<div dir="ltr"><div dir="ltr"><p style="margin:0in;font-family:Calibri;font-size:11pt">Hi all, here are the minutes:</p><p style="margin:0in;font-family:Calibri;font-size:11pt"><br></p><p style="margin:0in;font-family:Calibri;font-size:11pt">Joseph Heenan</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Daniel Fett</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Kristina Yasuda</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Christian Bormann</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Tobias Looker</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Jin Wen</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Torsten Lodderstedt</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Dima Postnikov</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Brian Campbell</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Mike Jones</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Sebastien Bahloul</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Orie Steele</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">George Fletcher </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Daylight saving
related time zone changes are coming. We will try keep calendars in sync, but
noon PST is the source of truth, if you are in doubt.</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">Please register to
post-IIW hybrid DCP WG in <a href="https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357">https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357</a>.</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> Oauth Security Workshop submissions deadline
is coming up: <a href="https://oauth.secworkshop.events/osw2024">https://oauth.secworkshop.events/osw2024</a>.</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<ol type="1" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in;font-family:Calibri;font-size:11pt">
<li value="1" style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-size:11pt">Request_uri extension</span></li>
</ol>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><a href="https://github.com/openid/OpenID4VP/pull/59"><span style="font-family:Calibri;font-size:11pt">https://github.com/openid/OpenID4VP/pull/59</span></a></li>
</ul>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="vertical-align:middle;margin-top:0pt;margin-bottom:12pt;color:rgb(31,35,40)"><span style="font-family:Calibri;font-size:11pt;color:black">Suggestion is the following: </span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle;color:rgb(31,35,40)"><span style="font-family:-apple-system;font-size:10.5pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">drop
the ability to sign the initial request</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle;color:rgb(31,35,40)"><span style="font-family:-apple-system;font-size:10.5pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">the
verifier is expected to send its capabilities (esp. signature algorithms)
in the </span><span style="font-family:ui-monospace;font-size:8.9pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">client_metadata</span><span style="font-family:-apple-system;font-size:10.5pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"> parameter with the initial
request</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle;color:rgb(31,35,40)"><span style="font-family:-apple-system;font-size:10.5pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">the
Wallet should send the POST request to the request URI with a data set,
which does not allow user tracking, i.e. subset of client metadata +
nonce for request object signing + ephm. key for request object
encryption</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle;color:rgb(31,35,40)"><span style="font-family:Calibri;font-size:11pt;color:black">the very first
request from the verifier looks like …?</span><span style="font-family:ui-monospace;font-size:8.9pt">request_uri=...&client_metadata=...</span><span style="font-family:Calibri;font-size:11pt;color:black"> </span></li>
</ul>
</ul>
<p style="margin:0in 0in 0in 0.75in;font-family:-apple-system;font-size:10.5pt;color:rgb(31,35,40)"> </p>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Please review this PR, if we
can get WG agreement in this direction, changes will be made to the PR.</span></li>
</ul>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<ol type="1" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in;font-family:Calibri;font-size:11pt">
<li value="2" style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-size:11pt">OpenID4VP and Browser API </span></li>
</ol>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Browser API open to support
multiple protocols, one of those protocols should be OpenID4VP. Torsen did
a presentation that he worked on with Joseph and Kristina on how that
should look like</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Intro about browser api: </span><a href="https://github.com/WICG/digital-identities"><span style="font-family:Calibri;font-size:11pt">https://github.com/WICG/digital-identities</span></a><span style="font-family:Calibri;font-size:11pt">.</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Requirements: </span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Wallet needs to authenticate
the verifiers using trust infrastructure independent from the web trust
infrastructure (important for eIDAS 2.0)</span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Proposed solution is use
signed request object</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Tobias: there might be
cases where web origin is sufficient, in which case signing is not
required</span></li>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Prevent replay of
authenticated requests.</span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Proposed solution is
encrypt the response to the verifier's ephemeral public key</span></li>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Easy migration to the
browser api for the existing openid4vp implementations</span></li>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">What is not in the request
object: redirect_uri, state, response_uri. </span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Discussion</span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Tobias: need to separate
authenticating who you are sending the request to and integrity to
protect the request.</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Kristina: need to
