[Openid-specs-digital-credentials-protocols] [notes] DCP WG + SIOP call (PST midday)

Tue Oct 8 21:45:19 UTC 2024

Hi all,

Below are the notes for the DCP call on October the 8th  2024.

Best Regards,

Christian

-----

Attendees:

Christian Bormann

Torsten Lodderstedt

Joseph Heenan

Kristina Yasuda

Paul Bastian

Alan Wang

Bjorn Hjelm

Brian Campbell

Daniel Fett

Dima Postnikov

Edmund Jay

Jan Vereecken

Lee Campbell

nemanja patrnogic

Oliver Terbu

Paul Bastian

Rajvardhan Deshmukh

Tobias Looker

----

Upcoming Events:

DCP Hybrid Call before IIW is confirmed to be at Microsoft (Monday before
IIW)

----

General discussion - timeline plans
(https://docs.google.com/presentation/d/1MwNwD3DSf_JuKFuudg66Ib9cJemMOGXniyS
vjJQHjUM/edit#slide=id.g309467ef06d_0_30):

Joseph explains that the discussions last week made clear that the current
opinion of the working group differs a bit from the initial assumptions for
releasing 1.0. With this information and a bit more relaxed timelines when
1.0 should be final, the proposal is to push final to February-March and
include the new query language in 1.0. Additionally, the plan would be to
cut another implementers draft for openid4vp before end of the year and use
that to also move the spec officially to the DCP working group.

Joseph then explains a list of features to include for VP1.0 with the new
timeline:

- New query language

- Transaction data

- Wallets authenticating to RPs

- Multi-rp-authentication

- ISO WG10 alignment

with the biggest risk being the new query language. Joseph proposes to have
the initial PR merged by end of October.

OpenID4VCI would follow a similar plan to be discussed next week.

Dima asks about what happened at ISO WG10 meetings and that there was some
discussion about openid. Lee explains that the query language is a big point
and he wants to avoid fragmentation of the space by creating even more
different protocols, so we should focus on aligning this. Dima agrees and
mentions that we should show the progress we've worked on. Lee asks if we
can get a bit more focus on the query language options and get things going
with implementers feedback. Kristina says that we can merge the current PR
and start experimenting during the ID review period and even a breaking
change wouldn't be a problem between ID and final for the new query
language. Torsten agrees with that and we should use the new ID as a signal
to implementers to start experimenting and provide feedback.

Dima asks if there are other outstanding parts from ISO that need to be
addressed. Tobias answers that another feature was the multiple RP auth.
Kristina mentions that the feeling seems to be that we are not delivering on
the needs of the ISO working group, but a lot of the requirements were not
entirely clear and invites more people from the ISO working group to join
the DCP calls. Lee mentions that a good approach would be to provide a draft
for a final spec and ask for feedback. Daniel mentions that we should focus
on what is necessary to merge the Query Language PR really soon and if those
things can be fixed a bit later to resolve the comments and file new issues.
Dima asks about requirements and if we need to get more direct feedback on
certain topics from ISO. Kristina mentions that the multi-rp topic is not
entirely clear to her and a bit more context would be good. Tobias will ask
in the ISO meeting and ideally get issues created. Dima also adds that his
feeling is that one of the concerns he perceives are unclear timelines for
the openid4vc specs. [I didn't get/include all details of the 30 minute
discussion here but I think these were the main parts]

Lee proposes for people that are attending IIW that we might use a bit of
time there to test out implementations and discuss the new query language in
general.

----

https://github.com/openid/OpenID4VCI/pull/389 - add key attestations:

Paul explains that the new proof type was added to allow a key attestation
as an alternative proof type. Kristina mentions that the current state of
the PR doesn't seem to match what was discussed at last WG call in her
opinion with the options of the key attestation. Torsten clarifies that an
attestation can include more than one attested key and that we need to add
some more text to this clear in the PR.

Christian asks if we should mandate nonce for the key attestation proof type
as we currently do not mandate it in the text because c_nonce is optional,
but we discussed last time that we want the key attestation proof type with
nonce. Paul answers that we should mandate nonce for that attestation proof
type. Kristina votes to make it optional initially and maybe switch to
mandatory later. [i didn't catch all of the discussion here]. Needs some
further discussion

https://github.com/openid/OpenID4VP/pull/279 - discontinue ad hoc and
inappropriate use of "OAuth URI"s:

Joseph explains that we were using the wrong namespace - we should be using
the openid one.

https://github.com/openid/OpenID4VP/pull/273 - Clarify that direct_post
endpoint response is JSON:

Joseph explains that this is a small clarification on the response of the
direct_post endpoint

https://github.com/openid/OpenID4VP/pull/274 - Complete IANA Considerations
section:

Joseph explains that one issue was that the spec was not yet officially
moved to the DCP working group, so IANA is controlled by connect working
group for the time being.

Joseph asks for reviews on these PRs.

----

https://github.com/openid/OpenID4VCI/pull/381 - remove c_nonce from the
token endpoint response:

Joseph explains that we got everything fixed and a lot of approvals - this
is going to get merged soon.

https://github.com/openid/OpenID4VCI/pull/392 - add an option to use
credential_configuration_id in credential request:

Joseph explains that when scopes are used, this PR introduces a new option
is used to allow credential_configuration_id and there is some discussion
about removing some options.

https://github.com/openid/OpenID4VCI/pull/380 - Clarify language around
opening Credential Offer Endpoint:

Joseph explains that the issues were resolved and it is a rather small
change with some approvals, so likely will be merged soon.

From: Openid-specs-digital-credentials-protocols
<openid-specs-digital-credentials-protocols-bounces at lists.openid.net> On
Behalf Of Joseph Heenan via Openid-specs-digital-credentials-protocols
Sent: Tuesday, October 8, 2024 7:30 PM
To: Digital Credentials Protocols List
<openid-specs-digital-credentials-protocols at lists.openid.net>
Cc: Joseph Heenan <joseph at authlete.com>
Subject: [Openid-specs-digital-credentials-protocols] [agenda] DCP WG + SIOP
call (PST midday)

Hi All,

Below is the suggested agenda for today's DCP WG + SIOP call at 12:00 midday
PT: https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09

1. OIDF Antitrust Policy at www.openid.net/antitrust
<http://www.openid.net/antitrust>  applies

2. IPR reminder/ Note-taking

3. Introductions/re-introductions

4. Agenda bashing/adoption

5. Events/External orgs

6. Plans for taking specs to final

7. Next version priority PRs - many need reviews please:

    1. VP: discontinue ad hoc and inappropriate use of "OAuth URI"s
https://github.com/openid/OpenID4VP/pull/279

    2. VP: Clarify that direct_post endpoint response is JSON
https://github.com/openid/OpenID4VP/pull/273

    3. VP & VCI: Additional IANA considerations: Complete IANA
Considerations section <https://github.com/openid/OpenID4VCI/pull/401>

    4. VCI: Key attestations https://github.com/openid/OpenID4VCI/pull/389

    5. VCI: c_nonce PR:
https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172

    6. VCI: add option to use credential_configuration_id in credential
request:  https://github.com/openid/OpenID4VCI/pull/392

    7. VCI: Clarify language around opening Credential Offer Endpoint
https://github.com/openid/OpenID4VCI/pull/380

8. Query language - proceed with attempt 3 PR?
https://github.com/openid/OpenID4VP/pull/266

Thanks

Joseph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20241008/3cac1e38/attachment-0001.html>