[Openid-specs-digital-credentials-protocols] [agenda] APAC-friendly DCP WG + SIOP call (PST midday)

Kristina Yasuda yasudakristina at gmail.com
Wed Sep 11 07:28:42 UTC 2024 

Hi,
Sorry for missing yesterday's call (am at ETSI workshop on EUDIW).
Few thoughts/comments.


*> Joseph asks if anybody objects trying to get new query language into 1.0*

I am objecting. In short, the motivation is 1) to secure OpenID4VP is
referenced by the Implementing Act, 2) to give implementers a stable
document (the need for both has been mentioned multiple times during the
workshop), and 3) just like mike said,  there are still substantial open
points on the new query language and we need implementation experience.

It is probably worth clarifying that *new query language not making it to
1.0 does not mean it will not make it to the second round of the
implementing acts* - if we work efficiently, and manage to get out 1.1
before the second round gets opens, we can get 1.1 with a new query
language referenced in the Implementing Acts.

Encouragement from the European Commission has been to have shorter release
cycle for OpenID4VC specs to address points 1) and 2), and from a
risk-management perspective, I believe we should a) publish final with a
text that makes it clear that new query lang is allowed
<https://github.com/openid/OpenID4VP/issues/255>, 2) prioritize new query
language for 1.1, so once we know clearer when the second round of IAs gets
reopened, we are sure new query language is in 1.1.

> Define an ISO mdoc profile for Digital Credential API in OIDF/DCP
https://github.com/openid/OpenID4VP/issues/219
*- Martjin agreed to make a PR for this one*

umm...may I ask why? I looked at the issue and the scope of the PR that
Martijn will do is not clear to me and the issue does not feel ready for PR
to me. Where is it documented how the WG agreed to address topics clarified
in https://github.com/openid/OpenID4VP/issues/219#issuecomment-2294048268 ?
Would be better to discuss and clearly document those first.

Define claims display description and claims path query -
https://github.com/openid/OpenID4VCI/pull/276
*- there is a bug in metadata that would need to be fixed*

I think the open question is whether we want/need to fix this issue and
merge this PR before going final. There might be good reasons to do so
(align with IETF SD-JWT VC metadata, this is a breaking change so if we do
not do it now, we might have to wait until 2.0), but would like us, first,
to agree we want it before final.

Best,
Kristina


On Tue, Sep 10, 2024 at 10:11 PM Paul Bastian via
Openid-specs-digital-credentials-protocols <
openid-specs-digital-credentials-protocols at lists.openid.net> wrote:

