<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Helvetica Neue";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.E-MailFormatvorlage21
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:490566554;
mso-list-template-ids:1634757364;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>Hi All,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Below are the notes of today’s DCP call.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Regards, Christian <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>----<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Participants:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Andres Olave<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Andrew Regenscheid<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Bjorn Hjelm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Brian Campbell<o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-size:11.0pt'>Christian Bormann<o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-size:11.0pt'>David Zeuthen<o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-size:11.0pt'>Dima<o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-size:11.0pt'>Edmund Jay<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Gail Hodges<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Gareth Oliver<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Hicham Lozi<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Jin Wen<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Kristina Yasuda<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Lee Campbell<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Martijn Haring<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Michael Jones<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Paul Bastian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Sébastien Bahloul<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Tim Cappalli<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Victor Lu<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>----<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>General comments:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>OpenID4VP is in public review period and there were 3 editorial PRs that have been merged.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>OpenID4VCI should go to ID soon, so we have some PRs that need some attention.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>----<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Key Attestation - https://github.com/openid/OpenID4VCI/pull/389:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Paul introduces that given the feedback that defining key storage types and user authentication individually would be very complex, the PR was shifted to defining attack potential resistances (APRs). Some initial values for the APRs are defined in the PR using the ISO 18045 definitions. This change shifts some burden to the wallet provider but that seems to be fine given the current ecosystem layout. Martijn asks about the requirement that the current text defines a MUST for the ISO definition of APRs and what happens if an ecosystem defines their own APR. Paul answers that other APRs would overwrite the definitions initially given. Christian mentions that Wallets could be compliant to different APRs, but we are not mandating everyone to include the ISO values.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Kristina mentions that Pedro is not on the call, but another topic of discussion was to move to a nested claim structure, but given the current timeline proposes to keep the current structure and go to ID with the current version to get feedback. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Wallet Attestation - https://github.com/openid/OpenID4VCI/pull/408:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Paul introduces that the current idea is to use the IETF draft for attestation based client authentication to authenticate a Wallet towards the issuer (to proof the wallet is an authentic wallet). The Wallet provider would leverage existing systems like the platform attestations to check the integrity of the wallet and issue a wallet attestation. Martijn mentions that for OpenID4VP, he is hesitant to introduce a common format for the attestation. Given the current ecosystem with different credential formats, ecosystems should leverage the credential formats they already use. Christian mentions that it would reduce complexity for RPs with everyone knowing what to expect. Hicham adds that this attestation will always be accompanied by another credential, which would result in everyone to be forced to support this as a second format option. Paul explains that within OpenID, we already use JWTs in a lot of places and the OpenID4VC implementations already understand and use JWTs, so the added complexity seems to be manageable. Gareth adds that it is not only a JWT and a RP in OpenID4VP would not necessarily need to understand JWTs, but might not be too complex to add. Kristina asks if we could directly use an SD-JWT and if that would make things easier. Brian asks if we are discussing the PR in OpenID4VCI or its possible usage in OpenID4VP. Martijn answers that they would prefer to keep within one ecosystem, including status mechanisms etc. and there might be problems depending on where the attestation is signed and questions why we would need to define a format for this.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Kristina asks if for the time being there are no objections for this in OpenID4VCI. Lee summarizes his understanding that the wallet gets installed, pings its wallet server, which verifies a platform attestation and issues a wallet attestation which is then used towards an issuer. Lee asks to just use an SD-JWT, instead of a JWT, given that an sd-jwt already brings all the features. Brian adds that JWTs are well supported and it fits the general protocol needs and asks why people are not happy with a simple JWT. Lee agrees, that you seem to not need selective disclosure, so a JWT might be fitting and parsing a JWT is not too complex, but parsing something like an mdoc could be pretty complex. Christian explains that sd_hash is not present in the wallet attestation which would break SD-JWT parsing, which is required even if there are no disclosures. Brian states that any kind of selective disclosure seems to be unnecessary here and parsing a key binding is not too complex with the existing libraries and support for JWTs. Martijn asks about revocation support to which Paul agrees, that revocation support is intended and that the Wallet Provider may choose how to implement revocation. Martijn asks to standardize the claims instead of standardizing the format and leave that choice up to the ecosystems. Martijn states that this adds complexity. Kristina asks if people are strongly objecting the current trajectory. Martijn adds that he wishes for support for the identifier list instead of only status list if we want to add revocation. There seems to be no conclusion to get this into ID, but Kristina asks for people to review this PR. Mike states that the main question is if we need selective disclosure and if we need it, we should use SD-JWT and otherwise stick with JWTs.