[Openid-specs-digital-credentials-protocols] OIDF DCP WG meeting notes for 2024-07-25

Jan Vereecken jan.vereecken at meeco.me
Mon Jul 29 12:34:31 UTC 2024 

Hello All,
Please find the notes below of the DCP WG call of July 25th.
Rgs,
Jan

  *   Participants
     *   Torsten Loddersted
     *   Joseph Heenan
     *   Marijn Haring
     *   Kristina Yusuda
     *   Andreea Prian
     *   Lukasz Jaromin
     *   Steve Venema
     *   Paul Bastian
     *   Andy Lim
     *   Juba Saadi
     *   Oliver Terbu
     *   Andreea Prian
     *   Brian Campbell
     *   Hicham Lozi
     *   Ryan Galluzzo
     *   John Bradley
     *   Rajvardhan Deshmukh
     *   Bjorn Helm
     *   Gareth Oliver
     *   Jian Liu
  *   Agenda
     *   Wallet Attestations / Key Attestations
     *   Removal CWT proof type
     *   OID4VCI/PR 220: Introduce Query Language
     *   Client id scheme security
     *   Adding transaction data
  *   External Events
     *   Some events around IIW, see mailing list for more details
  *   OID4VCI/Issue 355: Wallet Attestations / Key Attestations
     *   Kristina: Recap of what was discussed in previous call. Details in the issue
     *   Torsten: Has two questions. First one: highlights comment from Andrea regarding issuer metadata needed for wallet to understand which attestation is needed for a key
     *   Andrea highlights here last comment in the ticket talking about PoP and context that can be useful for the issuer as well as its importance for authentication (e.g. PID provider might have more strict requirements).
     *   Torsten: party sending the requests is who decides what is allowed. Suggests to extend the metadata to convey the requirements regarding keys
     *   Andrea: Issuer cannot always specify what means of authn is supports as it can also depend on the WSCD supported by the device the user has. Shou
     *   Torsten: Of the opinion that issuer should provide as much information to wallet as possible
     *   Paul: Agrees with Torsten. Avoid that after providing key attestation the issuer says that it can't continue.
     *   Agree to wait for Paul's PR to discuss this further
     *   Torsten: goes to second question brings up the topic of wallet authentication
     *   Andrea highlight that each member state has a different interpretation of LoA high for example.
     *   Torsten agrees
     *   John: Wallet to decide which trust mark to provide based on the information the issuer provides. Potentially also useful for "Wallet Selector" to lead the user to a wallet that is likely to support it.
     *   Agree to wait for Paul's PR
  *   OID4VCI/Issue 320: Remove CWT proof type
     *   Kristina introduces the issue. Email to mailing list asking for objections to remove it. Asks the working group. No objections.
     *   Brian will create a PR to remove it.
  *   OID4VP/Issue 124: client_id_scheme security considerations
     *   Daniel introduces the issue. The summary is that client_id_scheme must be present whenever client_id scheme is present as the client_id
     *   Kristina asks WG if anyone is opposed to prefixing the client_id with the client_id_scheme
     *   Oliver is opposed to namespacing, but has no concrete counter proposal
     *   Torsten and Kristina bring up that it is waiting for Tobias to make a suggestion and the ticket is already open for more than 3 months
     *   Oliver wants to circle back and suggest a proposal on Aug 6th
     *   Torsten highlights the change is needed to OpenID Federation wrt the entity identifier. That change is either an extra param (client_id_scheme) or namespaced entity identifier
     *   John: should be discussed with people who already use Federation (e.g. Italian Wallet)
     *   Torsten: Agrees
     *   Daniel: This is a problem for every server that uses client_ids from multiple sources, so more universal than OpenID Federation
     *   Joseph: If it only applies to wallets, this should be stated clearly
     *   Kristina: This is more universal problem
     *   Lukasz: How can we avoid conflicts with other potential interpretations of client_id
     *   John: We can't. Difficult to understand
     *   Kristina: Asks for remarks raised during the meeting to be documented in the issue
  *   OID4VP/PR220: Introduce new query language
     *   Daniel introduces the PR. Ready for reviews.
  *   OID4VP/PR197: Add transaction_data
     *   Kristina introduces the PR. Ready for reviews.
     *   LSPs in EU are actively asking for this as they rely on this mechanism.
  *   Actions
     *   Oliver will propose alternative solution than the one proposed currently in OID4VP/Issue 124 by Aug 6th

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240729/b8e3e9cf/attachment-0001.html>

More information about the Openid-specs-digital-credentials-protocols mailing list