[Openid-specs-digital-credentials-protocols] 2024-11-05 DCP Meeting Minutes
Gareth Oliver
gco at google.com
Wed Nov 6 18:45:00 UTC 2024
Participants
Gareth Oliver
Kristina Yasuda
Joseph Heenan (OIDF & Authlete)
Torsten Lodderstedt
Ryan Galluzzo, NIST ACD
Lee Campbell
Christian Bormann
Andres Olave
Oliver Terbu
Daniel Fett
Sam Goto
Brian Campbell
Hicham Lozi [Apple]
Paul Bastian
nemanja.patrnogic
Edmund Jay
Bjorn Hjelm
Dima
Notes
-
De-briefing on IIW so bring them back
-
Openid4vp
-
2 PRs
-
1 by joseph (transaction data allow it to be done on browser API
-
1 by gabe (changing credential format identifiers)
-
Torsten/Paul
-
dpop nonces in nonce endpoint? Will open an issue.
-
Summary of IIW (see slides)
-
OpenID4VP
-
Wallet Attestation: Top level parameter to prevent UI exceptions.
-
Any reason other than UI?
-
No, but UI is important.
-
Someone should volunteer to write a PR.
-
Conclusions: starting with special approach, hicham isn’t
comfortable but its a starting point.
-
Christian assigned eta end of next week.
-
Do we need to query?
-
Suggestion to do DCQL + identifier
-
Explicitly avoiding to prevent more options
-
(Conclusion) Should just be a top level boolean
-
In Person
-
Suggestion to use CTAP/Hybrid.
-
Issue to be opened
-
DCQL
-
Well received. Some issues
-
Have to be careful with filters to avoid privacy issues. Need
to add privacy/security
https://github.com/openid/OpenID4VP/issues/300
-
Some potential to leak if requesting optional fields.
-
Thought about ZKP queries but currently too early.
-
Request to remove value matching
-
Lee has use-cases
-
Lee to open issues and add some (e.g. matching credentials)
-
OpenID4VCI
-
DC API
-
How does wallet matcher make a decision?
-
Include issuer metadata and auth server metadata in credential
offer
-
Versioning
-
Documented here
<https://github.com/openid/OpenID4VCI/issues/278#issuecomment-2458053327>
-
ISO Requirements
-
Multiple RP requests: required for multiple credentials
cross-framework.
-
Torsten started a PR.
-
Payload = regular request - client id + client metadata
-
Protected header = client id + client metadata
-
3 questions
-
Thoughts?
-
Only mechanism?
-
Yes, optionality bad. (Consensus)
-
Suggestion to introduce both and remove one later.
-
Traditional flow, or only browser api only
-
Consistency is nice
-
Advanced post mode should solve this
-
Not as good as have to fix client_id
-
Inconclusive, do first PR first then look to push down.
-
Multiple requests isn’t a great solution due to the challenge of
de-duping
-
Looking to add the profile to HAIP for interoperability.
-
HPKE
-
Add note to openid4vp/HAIP that JARM can do it using a draft.
-
Why have a JSON envelope? Hicham to open an issue with
requirements.
-
TBD collecting ISO requirements
-
Letter from commissioner
-
Available on the mailing list.
-
Planning to use HAIP.
-
HAIP
-
Add federation
-
Credential_configuration_id in credential request has been update PTAL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20241106/9cf0dff9/attachment-0001.htm>
More information about the Openid-specs-digital-credentials-protocols
mailing list