[MINUTES] W3C CCG Credentials CG Call - 2022-09-20

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-09-20/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-09-20/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2022-09-20

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022Sep/0142.html
Topics:
  1. Introductions and Reintroductions
  2. Announcements and Work Items
  3. Wallet Protocol and JFF Plugfest #2
Resolutions:
  1. Adopt DID Resolution Test Suite as a CCG Work Item
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords
Present:
  Harrison Tang, Andrew Hughes, Azeem, Dmitri Zagidulin, Evan Lally 
  (Digital Bazaar), Sharon Leu, Torsten Lodderstedt, Kerri Lemoie, 
  Mike Prorock, Sergey Podshivalin, Manu Sporny, Maarten Boender, 
  Lance, Sam Curren, Brian Campbell, Mike Peck, Andy Griebel, Steve 
  Eisler, Julie Keane, Andrew Whitehead, Leo, Paul Dietrich GS1, 
  Alex, Ioram Sette, Niels Klomp - Sphereon, Aditya - Entrustient, 
  Ian Davidson, Jon Featherstone, Si Shangase, Andy Miller, TimG, 
  David I. Lehn, TallTed // Ted Thibodeau (he/him) 
  (OpenLinkSw.com), Jon St. John, David Chadwick, Ivan (VID), James 
  Chartrand, Joe Kaplan, Naomi, Kayode Ezike, Brian, Andreas 
  Abraham, Marty Reed, Alex mcfarlane, Anil John, Tim Dutta, John 
  Kuo, David Ward, Brent Zundel, Ryan Grant, Patrick Jaberg, 
  Gregory, kristina, Dave Longley, Jeff O - HumanOS, Shawn 
  Butterfield, Keith Kowal, Steph Correa (JFF), bengo, Ashley 
  Viloria, Naomi Szekeres, Alex McFarlane, Nate Otto, John 
  Henderson, Charles E. Lehner, Markus Sabadello, tomj, Mahmoud 
  Alkhraishi, Kimberly Linson, de Vaulx Frederic, Heather Vescent, 
  Durga Prasad, Juan Caballero, Geun-Hyung Kim, Mahesh Balan - 
  pocketcred.com

<kerri_lemoie> Hello all!
Our Robot Overlords are scribing.
Mike Prorock: 
  https://lists.w3.org/Archives/Public/public-credentials/2022Sep/0142.html
<julie_keane> present
Mike Prorock:  Recording is on awesome hello all and welcome to 
  the weekly ccg meeting today we're going to be talking about the 
  jmf plugfest this coming November and protocols and all sorts of 
  fun stuff like that in addition we are going to be touching on 
  some open issues that need some feedback in from the community 
  just to make sure we want to adopt a particular a particular work 
  item so.
Mike Prorock: https://www.w3.org/Consortium/cepc/
Mike Prorock:  With that I'm going to dive into the normal pro 
  forma so just a quick reminder that everything that this is a w3c 
  meeting right we're covered this is covered under the code of 
  ethics and professional conduct and I'll put a link to that in 
  the chat typically don't have issues with that here but I just 
  did do like to note that right up front anyone can participate in 
  these calls however any and all active.
Mike Prorock:   Of contributors to actual work items.
Mike Prorock: https://www.w3.org/community/credentials/join
Mike Prorock:  CG does need to be a member of the not of w3c but 
  of the CCD itself which does require a W3 account so if you need 
  that just go ahead and create that and then join the community if 
  you want to actually sign the art of our agreement and actually 
  began contributing to work these minutes in an audio recording of 
  everything said are archived up on GitHub we do use the chat or 
  IRC which is linked to the chat queue speakers so.
Mike Prorock:   If you need to add yourself.
<ian_davidson> I'm not getting any audio - is that a me issue?
<mprorock> In IRC type “q+” to add yourself to the queue, with an 
  optional reminder
Mike Prorock:  You type Q Plus Q minus to pull yourself etcetera 
  and if for some reason you don't have access to chat or on able 
  to type in just go ahead and unmute and ask to be added to the 
  queue and then we'll get you in let me just type a note Ian that 
  he may need to refresh.
<mprorock> @ian you may need to rejoin - or possibly try chrome

Topic: Introductions and Reintroductions

Mike Prorock:  Of all the audio side so we are using our robot 
  overlords described and then volunteers to jump in and make any 
  text Corrections if needed quick call out for any introductions I 
  do see some new folks in I would say let's hold on anyone that 
  Sharon is going to introduce directly when we jump into jump into 
  that topic but.
Mike Prorock:   Aside from that.
Mike Prorock:  There anyone new to this call or new to the 
  community that would like to introduce themselves mr. Paul 
  Dietrich closer.
Paul_Dietrich_GS1: Hey there Paul Dietrich I'm from gs1 us for 
  participating under gs1 Global office with Phil Archer I'm in The 
  Innovation team at the US and have been exploring using 
  verifiable credentials for gs1 licensing I'm happy to be here 
  participating.
Mike Prorock:  Awesome it is great to have you and glad to have 
  you on the call and looking forward to kind of deepening 
  engagement there and very happy to have you guys jumping right in 
  and I think today's fun one to jump into Andrew Hughes I see you 
  on the queue.
