<div dir="ltr"><div dir="ltr"><div dir="ltr">DCP Meeting notes for 12th of December 2024<br><br><b>Participants:</b><br>- Kristina Yasuda<br>- Paul Bastian<br>- Martijn Haring<br>- Christian Bormann<br>- Oliver Terbu<br>- Andreea Prian<br>- Pedro Felix<br>- Michael Jones<br>- David Chadwick<br>- Steve Venema<br>- Daniel Fett<br>- Brian Campbell<br>- Lukasz Jaromin<br>- Bjorn Hjelm<br>- Rajvardhan Deshmukh<br>- John Bradley<br>- Tom Jones<br><br><b>OAuth Security Workshop + Hybrid WG Meeting<br></b><br>OAuth security workshop will take place at the end of February and the Hybrid WG Meeting will happen the day before. There will be a venue for in-person attendance.<br><br>Workshop is looking for sponsors and for proposals for a session: <a href="https://oauth.secworkshop.events/osw2025">https://oauth.secworkshop.events/osw2025</a><br><br><b>ISO discussion recap<br></b><br>Alignment document can be found here: <a href="https://docs.google.com/document/d/1AJDDWuRG_b-MOBrAwhBoQV3dhH3LD31WNEQKzOB36SY/edit?tab=t.0">https://docs.google.com/document/d/1AJDDWuRG_b-MOBrAwhBoQV3dhH3LD31WNEQKzOB36SY/edit?tab=t.0</a><br><br>There is an agreement to put mdoc profile over digital credentials (formerly known as browser) API in HAIP.<br><br>There will be an ISO virtual meeting last week of Jan when the requirements table from the mentioned document will be reviewed and discussed.<br><br><b>OpenID for VP Implementers Draft v3<br></b><br>Vote on the implementers draft for VP: <a href="https://openid.net/foundation/members/polls/346">https://openid.net/foundation/members/polls/346</a><br><br>After the IDv3 plan is for VP to go to Final 1.0. Chairs are currently labelling issues that will go in 1.0, or that will go in 1.1. Take a look at <a href="https://github.com/openid/OpenID4VP/milestone/2">https://github.com/openid/OpenID4VP/milestone/2</a> and provide feedback.<br><br><b>VCI</b><div><b><br></b>PR #408 - Draft for wallet attestation<br> - merged<br>PR #276 - Define claims display description and claims path query<br> - 'value_type' to be removed (three thumbs up were given), Daniel Fett will make changes, Paul Bastian will approve and help resolve his colleague's requests for changes<br> - call for people to convert standing comments / questions to issues<br> - desire expressed to get approvals before the next WG call, so please review<br><br><b>HAIP</b><br><br>PR #122 - mdoc profile<br> - Issues opened for certain questions / comments<br> - wallet must support signed and unsigned requests - issue #129<br> - transaction data - issue #130<br> - encryption details - issue #131<br> - sessiontranscript - issue #135<br> - Minor discussion regarding wording API VS HTTPS VS Wallet URL triggered by <a href="https://github.com/openid/oid4vc-haip/pull/122#discussion_r1882203500">https://github.com/openid/oid4vc-haip/pull/122#discussion_r1882203500</a><br> - John Bradley suggested wording it like 'redirect based binding'<br> - post binding?<br> - Brian Campbell suggested 'redirection' as a general term for bouncing the user around he considers 'redirect based binding' SAMLy<br> - Oliver Terbu does not agree that it is redirect based<br> - Kristina Yasuda will open an issue for this discussion<br> - plan is to merge this PR as a starting point<br><br>Issue #131 - Encryption details over digital cred API<br> - Table of options<br> 1. JWE with ECDH_ES<br> 2. JWE with HPKE (preferred option but nor referenceable as it is still in the works)<br> 3. not use JWE, define new mechanism<br> - Plan to work with option #1 but signal that option #2 will be used when ready<br> - Martijn Haring questions if the plan is good and thinks that HPKE solutions is better than ECDH-ES because of better lib support and easy of implementation<br> - John Bradley disagrees with this comment and thinks plenty of libs do not support it as the spec is not ready and argues that ECDH-ES as an option is better and allows the use of JWE, MLKEM, and thinks we need to use better algos when they become available with JWE, eventually things can be migrated to HPKE or MLKEM<br> - Martijn Haring asks why are we specifying this in HIPE and not base VP spec<br> - Bryan Campbell + John Bradley: maybe we lose protocol flexibility if we do that, if it went into core VP the text would need to be carefully worded to not preclude the use of detached arguments -- this is how you do it when you have detached ADD and this is how you do it when you don't<br> - next step: see if we need specific proposal for JWE with ECDH-ES in Core VP not HAIP and Brian Campbell volunteered to work on that, and do a specific mandate of an algorithm in HAIP<br> - View summary at <a href="https://github.com/openid/oid4vc-haip/issues/131#issuecomment-2539528136">https://github.com/openid/oid4vc-haip/issues/131#issuecomment-2539528136</a> <br><br><b>VP<br></b><br>Issue #310 HPKE without JSON?<br> - John Bradley does not like abandoning JWE because of incompatibility and complexity, others seem to agree (Michael Jones, Brian Campbell)<br> - Brian Campbell agrees that we should not build our own HPKE serialization and use JWE.