[Openid-specs-digital-credentials-protocols] Minutes DCP WG Meeting April 17th

Jan Vereecken jan.vereecken at meeco.me
Fri Apr 18 06:08:36 UTC 2025 

Hi all,

Please find below the minutes of yesterday's meeting.

# Attendees

- Steffen Schwalm
- Torsten Lodderstedt
- Timo Glastra
- Kristina Yasuda
- Steffen Schwalm
- Martijn Haring
- Daniel Fett
- Geroge Fletcher
- Christian Bormann
- Aarom Parecki
- David Waite
- Peter Sorotokin
- Joseph Heenan
- Michael Jones
- Mirko Mollik
- Lee Campbell
- Nick Steele
- David Chadwick
- Tim Cappalli
- Juda Saadi
- Yuval Glasner
- Oliver Terbu
- Tom Jones
- Rajvardhan Deshmuk..
- Bjorn Hjelm
- Gareth Oliver

# Agenda

1. OIDF Antitrust Policy at www.openid.net/antitrust<http://www.openid.net/antitrust> applies / IPR reminder
2. Formal security analysis: https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250414/4b84c5d0/attachment-0001.pdf
[as far as I’m aware, no further agenda items were communicated in advance]

# Notes

## Formal Security Analysis

The deliverable has been formally accepted by the WG

## EIC

Register for the in-person & virtual meetings at:

https://DCPWG_EIC_05MAY25.eventbrite.co.uk
https://DCP-WG-Mtg-Post_EIC_08May25.eventbrite.co.uk

## Japan Friendly Meeting time

New Japan/Asia friendly call scheduled every two weeks, first call April 24th
Existing “APAC friendly” is renamed to “Americas friendly” and remains.
Note that every forthnight there will be 3 WG meetings.

## OpenID4VP - PR546 - Remove references to 18013-7 from OpenId4VP
https://github.com/openid/OpenID4VP/pull/546

No objections from the WG. Merged into main.

## OpenID4VP - PR551 - clarify that client identifier prefix specific parameters got to the header in multi RP DC API requests
https://github.com/openid/OpenID4VP/pull/551

Approvals received during call. Nobody needed additional time to review. Merged into main.

## OpenID4VP - PR555 - Revert to JARM style use of authorization_encrypted_response_alg
https://github.com/openid/OpenID4VP/pull/555

Mike stressed the need for consistent approach wrt other specs.
WG targets to merge on April 22nd.

## OpenID4VP - PR556 - Error responses for DC API
https://github.com/openid/OpenID4VP/pull/556

Gareth aims to add privacy part before next call (April 22nd).
Discussion on the subtle privacy issues that can occur when requests contain, for example, value matching and some privacy sensitive information could be returned.

## OpenID4VP - PR553 - clarify issuer_signed_alg_values and device_signed_alg_values
https://github.com/openid/OpenID4VP/pull/553

Discussion between Kristina and Martijn on the direction. Conclusion recorded in the ticket.

## OpenID4VP - PR459 - add sd-jwt vcld
https://github.com/openid/OpenID4VP/pull/459

Torsten introduced the topic. Generalised approach on how SD-JWT VC can be used with json-ld, without explicitly linking it to, for example, VCDM 1.1 or VCDM 2.0.
Steffen points out that it is crucial that all VCDM functionality, in its completeness, can be used. It is not possible with this approach.

Conclusion after a long discussion:

Authors of the PR believe that all properties of VCDM are maintained, but Steffen representing the EBSI project disagrees.
The WG asks for technical details as to why it does not work for the EBSI project.
The WG asks for concrete proposals that take into account existing specifications (i.e. following PR)

PR is merged. WG agrees to test this approach and refine the outcome.

## Plan for WGLC

5 PRs remaining. Almost there! Joseph to send mail to mailing list.

Happy easter.

–Jan


[Meeco]<https://www.meeco.me/>

Jan Vereecken, Chief Product Officer, Meeco
+32 473 93 61 03  |  jan.vereecken at meeco.me<mailto:jan.vereecken at meeco.me>
twitter/x: @janvereecken<https://twitter.com/janvereecken>   |  linkedin: janvereecken<http://www.linkedin.com/in/janvereecken>


Discover Meeco at meeco.me<https://www.meeco.me/> or read our blog, case studies, and industry reports on our Insights<https://www.meeco.me/insights> page.
We are on LinkedIn @meeco_me<https://www.linkedin.com/company/meeco-me/mycompany/> and X @meeco_me<https://twitter.com/meeco_me>

This email is confidential and may contain legally privileged information. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this email in error, please notify us immediately by return email and delete the document.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250418/e9fc905a/attachment-0001.htm>

More information about the Openid-specs-digital-credentials-protocols mailing list