussion about the removal of the client_metadata_uri
authorization parameter. There was consensus on its removal.

## OpenID4VCI

* There was a brief discussion about the requiredness of c_nonce on the
proof tokens (https://github.com/openid/OpenID4VCI/issues/331). Oliver will
create a PR following the conclusions in the previous issue.

+ There was also a discussion about the requiredness of the
credential_identifier in the credential request, namely its relation with
the authorization_details returned from the token endpoint. Some of the
discussion points where:
    * The best way to express in the specification text when
credential_identifier is required.
    * The use of authorization_details on token requests and responses for
the pre-authorized_code grant.
    * The presence or absence of authorization_details on token responses
for refresh grants and its relation to the use of credential_identifier in
the credential request.

Regards,
Pedro Felix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240705/aaf218f2/attachment.html>

More information about the Openid-specs-digital-credentials-protocols mailing list