> Hi,
>
> here are the notes from today's call:
>
> # Attendees
> Andres Olave
> Bjorn Helm
> Brian Campbell
> Christian Bormann
> Daniel Fett
> Denver-9-Mount Sneffels
> Edmund Jay
> Gareth Oliver
> Hicham Lozi
> Jan Vereecken
> John Bradley
> Joseph Heenan
> Lee Campbell
> Lukasz Jaromin
> Martjin Haring
> Michael Jones
> Oliver Terbu
> Paul Bastian
> Ryan Galluzzo
> Sam Goto
> Sebastien
> Steve Venema
> Tom Jones
>
> # Discussion about Timeline for standard publication
> - Marjin thinks new query language should go in before 1.0
> - Lee asks whether it makes sense to wait with 1.0 for longer time and get
> into the next implementing act round
> - Joseph responds that we already missed first round of eIDAS implementing
> acts and aim for second round, fear of missing out, but there might be even
> a third
> - situation is that 1.0 feels like a step in the door and waiting for too
> long may be too much of a gamble
> - Lee agrees but also sees the risk that we get stuck with PE
> - Joseph says that we will have PE probably anyway through ISO mDL
> - people ask how much effort needs to be done for squeezing new query
> language in
> - Mike points out there are substantial open points and we need
> implementations
> - Joseph asks if anybody objects trying to get new query language into 1.0
> - Daniel will provide summary and update on Thursday call
>
> # How can verifiers that support multiple trust models/ecosystems know how
> to authenticate to the wallet?
> - https://github.com/openid/OpenID4VP/issues/248
> - Verifier doesn't know with which certificate to sign the request
> - allow multiple signatures?
> - John points out this architecture is nuts, instead Wallet should figure
> out that Verifier is correct to his trust model, e.g. with trust marks
> - different issuers will have different RP policies
> - Lee thinks RP shouldn't care about the Wallet at that point but about
> the issuers
> - Daniel thinks RP is talking to ecosystems
> - Brian points back to the issue, in the context of BrowserAPI already has
> requests parameter to allow this instead of using JWS json serialization
> - Christian says we need embedded issuer policies (in credential itself or
> metadata) to cleanly solve this
> - Martjin thinks in the long run solutions may unite and may not need it,
> but in the short run complications may be expected, allowing multiple RP
> certificates may smooth this
> - John: we probably need to do it and fix it later "if it falls over",
> hinting to OpenID Federation
> - Daniel explains the suggestion, that reuses JWS JSON Serialization
>
> # Deferred endpoint fixing it?
> - there seem to be some issues with Deferred Issuance flow
> - if you are aware of any problems please report!
>
> # Define claims display description and claims path query -
> https://github.com/openid/OpenID4VCI/pull/276
> - there is a bug in metadata that would need to be fixed
> - please provide Feedback!
>
> # Permit the use of the new query language instead of presentation
> exchange.  https://github.com/openid/OpenID4VP/issues/255
> - small issue that enables the new query language without a breaking change
> - we need PR!
>
> c_nonce PR: Are we going to mandate support of nonce endpoint for issuers
> that require nonces?
> https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172
> - this removes c_nonce from token endpoint and introduces a new nonce
> endpoint instead
> - we need more feedback on this!
>
> client_id_scheme security ( https://github.com/openid/OpenID4VP/issues/124
> )
> - trying to solve this topic in the next weeks
> - please connect to editors if you want to help!
>
> Add extensibility to Credential Response #386 -
> https://github.com/openid/OpenID4VCI/issues/386
> - add extensiability to Credential Response, e.g. for ARKG handles in the
> future
> - three options are provided
> - Option#2 with breaking change, but currently favored.
> - please provide feedback!
>
> Key attestation first draft PR - please review:
> https://github.com/openid/OpenID4VCI/pull/389
> - Draft PR for key attestation that helps Issuers for regulated use cases,
> needed for eIDAS
> - looking for early feedback here!
>
> Define an ISO mdoc profile for Digital Credential API in OIDF/DCP
> https://github.com/openid/OpenID4VP/issues/219
> - Martjin agreed to make a PR for this one
>
> Best regards,
> Paul
> On 10.09.24 20:59, Joseph Heenan via
> Openid-specs-digital-credentials-protocols wrote:
>
> Hi All,
>
> Below is the suggested agenda for today's DCP WG + SIOP call at 12:00
> midday PT (now, sorry it’s late!),
> https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09
>
>
>    1. IPR reminder/ Note-taking
>    2. Introductions/re-introductions
>    3. Agenda bashing/adoption
>    4. Events/External orgs
>    5. Consensus around proposed plan for moving VP/VCI to 1.0 final:
>    https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20240909/000443.html
>    6. New Query language in 1.0?
>    7. How can verifiers that support multiple trust models/ecosystems
>    know how to authenticate to the wallet?
>    https://github.com/openid/OpenID4VP/issues/248
>    8. Deferred endpoint fixing it?
>    9. Define claims display description and claims path query -
>    https://github.com/openid/OpenID4VCI/pull/276
>    10. Permit the use of the new query language instead of presentation
>    exchange.  https://github.com/openid/OpenID4VP/issues/255
>    11. c_nonce PR: Are we going to mandate support of nonce endpoint for
>    issuers that require nonces?
>    https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172
>    12. client_id_scheme security (
>    https://github.com/openid/OpenID4VP/issues/124 )
>    13. Wallets authenticating to verifiers:
>    https://github.com/openid/OpenID4VP/issues/141
>    14. Mike’s extensibility PRs
>    https://github.com/openid/OpenID4VP/issues/227
>    https://github.com/openid/OpenID4VCI/pull/382 (Kristina’s comment on
>    latter)
>    15. Add extensibility to Credential Response #386 - https://
>    <https://github.com/openid/OpenID4VCI/issues/386>
>    github.com/openid/OpenID4VCI/issues/386
>    16. Key attestation first draft PR - please review:
>    https://github.com/openid/OpenID4VCI/pull/389
>    17. Issues ready for PRs - who can help please?
>    18. PRs needing reviews/discussions
>    19. Other Open PRs/Issues
>
> Thanks
>
> Joseph
>
>
> --
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
>
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240911/325b8b33/attachment-0001.html>

More information about the Openid-specs-digital-credentials-protocols mailing list