[Openid-specs-digital-credentials-protocols] 2025-01-30 DCP Meeting Minutes

Kristina Yasuda yasudakristina at gmail.com
Fri Jan 31 16:07:04 UTC 2025 

Hi All,
To coordinate efforts to test at RDW/ISO hackathons coming up
end-Feb/beginning-March, please use Slack channel
*#openid4vp-browser-api-feedback*.
Best,
Kristina


On Fri, Jan 31, 2025 at 10:51 AM Gareth Oliver via
Openid-specs-digital-credentials-protocols <
openid-specs-digital-credentials-protocols at lists.openid.net> wrote:

> Participants
>
> Joseph Heenan (OIDF & Authlete)
>
> Kristina Yasuda
>
> Steve Venema
>
> George Fletcher
>
> Brian Campbell
>
> Andy Lim
>
> Gareth Oliver
>
> Bjorn Hjelm
>
> Rajvardhan Deshmukh (Cisco)
>
> Martijn Haring
>
> Oliver Terbu
>
> Jan Vereecken
>
> Andreea Prian (iDAKTO)
>
> Paul Bastian
>
> Juba Saadi | Lissi GmbH
>
> Lee Campbell
>
>
> Notes
>
>
>    -
>
>    Going to vote, check your issues are labeled correctly
>    -
>
>    Certain amount of issues are ready for PR, please help!
>    -
>
>    Registration for RDW (before ISO event) deadline tomorrow. Please sign
>    up
>    -
>
>    Agenda
>    -
>
>       Recap ISO virtual meeting
>       -
>
>       Multi-RP request
>       -
>
>       Want to discuss PR 393
>       -
>
>       PR 406
>       -
>
>       Unsigned request processing
>       -
>
>    Next ISO meeting (1st week of march) update on issues
>    -
>
>    Issue 400
>    -
>
>       (brian): if we need to do this then we should do it for all
>       formats. Don’t believe it is needed, and has a high bar given the change.
>       -
>
>    Issue 406
>    -
>
>       Allow encrypting request without signing because each credential is
>       signed.
>       -
>
>       Consensus: makes sense, brian to do PR
>       -
>
>    Issue 400
>    -
>
>       <gave summary>
>       -
>
>       Want to be careful with encouraging not verifying a signature
>       -
>
>       Explicitly allowing for it in multi-auth (should *not* do this)
>       -
>
>       Could do it with parallel requests, but not in favour
>       -
>
>       How to solve not trying all?
>       -
>
>       Could try and communicate it in JARM that already has this, but
>       this is not used often.
>       -
>
>       Is there a side channel leakage
>       -
>
>          Maybe? But it’s pretty minor.
>          -
>
>          Could always include it, but then it requires all other
>          credential formats to change.
>          -
>
>          General consensus is that replacing client id with origin is
>          reasonable.
>          -
>
>          Be clear that wallet can reject
>          -
>
>          Should an RP be able to know and reject based on wallet
>          processing
>          -
>
>             Bit philosophical, but might make sense as there is more risk
>             -
>
>    Update on PR 406 so there isn’t a minor version.
>    -
>
>       Why this: to make processing logic simpler
>       -
>
>       Must make a new identifier when a backwards incompatible change is
>       made
>       -
>
>       DCP WG can decide, people ok are with it. Request re-review and
>       merge.
>       -
>
>    HAIP last call
>    -
>
>    Missing the restriction on client_id_scheme for other profiles. Will
>    fix in last call
>    -
>
>     Update on security analysis
>    -
>
>       Coordination with researchers (in a useful timeframe).
>       -
>
>          Not possible to do e2e in a few weeks.
>          -
>
>          Focus on the interactions over the DC API.
>          -
>
>          Find an abstraction without going into the details.
>          -
>
>          Need a more rigorous verification from someone closer to the DC
>          API
>          -
>
>             Lee volunteered
>             -
>
>    Test suits for utrecht test event will be available
>    -
>
>    Verbatim from chat (gail):
>    -
>
>       Ideally we would be looking for 2-5 implementers representing
>       different jurisdictions. For noting: Joseph plans to be there in person.
>       -
>
>       For other testing work, Joseph intends to release beta of VP
>       Verifier with mdoc/mdl support mid-next week. Who will be able to test the
>       tests where released.
>       -
>
>       The cert team also plans to release VCI Initial ID2 tests for
>       issuers and phase 2 with beta tests in March, so we also seek to line up
>       who is available to test the tests.
>       -
>
>    Web payments looking to join
>
> --
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
>
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250131/9e3945b2/attachment-0001.htm>

More information about the Openid-specs-digital-credentials-protocols mailing list