2024-12-11 (B Call)

Organizer: Tim Cappalli

Scribe: Helen

Agenda

• Administrivia
  • 12/16 meeting is 12/9 was last call of the year
• Intros from any new folks?
• Ecosystem updates
  • Fed ID WG charter updates
  • Incubation
  • OpenID DCP working group
• PR & Issue Review
  • Discuss: Use a URN for protocol identifier instead of an unstructured string (#191)
  • PR: Add initial intro text (#193)
• AOB

Attendees

• Mike Jones - Self-Issued Consulting
• Matthew Miller - Self
• Wendy Seltzer
• Hiroyuki Sano
• Joseph Heenan - OIDF / Authlete
• Nick Steele - 1Password

Notes

Administrivia

• Next week's meeting is last of the year
• Next call after is January 8

Ecosystem Updates

• Verifiable Presentation spec mentioning DC API is undergoing vote
• Likely to land close to the new year
• WG call to talk issuance spec is coming up

PR & Issue Review

Discuss: Use a URN for protocol identifier instead of an unstructured string (#191)

• No predefined prefix
• Want to be careful about introducing versions to not suggest incompatibility when future versions are backwards-compatible
• Discussing working across specs with differing definitions for the same concept
  • There's precedent for referencing openid URNs outside their specs
• Suggested URNs may be overly prescriptive
• What is overly prescriptive about the suggested URNs?
  • Versioning is problematic in a URN like this, version number in a URN makes it difficult to communicate e.g. "v1.x support"
  • "Signed" vs "unsigned" is probably not so contentious as they're valid variants
• Registry of these URNs should point to appropriate specs
• Three important details for each party in this flow
  • Browser
  • Matcher
  • Wallet + variant

PR: Add initial intro text (#193)

• Wallets may not have similar access to OS platform capabilities
• Suggestion is to avoid use of "user agent" for wallets
• Can we use the term "wallet"?
  • Trying to convey the "user agent" aspect of "users trust it, and expect it to work on its behalf"
• Outstanding question: if we can find a better term to refer to wallets, is this PR otherwise in an okay spot?
  • Tricky to find a term that properly covers the split responsibility of browser + wallet as a singular "user agent"
• Tim to pull out section about multiple user agents to get approval on the rest

AOB

• 1Password has a POC showing off DC API support, would like to demo this in a future meeting
• OpenID Foundation has tests that can validate the browser/wallet implementation of OpenID4VP over the browser API - rough instructions are here https://openid.net/certification/conformance-testing-for-openid-for-verifiable-presentations/ - please feel free to get in touch with [email protected] if anything is unclear