<div dir="ltr"><div>Hey Brian,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 17, 2024 at 10:44 AM Brian Campbell <<a href="mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 17, 2024 at 6:49 AM Orie Steele via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">You can use sd-jwt to produce the W3C Verifiable Presentation object:<div dir="auto"><br></div><div dir="auto"><a href="https://www.w3.org/TR/vc-jose-cose/#securing-json-ld-verifiable-presentations-with-sd-jwt" target="_blank">https://www.w3.org/TR/vc-jose-cose/#securing-json-ld-verifiable-presentations-with-sd-jwt</a></div></div></blockquote><div><br></div><div>What is/was the rationale for using sd-jwt to produce the W3C Verifiable

 Presentation object? </div></div></div></blockquote><div><br></div><div>Conformance to the Core Data Model as described in: <a href="https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#verifiable-presentations">https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#verifiable-presentations</a><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div>As I said over in <a href="https://github.com/w3c/vc-jose-cose/pull/270#issuecomment-2108832855" target="_blank">this PR</a> (which I'm now regretting having gotten involved in),maybe I'm not seeing the grand vision or something but securing a VP with SD-JWT doesn't really make sense to me. </div></div></div></blockquote><div><br>Because VPs don't make sense? or because JWT / COSE is a better path to secure them?<br><br>To me, it's JSON with a media type, I am not sure it needs a grand vision beyond that.<br><br>There are important protocol considerations for VPs though, which are described here:<br><br><a href="https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#presentations-including-holder-claims">https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#presentations-including-holder-claims</a><br><br>You can't have compatibility with this part of the W3C Technical recommendation if you don't enable a way to secure VPs with JWT, SD-JWT, COSE or ...<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div> </div><div> </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto">However this requires you to present a presentation as if it were a credential.</div><div dir="auto"><br></div><div dir="auto">And it creates a situation where you can have key binding in the credentials and for the presentation layer.</div><div dir="auto"><br></div><div dir="auto">Our implementation supports this, but it's awkward.</div><div dir="auto"><br></div><div dir="auto">This stems from W3C defining a protocol message without having a concrete protocol that is also defined, as opposed to just a data format.</div><div dir="auto"><br></div><div dir="auto">As far as I know protocols decide if they want to support W3C presentations or just W3C credentials... And oidc has so far, never supported W3C presentations.</div></div></blockquote><div><br></div><div>Again, maybe I'm not seeing the grand vision or something but that doesn't sound right to me*. I would agree though that the protocol and message layering in all this is sometimes confused and often confusing. <br></div><div><br></div><div>*  these seem like they are W3C Verifiable Presentations... <br></div><div><a href="https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html#appendix-A.1.1.3-5" target="_blank">https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html#appendix-A.1.1.3-5</a></div><div><a href="https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html#appendix-A.1.2.3-5" target="_blank">https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html#appendix-A.1.2.3-5</a></div></div></div></blockquote><div><br>This is not a W3C VP:<br><br> {</div>    "iss": "did:example:ebfeb1f712ebc6f1c276e12ec21",<br>    "jti": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",<br>    "aud": "<a href="https://client.example.org/cb">https://client.example.org/cb</a>",<br>    "nbf": 1541493724,<br>    "iat": 1541493724,<br>    "exp": 1573029723,<br>    "nonce": "n-0S6_WzA2Mj",<br>    "vp": {<br>        "@context": [<br>            "<a href="https://www.w3.org/2018/credentials/v1">https://www.w3.org/2018/credentials/v1</a>"<br>        ],<br>        "type": [<br>            "VerifiablePresentation"<br>        ],<br>        "verifiableCredential": [<br>            "eyJhb...ssw5c"<br>        ]<br>    }<br>}<br><div><br>it's an object that contains a claim called "vp" which might contain a JSON-LD VP, but it's malformed, because of the structure of  "verifiableCredential".<br><br>See: <a href="https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#enveloped-verifiable-credentials">https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240513/#enveloped-verifiable-credentials</a><br><br>Also, per <a href="https://w3c.github.io/vc-jose-cose/#securing-verifiable-credentials">https://w3c.github.io/vc-jose-cose/#securing-verifiable-credentials</a><br><br>The JWT Claim Names vc and vp MUST NOT be present in any JWT Claims Set.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 17, 2024, 2:20 AM Jan Vereecken via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div lang="en-BE">

<div>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt">Hi Joseph and other members,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt">Regarding

<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt">></span><span lang="EN-US">

</span>Two people asked about how to return multiple credentials fulfilling the same single requirement; that hadn’t come up before and we probably need a way to express if the verifier wants all the matches or just one - new issue to be opened for that.<span lang="EN-US" style="font-size:11pt"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I just want to qualify my question further.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I was thinking more of the case where a single presentation is answering multiple credentials requests.