<naomi> Good day, Naomi here with Velocity Network Foundation
Andrew Hughes:  Hi everyone thanks it's been a while since I've 
  been on a ccg call but I'm director of identity standards at Ping 
  Identity and deeply involved in the iso work group for mobile 
  driver's license where we two are wrestling with program and 
  presentation so happy to hear what's going on and contribute and 
  message back and forth.
Mike Prorock:  Awesome much appreciated and very glad to have you 
  on this call and especially given I think a strong desire from 
  this community in many many who work in this community to see 
  alignment with verified you know around verifiable credentials 
  particularly for online use cases John I see you on the key.
John Kuo:  Hi I'm a project manager for the pocket initiative at 
  ASU which is an educational records as a species.
Mike Prorock:  Awesome cool Lance.
Lance: Hey everybody you know Lansford Roots ID we grew up out of 
  the cardano and at Ella prism identity platform ecosystem and 
  been involved in trust over IP diff and Aries and I yeah this is 
  my first ccg thanks to Sam Kern for let me know about it.
Mike Prorock:  Awesome great to have you Steve Eisler.
Steve_Eisler: Everybody works for credit Vera a company that's 
  very largely focused on workplace compliance and we are also 
  entering the VC space here and yeah looking forward to 
  collaborating with a lot of you on moving away moving forward.
Mike Prorock:  Awesome great Mike Peck.
Mike_Peck: Everyone that I've been working here for a little 
  while happy to join and I come from the K-12 space or I'm a 
  director of technology for public school in the u.s. also 
  exploring verifiable credentials and decentralized identity 
  through my work in the web three space as a co-founder of at 
  three Dow.
Mike Prorock:  Excellent awesome cool any other last intros just 
  look at the queue here.
Mike Prorock: https://github.com/w3c-ccg/community/issues/233

Topic: Announcements and Work Items

Mike Prorock:  Oh right there is a proposed work item on we did 
  announce this to the list I think two weeks well I think it was 
  announced three weeks ago two weeks ago we noted just on the 
  agenda for folks to take a look at it I see a big plus one I 
  think there's support from the chairs as well for this work item 
  and this is issue 233 the work item in question is to build a 
  dead rat did resolution test Suite.
Mike Prorock:  And this is obviously highly valuable.
Mike Prorock:  Lot of good.
https://github.com/w3c-ccg/community/issues/233
Mike Prorock:  It even done to this including example test 
  reports there's two owners that are non-conflicting so it hits 
  all kind of the core requirements as being related to credentials 
  work you know having multiple sponsors and folks engaged in it 
  I'm gonna just watch the queue for a minute to see does anyone 
  request more time I think the most I would want to delay this 
  given the importance of the work and being fact that it's also 
  been discussed and.
Mike Prorock:   Pretty openly pushed to the list.
Manu Sporny: +1 To include DID Resolution test suite as a CCG 
  work item
Kerri Lemoie: +1
Mike Prorock:  If there's any objection not necessarily an 
  objection to the work item at this point just is there anyone who 
  says yep I need some more time humph to take a look at this 
  before we officially vote to add it in and if not I'm going to 
  run it just a quick proposal for plus 1 to indicate support minus 
  1 no support 04 neutral to adopt the work item so I'm just.
Mike Prorock:   Going to watch the queue for about 10-15.
Mike Prorock:  And just save a jumping in and then I'll type the 
  actual official proposal.
Mike Prorock:  I call I am going to run this proposal now so hold 
  your plus ones and I'll type it out and we'll get this on the 
  record.

PROPOSAL:  Adopt DID Resolution Test Suite as a CCG Work Item

Manu Sporny: +1
Shawn Butterfield: +1
Kerri Lemoie: +1
Dave Longley: +1
Mike Prorock:  All right there's that proposal plus 1 if you're 
  in favor -1 not in favor zero for neutrals.
Dmitri Zagidulin: +1
Joe Kaplan: +1
Ryan Grant: +1
Mike Prorock:  Let me keep this open for a little bit more and 
  prepare to type a lovely comments into this.
Sharon Leu: +1
<tim_dutta> +
<tim_dutta> yes
Mike Prorock:  I'm just scanning here I'm not seeing any non 
  support so last chance for anyone to speak up or I'm going to 
  note on the issue that we are adopting it Tim I see a plus with 
  nothing I'm assuming that's a plus one.
Mike Prorock:  All right cool alright I am going to close this up 
  and we are going to mark that resolved so we just copy the text 
  so I get it right.

RESOLUTION: Adopt DID Resolution Test Suite as a CCG Work Item

Mike Prorock:  All right that is resolved.
<manu_sporny> Getting zero negative votes in a group of 64 people 
  is an achievement. :P
Mike Prorock:  Just take note of this real time so that it 
  doesn't get lost.
Mike Prorock:  So thanks so much all I think this is pretty 
  critical from an adoption and a validation standpoint so very 
  much looking forward to getting this in and I would say man oh 
  yes you have noted correctly that's that's about as good as we 
  can get there so awesome with that I am going to move is into the 
  main body of the.
Mike Prorock:   Topic for today.
