[Openid-dcp] DCP WG America call agenda

Paul Bastian paul.bastian at posteo.de
Tue Nov 4 21:08:17 UTC 2025 

Attendees:

- Joseph Heenan
- Torsten Lodderstedt
- Kristina Yasuda
- Paul Bastian
- Oliver Terbu
- Christian Bormann
- Martijn
- Stefan Charsley
- Gail Hodges
- Gareth Oliver

Notes:
- IETF 124 this week
- ISO mDL Interop event in New Zealand coming up in 2 weeks
- more responses for working group last call for HAIP requested: 
https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20251027/000991.html
- HAIP: https://github.com/openid/OpenID4VC-HAIP/issues/329
   - Paul asking for arguments why "strength matching" argument is nto 
valid, as it has been used by agencies like NIST or BSI
- cadence of wg calls
   - current feeling is that 3 calls per week may be too much after 
VCI/VP/HAIP 1.0
   - which call to skip?
   - Joseph: EU call (Thursday 17GMT) seems well attended
   - Stefan: alternating weeks call?
   - Kristina: prefers canceling one call instead of alternating, 
Joseph/Paul agree
   - Joseph: canceling Tuesday call and moving one of the Thursday calls?
   - chairs will open up a poll and collect mroe opinions
- fix 23220: https://github.com/openid/OpenID4VC-HAIP/pull/323
   - Stefan to review
- Add references to Ecosystem Implementation Guidelines section: 
https://github.com/openid/OpenID4VC-HAIP/pull/312/files
   - has enough reviews, will be merged
- Clarify requirements for issuer-initiated / wallet-initiated issuance 
support: https://github.com/openid/OpenID4VC-HAIP/pull/313
   - Kristina: this is about issuer chosing user authentication
   - Paul: this is not about pre-auth vs authorization code flow
   - Kristina: there was already one hour wg discussion
   - Paul has the feeling that working group discussion on this may have 
been flawed, does not plan to approve and thinks issuer-initiated 
support for wallet should be mandated
   - Martijn thinks issuer-initiated flow is less secure and 
issuer-initiated flow is not standardized
   - Paul thinks security concerns are not real and there are 
standardized ways to do that
   - Paul and Martjin not agreeing...
- either define or remove the term "ecosystem(s)": 
https://github.com/openid/OpenID4VC-HAIP/issues/318
   - discussing what the group of entities could adhere today
   - adding "domain/sector", to that its not only focused on regulation/law
   - discussion around the word "governance" being to strict, leaving it 
out for now
   - discussion around changing "ecosystem" to "scheme", but we use 
ecosystem 8 times in VP, so may not be a good idea
   - consensus-ish, please review the current wording
- Gail asking what should be tested in the OpenID Interop
   - should both redirect-based and DC API flows should be tested -> 
sounds reasonable, as ecosystems are unsure what to use
   - DCQL query focus on #16 (all requirements to open a bank account as 
per NIST for mdoc), #2 with SD-JWT and #1 mdocs with just FN/LN. These 
were the three we tested when taking VP 1.0 to final -> sounds reasonable
   - biggest change for VP is likely x509_san_dns -> x509_hash and new 
custom URI scheme
- reviews needed on https://github.com/openid/OpenID4VCI/pull/602

Best, Paul

On 11/4/25 20:44, Joseph Heenan via 
Openid-specs-digital-credentials-protocols wrote:
> Hi all
>
> Proposed agenda for the America friendly call in around 15 minutes 
> time on the usual zoom, 
> https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09
>
>  1. Code of conduct / Antitrust policy / IPR policy:
>     https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Note-Well_Final_2025-06-12.pdf
>  2. Note-taking
>  3. Introductions
>  4. Agenda bashing
>  5. Events
>      1. VP & VCI related in-person ISO Interop event in NZ 16-18th
>         November (pre-NZ ISO mDL WG meeting) -
>         https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20250922/000952.html
>      2. VCI/VP + HAIP 1.0 remote nterop event:
>         https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20251027/000985.html
>  6. General updates
>      1. HAIP - WGLC update; please response to the in-progress email
>         vote
>         https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20251027/000991.html
>      2. HAIP - public review concludes 8th Dec, voting scheduled to
>         run Tuesday, December 9, 2025, to Tuesday, December 23, 2025
>  7. Cadence of calls / reducing number of calls
>  8. Need to decide on priorities for next phase of work - suggested
>     topics so far (list not in priority order)
>      1. Both VP and VCI: HPKE
>          1. Define vanilla hpke in VP:
>             https://github.com/openid/OpenID4VP/issues/676
>          2. Waiting for Montreal IETF in a week on IETF jose-hpke
>             draft updates
>          3. https://github.com/openid/OpenID4VP/issues/310
>      2. VCI: Interactive Authorization Endpoint (IAE) - presentation
>         during issuance
>          1. https://github.com/openid/OpenID4VCI/pulls?q=is%3Apr+is%3Aopen+label%3Aiae
>      3. VCI: Server-to-server issuance
>          1. Urgent, but bigger item to define
>          2. Let’s start with the list of requirements
>          3. Requirements: https://github.com/openid/OpenID4VCI/issues/663
>          4. Sequence diagrams:
>             https://github.com/openid/OpenID4VCI/issues/668
>      4. VCI: DC API
>          1. There was a PR by Lee that was closed
>          2. Useful for credential offer
>          3. https://github.com/openid/OpenID4VCI/pull/476
>      5. VCI: credential usage policy
>          1. https://github.com/openid/OpenID4VC-HAIP/issues/260
>      6. VCI: per-credential metadata
>          1. There is a proposal already
>          2. https://github.com/openid/OpenID4VCI/issues/421
>      7. VP: Discovery of public key / certificates of Verifier by Wallet
>          1. https://github.com/openid/OpenID4VP/issues/671
>      8. VP: purpose/intent_to_retain default behavior
>          1. https://github.com/openid/OpenID4VP/issues/669
>  9. HAIP 1.0 PRs
>      1. https://github.com/openid/OpenID4VC-HAIP/pulls
>         <https://github.com/openid/OpenID4VC-HAIP/pulls>
> 10. HAIP 1.0 open issues
>      1. https://github.com/openid/OpenID4VC-HAIP/issues?q=is%3Aissue%20state%3Aopen%20-label%3Aafter-wglc%20-label%3Ahas-PR%20-label%3Aready-for-PR%20milestone%3A%221.0%20Final%22
>         <https://github.com/openid/OpenID4VC-HAIP/issues?q=is%3Aissue%20state%3Aopen%20%20-label%3Ahas-PR%20-label%3Aready-for-PR%20milestone%3A%221.0%20Final%22>
> 11. VCI 1.1
>      1. Various IAE PRs now merged, please review
>         https://github.com/openid/OpenID4VCI/pull/602
>      2. Number of issues related to IAE to be solved:
>         https://github.com/openid/OpenID4VCI/issues?q=is%3Aissue%20state%3Aopen%20label%3Aiae
>
> If anyone has any specific topics they’d like to cover please reply to 
> this email or ask at the start of the call.
>
> Thanks
>
> Joseph
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20251104/d5f4161a/attachment-0001.htm>

More information about the Openid-specs-digital-credentials-protocols mailing list