[Openid-dcp] Minutes from 2026-03-25 DCP WG APAC meeting
Frederik Krogsdal Jacobsen
frederik.krogsdal at idura.eu
Wed Mar 25 12:09:21 UTC 2026
- Participants: Dima Postnikov, Frederik Krogsdal Jacobsen, Micha Kraus,
Kenichi Nakamura, Stefan Charsley, Martijn
- Events
- Proposed face-to-face meeting with ISO on May 30th in Europe. No
news on location.
- Pre-IIW meeting: Watch for Eventbrite invitation on the DCP list.
- Pre-DICE meeting: Watch for Eventbrite invitation on the DCP list.
- Test requirements for the EU: Still work in progress.
- Updates from Ecosystem CG: Work has started on non-technical VC
ecosystem guidance white paper. Will eventually be shared with this group.
- Conformance test updates: There will be an update adding more FAPI
checks, but it has not appeared yet.
- Joint work with ISO
- Feedback form is available:
https://docs.google.com/spreadsheets/d/1Op2yo6AWRiU6WxskbASyy4UlTodqNmCwkMbU_emdzn4/edit?gid=0#gid=0
- Vision document from ISO WG10: Joseph has let them know we agree
with the vision.
- Server-to-server issuance
- There is an initial idea which Gareth will write down as a draft
and put in the repository. It is now at the point where it makes sense to
write down something concrete to get feedback on. Everything is still up
for change.
- There was a discussion on how it interacts with binding in the DC
API.
- More notes on issue 663 and 668 in the VCI repository.
- Open PRs
- VP 703: Nothing new.
- VP 712: Dima will look into preferred reference.
- VP 647: Stale, but still relevant. Dima will follow up.
- Open issues
- VP 646: Definition of origin is not clear - intertwined with issue
224
- VP 224:
- Consensus that when processing an origin it should just be
treated as a string.
- Still need to check some things to implement the change.
- Origins still need to be unique. We have to trust the platform
to do this, and maybe there should be some guidance in the DC API.
- If expected_origins are not used (unsigned requests over DC
API), the wallet and verifier will both need to generate the
same origin.
For the DC API, this should be guidance in the DC API. We should check
whether we guide to say that anyone who uses a non-DC API platform
equivalent should also prevent the security issues that DC
API prevents.
- Frederik will try to summarize what is needed to progress.
- Issues tagged as “1.1 or later”: if you have an issue you think is
urgent, now is the time to bring it up to the chairs for
inclusion in 1.1.
- Interactive authorization endpoint (VCI 719)
- Micha made an overview comparing to first-party-apps draft.
- Issues:
- The security model and approach of the draft
- No way to negotiate interaction types in the draft.
- redirect_to_web is less flexible and more of a fallback in
the draft.
- Questions:
- Do the first-party-apps authors want to rework their draft to
support third-party apps more?
- Do we make a new spec that is a profile of first-party-apps?
Should that be at IETF or OIDF?
- Do we make a second version of IAE or adapt our existing one?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20260325/bdc9dfc2/attachment.htm>
More information about the Openid-specs-digital-credentials-protocols
mailing list