<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:657005418;
mso-list-template-ids:-283089224;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1124999384;
mso-list-template-ids:-1942050470;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style></head><body lang=en-DE link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>DCP WG + SIOP Call <span lang=EN-US>notes (2023-12-07)<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Attendees<span lang=DE>:</span><o:p></o:p></p><ul style='margin-top:0cm' type=disc><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Christian Bormann<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Kristina Yasuda<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Torsten Lodderstedt<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Michael Jones<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Andreas Uribe<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Bjorn Hjelm<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Brian Campbell<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Daniel Fett<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Guiseppe De Marco<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Joseph Heenan<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Mark<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Mike Varley<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Pedro Felix<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Rajvardhan Deshmukh<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>Paul Bastian<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>David Luna<o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo1'>David Chadwick<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=DE>-----<o:p></o:p></span></p><p class=MsoNormal>Agenda<span lang=DE> discussion</span>:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Kristina: What do we need to do before openid4VCI before ID1<br>Pedro: Wallet discovery issue<br>Torsten: openid4vp #59 if time permits and paul joins<span lang=EN-US> later on<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=DE>-----<o:p></o:p></span></p><p class=MsoNormal>Time slot discussion:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>What do we do with the atlantic call and there was interest in an APAC call. Always 4pm doesn't work because it collides with AB/C calls every 2 weeks. Conflict with FIDO2<span lang=DE> as well for 5pm</span>. Proposal to do a poll and collect the data.<br>Joseph<span lang=EN-US> adds that p</span>eople that want to attend FIDO2 call might be able to attend APAC call. Discussion about APAC calls frequency depending on the amount of people that are interested.<o:p></o:p></p><p class=MsoNormal>Kristina will create Doodle poll<span lang=EN-US>s</span> for both: Atlantic & APAC<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Openid4VCI prs & issues<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/66" target="_blank">https://github.com/openid/OpenID4VCI/pull/66</a>: add data integrity verifiable presentation as proof of possession<br>Kristina<span lang=EN-US> mentions that she got f</span>eedback that this would be helpful. No objections -> Good to go<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://githubcom/openid/OpenID4VCI/pull/87" target="_blank">https://github.com/openid/OpenID4VCI/pull/87</a>: Issuer metadata to indicate PoP requirement<br>Torsten brings up the issue that the if proof_types is set, the issuer requires pop to be used which is not capture in current text. Changes are made to change it to normative language (MUST). Waiting for Jacob to approve request changes - once these last changes are in, it's ready for merge<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/116" target="_blank">https://github.com/openid/OpenID4VCI/pull/116</a>: support HTTP Accept-Language in the request for Credential Issuer Metadata to request a subset for display data<br>Once Joseph approves ready to go<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/115" target="_blank">https://github.com/openid/OpenID4VCI/pull/115</a>: Add Credential Offer Flow for Authorized Code Flow in the introduction<br>Kristina brings up that it only contains editorial, no normative changes. Once request changes are incorporated and editors are happy, it will be merged.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/121" target="_blank">https://github.com/openid/OpenID4VCI/pull/121</a>: remove credential offer part from credential profiles<br>Torsten brings up that with the recent changes, the different examples are not necessary anymore because<br><span lang=EN-US>Consensus that the PR w</span>ill be kept <span lang=EN-US>open</span> and wait for approvals - not a prerequisite for ID1.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/128" target="_blank">https://github.com/openid/OpenID4VCI/pull/128</a>: add sd-jwt vc profile to vci<br>Kristina brings up that people asked for this before ID1.<br>Torsten mentions that Brian brought up a good point, that vp_formats does not relate to VCI, so everything that is tied to presentation should be removed vom VCI. Joseph mentions that Paul brought up suggestions and he is fine if they are accepted.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/pull/70" target="_blank">https://github.com/openid/OpenID4VCI/pull/70</a>: Wallet notifying the Issuer of acceptance/rejection of issued credential<br>Mike Varley brings up that they are interested in this feature and asks for the state.<br>Torsten explains that some people want this feature and some don't want it.<br>Joseph adds that right now this PR would make it mandatory for the wallet to support this feature.<br>Some discussion about if this feature makes sense if it is optional. Mike Jones brings up that the normal OAuth way would be to introduce this as an optional feature and ecosystems can choose to require support for the feature.<br>Mike Varley brings up that they would leverage this feature combined with the terms of use of a credential and use the signal to also signals accepted terms. Adding the signal would be useful for ecosystems that want to support it but should not be mandatory.<br>David Luna brings up the user experience and undesired UX if users need to directly present a credential after successful issuance if the issuer wants feedback<span lang=EN-US> (which would be the alternative to this signal)</span>. David does not see the need for a negative signal (rejection/deletion).<br>Torsten aks for David to bring that description into the PR and the discussion and adds that this feature<span lang=EN-US> seems to</span> only make sense if the issuer forces the wallet to send this signal.<br>Joseph brings up that the delete signal was brought up because there are wallets with different UX where the user is prompted to deny a credential in a way that the delete signal makes more sense.<br>Torsten adds that deletion signal might also make sense for some issuers, but it should be <span lang=EN-US>addressed in a different issue/separately.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><a href="https://github.com/openid/OpenID4VCI/issues/94" target="_blank">https://github.com/openid/OpenID4VCI/issues/94</a>: Credential issuance with unknown (i.e. not pre-registered) wallets<br>Pedro explains that this issue has been discussed in detail in OpenID4VP, but VCI has been silent on the issue. He is afraid of significant effect on the AS and adds that this could be circumvented by applying DCR. Adding client_id_schemes to existing Authorization Servers is a significant change.<br>David Chadwick adds that they had the same issue a year ago and changes were made to make it work but can't remember how exactly that worked.<br>Kristina explains that they create a client_id for compliant wallets and make this public.<br>Pre-authorized code that does not require a client<span lang=EN-US>_</span>id and pedro mentions that this is a huge change to AS.<br>Kristina asks if this issue is important before ID1 and consensus was that this is not required before ID1<span lang=EN-US> but an important point to solve down the road.<o:p></o:p></span></p></div></body></html>