[Openid-specs-digital-credentials-protocols] 04/15 DCP WG Notes

Tue Apr 22 19:04:03 UTC 2025

Attendees

Gareth Oliver

Kristina Yasuda

Joseph Heenan (OIDF & Authlete)

Torsten Lodderstedt

David Waite

Aaron Parecki

George Fletcher

Michael Jones

Peter Sorotokin

Christian Bormann

Daniel Fett

Martijn Haring

Oliver Terbu

Tobias Looker (MATTR)

14258250855

David Zeuthen (Google LLC)

Stefan Charsley

Hicham Lozi [Apple]

Dima Postnikov

Notes

   -

   Security Analysis over OpenId4VP over DC API.
   -

      PR to require checking expected_urls
      -

      Need to accept the deliverable. Read the report and check in on
      thursday.
      -

      https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20250414/000730.html
      -

      Check assumptions in Section 2.4
      -

   Started WG Last Call. Hope to merge remaining PRs today/thursday. Please
   respond if you think it’s ready.
   -

   Don’t believe there are violations of policy.
   -

   Keeping 2 calls, adding a bi-weekly japan/aus-friendly time on thursday
   -

   PR cbor-to-json
   -

      Referenced text is non-normative, and not entirely specified.
      -

      If unable to convert then it is out of scope.
      -

      Updated text and moving on
      -

   Removing Anon-creds
   -

      Lots of approvals
      -

      Merged, removal of first profile
      -

    Removal of 18013-7 references
   -

      Will mean that openid4vp is silent on how to do mdoc for vanilla
      openid4vp.
      -

      We want to do it at some point but currently aiming for 1.1
      -

      General support that this is necessary to break the circular
      dependency
      -

      Significant change at a late stage, which is unfortunate.
      -

      Give some time to process, will come back to it on thursday.
      -

   Add text requiring wallet to check expected_origins
   -

      Be clear on what error means
      -

      Invalid_request error response
      -

      People are comfortable with it
      -

   Revamp vp formats
   -

      Who is comfortable reviewing
      -

      Mdoc stuff?
      -

         Open issues as the text doesn’t work.
         -

   Add sd-jwt vcld
   -

      To be discussed on thursday
      -

   https://github.com/openid/OpenID4VP/issues/204
   -

      OpenId4VP errors should be returned as a ‘successfull api response’
      which then contains errors.
      -

      Some text on privacy considerations
      -

         Perhaps as strong that it shouldn’t include errors in the case of
         value matching.
         -

   https://github.com/openid/OpenID4VP/issues/484
   -

      Editorial, don’t have to rush but seems ok. Kristina to give a pass.
      -

   https://github.com/openid/OpenID4VP/issues/411
   -

      Bound to particular metadata
      -

      Do we have to change that?
      -

      Currently it’s non-normative example. Is it meant to be normative?
      -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250422/af52e558/attachment-0001.htm>