[Openid-dcp] DC WG call minutes (August 21th, 2025)

[Oliver Terbu]

# DCP WG Call Minutes

August 21st, 2025

# Attendees

Oliver Terbu
Kristina Yasuda
Andreea Prian
Brian Campbell
Gareth Oliver
Jan Vereecken
Lee Campbell
Michael Jones
Patrick Amrein
Paul Bastian
Rajvardhan Deshmukh
Ryan Galluzzo
Martijn Haring
Bjorn Hjelm
Andy Lim
Hicham Lozi

# Antitrust Policy Reminder

# Announcements

IIW date change - now back to 21st-23rd Oct. Hence expect DCP WG hybrid meetings on mornings of Mon 20th & Fri 24th, locations TBC but within usual area.

VCI 1.0 - vote announcement has been published https://openid.net/notice-of-vote-openid-for-verifiable-credential-issuance-1-0-final-specification

Following August 26, the plan is that on 1st of September, get WG approval to use draft 17 for the vote

# Issues and PRs

## HAIP

### PR 228 - restructure HAIP
Agreed to have a discussion on whether or not to include haip:// scheme, before 1.0, issue was created -> https://github.com/openid/OpenID4VC-HAIP/issues/240
[https://opengraph.githubassets.com/21c16cca2bf424977410be82c74d34c81835b8791d5ddde38192764e6aad9a62/openid/OpenID4VC-HAIP/issues/240]<https://github.com/openid/OpenID4VC-HAIP/issues/240>
what does it mean to support a custom URL scheme · Issue #240 · openid/OpenID4VC-HAIP<https://github.com/openid/OpenID4VC-HAIP/issues/240>
My interpretation of the mdoc issuance profile as proposed in this PR is that it mandates support of custom scheme haip:// for credential issuance, this has a few issues: There is no normative lang...
github.com

Please review PR 228, since this PR has a big impact on other PRs as well

### Issue 192
On one hand, a concern that using nonce/challenge endpoints for DPoP nonces is against separation of concerns.
On the other, we want to make sure wallets are aware they need to support DPoP nonces.
Could it be a middle ground to say something to the effect of "wallets must be ready to receive DPoP nonces via the mechanism(s) supported by the issuer" - token error response and nonce/challenge endpoints.
No resolution taken, discussion continues in the issue.

### PR 165 / Issue 242
DCP WG conclusion was to either not add this clause in Issue 242 at all (aka keep it a should) or add clarification/conditioning statements that it is a MUST when "privacy is a concern".

### Issue 215
No objections not to say anything about iss and x5c relationship since it is already addressed in SD-JWT VC.

### Issue 224
Suggestion is to add a statement to the spec that "ecosystems can define profiles of x509 cert contents used in client identifier prefix x509_hash and point to 18013-5 ver 2 reader cert profile as one example".
DCP WG believes this sounds reasonable, but it should be made very clear that these profiles are optional.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250826/046008ac/attachment-0001.htm>