Mike Prorock:  Which is yeah oh sorry sorry about that man.
Manu Sporny:  Hate sorry Mike I had put myself on the I thought 
  I'd try something with you just a real quick heads-up we need to 
  move rdf data set canonicalization to a final community group 
  specification and I think this is just me giving notice to the 
  community that we're planning to do a final community group 
  specification soon and we probably need to do that publication in 
  the next.
Manu Sporny: 
  https://github.com/w3c-ccg/rdf-dataset-canonicalization
Manu Sporny:  A couple of weeks the rdf data.
Manu Sporny:  Not acquisition working.
Manu Sporny:  Work item so we need to move it over to them that's 
  it.
Mike Prorock:  Great thank you Manny that's it that's an 
  important call out and man who did put the link into the chat 
  there and yes we will be on the lookout just feel free to email 
  the list when that's ready and we'll hop right on so.
Harrison_Tang: And by the way I also want to give a quick 
  shout-out to market for contributing the ID Tennessee to the 
  come.
Mike Prorock:  He has seriously thank you Harrison Manu TPAC.
<manu_sporny> W3C TPAC summary: 
  https://lists.w3.org/Archives/Public/public-credentials/2022Sep/0177.html
Manu Sporny:  Yeah just real quick there is a what happened at 
  w3c tpack last week I sent a summary email out to the ccg mailing 
  list on anything that's publicly known so if you are wondering 
  what happens there's a link there that that will highlight that 
  stuff that's.
Mike Prorock:  Thank you and I appreciate the work on that 
  because that is not trivial to assemble all that and figure out 
  what's a see only etcetera so really appreciate that man.

Topic: Wallet Protocol and JFF Plugfest #2

Mike Prorock:  Um cool just checking q and not seeing a cue I am 
  going to hand it over to Sharon to kick things off and let's 
  start having a fun conversation and moving into protocols and 
  context for the plugfest and how those are all coming into play 
  and why etcetera so Sharon are you good to start talking.
<kristina> what's the context re CCG also covering DIDs now? re 
  the resolution that just passed
Sharon Leu:  Yeah and I'm going to talk very briefly because I 
  think the person that you want to hear from is not me so just to 
  those who don't know me my name is Sharon Lou and I work in an 
  organization called jobs for the future and we have the pleasure 
  of facilitating a number of plug tests basically our goal is to 
  ensure that credentials are mobile with individuals and this 
  group The ccg and the VC edu task force in particular are the 
  perfect Partners For Us in that essentially for this.
Sharon Leu:   Plug desk like this to and I'll drop the link in 
  the chat in just a second.
<manu_sporny> Kristina, CCG is where DIDs were incubated
<dmitri_zagidulin> @Kristina - I think it's just the proposal 
  that CCG stewards the DID /resolution/ test suite, that's all
<mprorock> @kristina - that resolution is to build out the test 
  suite, so that will be helpful for the next DID working group
Sharon Leu:  What we're saying is that for wallet implementers 
  they need to show that a verifiable credential issued from two 
  different credential issuers can actually indeed be presented in 
  their wallets and then on the flip side that credential issuers 
  can issue verifiable credentials into different wallets and I 
  think the key here is how does the credential get into the wallet 
  and that is our main question and so what we said is that in 
  order to participate you have to select from one of the.
Sharon Leu:   The three most common protocols that are used by 
  this community so.
Sharon Leu:  I think I will turn it over to Dmitry to mediate 
  this little discussion about the three different credentials and 
  protocols and how they might be the right one for you.
Dmitri Zagidulin:  Thank you so much.
Mike Prorock:  All from I'm sure no one is feel strongly about 
  these things so this should be a fun conversation Dimitri take it 
  away yeah.
<sharon_leu> PlugFest 2: 
  https://w3c-ccg.github.io/vc-ed/plugfest-2-2022/
<manu_sporny> Kristina, but DID Resolution was incubated in DIF, 
  but then the CCG is handling the test suite :)
<manu_sporny> (it's complicated) :)
Dmitri Zagidulin:  Right exactly this is no pressure low stakes 
  okay so time is short so couple words off contact citing so 
  Sharon and jobs for the Future Foundation is sponsoring a open 
  protocol interoperability plugfest the day before IW this 
  November this this second jmf plugfest focuses on.
Dmitri Zagidulin:  Where's and wallets and of course how do we 
  test interoperability given that within this community and 
  adjacent communities several many Protocols are being developed 
  we've taken the most the most active and established in progress 
  protocols which is w3c ccgs VC API and credential Handler API as 
  one open daddy Foundation.
Dmitri Zagidulin:   It's open as you connect for credential.
<kristina> thanks manu
Dmitri Zagidulin:  As to you and then decentralized identities 
  foundations did Cam presentation exchange the issuance part of of 
  that stack so.
Dmitri Zagidulin:  In order to demonstrate interoperability 
  issuers and wallets will need to pick at least one of those three 
  protocol groups and demonstrate and operability to two different 
  ones which of course leads to questions from implementers which 
  profiles of the particular protocol should we support but that's 
  not what we gather to talk about today today we want we want to 
  address the development team.
Dmitri Zagidulin:   Those who are unfamiliar.
