[Openid-dcp] DCP WG EU call notes

Fri Oct 17 15:14:27 UTC 2025

Hi all,

Below are the notes for the EU call (16th October 2025)

Best regards,
Christian

-----------------------

--- Attendees:

Brian Campbell
Bjorn Hjelm
Christian Bormann
Filip Skokan
Frederik Krogsdal Jacobsen
Gail Hodges
Joseph Heenan
Martijn Haring
Oliver Terbu
Patrick Amrein
Steve Venema

--- Events/Updates:

- Interop Event coming up to test OpenID4VP in New Zealand: https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20250922/000952.html / https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250926/4ec03d38/attachment-0001.pdf; Gail adds the following information:

Target dates for an interops. Ideally we have both Pacific/Atlantic time slots within 24hours to allow global participation, if a quorum for both time slots can be achieved: 
Thursday Nov 6th
Friday Nov 7th
Mon Nov 10th
Tues Nov 11th
Wed Nov 12th

Scope of Interop WG
Initial proposal on draft  interop scope:
(1) Annex D: OID4VP 1.0+HAIP 1.0+DC API+ DCQL queries 
  Note: dcql queries to confirm with Oliver/FIME, e.g align with ISO interop) - TBC when Joseph will share OID4VP tests with HAIP changes incorporated. Target to demo near-final tests at IIW demo next wednesday. 
(2) OID4VCI+HAIP 1.0 - Thomas is preparing tests; TBC if they can be complete in time
RSVP: looking for quick feedback on which previous/ new implementers would seek to join the remote interops… so we can take note. (The 10th this year!)
Update: Joseph, Mark H, and I met with FIME to discuss the scope /approach they have underway with NZTA. They have had a couple webinars with interop participants.  We will update them after the call. We hope to offer them the tests for our scope they can leverage with implementers taking part in the in person event.
Note: I presume we wish to avoid 13th/14th to give implementers a little time to make tweaks/close gaps before the Sunday/Monday NZTA/FIME hosted interop kicks off. VP & VCI related Interop events happening 16-18th November (pre-NZ ISO mDL WG meeting) - https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20250922/000952.html

Discussion on ISO alignment during that point during WG:

Gail raised a question on whether there is an intent between ISO/OIDF to persist many Annexes? Or if there is an existing plan towards convergence to a single spec to support implementers and interoperability? Gail mentioned that at least 38 countries have selected OID4VP to date, including EU, 6 Western Balkan, Switzerland, UK, California, Taiwan, plus pilot work in Japan. Also strong indications by other jurisdictions and enablers eg India, Thailand, Indonesia, and World Bank. World bank sees its relevance to many of their client countries in Africa, Western Balkans and South East Asia, including the African Union whom they advise.
At the moment, the number of -7 Annexes (including the three that use OID4VP) pose confusion to the current adopters of OID4VP, and to all the prospective countries considering OID4VP or the redirect annexes. And that confusion will accelerate if we cannot offer a clear message. For example, OIDF / World Bank are working on briefing materials for World Bank client and consulting partner countries, and ID4Africa chair Joseph Attick is asking for “concrete” guidance for workshops for the Annual General Meeting. Gail would value feedback from DCP WG (and ISO) on what to advise them for online presentation and the Annexes. If early adopting jurisdictions continue to deploy to a range of Annexes without a well socialized plan for convergence this will embed even more fragmentation which will undermine interoperability, adoption, and in a worst case— security if there is mixed support for some Annex vs others. For example, if a country like France were to adopt one Annex different to others... many Francophones could follow them. If Spain or Portugal pick a different Annex, Latin America could lead that way.
Initial group feedback was that when the work on online presentation started, the optimal approach was not clear, and of course OID4VP was nascent and not the Final spec it became this year, or that HAIP is on track to achieve later this year. In short- the natural evolution of spec develop has led to the multiple Annexes we have today. Gail mentioned that in her project work for OIDF with the World Bank, the OID4VP selecting jurisdictions and the prospective adopting countries… there is a lot of confusion. Many jurisdictions are also concerned but unaware of what to do - where to direct their feedback? How to support convergence amongst standards bodies to help meet their needs and requirements. Having to build to multiple Annexes will be cost prohibitive to medium and lower income jurisdictions (even for California they noted that it is “expensive” to support and maintain both), and when looking at RPs it will be even more cost prohibitive to support multiple Annexes.
Gail posed the question to the group if this resonates as a problem? What can OIDF/DCP WG and our liaison partners in ISO WG10 do to help facilitate a convergence plan? And socialize that with jurisdictions and implementers?  Should we run a track of conversations in the run up to NZ ISO WG10/4 meeting? Should this topic be discussed next week at the DCP WG meetings and at IIW (call a session or side group)? A couple WG members chimed in to indicate that restarting/ kicking off discussion on Annex convergence options would be timely, and interest in starting (restarting) those discussions next week.

- all 3 regular WG meetings next week will be cancelled next week because of IIW and the long calls on Monday/Friday
- HAIP public review period was started, public voting will run until 23rd of December and will be published around christmas; friday meeting next week for formal approval to go forward from WG

— Current status

Joseph mentions that the remaining editorial issues/PRs for HAIP are mainly editorial and lists new topics for 1.1 for the different specs:
- HPKE encryption
- presentation during issuance or IAE
- server to server (Gareth opened an issue: https://github.com/openid/OpenID4VCI/issues/663)
- Issuance over DC API (existing parts from Lee)
- Suggestion from APAC call to look at mechanisms for certificate discovery for verifier authentication (https://github.com/openid/OpenID4VP/issues/671)

Brian asks for more context why HPKE is back as a topic. Joseph responds that the a big motivation is the ISO working group being keen on seeing HPKE support and there has been some other parties asking for it. Joseph continues that the topic continues to circle around the state of the JOSE HPKE draft and possible alternatives to have a more direct HPKE container. Brian responds that he was a bit confused by the agenda email and it also being used in different parts like VCI requiring different custom mechanisms and warns it could get really messy when you dive deeper on how it could work. Joseph asks about further comments on the topics and there are no further comments.