differentiate what is parsed by the wallet and what is needs to be
understood by the browser </span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">In the android model, the
(sandboxed) matcher is provided by the wallet. And it is that matcher
that parses the request, not the mobile OS itself.</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Sebastian/Orie: question
seems to be how much the browser needs to understand about the incoming
request? How opaque is it for the platform.</span></li>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Document to review is here: </span><a href="https://docs.google.com/document/d/1A10PZ_DviMJeyy2mDFt2QLcXUbT4O2dc_BizNXAD2PQ/edit"><span style="font-family:Calibri;font-size:11pt">https://docs.google.com/document/d/1A10PZ_DviMJeyy2mDFt2QLcXUbT4O2dc_BizNXAD2PQ/edit</span></a></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Please review the document,
comment and indicate if you believe DCP WG should work on this and if
yes, should this be a new WG item in DCP WG.</span></li>
</ul>
</ul>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<ol type="1" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in;font-family:Calibri;font-size:11pt">
<li value="3" style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-size:11pt">Query syntax</span></li>
</ol>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><a href="https://github.com/openid/OpenID4VP/issues/112"><span style="font-family:Calibri;font-size:11pt">https://github.com/openid/OpenID4VP/issues/112</span></a></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">The issue describes feedback
that has been received on PE.</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Sticking to the process
outlined here: </span><a href="https://github.com/openid/OpenID4VP/issues/112#issuecomment-1960037463"><span style="font-family:Calibri;font-size:11pt">https://github.com/openid/OpenID4VP/issues/112#issuecomment-1960037463</span></a></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">There is no clear agreement
on the suggested way forward out of few options presented in the
issue-comment</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Tobias did a presentation
for one concrete solution how a new query language specific to credential
format could look like (close to option 4 in the issue-comment)</span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><a href="https://docs.google.com/document/d/10JT--pXWsfwC4QVu3XJpXGwcO08M6tnpkZ4PKdtCEWo/edit#heading=h.7igj7m3na8ru"><span style="font-family:Calibri;font-size:11pt">https://docs.google.com/document/d/10JT--pXWsfwC4QVu3XJpXGwcO08M6tnpkZ4PKdtCEWo/edit#heading=h.7igj7m3na8ru</span></a></li>
</ul>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Discussion</span></li>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Orie asked about
intentToRetain feature</span></li>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Kristina asked about why
presentation_submission kind of feature was missing -> was not deemed
useful by the proposers of this document</span></li>
</ul>
<li style="margin-top:0px;margin-bottom:0px;vertical-align:middle"><span style="font-family:Calibri;font-size:11pt">Please review this proposal
and make comments on issue #112 about your desired next step </span></li>
</ul></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 5, 2024 at 10:25 AM Joseph Heenan via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div>Hi All,</div><div> </div><div>Below is the suggested agenda for the today's DCP WG + SIOP call at 12:00 midday PT.</div><div> </div><div>- IPR reminder/ Note-taking</div><div>- Introductions/re-introductions</div><div>- Agenda bashing/adoption</div><div>- DST changes means the call time will move for many people sometime over the next month; check the calendar </div><div>- Events/External orgs</div><div>- PRs</div><div> - Please review VP SD-JWT profile: <a href="https://github.com/openid/OpenID4VP/pull/115" target="_blank">https://github.com/openid/OpenID4VP/pull/115</a> </div><div> - Please review VP Editorial: <a href="https://github.com/openid/OpenID4VP/pull/119" target="_blank">https://github.com/openid/OpenID4VP/pull/119</a> <a href="https://github.com/openid/OpenID4VP/pull/121" target="_blank">https://github.com/openid/OpenID4VP/pull/121</a> <a href="https://github.com/openid/OpenID4VP/pull/114" target="_blank">https://github.com/openid/OpenID4VP/pull/114</a></div><div> - Request URI extension: <a href="https://github.com/openid/OpenID4VP/pull/59" target="_blank">https://github.com/openid/OpenID4VP/pull/59</a></div><div>- Issues:</div><div> - OpenID 4 VP profile of the Browser API - <a href="https://github.com/openid/OpenID4VP/issues/90" target="_blank">https://github.com/openid/OpenID4VP/issues/90</a></div><div> - Query language - <a href="https://github.com/openid/OpenID4VP/issues/112" target="_blank">https://github.com/openid/OpenID4VP/issues/112</a></div><div>- Other PRs</div><div> - VCI <a href="https://github.com/openid/OpenID4VCI/pulls?q=is%3Aopen+is%3Apr+milestone%3AID-1" target="_blank">https://github.com/openid/OpenID4VCI/pulls?q=is%3Aopen+is%3Apr+milestone%3AID-1</a></div><div> - VP <a href="https://github.com/openid/OpenID4VP/pull/59" target="_blank">https://github.com/openid/OpenID4VP/pull/59</a></div><div> - HAIP <a href="https://github.com/openid/oid4vc-haip-sd-jwt-vc/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc" target="_blank">https://github.com/openid/oid4vc-haip-sd-jwt-vc/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc</a></div><div>- Issues (in the most recently updated order)</div><div> - VCI <a href="https://github.com/openid/OpenID4VCI/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" target="_blank">https://github.com/openid/OpenID4VCI/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc</a></div><div> - VP <a href="https://github.com/openid/OpenID4VP/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" target="_blank">https://github.com/openid/OpenID4VP/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc</a></div><div> - HAIP <a href="https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" target="_blank">https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc</a></div><div> </div><div><br></div><div>Thanks</div><div><br></div><div>Joseph</div><div><br></div></div></div>-- <br>
Openid-specs-digital-credentials-protocols mailing list<br>
<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>
</blockquote></div></div>