<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
@font-face
{font-family:"Helvetica Neue";
panose-1:2 0 5 3 0 0 0 2 0 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:418408145;
mso-list-template-ids:1914738406;}
@list l0:level1
{mso-level-start-at:5;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:696737193;
mso-list-template-ids:-1199149208;}
@list l1:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2
{mso-list-id:836120202;
mso-list-template-ids:1150343190;}
@list l3
{mso-list-id:886838661;
mso-list-template-ids:-1480146022;}
@list l3:level1
{mso-level-start-at:6;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style></head><body lang=en-DE link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span lang=DE style='font-size:11.0pt;mso-fareast-language:EN-US'>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>These are the meeting minutes from January 09 2025.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><br>Best Regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Christian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><br></span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>--- <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Attendees:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Christian Bormann<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Joseph Heenan<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Torsten Lodderstedt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Akash Shah<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Bjorn Hjelm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Brian Campbell<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Dima Postnikov<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>George Fletcher<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Hicham Lozi<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Jan Vereecken<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Juba Saadi<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Lee Campbell<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Lukasz Jaromin<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Matthew Micheaux<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:110pt;mso-fareast-language:EN-US'>Michael Jones<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Niels Klomp<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Paul Bastian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Rajvardhan Deshmukh<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Steve Venema<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Tim Cappalli<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Timo Glastra<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Introductions:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Matthew Micheaux, interested in OpenID and (something?) [missing some info - this was before we decided on a note-taker]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Events:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>- </span><span style='font-size:110pt;mso-fareast-language:EN-US'>OSW 2025</span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>: </span><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Submission deadline for OSW is upcoming up, so please register a talk before it is too late (<a href="https://oauth.secworkshop.events/osw2025">https://oauth.secworkshop.events/osw2025</a>).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>---<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Session Transcript -</span><span style='font-size:11.0pt;mso-fareast-language:EN-US'> </span><span style='font-size:11.0pt;mso-fareast-language:EN-US'><a href="https://github.com/openid/OpenID4VP/pull/374">https://github.com/openid/OpenID4VP/pull/374</a></span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'> and :<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Oliver explains that he realized we didn't need the hash method in the SessionTranscript, so W3C SRI was dropped. Oliver explains that the question is if anyone would object to mandating SHA-256 in the SessionTranscript. Christian asks how we would signal another Hash Algorithm and Oliver explains it would need to be somewhere iin the protocol, not in the SessionTranscript. There seems to be rough consensus to mandate SHA-256.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Hicham asks what "audience binding" in the PR means - are we justifying why client_id is there? Oliver explains that this comes from a comment and origin = came from trusted origin, whereas client_id is for audience binding. There is some discussion about the meaning of client_id here and Hicham says that he doesn't want to block the PR and is fine either way. Torsten mentions that the main definition of client_id already happens elsewhere and we should not be duplicating text here. Hicham answers that here we just want to say what to include in the SessionTranscript and not describe why here as we do that somewhere else.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Lee asks about the value of origin for native apps and whether that is properly defined here. Oliver answers that the origin is defined as the one the web platform or app platform asserted the request was made by.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Mandate DCQL - <a href="https://github.com/openid/oid4vc-haip/pull/151">https://github.com/openid/oid4vc-haip/pull/151</a> and <a href="https://github.com/openid/oid4vc-haip/issues/142">https://github.com/openid/oid4vc-haip/issues/142</a></span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Torsten asks if people are fine with making DCQL mandatory and for the time being not profile it at all. Lee agrees that we should not profile in HAIP. Christian explains that currently there is already a section on DCQL in the DC API parts and if we use the same everywhere without profiling, it might make sense to pull everything DCQL related out into its own small section and make DCQL mandatory everywhere.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Add Multi RP Credentials/Authentication capability -</span><span style='font-size:11.0pt;mso-fareast-language:EN-US'> </span><span style='font-size:11.0pt;mso-fareast-language:EN-US'><a href="https://github.com/openid/OpenID4VP/pull/308">https://github.com/openid/OpenID4VP/pull/308</a></span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Torsten explains that from his perspective the PR seems to be done, but we need to decide if we need/want the feature or multiple requests are fine and asks for opinions. Hicham responds that he doesn't think multiple requests is satisfying the requirement. Lee asks if we didn't have agreement on this and should just review the PR. Hicham explains that in ISO WG10, it was solved in 2 ways - either with multiple requests or by signing multiple times. Christian asks about the introduction of this feature for only DC Api, or also the traditional flow. Torsten wants to see some implementations and we can add it as a non-breaking change to the traditional API later.