Joseph asks if we should reduce frequency of working group meetings since 3 a week is a lot and asks for feedback on that topic.

--- Issues/PRs:

add those who took notes to the acknowledgement section  - https://github.com/openid/OpenID4VC-HAIP/pull/314:

Just a small addition to the Acknowledgement section. Joseph asks for additional reviews

Added issuance clarification - https://github.com/openid/OpenID4VC-HAIP/pull/313:

Joseph explains that we currently not mandate a single mechanism and that from his perspective there is not a strong reason to require wallets to support issuer initiated credential issuance.

Add references to Ecosystem Implementation Guidelines section - https://github.com/openid/OpenID4VC-HAIP/pull/312:

A clarification to make it easier to find sections where ecosystems have to make decisions. Joseph asks for volunteers to review.

Tweak 'This document is not a specification' text - https://github.com/openid/OpenID4VC-HAIP/pull/311:

Two proposals, fixing incoherent text.

Mention VP & VCI privacy considerations sections  - https://github.com/openid/OpenID4VC-HAIP/pull/310:

Joseph explains that currently, security considerations link to the VP and VCI security considerations and we should add the same for privacy considerations. Kristina proposed a change that adds a MUST and Joseph explains the formulation for security considerations was recently changed to make it clear that it is just pointing to the specific sections of VP and VCI. 

Updated Assumptions - https://github.com/openid/OpenID4VC-HAIP/pull/306:

3 approvals and open for a week - merged.

Remove bullet about ARF in scenarios section, rename section - https://github.com/openid/OpenID4VC-HAIP/pull/305:

3 approvals and open for a week - merged.

add text on acceptance of crypto suites - https://github.com/openid/OpenID4VC-HAIP/issues/297:
Rename 'Crypto Suites' section as it only addresses signing? - https://github.com/openid/OpenID4VC-HAIP/issues/315:
Joseph asks for comments on the issues.

---

OpenID4VCI: Merged a PR that creates two folders for 1.0 and 1.1 versions of the spec and the next step would be to start working on IAE again and adjust the existing PRs to be applied to the 1.1 version of the spec.

> On 16. Oct 2025, at 16:37, Joseph Heenan via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net> wrote:
> 
> Hi all
> 
> Proposed agenda for the EU friendly call in ~25 minutes on the usual zoom, https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09
> 
> Code of conduct / Antitrust policy / IPR policy: https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Note-Well_Final_2025-06-12.pdf
> Note-taking
> Introductions
> Agenda bashing
> Events
> VP & VCI related Interop events happening 16-18th November (pre-NZ ISO mDL WG meeting) - https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20250922/000952.html
> All 3 regular meetings cancelled during IIW week
> Please register for
> pre-IIW DCP meeting:  https://dcpwg-iiw-20oct25.eventbrite.co.uk/ 
> OIDF workshop: https://oidf_workshop_iiw_fall2025.eventbrite.co.uk/
> Post-IIW DCP Friday: https://dcpwg_iiw_24oct25.eventbrite.co.uk/ 
> If you’re an OIDF member you will have received a discount code for IIW a few weeks ago
> General updates
> HAIP - public review started: https://openid.net/public-review-period-for-proposed-openid4vc-high-assurance-interoperability-profile-1-final-specification/
> HAIP - WGLC in progress; formally concludes at Post-IIW meeting: https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20251006/000963.html
> Voting scheduled to run Tuesday, December 9, 2025, to Tuesday, December 23, 2025
> Need to decide on priorities for next phase of work - suggestions are welcome, potential topics suggested so far include:
> HPKE encryption (VP responses, VCI encrypted requests/responses)
> Presentation during Issuance (IAE, as below)
> Server-to-server
> Issuance over DC API
> Certificate discovery of verifier by wallet (https://github.com/openid/OpenID4VP/issues/671 
> HAIP PRs
> https://github.com/openid/OpenID4VC-HAIP/pulls
> HAIP open issues for 1.0:
> https://github.com/openid/OpenID4VC-HAIP/issues?q=is%3Aissue%20state%3Aopen%20-label%3Aafter-wglc%20-label%3Ahas-PR%20-label%3Aready-for-PR%20milestone%3A%221.0%20Final%22 <https://github.com/openid/OpenID4VC-HAIP/issues?q=is%3Aissue%20state%3Aopen%20%20-label%3Ahas-PR%20-label%3Aready-for-PR%20milestone%3A%221.0%20Final%22>
> VCI
> PR merged for initial 1.1 draft including adding back IAE (presentation during issuance)
> IAE PRs need to be updated to target 1.1 now: https://github.com/openid/OpenID4VCI/pulls?q=is%3Apr+is%3Aopen+label%3Aiae
> Number of issues related to IAE to be solved: https://github.com/openid/OpenID4VCI/issues?q=is%3Aissue%20state%3Aopen%20label%3Aiae
> 
> 
> If anyone has any specific topics they’d like to cover please reply to this email or ask at the start of the call.
> 
> Thanks
> 
> Joseph
> 
> -- 
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20251017/ae9a8ab9/attachment-0001.htm>