<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Specifically W3C VCDM enables presentation of multiple credentials, bound to the same identifier, in a single presentation object. In contrast, to my knowledge,  SD-JWT VC does not have

 this.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">For the example, let’s conceptually represent this as jwt_vp_json_a = [jwt_vc_json_1, jwt_vc_json_2], where jwt_vc_json_1 answers my_cred_1 and jwt_vc_json_2 answers my_cred_2.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Does the solution envisaged then repeat the presentation object and figure out in the submission how to reference the correct credential<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">{<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  “my_cred_1”: “jwt_vp_json_a”,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  “my_cred_2”: “jwt_vp_json_a”<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">}<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Or, do we require multiple presentation object, each one replying to exactly one of the request<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">jwt_vp_json_b = [jwt_vc_json_1]<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">jwt_vp_json_c = [jwt_vc_json_2]<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">{<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  “my_cred_1”: “jwt_vp_json_b”,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  “my_cred_2”: “jwt_vp_json_c”<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">}<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Or, do we allow more flexibility, but increasing complexity in response structure.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">[<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  {<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">    “request”: [“my_cred_1”, “my_cred_1”],<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">    “response”: “jwt_vp_json_a”<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">  }<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">]<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Regards,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Jan</span><span lang="EN-US" style="font-size:11pt"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>

<div id="m_1270352139331027294m_7171150379062777494m_-3322206948167053013m_6220355403105596851m_-2176280181462114134mail-editor-reference-message-container">

<div>

<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) currentcolor currentcolor;padding:3pt 0cm 0cm">

<p class="MsoNormal" style="margin-bottom:12pt"><b><span style="color:black">From:

</span></b><span style="color:black">Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols-bounces@lists.openid.net" rel="noreferrer" target="_blank">openid-specs-digital-credentials-protocols-bounces@lists.openid.net</a>> on behalf of Joseph Heenan via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" rel="noreferrer" target="_blank">openid-specs-digital-credentials-protocols@lists.openid.net</a>><br>

<b>Date: </b>Thursday, 16 May 2024 at 18:34<br>

<b>To: </b>Digital Credentials Protocols List <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" rel="noreferrer" target="_blank">openid-specs-digital-credentials-protocols@lists.openid.net</a>><br>

<b>Cc: </b>Joseph Heenan <<a href="mailto:joseph@authlete.com" rel="noreferrer" target="_blank">joseph@authlete.com</a>><br>

<b>Subject: </b>[Openid-specs-digital-credentials-protocols] Minutes from 16th May 2024 DCP WG call<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Participants:<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Joseph Heenan<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Kristina Yasuda<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Daniel Fett<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Andreea Prian<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Arjen van Veen<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Bjorn Hjelm<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Brian Campbell<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">gabe<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Jan Vereecken<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Jin Wen<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Juba Saadi<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Michael Jones<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Oliver Terbu<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Pedro Felix<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Rajvardhan Deshmukh<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Ryan Galluzzo<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Sebastian Birckerle<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Sebastian Bahloul<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Sudesh Shetty<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Lukasz Jaromin<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><b>Events:</b><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">There will be a hybrid meeting with in-person participation for those at Identiverse; if you would like to attend in person please register on eventbrite:<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><a href="https://www.eventbrite.com/e/openid-foundation-dcp-wg-hybrid-meeting-at-identiverse-tickets-902324616217" rel="noreferrer" target="_blank">https://www.eventbrite.com/e/openid-foundation-dcp-wg-hybrid-meeting-at-identiverse-tickets-902324616217</a><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">It was proposed to cancel the normal working group meetings during Identiverse & EIC and no one objected.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><b>VP Query Language Proposal:</b><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Daniel shared the latest thoughts on the query language, presenting an evolution of the proposal created during IIW that meets the various requirements that were agreed by the working group, that includes some feedback from implementers

