[Openid-specs-digital-credentials-protocols] [agenda] APAC-friendly DCP WG + SIOP call (PST midday)

Tue Aug 20 20:25:36 UTC 2024

Hi folks,

Below are the notes for  DCP call on 2024-08-20
Please feel free to correct if I have made any mistake in the notes.

## Attendees (20)

Rajvardhan Deshmukh
Torsten Lodderstedt
Joseph Heenan
Kristina Yasuda
Ketan Mehta
Michael Jones
Stece Venema
Ryan Galluzzo, NIST ACD
Martijn Haring
Paul Bastian
Jan Vereecken
Sebastien Bahloul (IDEMIA/AFNOR)
Daniel Fett
Oliver Terbu
Tobias Looker (MATTR)
George Fletcher
nemanja.patrnogic
Hicham Loz (Apple)
Brian Campbell
Bjorn Hjelm

## Notes

Joseph: OIDF workshop in October, register for in-person or virtual. Email sent out.

https://github.com/openid/OpenID4VP/issues/124
Oliver: client_id_schema is
invasive to existing protocols and security concerns (mentioned in issue)
Daniel's PR solves security issue but not the others.
Remove clientid_schema and move components into protocol

Daniel: Auto detect client id schema? Auth client ID against key/pub key.
Verifier sends req and cert in the req obj, rules validate req
Current when redirect authz req not signed.
Main reason for client_id_schema is client metadata resolution

Daniel and Oliver: Make sure all methods did and x5c are in the same security level

Oliver: the proposal will simplify and combine different client id schemes

Torsten: How does a wallet decide auth of openid federation?
Distinguish logic, pre-registered client and other flows.
Describe Control logic that kicks in for each request.
client-id schema used to define logic for how clients authenticate.
Text describing the logic is needed.

Kristina:
Concern:
1. Using implicit inputs to determine logic makes it fragile. E.g. header + client_id, if client id https 2 ways …
2.  Folks will have to understand this, wallet will have to implement more complicated logic.

Tobias: Oliver will provide logic, how to interpret client id and which methods will be used depending on the input parameters. This will be created as an issue in the repository.
Tobias: Real world usecase different mechanisms same id where wallet support web domain also sign x509, support graceful fallback.
Joseph and Oliver agree that they will present next week (Tuesday).

https://github.com/openid/OpenID4VP/issues/227
Mike: Let's explicitly state the principles to enable non-breaking extensibility
Joseph: already implicit, so its normitive and change seems reasonable

assigned PR's
https://github.com/openid/OpenID4VP/issues/228
https://github.com/openid/OpenID4VP/issues/221
https://github.com/openid/OpenID4VP/issues/216 (Martijn pointed out the confusing about language about using JARM, will be clarified in the PR)
Brian and Torsten: JARM encrypt response (redirect methods and browser api), claim responses then don't need it.

Best,
Rajvardhan

From: Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net>
Date: Tuesday, August 20, 2024 at 11:20 AM
To: Digital Credentials Protocols List <openid-specs-digital-credentials-protocols at lists.openid.net>
Cc: Joseph Heenan <joseph at authlete.com>
Subject: [Openid-specs-digital-credentials-protocols] [agenda] APAC-friendly DCP WG + SIOP call (PST midday)
Hi All,

Below is the suggested agenda for today's DCP WG + SIOP call at 12:00 midday PT (just over 40 minutes time), https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09

  1.  IPR reminder/ Note-taking
  2.  Introductions/re-introductions
  3.  Agenda bashing/adoption
  4.  Events/External orgs
  5.  Oliver/Tobias proposal for client_id_scheme security ( https://github.com/openid/OpenID4VP/issues/124 )
  6.  Issues ready for PRs - who can help please?
  7.  PRs needing reviews/discussions
  8.  Other Open PRs/Issues

Thanks

Joseph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240820/03192d84/attachment-0001.html>