Dmitri Zagidulin:  Calls who are issuers or wallets.
Dmitri Zagidulin:  Are unsure of what to start with so we invited 
  a representative Champions really from each of the three API 
  groups to give a brief introduction about that groups approach to 
  credential issuance and and hopefully say a few words on why 
  development team would want to choose that particular protocol in 
  general or for this particular plugfest so does that make sense 
  everything.
Dmitri Zagidulin:   Questions before we start.
Mike Prorock:  Watching the Q here and I think let's just Dive 
  Right into me tree.
<manu_sporny> Feels straight-forward. :)
Dmitri Zagidulin:  Okay let's Dive Right In I think for the 
  interest of time let's let's try to keep it under 10 minutes to 
  each each group.
Dmitri Zagidulin:  And then hopefully they'll be time for 
  questions Evan Lally speaking for the VC API Group would you be 
  ready to present.
<kristina> what are the three? VC-HTTP API, OpenID4VCI and?
Evan_Lally_(Digital_Bazaar): Symmetry yeah I'm happy to prisoner 
  and I can keep it under 10 minutes can you hear me okay.
<dmitri_zagidulin> @Kristina - DIDComm2
<alex> DIDCOMM v2
<kristina> ah
Evan_Lally_(Digital_Bazaar): I'm pretty good so I have a few 
  things to share here like to meet you said I'd like to talk about 
  VC API and also about the combination of VC-API and CHAPI which 
  is the credential Handler API these two work together to provide 
  a really simple implementation for communicating verifiable 
  credentials out of the web and when you use CHAPI with VC API 
  you're working with a protocol that is designed specifically to 
  enable choice.
Evan_Lally_(Digital_Bazaar):  and to really facilitate this open 
  ecosystem.
<kristina> re sharon, OAuth might be a better framing than OIDC 
  (re poll)
Evan_Lally_(Digital_Bazaar): Marketplace of different issuers 
  verifiers and involves so today I'm not going to get too deep 
  into the technical weeds I will put some email contact 
  information in place if anyone has questions about the protocols 
  themselves or about implementing these protocols to meet the 
  goals of jmf plugfest to that's because that's really what we're 
  here today to talk about us how can we help you to be successful 
  in the plugfest so like I said Champion VC API are really all 
  about.
Evan_Lally_(Digital_Bazaar):  about providing an open ecosystem 
  that.
Evan_Lally_(Digital_Bazaar): Your choice and some of the examples 
  were going to give are going to focus on issuing credential and 
  storing it in a digital wallet so just be advised though that the 
  champion VC API protocol work in many or all of the different use 
  cases that involve communicating verifiable credentials it's just 
  a little easier to think about it if you focus on something 
  specific.
Evan_Lally_(Digital_Bazaar):  so in this case.
Evan_Lally_(Digital_Bazaar): A user is signed up for a digital 
  wallet that is chappy enabled which means that the wallet will 
  register itself with the with the individuals browser as a 
  credential Handler and this is really at the core of the CHAPI 
  technology so once the wallet registers itself with the users 
  browser as a credential Handler then when any third party site 
  asks to issue.
Evan_Lally_(Digital_Bazaar):  or asked to present a verifiable.
Evan_Lally_(Digital_Bazaar): All the browser using a polyfill 
  will present the individual with the choice of which while if 
  they want to use and so you can see here how this is designed to 
  facilitate choice because any wallet can register itself with the 
  individuals browser via this polyfill as a credential Handler and 
  then that while it will show up as a choice whenever that 
  individual goes to interact with the site.
https://chapi.io/
Evan_Lally_(Digital_Bazaar): Some examples and developer Doc's 
  here at CHAPI dot IO so I'll paste the link to the site here 
  there are also some links from Kathy dot IO to the relevant w3c 
  community group reports for chappy and also for the verifiable 
  credentials API if you want to learn about the details for 
  issuers the integration is really simple and you can check out 
  this site here to see some code examples for how to integrate 
  chappie and VC API into.
Evan_Lally_(Digital_Bazaar):  to your issuer code each of these 
  examples has a little.
<anil_john_[us/dhs/svip]> It would be good that to cleanly 
  separate the VC-API (as the credential delivery mechanism to a 
  wallet) from CHAPI (as a wallet selection mechanism) -- with the 
  clear implication that it would be possible to mix and match the 
  delivery protocols (VC API, OIDC4VC etc) w/ CHAPI <shrug>
Evan_Lally_(Digital_Bazaar): That will take you to an open source 
  example project which is an end-to-end project that is hosted 
  here on GitHub pages and so we're linking you to the source code 
  but there are also some examples here in the readme for each of 
  these projects so in this case this is the issuer and you can go 
  to a demo here.
Mike Prorock: +1 Anil
Dmitri Zagidulin: +1 Anil
Dave Longley: +1 Anil
Evan_Lally_(Digital_Bazaar): If you're working if you're thinking 
  about using VC API and champey for the plugfest we really 
  recommend you hit this big button here at the top of CHAPI dot IO 
  and this will take you to a tool excite that we put together 
  called the chappie playground chappie playground has four 
  different example verifiable credentials including this one who 
  put together from jmf plugfest one and so if I select this 
  example it will populate the URL here and then press the generate 
  verifiable credential to use an issuer to.