 that looked at the previous proposal: <a href="https://hackmd.io/1siVhjzOTWOE9ppdF_t57A?view" rel="noreferrer" target="_blank">

https://hackmd.io/1siVhjzOTWOE9ppdF_t57A?view</a><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">There was some discussion over the how the logic of “and/or” requests is expressed; Daniel said the current proposal is the simplest they could come up with.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Two people asked about how to return multiple credentials fulfilling the same single requirement; that hadn’t come up before and we probably need a way to express if the verifier wants all the matches or just one - new issue to be opened

 for that.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Jan asked where both ‘format’ and the name of the format specific parameters object (e.g. “vc+sd-jwt”) are required. Daniel said that ‘format' is necessary so there is a clear place for the verifier to figure out if it supports the requested

 format, and then there’s also a desire to collect the format specific keys into a sub-object.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Jan asked about implementations. There aren’t any yet that we’re aware of.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Kristina asked if we wanted to proceed with a new query language format and if this proposal was a good way to proceed.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Jan, Arjen, Brian, Michael J, Oliver, Gabe agreed it was a useful starting point. No one raised objections to using it as a starting point. Oliver wasn’t sure about the advances syntax features in example 7.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Next step is to open an issue.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><b>VP Transaction Data:</b><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Kristina has opened 4 new issues for 4 specific points that need discussion, all tagged with the ’transaction data’ label.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Issue 173: The verifier needs an easy way to check the wallet is approve what it’s requested; given the difficulties of comparing json objects having the transaction request base64url encoded in the request & response seems like the best

 solution right now.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><b>VP PRs:</b><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">#175 Add text/diagram for siopv2 conditional cred req flow<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><a href="https://github.com/openid/OpenID4VP/pull/175" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VP/pull/175</a> to solve <a href="https://github.com/openid/OpenID4VP/issues/86" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VP/issues/86</a><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Please read and give feedback.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><b>VCI PRs/issues:</b><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><a href="https://github.com/openid/OpenID4VCI/pull/314" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VCI/pull/314</a> <u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">Removed authorization_pending as discussed in previous meetings and notified to mailing list. No objections raised.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><a href="https://github.com/openid/OpenID4VCI/pull/319" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VCI/pull/319</a> <u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">As per previous working group discussions, clarify how encryption works on batch endpoint - please review.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><a href="https://github.com/openid/OpenID4VCI/pull/321" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VCI/pull/321</a> - adds a new error code to credential endpoint for the issuer to indicate it’s denying the request - please review.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<a href="https://github.com/openid/OpenID4VP/issues/171" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VP/issues/171</a> - “nonce” handling should be more explicit.<u></u><u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

Kristina pointed out that SD-JWT & W3C LDP sections do contain wording; Oliver will review it and raise a PR if it can be improved.<u></u><u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<a href="https://github.com/openid/OpenID4VP/issues/124" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VP/issues/124</a> - client_id_scheme security considerations<u></u><u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

We need to come to a decision on this. The feeling when discussed at OSW seemed to be folding the client_id_scheme into the client_id in some way so the existing iss/aud fields in JWTs can be used etc. To be discussed on next week’s WG calls.<u></u><u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

<p style="margin:0cm;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">

<u></u> <u></u></p>

</div>

</div>

</div>

</div>

</div>

-- <br>

Openid-specs-digital-credentials-protocols mailing list<br>

<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" rel="noreferrer" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>

<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>

</blockquote></div>

-- <br>

Openid-specs-digital-credentials-protocols mailing list<br>

<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>

<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>

</blockquote></div>

</div>

<br>

<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i></blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;padding:10pt 0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(32,18,77);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">ORIE STEELE</span><span style="font-size:10pt;font-family:Arial;color:rgb(32,18,77);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:10pt;font-family:Arial;color:rgb(32,18,77);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Chief Technology Officer</span><span style="font-size:10pt;font-family:Arial;color:rgb(32,18,77);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:8pt;font-family:Arial;color:rgb(32,18,77);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">www.transmute.industries</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 10pt"><a href="https://transmute.industries" target="_blank"><img width="96" height="22" src="https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc"></a><br></p></span></div></div></div></div></div></div></div>