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>change sd-jwt vc type identifier from vc+sd-jwt to dc+sd-jwt - https://github.com/openid/OpenID4VCI/issues/414:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Brian introduces the issue that there will likely need to be a change for the media type for sd-jwt-vc from vc+sd-jwt to dc+sd-jwt. OpenID4VCI and OpenID4VP use vc+sd-jwt as Credential Format identifiers and given that the media type changed, we might want to change the credential format identifier to dc+sd-jwt to avoid further confusion. There are no objections and Kristina mentions that we should create PRs for OpenID4VP and OpenID4VCI.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>The Value of Having JWKS in the Credential Issuer Metadata - https://github.com/openid/OpenID4VCI/issues/385:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Mike introduces that this is mainly a consistency topic and should be ready for PR to make it easier for people to form their opinion. Kristina adds that this topic will be discussed when Oliver and Joseph are back.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Add Multi RP Credentials/Authentication capability - https://github.com/openid/OpenID4VP/pull/308:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Kristina explains that this introduces the capability to add more than one signature to an Authorization Request in OpenID4Vp leveraging JWS. Kristina asks if this meets the requirements were brought up and Martijn responds that they are reviewing and will provide feedback soon.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Update examples to reference the W3C VCDM v2, Data Integrity, and VC JOSE COSE - https://github.com/openid/OpenID4VP/pull/297:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Kristina explains that this is an upgrade to W3C VCDM2.0 and Mike explains that people are expecting that VCDM 2.0 is going to be used instead of VCDM 1.1 which is currently referenced and this PR is something that is going to come back before final anyway. Given that the creator of the PR will likely not have time to work on it, Mike volunteers to work on the PR if people agree that this should happen now.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols-bounces@lists.openid.net> <b>On Behalf Of </b>Kristina Yasuda via Openid-specs-digital-credentials-protocols<br><b>Sent:</b> Tuesday, November 12, 2024 5:30 PM<br><b>To:</b> Digital Credentials Protocols List <openid-specs-digital-credentials-protocols@lists.openid.net><br><b>Cc:</b> Kristina Yasuda <yasudakristina@gmail.com><br><b>Subject:</b> [Openid-specs-digital-credentials-protocols] [agenda] DCP WG + SIOP call<o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal>Hi All,<o:p></o:p></p></div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Below is the suggested agenda for today's DCP WG + SIOP call: <a href="https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09" target="_blank">https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09</a><o:p></o:p></p></div><div><div><div><p style='margin:0cm'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'><o:p> </o:p></span></p><ol style='margin-top:0cm' start=1 type=1><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>OIDF Antitrust Policy at <a href="http://www.openid.net/antitrust" target="_blank">www.openid.net/antitrust</a> applies<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>IPR reminder/ Note-taking<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>Introductions/re-introductions<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>Agenda bashing/adoption<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>Events/External orgs<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>WGLC for OID4VP has started! three PRs merged.<o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level1 lfo1;font-variant-ligatures:normal;font-variant-caps:normal;font-stretch:normal;font-kerning:auto;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>Now trying to get VCI to the implementers draft:<o:p></o:p></span></li></ol><ol style='margin-top:0cm' start=7 type=1><ul style='margin-top:0cm;font-variant-ligatures:normal;font-variant-caps:normal' type=disc><li class=MsoNormal style='mso-list:l0 level2 lfo1;font-variant-caps:normal;font-stretch:normal;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>VCI: Key attestations <a href="https://github.com/openid/OpenID4VCI/pull/389" target="_blank">https://github.com/openid/OpenID4VCI/pull/389</a><o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level2 lfo1;font-variant-caps:normal;font-stretch:normal;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>VCI: wallet attestation <a href="https://github.com/openid/OpenID4VCI/pull/408" target="_blank">https://github.com/openid/OpenID4VCI/pull/408</a><o:p></o:p></span></li><li class=MsoNormal style='mso-list:l0 level2 lfo1;font-variant-caps:normal;font-stretch:normal;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal'><span style='font-size:10.0pt;font-family:"Helvetica Neue",serif'>VCI: add option to use credential_configuration_id in credential request: <a href="https://github.com/openid/OpenID4VCI/pull/392" target="_blank">https://github.com/openid/OpenID4VCI/pull/392</a> <o:p></o:p></span></li></ul></ol><ol start=8 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1'><span style='font-family:"Helvetica Neue",serif'>other priority issues/PRs</span><o:p></o:p></li></ol></div></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div><div><p class=MsoNormal>Kristina<o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></body></html>