Evan_Lally_(Digital_Bazaar):  generate a fully firm verifiable 
  credential that is.
<kristina> CHAPI can be usable with OpenID4VCI
<manu_sporny> Yes, correct.
Dave Longley: +1 Kristina
Evan_Lally_(Digital_Bazaar): To a fake I think did here and then 
  if I press the store and wallet button you'll see the champion VC 
  API workflow so it pops up the CHAPI polyfill and I've told looks 
  like in this browser I've already told that I prefer the various 
  wallet and so it skipped over the selection screen and then you 
  can see here this is a UI element that is rendered from the 
  wallet then my in the polyfill so if you have different wallets 
  the wallets can provide different.
Evan_Lally_(Digital_Bazaar):  analogy to the individuals in this 
  case showing the.
Anil John: +1 Kristina
Mike Prorock: +1 Kristina
Evan_Lally_(Digital_Bazaar): Credential and then the credential 
  is stored in the digital wallets if I go over here to my Baris 
  wallet and refresh it I should see the credential that I just 
  started so this tooling is available to everyone including the 
  participants of the plugfest so if you are an issuer on what we 
  can do is work with you to add your issuer back end to be one of 
  the options from the playground so that we can just issue these 
  example credential straight straight from your issuer to the.
<ivan_(vid)> How it works with a mobile wallet?
Evan_Lally_(Digital_Bazaar):  wallets or if you're a wallet we 
  can work with.
<dmitri_zagidulin> so a way to think about the separation is -- 
  1) CHAPI provides  a Wallet Selector / mediator (which can be 
  used with VC-API, OIDC4VCI etc), 2) VC-API provides the low-level 
  API for a given wallet to talk to issuers/verifiers
Evan_Lally_(Digital_Bazaar): With champion BC API so that you can 
  show the j-15 that you're able to receive one of these examples 
  are done.
Evan_Lally_(Digital_Bazaar): I'll put my email address in the 
  chat if there's any questions I'm happy to answer them all flying 
  or here with me.
<evan_lally_(digital_bazaar)> elally@digitalbazaar.com
<manu_sporny> For a mobile wallet, you can click the "Use Native 
  Wallet" button now... and in the future, native wallets will show 
  up in the CHAPI selector... that's on the roadmap, hope to have 
  that integrated within the next couple of months.
Mike Prorock:  Excellent and just watching chat here I would note 
  that an ill made a very good point which is that it's possible to 
  mix and match CHAPI and VC API with other things so don't 
  necessarily assume that one implies the other and vice versa 
  right these are things that can be for instance chappie working 
  with open ID for instance as the wallet selection so there are 
  some options there Dimitri I'll hand it back to you there after 
  that Interruption so.
Dmitri Zagidulin:  Thanks no not at all and I just wanted to also 
  address one of the one of the questions in chat from Ivan which 
  is how would tap your VC API work with the mobile wallet.
<kristina> so native apps can only use claimed URLs? ie 
  app/universal links
<kristina> ah web share API..
Evan_Lally_(Digital_Bazaar): Yeah that's great so there is a 
  native mobile feature in chappy and VC API already I can't show 
  you that workflow right here because I'm using a browser but you 
  can check it out or feel free to send me an email about it happy 
  to walk you through it uses the web share API currently and we're 
  working on some improvements now along the lines of what and 
  you'll talk about.
<dave_longley> Yes, kristina, that's an upgrade to CHAPI we're 
  working on -- claimed URLs. Right now it uses Web share only.
Dmitri Zagidulin:  Thanks have an end to add to that yeah to 
  answer Christina's question in chat so the way that the wallet 
  selector works with Native mobile apps is to use the web share 
  API so mobile apps register with the operating system that they 
  support a particular type of credentials and so you can pass that 
  credentials straight from the CHAPI dialogue to the appropriate 
  mobile app.
<kristina> gotch
Dmitri Zagidulin:  All right any other questions before we move 
  on to the next API.
<paul_dietrich_gs1> Any version info we need for the slugfest?
Dmitri Zagidulin:  Eyeball Dietrich and chat is asking any 
  particular version that we need to focus on for the slugfest.
<mprorock> /me likes slugfest so much better than plugfest
<kristina> /me LOL
Dmitri Zagidulin:  I believe the both the credential Handler API 
  and the VC API versions have been relatively stable the last 
  handful of months so whatever the latest one is on the specs so 
  if you see a pi I believe it's version 3 and whatever the 1.0 
  CHAPI is.
Dmitri Zagidulin:  Any other questions.
<paul_dietrich_gs1> thanks
<evan_lally_(digital_bazaar)> thanks @dmitri -  I've got to run, 
  but @manu is here and much more knowledgeable than me anyway :)
Dmitri Zagidulin:  Wonderful I think you so much and yeah just 
  just to reiterate that the the two apis already mentioned by my 
  Evan I have a credential Handler and be Capi are separable that 
  they handle slightly different aspect of the wallet to assure 
  interaction so they can be mixed and matched with other protocols 
  okay.
Dmitri Zagidulin:  Have from the did Cam camp today to present.
