[Openid-specs-digital-credentials-protocols] [agenda] APAC-friendly DCP WG + SIOP call (PST midday)

Paul Bastian paul.bastian at posteo.de
Tue Sep 10 20:04:23 UTC 2024 

Hi,

here are the notes from today's call:

# Attendees
Andres Olave
Bjorn Helm
Brian Campbell
Christian Bormann
Daniel Fett
Denver-9-Mount Sneffels
Edmund Jay
Gareth Oliver
Hicham Lozi
Jan Vereecken
John Bradley
Joseph Heenan
Lee Campbell
Lukasz Jaromin
Martjin Haring
Michael Jones
Oliver Terbu
Paul Bastian
Ryan Galluzzo
Sam Goto
Sebastien
Steve Venema
Tom Jones

# Discussion about Timeline for standard publication
- Marjin thinks new query language should go in before 1.0
- Lee asks whether it makes sense to wait with 1.0 for longer time and 
get into the next implementing act round
- Joseph responds that we already missed first round of eIDAS 
implementing acts and aim for second round, fear of missing out, but 
there might be even a third
- situation is that 1.0 feels like a step in the door and waiting for 
too long may be too much of a gamble
- Lee agrees but also sees the risk that we get stuck with PE
- Joseph says that we will have PE probably anyway through ISO mDL
- people ask how much effort needs to be done for squeezing new query 
language in
- Mike points out there are substantial open points and we need 
implementations
- Joseph asks if anybody objects trying to get new query language into 1.0
- Daniel will provide summary and update on Thursday call

# How can verifiers that support multiple trust models/ecosystems know 
how to authenticate to the wallet?
- https://github.com/openid/OpenID4VP/issues/248
- Verifier doesn't know with which certificate to sign the request
- allow multiple signatures?
- John points out this architecture is nuts, instead Wallet should 
figure out that Verifier is correct to his trust model, e.g. with trust 
marks
- different issuers will have different RP policies
- Lee thinks RP shouldn't care about the Wallet at that point but about 
the issuers
- Daniel thinks RP is talking to ecosystems
- Brian points back to the issue, in the context of BrowserAPI already 
has requests parameter to allow this instead of using JWS json serialization
- Christian says we need embedded issuer policies (in credential itself 
or metadata) to cleanly solve this
- Martjin thinks in the long run solutions may unite and may not need 
it, but in the short run complications may be expected, allowing 
multiple RP certificates may smooth this
- John: we probably need to do it and fix it later "if it falls over", 
hinting to OpenID Federation
- Daniel explains the suggestion, that reuses JWS JSON Serialization

# Deferred endpoint fixing it?
- there seem to be some issues with Deferred Issuance flow
- if you are aware of any problems please report!

# Define claims display description and claims path query - 
https://github.com/openid/OpenID4VCI/pull/276
- there is a bug in metadata that would need to be fixed
- please provide Feedback!

# Permit the use of the new query language instead of presentation 
exchange. https://github.com/openid/OpenID4VP/issues/255
- small issue that enables the new query language without a breaking change
- we need PR!

c_nonce PR: Are we going to mandate support of nonce endpoint for 
issuers that require nonces? 
https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172
- this removes c_nonce from token endpoint and introduces a new nonce 
endpoint instead
- we need more feedback on this!

client_id_scheme security ( https://github.com/openid/OpenID4VP/issues/124 )
- trying to solve this topic in the next weeks
- please connect to editors if you want to help!

Add extensibility to Credential Response #386 - 
https://github.com/openid/OpenID4VCI/issues/386
- add extensiability to Credential Response, e.g. for ARKG handles in 
the future
- three options are provided
- Option#2 with breaking change, but currently favored.
- please provide feedback!

Key attestation first draft PR - please review: 
https://github.com/openid/OpenID4VCI/pull/389
- Draft PR for key attestation that helps Issuers for regulated use 
cases, needed for eIDAS
- looking for early feedback here!

Define an ISO mdoc profile for Digital Credential API in OIDF/DCP 
https://github.com/openid/OpenID4VP/issues/219
- Martjin agreed to make a PR for this one

Best regards,
Paul

On 10.09.24 20:59, Joseph Heenan via 
Openid-specs-digital-credentials-protocols wrote:
> Hi All,
> Below is the suggested agenda for today's DCP WG + SIOP call at 12:00 
> midday PT (now, sorry it’s late!), 
> https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09
>
>  1. IPR reminder/ Note-taking
>  2. Introductions/re-introductions
>  3. Agenda bashing/adoption
>  4. Events/External orgs
>  5. Consensus around proposed plan for moving VP/VCI to 1.0 final:
>     https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20240909/000443.html
>  6. New Query language in 1.0?
>  7. How can verifiers that support multiple trust models/ecosystems
>     know how to authenticate to the wallet?
>     https://github.com/openid/OpenID4VP/issues/248
>  8. Deferred endpoint fixing it?
>  9. Define claims display description and claims path query -
>     https://github.com/openid/OpenID4VCI/pull/276
> 10. Permit the use of the new query language instead of presentation
>     exchange. https://github.com/openid/OpenID4VP/issues/255
> 11. c_nonce PR: Are we going to mandate support of nonce endpoint for
>     issuers that require nonces?
>     https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172
> 12. client_id_scheme security (
>     https://github.com/openid/OpenID4VP/issues/124 )
> 13. Wallets authenticating to verifiers:
>     https://github.com/openid/OpenID4VP/issues/141
> 14. Mike’s extensibility PRs
>     https://github.com/openid/OpenID4VP/issues/227
>     https://github.com/openid/OpenID4VCI/pull/382 (Kristina’s comment
>     on latter)
> 15. Add extensibility to Credential Response #386 - https://
>     <https://github.com/openid/OpenID4VCI/issues/386>github.com/openid/OpenID4VCI/issues/386
>     <http://github.com/openid/OpenID4VCI/issues/386>
> 16. Key attestation first draft PR - please review:
>     https://github.com/openid/OpenID4VCI/pull/389
> 17. Issues ready for PRs - who can help please?
> 18. PRs needing reviews/discussions
> 19. Other Open PRs/Issues
>
> Thanks
>
> Joseph
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240910/153938e0/attachment-0001.html>

More information about the Openid-specs-digital-credentials-protocols mailing list