[Openid-specs-digital-credentials-protocols] OIDF DCP WG Meeting Notes for 2024-11-07
Pedro Felix
pedro.felix at curity.io
Thu Nov 7 17:40:40 UTC 2024
# OIDF DCP WG Meeting Notes for 2024-11-07
## Attendees
Bjorn Hjelm
Christian Bormann
David Chadwick
Gareth Oliver
Hicham Lozi
Joseph Heenan
Martjin Haring
Nemanja Patrnogic
Oliver Terbu
Paul Bastian
Pedro Felix
Rajvardhan Deshmukh
Steve Venema
Torsten Lodderstedt
## Agenda Items
### EU letter
- Letter present in the following mailing list message -
https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20241028/000524.html
- No full clarity regarding the OpenID4VP, OpenID4VCI, and HAIP deadlines.
- OpenID4VP, OpenID4VCI - aiming for end of march.
- HAIP - a bit later.
- Discussion about the importance of HAIP as a concrete profile to provide
to implementors.
- Reference to interest from "CEN TC 224 WG 20".
### IIW recap
- See attached image.
- Discussion about adding mdoc to HAIP, including the full lifetime and not
only presentation.
- Different opinions. No final decision or conclusion.
- Important to make sure there isn't overlap with ISO specifications,
namely with ISO TS 18013-7.
- Discussion about HPKE.
- Issue: https://github.com/openid/OpenID4VP/issues/310.
- Hicham considered important that the design doesn't require JSON
processing on the secure element.
- Christian commented that it is important to clarify exactly what is
being encrypted.
- Comments on the above issue are welcomed.
### Open public review period for OpenID4VP implementors draft
- Started last Friday (IINM).
- PRs with suggested changes to the implementors draft
- https://github.com/openid/OpenID4VP/pull/314 - editorial, corrects
non-normative example.
- https://github.com/openid/OpenID4VP/pull/311 - editorial, corrects
non-normative example.
- https://github.com/openid/OpenID4VP/pull/303 - missing request
parameters on the browser API.
- Reviews are welcomed on these PRs.
### VCI
- Key attestation - https://github.com/openid/OpenID4VCI/pull/389
- Paul stated that, based on feedback from external experts, it may be
enough to have the "apr" property, and avoid the "key_storage_type" and
"user_authentication". However it may not be easy for the wallet provider
to assert concrete "apr" values.
- Wallet attestation - https://github.com/openid/OpenID4VCI/pull/408
- Discussion about wallet attestation requiring JSON-based structures
on wallets that exclusively deal with non JSON-based credential formats.
- Comment about the need to exactly define what is meant by
attestation, namely what is exactly being attested. This may not be easy to
do.
Regards,
Pedro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20241107/74f29a91/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IIW-recap.png
Type: image/png
Size: 897308 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20241107/74f29a91/attachment-0001.png>
More information about the Openid-specs-digital-credentials-protocols
mailing list