[Openid-specs-digital-credentials-protocols] OIDF DCP WG Meeting Notes for 2024-09-12

Pedro Felix pedro.felix at curity.io
Thu Sep 12 17:46:42 UTC 2024 

# OIDF DCP WG Meeting Notes for 2024-09-12

## Attendees

Andreea Prian
Bjorn Hjelm
Brian Campbell
Christian Bormann
Daniel Fett
David Chadwick
Gareth Oliver
George Fletcher
Hicham Lozi
Jan Vereecken
Javier Ruiz
Joseph Heenan
Judith Kahrer
Lee Campbell
Lukasz Jaromin
Martijn Haring
Mike Jones
Oliver Terbu
Paul Bastian
Pedro Felix
Rajvardhan Deshmukh
Sebastien
Steve Venema

## Items

* Agenda bashing

* Presentation by Daniel Fett on a new approach for the query language.
    * PR: https://github.com/openid/OpenID4VP/pull/260
    * Motivated by the polymorphic and recursion issues identified in the
previous solution.
    * Lee Campbell and Paul Bastian shared their implementation experience
for the old approach, mentioning that no major issues were found.
    * Multiple questions about on how to interpret the new proposed
structure and on how to implement some use cases with it.
    * No obvious consensus by the participants that this new approach is
preferable.
    * Joseph Heenan stated that more discussion on this new approach is
needed.

* Verifier authentication to the wallet when supporting multiple trust
model.
    * Issue: https://github.com/openid/OpenID4VP/issues/248
    * Joseph Heenan: major risk for the 1.0 version of OpenID4VP, if this
issue is not addressed correctly.
    * There is a proposal by Torsten Lodderstedt (in
https://github.com/openid/OpenID4VP/issues/219#issuecomment-2332252832 and
in https://github.com/openid/OpenID4VP/issues/248#issuecomment-2333630836)
        * Feedback on this proposal is needed.

* Add extensibility to Credential Response
    * Issue: https://github.com/openid/OpenID4VCI/issues/386
    * Three options available.
    * Apparent consensus in the WG meeting that option 2 is preferable.
    * The decision was to create a PR using option 2.

* Remove c_nonce from the token endpoint response
    * PR: https://github.com/openid/OpenID4VCI/pull/381
    * Joseph Heenan shared the opinion that probably the endpoint should be
mandatory if c_nonce is required.
    * Brian Campbell stated the the main aspect still to address is what to
do with the other existing mechanisms that also convey a nonce, namely in
the Credential Error Response. Should they be kept or removed.
    * Brian also clarified that the Nonce Endpoint being unprotected
follows a previous WG meeting decision.
    * More reviews are needed.

Regards,
Pedro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240912/2e57284d/attachment.html>

More information about the Openid-specs-digital-credentials-protocols mailing list