<manu_sporny> Thank you, Evan! That was great!
Sam Curren:  Sam is here for that.
Dmitri Zagidulin:  Sam wonderful okay so Sam let's hand it over 
  to you to talk about did Cam again if possible under 10 minutes.
<dave_longley> CHAPI just allows wallet selection -- you can run 
  any protocol after the wallet has been selected. VC-API is one 
  such protocol.
Mike Prorock: NB: this is human in the loop stuff - System to 
  System (e.g. for traceability) is different, though may align 
  with protocols discussed here
Sam Curren:  Totally I'll be I'll be brief there's been previous 
  conversations about did come and so I'll be short on that 
  appreciate the invitation to meet you for putting this together 
  quick background on did come in and I've got a slide up here in 
  the future that sort of helps compare a little bit but did come 
  itself is a little bit like saying HTTP in the sense that there's 
  lots of stuff that you can do over HTTP and there's lots of stuff 
  that you can do over did common so this is the diagram that we 
  typically use the sort of describe what that looks like.
Sam Curren:   You're talking between two parties two of those 
  Protocols of course there are the focus here might be the issue 
  credential in percent per.
<kristina> JWM...
Sam Curren:  Inside a that have been built on top of a sort of 
  did come as a foundation quickly here's the the standards that 
  did come and when I say did come for the duration of the 
  conversation I'm talking about did convey to is that's the focus 
  of the work at the diff and so here's the the standards that are 
  that those are based on for the for the various pieces we've got 
  code libraries and a whole bunch of different languages and again 
  this is only the V2 links that are present here for did convey to 
  and then just quick example of what this looks like with a 
  library right you.
Sam Curren:  I mean you know that has a type in that has 
  attributes to it and then you you pack that for the recipient and 
  transmit it and then unpack happens as a similar operation we're 
  not showing of course all the exceptions here and what happens if 
  it's been tampered with or whatever else but this is the basic 
  sort of main flow that you're you're going through so the reason 
  I'm bringing some of the stuff up is because this will help 
  differentiate a little bit between.
Sam Curren:   The other approaches and what did come does the 
  only.
Sam Curren:  It for did come.
Sam Curren:  Is that you have it did with an income and point 
  that doesn't mean the user has to be in front of a screen 
  although that's common it there's no requirement for hosting 
  infrastructure so there's really low requirements to make this 
  happen the other reason why I bring this up is that any protocol 
  that we're talking about here that also communicates dids has the 
  potential to integrate and mix-and-match a little bit with did 
  calm in the sense that if you start with an interaction via some 
  other API you discover it did come and point on the did that 
  you're provided in that process you can of course in.
Sam Curren:   Taejin did common.
Sam Curren:  Actions after that and so there's also kind of a 
  nice blend and the integration point is specifically a resolvable 
  did with a dead coming point so here's a good slide I stole this 
  from Daniel Hardman and it kind of helps compare a little bit 
  this is I list the VC API HTTP API here the intention here open 
  any connectors it could have a similar istagram not precisely 
  this because it's it doesn't rely on exactly the same 
  dependencies but the similar and so.
Juan Caballero: https://identity.foundation/waci-didcomm/
Sam Curren:  I lied the difference between the did come spec 
  itself which is here and then the stuff on top of it and I've 
  listed wacky here and I'll talk about that in a second as the 
  wacky did come effort that happen in the dip as well to produce a 
  narrow as possible profile that can be used for interactions 
  using did Cam and also a combination of technologies that have 
  been defined elsewhere so so here's the idea and how to think 
  about it we say did come generally we each kind of mean all of 
  this but but the did come spec it.
Sam Curren:   Self only specifies this and has nothing to do with 
  credential passing and then there are defined.
Sam Curren:  Saying protocols that live on top of that and so 
  just a little bit of a clarification there the real magic here is 
  actually the that I want to share is the as the wacky did come 
  effort I was I cannot take all the credit for this I was a 
  participant but there was lots of work done by lots of others and 
  so the the link to that is here and the it has examples and all 
  the information gathered together in one spot about how to 
  actually make this work and so there.
Sam Curren:   Our presentation Exchange.
<shawn_butterfield> Is there a link to this presentation? Did I 
  miss that in IRC?
Mike Prorock: https://identity.foundation/waci-didcomm/
Sam Curren:  And good diagrams and demonstrations of what those 
  actually look like here's an example of what the service endpoint 
  looks like for a for a did come and point and it did document 
  their this addresses routing which is how we get around and allow 
  those with smart phones or other consumer-oriented devices to to 
  end up as kind of first-class citizens in the in the exchange 
  here without a need to to host API infrastructure or something 
  somewhere.
Sam Curren:   Else and then this talks about the encryption 
  pieces of that.
<mprorock> not sure on a link to the preso
<mprorock> but i am sure dmitri will coordinate and get presos 
  posted to the list
<kristina> what can be used as an invitation other than a QR 
  code?
Sam Curren:  That's handled for you but and then the actual flows 
  are described here QR codes are often used for invitations and so 
  the path there instead of taking the the CHAPI approach with 
  browser involvement or polyfill there's it takes a little bit 
  closer to the open ID approach where it works with browsers but 
  kind of using regular Technologies and not direct involvement 
  from the browser's to make that happen and so here's the various 
  flows that are here I'm.
