<div dir="ltr"><div dir="ltr">Hi, <div>Sorry for missing yesterday's call (am at ETSI workshop on EUDIW).</div><div>Few thoughts/comments.</div><div><br></div><div><b>> Joseph asks if anybody objects trying to get new query language into 1.0<br></b></div><div><br></div><div>I am objecting. In short, the motivation is 1) to secure OpenID4VP is referenced by the Implementing Act, 2) to give implementers a stable document (the need for both has been mentioned multiple times during the workshop), and 3) just like mike said, there are still substantial open points on the new query language and we need implementation experience. </div><div><br></div><div>It is probably worth clarifying that <b>new query language not making it to 1.0 does not mean it will not make it to the second round of the implementing acts</b> - if we work efficiently, and manage to get out 1.1 before the second round gets opens, we can get 1.1 with a new query language referenced in the Implementing Acts. </div><div><br></div><div>Encouragement from the European Commission has been to have shorter release cycle for OpenID4VC specs to address points 1) and 2), and from a risk-management perspective, I believe we should a) publish final with a text that makes it clear that <a href="https://github.com/openid/OpenID4VP/issues/255">new query lang is allowed</a>, 2) prioritize new query language for 1.1, so once we know clearer when the second round of IAs gets reopened, we are sure new query language is in 1.1.</div><div><br></div></div><div>> Define an ISO mdoc profile for Digital Credential API in OIDF/DCP <a href="https://github.com/openid/OpenID4VP/issues/219" target="_blank">https://github.com/openid/OpenID4VP/issues/219</a><br><b>- Martjin agreed to make a PR for this one</b><br></div><div><br></div><div>umm...may I ask why? I looked at the issue and the scope of the PR that Martijn will do is not clear to me and the issue does not feel ready for PR to me. Where is it documented how the WG agreed to address topics clarified in <a href="https://github.com/openid/OpenID4VP/issues/219#issuecomment-2294048268">https://github.com/openid/OpenID4VP/issues/219#issuecomment-2294048268</a> ? Would be better to discuss and clearly document those first.</div><div><br></div><div>Define claims display description and claims path query - <a href="https://github.com/openid/OpenID4VCI/pull/276" target="_blank">https://github.com/openid/OpenID4VCI/pull/276</a><br><b>- there is a bug in metadata that would need to be fixed</b><br></div><div><br></div><div>I think the open question is whether we want/need to fix this issue and merge this PR before going final. There might be good reasons to do so (align with IETF SD-JWT VC metadata, this is a breaking change so if we do not do it now, we might have to wait until 2.0), but would like us, first, to agree we want it before final.</div><div><br></div><div>Best,</div><div>Kristina</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Sep 10, 2024 at 10:11 PM Paul Bastian via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<p>Hi,</p>
<p>here are the notes from today's call:</p>
<p># Attendees<br>
Andres Olave<br>
Bjorn Helm<br>
Brian Campbell<br>
Christian Bormann<br>
Daniel Fett<br>
Denver-9-Mount Sneffels<br>
Edmund Jay<br>
Gareth Oliver<br>
Hicham Lozi<br>
Jan Vereecken<br>
John Bradley<br>
Joseph Heenan<br>
Lee Campbell<br>
Lukasz Jaromin<br>
Martjin Haring<br>
Michael Jones<br>
Oliver Terbu<br>
Paul Bastian<br>
Ryan Galluzzo<br>
Sam Goto<br>
Sebastien<br>
Steve Venema<br>
Tom Jones<br>
<br>
# Discussion about Timeline for standard publication<br>
- Marjin thinks new query language should go in before 1.0<br>
- Lee asks whether it makes sense to wait with 1.0 for longer time
and get into the next implementing act round<br>
- Joseph responds that we already missed first round of eIDAS
implementing acts and aim for second round, fear of missing out,
but there might be even a third<br>
- situation is that 1.0 feels like a step in the door and waiting
for too long may be too much of a gamble<br>
- Lee agrees but also sees the risk that we get stuck with PE<br>
- Joseph says that we will have PE probably anyway through ISO mDL<br>
- people ask how much effort needs to be done for squeezing new
query language in<br>
- Mike points out there are substantial open points and we need
implementations<br>
- Joseph asks if anybody objects trying to get new query language
into 1.0<br>
- Daniel will provide summary and update on Thursday call<br>
<br>
# How can verifiers that support multiple trust models/ecosystems
know how to authenticate to the wallet? <br>
- <a href="https://github.com/openid/OpenID4VP/issues/248" target="_blank">https://github.com/openid/OpenID4VP/issues/248</a><br>
- Verifier doesn't know with which certificate to sign the request<br>
- allow multiple signatures?<br>
- John points out this architecture is nuts, instead Wallet should
figure out that Verifier is correct to his trust model, e.g. with
trust marks<br>
- different issuers will have different RP policies<br>
- Lee thinks RP shouldn't care about the Wallet at that point but
about the issuers<br>
- Daniel thinks RP is talking to ecosystems<br>
- Brian points back to the issue, in the context of BrowserAPI
already has requests parameter to allow this instead of using JWS
json serialization<br>
- Christian says we need embedded issuer policies (in credential
itself or metadata) to cleanly solve this<br>
- Martjin thinks in the long run solutions may unite and may not
need it, but in the short run complications may be expected,
allowing multiple RP certificates may smooth this<br>
- John: we probably need to do it and fix it later "if it falls
over", hinting to OpenID Federation<br>
- Daniel explains the suggestion, that reuses JWS JSON
Serialization<br>
<br>
# Deferred endpoint fixing it?<br>
- there seem to be some issues with Deferred Issuance flow<br>
- if you are aware of any problems please report!<br>
<br>
# Define claims display description and claims path query -
<a href="https://github.com/openid/OpenID4VCI/pull/276" target="_blank">https://github.com/openid/OpenID4VCI/pull/276</a><br>
- there is a bug in metadata that would need to be fixed<br>
- please provide Feedback!<br>
<br>
# Permit the use of the new query language instead of presentation
exchange. <a href="https://github.com/openid/OpenID4VP/issues/255" target="_blank">https://github.com/openid/OpenID4VP/issues/255</a><br>
- small issue that enables the new query language without a
breaking change<br>
- we need PR!<br>
<br>
c_nonce PR: Are we going to mandate support of nonce endpoint for
issuers that require nonces?
