[Openid-specs-digital-credentials-protocols] Notes for DCP WG Call on 6th March

Rajvardhan Deshmukh (rajvdesh) rajvdesh at cisco.com
Fri Mar 7 03:13:38 UTC 2025 

Hi Folks,

Below is the list of attendees:


Rajvardhan Deshmukh

Kristina Yasuda

Torsten Lodderstedt

Bjorn Hjelm

Brian Campbell

Christian Bormann

David Waite

Elizabeth Garber

Jan Vereecken

Juba Saadi

Michael Jones

Nick Steele

Oliver Terbu

Paul Bastian

Rene Leveille



Meeting registration reminders before  (Google Sunnyvale on 7th April) and after (Apple Cupertino on 11th April) IIW

Tuesday’s notes



open id federation event in Sweden https://openid.net/openid-federation-interop-apr-28-30-2025/



https://github.com/openid/OpenID4VP/issues/423 normative change that will achieve same goal by relaxing the restriction on transaction_data_hashes. Please review the PR and continue discussion in the PR.



https://github.com/openid/oid4vc-haip/issues/156 implementation mandatory for wallet and issuer, but whether to use it or not is up to the policy.

agreement to add a sentence "When the issuer authentication is required by the policy, signed_metadata MUST be supported by both the Issuer and the Wallet"

who creates policy not to be mentioned





https://docs.google.com/presentation/d/1MJc33dmXb2Yip2neo0gbWilMUZ1vpCDq1Ucy48GFG34/edit#slide=id.g310d3171d57_0_27



https://docs.google.com/document/d/1y3milcqMkAHqf4862ANoCA7irg6gNaDI3aNOVaZMoVY/edit?usp=sharing



https://docs.google.com/spreadsheets/d/1zAcOlB0BNRlEn-doJEew01XJtflU9q3ODVQBd8VuJyk/edit?usp=sharing



https://github.com/openid/oid4vc-haip/issues/43

Mandate only x509, both issuer and wallet.

what if web based key resolution is used?

Ecosystem is free to extend , but haip only mandates to implement x509 but do not have to be used in each transaction.



  *   for verifier attestation: mandate x509_hash for both: The Client Identifier Scheme as introduced in Section 5.10 of [OIDF.OID4VP<https://openid.github.io/oid4vc-haip/openid4vc-high-assurance-interoperability-profile-wg-draft.html#OIDF.OID4VP>] MUST be x509_hash for both the wallet and the verifier.
  *   for sd-jwt vc issuer key resolution: mandate x509 for both issuer and the wallet and the verifier. mention web-based key resolution as an option.



for wallet attestation, keeping:

The public key, and optionally a trust chain, used to validate the signature on the Wallet Attestation MUST be included in the x5c JOSE header.



status should mandate x5c.  "The public key used to validate the signature on the Status List token MUST be included in the x5c JOSE header"


Best,
Raj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250307/1bfdf4a2/attachment.htm>

More information about the Openid-specs-digital-credentials-protocols mailing list