Sam Curren:   An out-of-band message.
<manu_sporny> Kim!!!! :)
<mprorock> yay!
Sam Curren:  Goes in the QR code ends up looking a little bit 
  more like this and then here's an example of offering a 
  credential using the issue credential protocol and so the this 
  attachment here is a credential manifest and so here on is 
  actually not defined necessarily here but but by that other 
  related spec but this gives you an example of the kind of shows 
  you the whole thing in there and then there's of course example 
  dids used in the in the concept there so don't need to walk 
  through the whole thing but this is the place.
Sam Curren:   To come to if you've got questions in would and 
  would likely be.
<kim_duffy> what a nice greeting! 👋🏻
<kristina> Is there a syntax to request specific credential in 
  DIDComm, or none without Presentation exchange/
<kristina> ?
Sam Curren:  The most appropriate Target for something like a 
  plugfest happy to answer there's lots of other stuff going on in 
  various communities but but that's probably part of another 
  conversation I am telegram Sam on all the socials or telegram Sam 
  at gmail.com if you would like to reach out and ask questions or 
  ways that I can help and that's that's my summary any any 
  questions are we holding questions to the end.
<kristina> (Hi, Kim!)
Dmitri Zagidulin:  Thank you so much Sam I will take a couple of 
  questions right now I just want to add to so again first of all 
  thank you so much for coming by to present on this so 
  specifically for jmf plugfest the protocol one of the three 
  protocols that were supporting and asking people to potentially 
  Implement is specifically the one that Sam mentioned here you 
  wacky did come so the.
Dmitri Zagidulin:   The wallet.
Dmitri Zagidulin:  Of that stack there was I believe there was a 
  question from Christine about invitations other than QR codes and 
  then another question about is there syntax to request specific 
  credential and did Cam.
Sam Curren:  Yes so let me leave me tempos and I stop sharing so 
  that I can see the chat the there you can also use a link that 
  this the same data that's in the QR code but it's presented in a 
  link for them in order to to pass an invitation the other thing 
  is that the invitations only needed if you don't already know the 
  did of the other party if you happen to know that the the did of 
  the other party then you just send a message there's not really 
  an invitation step needed there and so.
Sam Curren:  And so that's just you know if I walk up or I'm.
Sam Curren:  Acting with the system that.
<dave_longley> Note about how CHAPI works: Any "invitation link" 
  (any URL for any protocol) could be passed through CHAPI so the 
  user can select any wallet they've registered with their browser.
<manu_sporny> In other words, CHAPI can support a DIDComm 
  introduction as well (if there was interest in doing that)
Mike Prorock: +1 Dave - there are some nifty things you can do 
  with that for wallet selection
Sam Curren:  Haven't been interacting with them that can make it 
  easier the the protocol to support a specific credential yes so 
  so presentation exchange is one of those there are other formats 
  depending on the types of credentials you're actually requesting 
  for example there's a non-credit specific one if you're working 
  with a non credentials but the protocol itself doesn't Define 
  those those are defined by the other the other formats that are.
Sam Curren:   In past so presentation East Asia really good one 
  to use.
Sam Curren:  Offices but but the the did come protocols 
  themselves don't actually have an opinion about what credential 
  is passed inside of them.
<kristina> does DIDComm define how to return the credential? 
  guess no
Sam Curren:  So all the credential types work.
<aditya_-_entrustient> Are connections necessary in WACI-DIDComm 
  for issuance of credential and Is the WACI DIDComm interoperable 
  with Aries? The protocols look very similar.
<mprorock> didcomm itself is broadly transparent to payloads 
  which can be nice
Sam Curren:  It's it defines how to return the credential but not 
  what the credential format is I'm answering Christina's question 
  in chat so it comes back in a payload that says here is the 
  credential but it does not define of course the details about 
  what is inside the credential format itself so whether you're 
  turning a json-ld credential or a JWT credential or a non-credit 
  those all passed back in the same message as part of that so it 
  definitely does Define how to return the message but not the 
  details of what's inside the messages itself.
Sam Curren:   Or the sorry the credentials itself.
Sam Curren:   Our connections.
Sam Curren:  Kida cover issuance and.
Sam Curren:  Is the wacky to come and interoperable with Aries so 
  there were a lot came so did come itself came from Aries so the 
  fact that there's some stuff that looks similar there is normal 
  there is planned efforts there the the completion of the did come 
  to spec landed it it's slightly inconvenient time for the area's 
  community and that there are already engaged in the pursuit of a 
  VIP to which is their interoperability profile than the area's 
  community and so it will be.
<mprorock> aries framework go is not a bad way to start down 
  interop and common support across differing profiles based on our 
  experience
Sam Curren:   Be and there are some some of the Ares projects 
  that already have it.
<alex> I noticed that the issuance credential contains a 
  credential manifest but while looking at the issuance on OIDCv4 
  there is no mention of a manifest. How do those interpolate?
<kristina> I mean, is it a general DIDComm message that includes 
  a returned credential, how does a verifier know how to understand 
  the payload?