<a href="https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172" target="_blank">https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172</a><br>
- this removes c_nonce from token endpoint and introduces a new
nonce endpoint instead<br>
- we need more feedback on this!<br>
<br>
client_id_scheme security (
<a href="https://github.com/openid/OpenID4VP/issues/124" target="_blank">https://github.com/openid/OpenID4VP/issues/124</a> )<br>
- trying to solve this topic in the next weeks<br>
- please connect to editors if you want to help!<br>
<br>
Add extensibility to Credential Response #386 -
<a href="https://github.com/openid/OpenID4VCI/issues/386" target="_blank">https://github.com/openid/OpenID4VCI/issues/386</a><br>
- add extensiability to Credential Response, e.g. for ARKG handles
in the future<br>
- three options are provided<br>
- Option#2 with breaking change, but currently favored.<br>
- please provide feedback!<br>
<br>
Key attestation first draft PR - please review:
<a href="https://github.com/openid/OpenID4VCI/pull/389" target="_blank">https://github.com/openid/OpenID4VCI/pull/389</a><br>
- Draft PR for key attestation that helps Issuers for regulated
use cases, needed for eIDAS<br>
- looking for early feedback here!<br>
<br>
Define an ISO mdoc profile for Digital Credential API in OIDF/DCP
<a href="https://github.com/openid/OpenID4VP/issues/219" target="_blank">https://github.com/openid/OpenID4VP/issues/219</a><br>
- Martjin agreed to make a PR for this one<br>
<br>
Best regards,<br>
Paul<br>
</p>
<div>On 10.09.24 20:59, Joseph Heenan via
Openid-specs-digital-credentials-protocols wrote:<br>
</div>
<blockquote type="cite">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>Hi All,</div>
<div> </div>
<div>Below is the suggested
agenda for today's DCP WG +
SIOP call at 12:00 midday PT
(now, sorry it’s late!), <a href="https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09" target="_blank">https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09</a></div>
<div><br>
</div>
<div>
<ol>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">IPR
reminder/ Note-taking</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Introductions/re-introductions</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Agenda
bashing/adoption</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Events/External
orgs</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Consensus
around proposed plan for
moving VP/VCI to 1.0
final: <a href="https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20240909/000443.html" target="_blank">https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20240909/000443.html</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">New
Query language in 1.0?</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">How
can verifiers that
support multiple trust
models/ecosystems know
how to authenticate to
the wallet? <a href="https://github.com/openid/OpenID4VP/issues/248" target="_blank">https://github.com/openid/OpenID4VP/issues/248</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Deferred
endpoint fixing it?</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Define
claims display
description and claims
path query -
<a href="https://github.com/openid/OpenID4VCI/pull/276" target="_blank">https://github.com/openid/OpenID4VCI/pull/276</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Permit
the use of the new query
language instead of
presentation exchange.
<a href="https://github.com/openid/OpenID4VP/issues/255" target="_blank">https://github.com/openid/OpenID4VP/issues/255</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">c_nonce
PR: Are we going to
mandate support of nonce
endpoint for issuers
that require nonces? <a href="https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172" target="_blank">https://github.com/openid/OpenID4VCI/pull/381#pullrequestreview-2292605172</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">client_id_scheme
security ( <a href="https://github.com/openid/OpenID4VP/issues/124" target="_blank">https://github.com/openid/OpenID4VP/issues/124</a>
)</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Wallets
authenticating to
verifiers: <a href="https://github.com/openid/OpenID4VP/issues/141" target="_blank">https://github.com/openid/OpenID4VP/issues/141</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Mike’s
extensibility PRs <a href="https://github.com/openid/OpenID4VP/issues/227" target="_blank">https://github.com/openid/OpenID4VP/issues/227</a>
<a href="https://github.com/openid/OpenID4VCI/pull/382" target="_blank">https://github.com/openid/OpenID4VCI/pull/382</a>
(Kristina’s comment on
latter)</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Add
extensibility to
Credential Response #386
- <a href="https://github.com/openid/OpenID4VCI/issues/386" target="_blank">https://</a><a href="http://github.com/openid/OpenID4VCI/issues/386" target="_blank">github.com/openid/OpenID4VCI/issues/386</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Key
attestation first draft
PR - please review:
<a href="https://github.com/openid/OpenID4VCI/pull/389" target="_blank">https://github.com/openid/OpenID4VCI/pull/389</a></li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Issues
ready for PRs - who can
help please?</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">PRs
needing
reviews/discussions</li>
<li style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:"Helvetica Neue";font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Other
Open PRs/Issues</li>
</ol>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Joseph</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
</blockquote>
</div>
-- <br>
Openid-specs-digital-credentials-protocols mailing list<br>
<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>
</blockquote></div></div>