<br> - View summary at <a href="https://github.com/openid/OpenID4VP/issues/310#issuecomment-2539453895">https://github.com/openid/OpenID4VP/issues/310#issuecomment-2539453895</a><br><br><b>Lazy Verifier problem tangent<br></b> - Michael Jones raised 'lazy verifier' problem and filed a PR with the folks working on the JOSE-HPKE<br> - Oliver Terbu opened an issue at <a href="https://github.com/ietf-wg-jose/draft-ietf-jose-hpke-encrypt/issues/13">https://github.com/ietf-wg-jose/draft-ietf-jose-hpke-encrypt/issues/13</a><br> - Brian Campbell thinks that is a massive amount of problems that the verifier needs to check and that a lot of time of the WG is spent discussing something that might not be valuable<br> - Paul Bastian agrees with Brian that we need to see if lazy verifier problem is really an issue and questions whether it applies to the DC API at all<br> - Martijn Haring thinks that lazy verifier problem is important and makes the protocol better and more robust, although not a complete solution for all issues, and also states that it applies to the DC API<br> - John Bradley thinks proposed solutions do not solve the 'very very very lazy verifier,' but agrees that it makes it harder and in general sense it makes it more robust although for just a couple of parameters<br><br>Best regards,<br><br>Nemanja</div></div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2024 at 3:21 PM Kristina Yasuda via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="gmail_quote"><div><div name="messageBodySection"><div dir="auto">Hi,<br>
<br>Here is the agenda proposal for the call later today. <br></div>
<ol type="1">
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">OIDF Antitrust Policy at </span><a style="background-color:transparent;font-family:Arial,sans-serif;font-size:10pt" href="http://www.openid.net/antitrust" target="_blank">www.openid.net/antitrust</a><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt"> applies</span></li>
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">IPR reminder/ Note-taking</span></li>
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">Introductions/re-introductions</span></li>
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">Agenda bashing/adoption</span></li>
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">Events/External orgs</span></li><ol><li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">proposal to do a hybrid DCP WG a day before OSW </span></li><li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">update from the ISO Sapporo mtg last week - HAIP will be the focus for the next month. </span></li></ol>
<li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">VCI</span></li>
<ol type="a">
<li style="font-size:11pt"><font color="#000000" face="Arial">please review the PRs (<a href="https://github.com/openid/OpenID4VCI/pull/276" target="_blank">https://github.com/openid/OpenID4VCI/pull/276</a> and <a href="https://github.com/openid/OpenID4VCI/pull/408" target="_blank">https://github.com/openid/OpenID4VCI/pull/408</a> ). starting WGLC for ID-2 once the PRs are ready.</font></li>
</ol>
<li style="font-size:10pt"><font color="#000000" face="Arial, sans-serif">VP</font></li><ol><li style="font-size:10pt"><font color="#000000" face="Arial, sans-serif">the list of issues that chairs think should be discussed/tackled before Final 1.0. (includes issues that the WG might decide not to pursue but might result in breaking changes if tackled)<br><a href="https://github.com/openid/OpenID4VP/milestone/2" target="_blank">https://github.com/openid/OpenID4VP/milestone/2</a></font></li><li style="font-size:10pt">voting on-going - please vote! <a href="https://openid.net/foundation/members/polls/346" target="_blank">https://openid.net/foundation/members/polls/346</a></li><li style="font-size:11pt">multi RP authentication: </li><ol><li style="font-size:11pt"><a href="https://github.com/openid/OpenID4VP/pull/308" style="background-color:transparent;font-family:Arial,sans-serif;font-size:11pt" target="_blank">https://github.com/openid/OpenID4VP/pull/308</a></li></ol></ol><li style="font-size:10pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">HAIP</span></li>
<ol type="a">
<li style="font-size:11pt"><span style="color:rgb(0,0,0);background-color:transparent;font-family:Arial,sans-serif;font-size:10pt">HAIP mdoc over the browser API profile - would like to merge as a starting point - would like to merge as a starting point:</span><br>
<a style="background-color:transparent;font-family:Arial,sans-serif;font-size:10pt" href="https://h" target="_blank">h</a><a style="background-color:transparent;font-family:Arial,sans-serif;font-size:11pt" href="https://github.com/openid/oid4vc-haip-sd-jwt-vc/pull/122" target="_blank">ttps://github.com/openid/oid4vc-haip-sd-jwt-vc/pull/122</a></li>
<li style="font-size:11pt"><span style="color:rgb(51,51,51);background-color:transparent;font-family:Arial,sans-serif;font-size:11pt">repo has been renamed to oid4vc-haip</span></li><li style="font-size:11pt">MDOC encryption (focus of today)<br></li><ol><li style="font-size:11pt"><a style="background-color:transparent;font-family:Arial,sans-serif;font-size:11pt" href="https://h" target="_blank">h</a><a style="background-color:transparent;font-family:Arial,sans-serif;font-size:11pt" href="https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/131" target="_blank">ttps://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/131</a></li></ol></ol>
<ol type="a"><br></ol></ol></div><div name="messageSignatureSection">
<div>Best,</div><div>Kristina</div></div></div>
</div></div>
</div></div>
</div>
-- <br>
Openid-specs-digital-credentials-protocols mailing list<br>
<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>
</blockquote></div>