[Openid-dcp] DCP WG EU call agenda

Thu Jun 19 19:55:48 UTC 2025

Hi DCP WG members,

Please find below the meeting minutes from today's DCP WG

Regards,
Jan

---

# DCP WG :: 2025/06/19 17:00 CEST

## Participants

Joseph Heenan
Daniel Fett
Torsten Lodderstedt
Gareth Oliver
Lee Campbell
Andreea Prian
Brian Campbell
Christian Bormann
David Chadiwck
Hicham
Lenah Chacha
Max Crone
Michael Jones
Steve Venema
Paul Bastian
Jan Vereecken

## Agenda

1     OIDF Antitrust Policy at www.openid.net/antitrust applies / IPR reminder
2     Code of conduct
3     Note-taking
4     Review / merge open VCI 1.0 PRs that we need to merge to go to WGLC, in particular:
      1     Presentation During Issuance - <https://github.com/openid/OpenID4VCI/pull/509>
      2     add option to have signed Credential Issuer metadata, remove signed\_metadata from Credential Issuer metadata - https://github.com/openid/OpenID4VCI/pull/520
      3     Add support for request encryption to credential endpoint and request/response encryption to deferred credential endpoint - <https://github.com/openid/OpenID4VCI/pull/505>
5     Open VCI issues, in particular:
      1     Protect the nonce endpoint <https://github.com/openid/OpenID4VCI/issues/461> , or:
      2     Add explicit statement that nonce endpoint is not protected by an access token - <https://github.com/openid/OpenID4VCI/issues/541>

## Notes

Joseph pointed out changed in OIDF’s code of conduct policy:
https://openid.net/wp-content/uploads/2025/06/OIDF\_Groups-Activities-Events-Code-of-Conduct-Policy\_Final\_2025-06-12.pdf

### Intention to go to WGLC by end of June for OpenID4VCI

### Presentation During Issuance
https://github.com/openid/OpenID4VCI/pull/509

Joseph to make a proposal for issuer authenticating to the wallet as a verifier in the flow

Authorization Challenge Endpoint:

Discussion on wether or not to reference https://datatracker.ietf.org/doc/draft-ietf-oauth-first-party-apps/ or even to take it out entirely.
The WG reached consensus to not be (intentionally) compatible with the first party draft. It is used as an inspiration, nothing more.

Naming for the endpoint is confusing. Call for better naming.
Suggestion: auth_challenge_url, interactive_authorization_request. Latter seems to be the most popular.

How does this interact with the DC API? The only scenario seems to be a wallet getting a credential from another wallet in this flow, but in that case it is better to do a separate request between those two.

Should this feature be moved to 1.1?
- WG agrees that there is strong demand for this feature.
- Workaround (such as doing a presentation flow before the issuance flow) have issues such as not being able to guarantee that the issued credential ends up in same wallet.
- WG seems to reach consensus to include this feature in 1.0 and not leave it unspecified.
-
## Add support for request encryption to credential endpoint and request/response encryption to deferred credential endpoint
https://github.com/openid/OpenID4VCI/pull/505

Gareth to address comments in the PR.

## add option to have signed Credential Issuer metadata, remove signed\_metadata from Credential Issuer metadata
https://github.com/openid/OpenID4VCI/pull/520

Consensus to move with ‘Content-Type’ approach. Changed merged and request for reviews on this issue.

## Protect the nonce endpoint
https://github.com/openid/OpenID4VCI/issues/461

WG consensus to go forward with unauthenticated nonce endpoint.
________________________________
From: Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net>
Sent: Thursday, 19 June 2025 10:37
To: Digital Credentials Protocols List <openid-specs-digital-credentials-protocols at lists.openid.net>
Cc: Joseph Heenan <joseph at authlete.com>
Subject: [Openid-dcp] DCP WG EU call agenda

Hi all

Proposed agenda for the EU friendly call today (4PM London / 5PM CET / 8AM PDT) on the usual zoom, https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09

  1.  OIDF Antitrust Policy at www.openid.net/antitrust applies / IPR reminder
  2.  Code of conduct
  3.  Note-taking
  4.  Review / merge open VCI 1.0 PRs that we need to merge to go to WGLC, in particular:
     *   Presentation During Issuance - https://github.com/openid/OpenID4VCI/pull/509
     *   add option to have signed Credential Issuer metadata, remove signed_metadata from Credential Issuer metadata - https://github.com/openid/OpenID4VCI/pull/520
     *   Add support for request encryption to credential endpoint and request/response encryption to deferred credential endpoint - https://github.com/openid/OpenID4VCI/pull/505
  5.  Open VCI issues, in particular:
     *   Protect the nonce endpoint https://github.com/openid/OpenID4VCI/issues/461 , or:
     *   Add explicit statement that nonce endpoint is not protected by an access token - https://github.com/openid/OpenID4VCI/issues/541

If anyone has any specific topics they’d like to cover please reply to this email or ask at the start of the call.

Thanks

Joseph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250619/0c81d9e7/attachment-0001.htm>