[Openid-specs-digital-credentials-protocols] [agenda] DCP WG + SIOP call

Tue Dec 10 21:12:45 UTC 2024

DCP Meeting notes for 10th of December 2025

Participants:
Paul Bastian
Kristina Yasuda
Jan Vereecken
Michael Jones
Andrew Regenscheid
Bjorn Hjelm
Brian Campbell
Daniel Fett
Edmund Jay
Hicham Lozi
Jin Wen
John Bradley
Martjin Haring
Nemanja Patrnogic
Ryan Galluzzo
Steve Venema
Tobias Looker
Tom Jones

OpenID4VCI Wallet Attestation #408
- has 3 approvals, waiting for a few more, please review

OpenID4VCI Claim displasy description #276
- waiting for changes to let mdoc use "path"
- needs more approvals

OpenID4VP ID3 vote is starting soon
- 
https://openid.net/public-review-period-for-proposed-third-implementers-draft-of-openid-for-verifiable-presentations-specification-3/
- get ready to vote: https://openid.net/foundation/members/polls/346

ISO meeting updates: 
https://docs.google.com/document/d/1AJDDWuRG_b-MOBrAwhBoQV3dhH3LD31WNEQKzOB36SY/edit?tab=t.0
- chairs want over all OpenID4VP issues and labeled/created milestones 
for Final 1.0
- WG10 asked for more time to review document and then discussion will 
continue in January
- HAIP will define mdoc over Digital Credentials API
   - no hard timelines defined from WG10, but moving fast seems good to 
get things settled
- WG10 does not want to update Annex B ISO18013-7, so putting mdoc over 
vanilla OpenID4VP in HAIP seems to make sense
   - if ID3 gets approved in vote, then  Annex B seems deprecated
- encryption over Browser API seems another important topic, related to 
HPKE discussions
- chairs would ask to focus HAIP

HAIP refactor to add mdoc profile over OpenID4VP with Digital 
Credentials API Issue#122
- removed mentions of transaction data
- Handover needs to be discussed further, there are some open issues as 
follow-ups
- 3 approvals and some editorial suggestions open
- Kristina will clarify that Torsten's objections are solved
- need 2-3 more approvals and then merge

HAIP Encryption Issue#131
- 3 options
- option 1: use JWE with ECDH-ES as before and define apu+apv
- option 2: use JWE with HPKE of existing IETF draft 
https://datatracker.ietf.org/doc/html/draft-ietf-jose-hpke-encrypt-02
- option 3: define new method how to do HPKE within OpenID4VP
- Mike: intend to accelerate IETF HPKE draft for option2, option3 seems 
a bad idea as we don't get cryptographic review
- Kristina: possible to define multiple options and signal an shift to 
implementers
- Paul: how does option 2 enable lazy verifier problem that JWE with 
ECDH-ES does not?
- Brian/Tobias: they basically do the same, ECDH-ES with JWE just 
doesn't allow detaching some of the data
- Mike/Brian: IETF HPKE allows detached information, but IETF JOSE HPKE 
doesn't currently support that, need to file an issue
- Tobias: HPKE may use aad and communicate out-of-band/detached to 
enable this
- John: which value want people to use?
- Brian: probably origin in DC API
- Tobias: may be bad for debugging
- Brian: there many other things a Verifier must do to be secure that we 
cannot cover with this..
- Paul: evaluation seems wrong, HPKE JOSE doesn't have this feature 
right now, so there seems no difference between Option 1 and 2
- Paul: we should not use session transcript or anything credential 
format specific, as encryption is on the openidv4p level
- Kristina: most important we need to agree if we want to tackle lazy 
verifier problem
- HPKE JOSE won't be ready in January, seems best to start with what we 
have right now and have option to move later on

Best regards,
Paul

On 10.12.24 18:45, Kristina Yasuda via 
Openid-specs-digital-credentials-protocols wrote:
> Hi,
>
> Here is the agenda proposal for the call later today.
>
>  1. OIDF Antitrust Policy at www.openid.net/antitrust
>     <http://www.openid.net/antitrust> applies
>  2. IPR reminder/ Note-taking
>  3. Introductions/re-introductions
>  4. Agenda bashing/adoption
>  5. Events/External orgs
>      1. proposal to do a hybrid DCP WG a day before OSW
>      2. update from the ISO Sapporo mtg last week - HAIP will be the
>         focus for the next month.
>  6. VCI
>      1. please review the PRs. starting WGLC for ID-2 once the PRs are
>         ready.
>  7. VP
>      1. the list of issues that chairs think should be
>         discussed/tackled before Final 1.0. (includes issues that the
>         WG might decide not to pursue but might result in breaking
>         changes if tackled)
>         https://github.com/openid/OpenID4VP/milestone/2
>      2. voting on-going - please vote!
>      3. multi RP authentication:
>          1. https://github.com/openid/OpenID4VP/pull/308
>  8. HAIP
>      1. HAIP mdoc over the browser API profile - would like to merge
>         as a starting point:
>         h
>         <https://h>ttps://github.com/openid/oid4vc-haip-sd-jwt-vc/pull/122
>         <https://github.com/openid/oid4vc-haip-sd-jwt-vc/pull/122>
>      2. repo has been renamed to oid4vc-haip
>      3. MDOC encryption (focus of today)
>          1. h
>             <https://h>ttps://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/131
>             <https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/131>
>
> Best,
> Kristina
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20241210/58925687/attachment-0001.htm>