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Add issuer identifier for mdocs to DCQL - <a href="https://github.com/openid/OpenID4VP/issues/322">https://github.com/openid/OpenID4VP/issues/322</a>:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'>Torsten explains that the ask was to do issuer matching based on one or more keys and then was expanded/explained that this also means keys somewhere in the trust chain. Christian mentions that he agrees with the overall need for the feature and mentions it should work for all credential formats. Paul asks that this should be enforced by cryptographic keys. Lee explains that this is only for the wallet to prior selection and the verifier needs to check it in anyway. Hicham mentions that value matching does not word properly here, but does not convey exactly what the RP can verify. For MSO, if the key is somewhere in the chain of trust, the wallet knows that the verifier can work with it. Torsten renames the issue to "Enable RP to convey the desired credential issuers to the Wallet. Lee asks if this feature is already supported by -5 and Hicham answers that it is already supported. Lee asks for an example of the TrustedLists and Torsten agrees to provide an example. Torsten asks that we need to decide if this is a dedicated feature or should be part of DCQL. Lee answers that he thinks it should be part of DCQL, but probably as a direct feature and not as a virtual attribute and Christian and Brian agree. Hicham agrees that it should be DCQL feature, but not value matching.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div id=mail-editor-reference-message-container><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:12.0pt;font-family:"Aptos",sans-serif;color:black'>From: </span></b><span style='font-size:12.0pt;font-family:"Aptos",sans-serif;color:black'>Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols-bounces@lists.openid.net> on behalf of torsten--- via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols@lists.openid.net><br><b>Date: </b>Thursday, 9. January 2025 at 14:01<br><b>To: </b>Digital Credentials Protocols List <openid-specs-digital-credentials-protocols@lists.openid.net><br><b>Cc: </b>torsten@lodderstedt.net <torsten@lodderstedt.net><br><b>Subject: </b>[Openid-specs-digital-credentials-protocols] [agenda] DCP WG + SIOP call<o:p></o:p></span></p></div><div name=messageBodySection><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Helvetica Neue"'>Hi all,</span><span style='font-size:11.0pt'><br><br></span><span style='font-size:11.0pt;font-family:"Helvetica Neue"'>below is the suggested agenda for today's DCP WG + SIOP call at 5pm CET</span><span style='font-size:11.0pt'><o:p></o:p></span></p></div><ol start=1 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>OIDF Antitrust Policy at </span><a href="http://www.openid.net/antitrust"><span style='font-family:"Helvetica Neue"'>www.openid.net/antitrust</span></a><span style='font-family:"Helvetica Neue"'> applies</span></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>IPR reminder/ Note-taking</span></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>Introductions/re-introductions</span></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>Agenda bashing/adoption</span></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>Events/External orgs</span></li></ol><ol start=5 type=1><ol start=1 type=a><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level2 lfo3'><span style='font-family:"Helvetica Neue"'>Hybrid meeting before OSW</span></li></ol></ol><ol start=6 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo3'><span style='font-family:"Helvetica Neue"'>HAIP: We’ll focus on HAIP, in particular the ISO mDL profile for browser API:</span></li></ol><div><p class=MsoNormal><span style='font-size:11.0pt'>add session transcript for browser api<br>https://github.com/openid/OpenID4VP/pull/374<br>https://github.com/openid/oid4vc-haip/pull/146<br><br>Mandate DCQL instead of PE + MTI DCQL feature set<br></span><a href="https://github.com/openid/oid4vc-haip/pull/151"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/pull/151</span></a><span style='font-size:11.0pt'><br></span><a href="https://github.com/openid/oid4vc-haip/issues/142"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/142</span></a><span style='font-size:11.0pt'><br><br>Add Multi RP Credentials/Authentication capability<br></span><a href="https://github.com/openid/OpenID4VP/pull/308"><span style='font-size:11.0pt'>https://github.com/openid/OpenID4VP/pull/308</span></a><span style='font-size:11.0pt'><br><br>Add issuer identifier for mdocs to DCQL<br></span><a href="https://github.com/openid/OpenID4VP/issues/322"><span style='font-size:11.0pt'>https://github.com/openid/OpenID4VP/issues/322</span></a><span style='font-size:11.0pt'><br><br>clarify if c_nonce is optional or mandatory?<br></span><a href="https://github.com/openid/oid4vc-haip/issues/149"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/149</span></a><span style='font-size:11.0pt'><br><br>key attestation in HAIP<br></span><a href="https://github.com/openid/oid4vc-haip/issues/119"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/119</span></a><span style='font-size:11.0pt'><br><br>wallet attestation in HAIP<br></span><a href="https://github.com/openid/oid4vc-haip/issues/113"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/113</span></a><span style='font-size:11.0pt'><br><br>Key resolution for status list<br></span><a href="https://github.com/openid/oid4vc-haip/issues/65"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/65</span></a><span style='font-size:11.0pt'><br></span><a href="https://github.com/openid/oid4vc-haip/issues/43"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/43</span></a><span style='font-size:11.0pt'><br><br>communicating extra wallet capabilities when obtaining the request object<br></span><a href="https://github.com/openid/oid4vc-haip/issues/15"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/15</span></a><span style='font-size:11.0pt'><br><br>clarify if c_nonce is optional or mandatory?<br></span><a href="https://github.com/openid/oid4vc-haip/issues/148"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/148</span></a><span style='font-size:11.0pt'><br><br>Make pre-authorized code flow optional?<br></span><a href="https://github.com/openid/oid4vc-haip/issues/60"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/60</span></a><span style='font-size:11.0pt'><br><br>allow Issuer URL to include a path component<br></span><a href="https://github.com/openid/oid4vc-haip/issues/35"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/35</span></a><span style='font-size:11.0pt'><br><br>do we need to define key size?<br></span><a href="https://github.com/openid/oid4vc-haip/issues/39"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/39</span></a><span style='font-size:11.0pt'><br><br>make iat in SD-JWT selectively disclosable during presentation<br></span><a href="https://github.com/openid/oid4vc-haip/issues/29"><span style='font-size:11.0pt'>https://github.com/openid/oid4vc-haip/issues/29</span></a><span style='font-size:11.0pt'><o:p></o:p></span></p></div></div><div name=messageSignatureSection><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt'>best regards, <o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt'>Torsten.<o:p></o:p></span></p></div></div></div></div></div></div></body></html>