<div dir="ltr">Hi All,<div><br></div><div>This is the text that I mentioned during the discussion on "verifier's public key in sessionTranscript <a href="https://github.com/openid/OpenID4VP/issues/400" target="_blank">https://github.com/openid/OpenID4VP/issues/400</a>" that already outlines common requirements on audience binding and session binding (nonce) fo all credential formats:<div><br class="gmail-Apple-interchange-newline"></div><div>"This cryptographic proof of possession MUST be bound by the Wallet to the intended audience (the Client Identifier of the Verifier) and the respective transaction (identified by the nonce parameter in the Authorization Request). The Verifier MUST verify this binding."</div><div><br></div><div>and </div><div><br></div><div>"Note: Different formats for Verifiable Presentations and signature/proof schemes use different ways to represent the intended audience and the session binding. Some use claims to directly represent those values, others include the values into the calculation of cryptographic proofs. There are also different naming conventions across the different formats."</div><div><br></div><div>from: <a href="https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-14.1-3">https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-14.1-3</a></div><div><br></div><div>and each credential format section in annex B has a section like the following<br><br>"The following requirements apply to the nonce and aud claims in the Key Binding JWT:</div>- the nonce claim MUST be the value of nonce from the Authorization Request;<br>- the aud claim MUST be the value of the Client Identifier;"</div><div><div><br></div><div>from: <a href="https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#appendix-B.4.5">https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#appendix-B.4.5</a></div><div><br></div><div>Hope this clarifies.</div><div><br></div><div>Best,</div><div>Kristina</div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Mar 18, 2025 at 6:49 PM Kristina Yasuda <<a href="mailto:yasudakristina@gmail.com">yasudakristina@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr"><span style="color:rgb(0,0,0)">Hi All,</span></div><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><span><font color="#000000"><div dir="ltr"><span style="font-family:"Helvetica Neue",sans-serif"><br></span></div><div><span style="font-family:"Helvetica Neue",sans-serif">Just to confirm that we have a call in about 1.5hmin - for those outside the US, this would mean 1h earlier than usual. Unfortunately, we will have this shift for few weeks until daylight savings starts in Europe too.</span></div><div><span style="font-family:"Helvetica Neue",sans-serif"><br></span></div><div><span style="font-family:"Helvetica Neue",sans-serif">To also communicate in writing, the plan is to focus on getting OpenID4VP ready for 1.0 Final (we are on track for June) first and then move to OpenID4VCI and then HAIP.</span></div><div><span style="font-family:"Helvetica Neue",sans-serif"><br></span></div><div dir="ltr"><span style="font-family:"Helvetica Neue",sans-serif">Below is the suggested agenda for the DCP WG call:</span></div></font></span><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="gmail_quote"><div name="messageBodySection"><ol type="1"><span><font color="#000000"><li style="margin-left:15px"><span style="font-family:"Helvetica Neue",sans-serif">OIDF Antitrust Policy at </span><a href="http://www.openid.net/antitrust" style="font-family:"Helvetica Neue",sans-serif" target="_blank">www.openid.net/antitrust</a><span style="font-family:"Helvetica Neue",sans-serif"> applies / IPR reminder</span></li><li style="margin-left:15px"><span style="font-family:"Helvetica Neue",sans-serif">Note-taking</span></li><li style="margin-left:15px"><span style="font-family:"Helvetica Neue",sans-serif">Events/External orgs</span></li><ul><li style="margin-left:15px"><font face="Helvetica Neue, sans-serif">please register for pre-IIW and post-IIW Hybrid DCP WG meetings</font></li></ul></font></span><li style="margin-left:15px"><b><span>Vote</span> for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile is being conducted at</b> <a href="https://openid.net/foundation/members/polls/355" target="_blank">https://openid.net/foundation/members/polls/355</a></li><li style="margin-left:15px">mark ready for PR? verifier's public key in sessionTranscript <a href="https://github.com/openid/OpenID4VP/issues/400" target="_blank">https://github.com/openid/OpenID4VP/issues/400</a></li><li style="margin-left:15px">potential breaking change? VCs without VPs: <a href="https://github.com/openid/OpenID4VP/issues/6" target="_blank">https://github.com/openid/OpenID4VP/issues/6</a></li><li style="margin-left:15px">EUDIW requirement. RP registration certificates and other attestations/certificates to match issuer policies: <a href="https://github.com/openid/OpenID4VP/issues/396" target="_blank">https://github.com/openid/OpenID4VP/issues/396 </a></li><li style="margin-left:15px">please review! as this one unblocks some other important PRs:  <a href="https://github.com/openid/OpenID4VP/pull/448" target="_blank">https://github.com/openid/OpenID4VP/pull/448</a></li><ol><li style="margin-left:15px">other PRs labelled Final 1.0 for OpenID4VP: <a href="https://github.com/openid/OpenID4VP/pulls?q=is%3Aopen+is%3Apr+milestone%3A%22Final+1.0%22" target="_blank">https://github.com/openid/OpenID4VP/pulls?q=is%3Aopen+is%3Apr+milestone%3A%22Final+1.0%22</a></li></ol><li style="margin-left:15px">agree on the direction for "same credential fulfilling multiple credential queries" <a href="https://github.com/openid/OpenID4VP/issues/397" target="_blank">https://github.com/openid/OpenID4VP/issues/397</a></li><li style="margin-left:15px">parked until the input from European Commission: wallet attestation during presentation PR: <a href="https://github.com/openid/OpenID4VP/pull/318" target="_blank">https://github.com/openid/OpenID4VP/pull/318</a></li></ol><b>about VCI....</b> Here is the list of issues that would require longer discussion in OpenID4VCI. we will get to them in 1-2 weeks once we tackle all opendi4vp issues. please start looking at them:</div><div name="messageBodySection"><ul><li><a href="https://github.com/openid/OpenID4VCI/issues/71" target="_blank">https://github.com/openid/OpenID4VCI/issues/71</a></li><li><a href="https://github.com/openid/OpenID4VCI/issues/205" target="_blank">https://github.com/openid/OpenID4VCI/issues/205</a></li><li><a href="https://github.com/openid/OpenID4VCI/issues/305" target="_blank">https://github.com/openid/OpenID4VCI/issues/305</a></li><li><a href="https://github.com/openid/OpenID4VCI/issues/1" target="_blank">https://github.com/openid/OpenID4VCI/issues/1</a></li><li><a href="https://github.com/openid/OpenID4VCI/issues/99" target="_blank">https://github.com/openid/OpenID4VCI/issues/99</a></li></ul><div><b>about HAIP... </b>there are few PRs that need to be reviewed too: <a href="https://github.com/openid/oid4vc-haip/pulls" target="_blank">https://github.com/openid/oid4vc-haip/pulls</a></div><div><br></div><div>Best,</div><div>Kristina</div></div></div></div></div></div></div></div></div>
</div></div>
</div></div>
</blockquote></div>