Sam Curren:  Early Universal support for that there will be in 
  the future but there isn't now mostly because of an accident of 
  the timelines and in that Community sort of already being engaged 
  in an effort the next effort will definitely involve a transition 
  to did come to and also all of the all the associated changes 
  that make wacky support nearly automatic.
Sam Curren:  I'm losing track of questions here.
<kristina> yeah, I would imagine DIDComm for issuance is 
  Credential manifest and not Presentation Exchange? (they are 
  complementary, sure..)
<niels_klomp_-_sphereon> OIDC4CI doesn't use Credential Manifest 
  AFAIK, rigth Kristina?
<kristina> nope
Dmitri Zagidulin:  No problem no problem which and we should we 
  can save subsequent questions for our after the Odyssey group 
  goes my actually my clarification question is would you say 
  there's a large overlap between wacky did Cam and the Ares 
  protocol if if a team is familiar with the areas they should have 
  any problem supporting wacky did come is that correct.
<kristina> we have a simple syntax how issuer publishes what 
  credential type/format/display info it supports in its metadata
Sam Curren:  There is a large there is a large overlap if they're 
  not already using like the crunch of manifest and presentations 
  change stuff then that will be a little bit of extra work but yes 
  it's very similar and so the other differentiator that I wanted 
  to mention if you're if you're choosing between what you which 
  one you want to support for the plugfest is that did come is not 
  designed as a browser oriented interaction or an interaction that 
  requires you to be present in the sense that you're in an open ID 
  kynect exchange it does similar things to those but one of the 
  differentiators.
Sam Curren:   Dating factors is that once you have a connection 
  you can send a message over that connection at any time so if 
  you.
Sam Curren:  Obviously exchanger code.
Sam Curren:  The party for example and you would like to request 
  a new credential of a new type or an updated one for for example 
  then that can be done directly via did calm and not necessarily 
  have to be done with an interaction through you know involving a 
  browser or something similar so that's probably the biggest 
  differentiator again there's lots of overlap there but because of 
  the of the protocol oriented nature of the thing it works well 
  for that so my comment there apply specifically to mobile 
  wallets.
Sam Curren:   The protocols do of course support web wallets but 
  but.
Sam Curren:  Frenchy ation the ability to reach out at a future 
  time using those protocols when the user may not be in front of 
  the same screen or in front of a computer at all but just have 
  their mobile device is one way to make that happen and I know 
  that that's not a differentiator there's other features there as 
  well I'm not trying to start a feature where discussion but but 
  that's something that if you're interested in it might be worth 
  your attention.
Dmitri Zagidulin:  Thank you so much Sam all right let's let's 
  move over to open it you connect and then we'll take questions to 
  the three presenters in general so who will be presenting for 
  openers you connect their high potential issuance.
Torsten_Lodderstedt: That will be I lost a lot of time.
Dmitri Zagidulin:  Wonderful take it away Torsten.
Torsten_Lodderstedt: I have to be yeah can you see my screen.
Torsten_Lodderstedt: Okay so I'm just familiar with the tool so 
  bear with me.
Torsten_Lodderstedt: Alright hello everybody my name is Laura 
  said I've got a pleasure to be one of the co-authors of the open 
  and you connect for I from credentials protocol family with me 
  and Nicole I think today is Christina gets Buddha and David 
  Chadwick David are you here as well.
Torsten_Lodderstedt: Doesn't seem to be the case all right so can 
  you see the.
Dmitri Zagidulin:  We do have David thank you go ahead.
Torsten_Lodderstedt: Okay so David just one question for 
  orchestration purposes do you want to show you a demo.
<bumblefudge> (bit a delay-- sharks chewing on the transatlantic 
  wire perhaps)
David Chadwick:  I wil show the tools we have ready [scribe 
  assist by Manu Sporny]
<mprorock> we can hear you fine david
<dmitri_zagidulin> oh nooo, I think we have a network partition - 
  Torsten can't hear DavidC
<mprorock> a missing oauth scope
Torsten_Lodderstedt: Okay I can't hear you all right so let's get 
  started so the open idea for verify credentials issuances one 
  initiative that is conducted at the open Ade foundation in 
  cooperation with the decentralized identity foundation and I saw 
  and what we do is we Define a set of protocols that can be used 
  for different interfaces that are relevant to decentralize 
  Identity so we've got the presentation side of things where we 
  have opened a D4 verifiable presentations and self-issue do pv2 
  and.
Torsten_Lodderstedt: The issue on site which we will be focusing 
  on today which is.
Torsten_Lodderstedt: Just lie away.
Torsten_Lodderstedt: To issue credentials into a what.
<niels_klomp_-_sphereon> split brain situation @dimitri 
  ;)https://unix.stackexchange.com/questions/243207/how-can-i-delete-everything-until-a-pattern-and-everything-after-another-patternthrough 
  the wallet where the wallet can kick start the process and reach 
  out to the issuer and request authorization to get a credential.
Torsten_Lodderstedt: Technical standpoint open ID for verify 
  potentiation ons is a off authorized or protected API so the 
  credential issue exposes an HTTP based API and all the security 
  around it might be the user authentication consent for credential 
  issuance and on and other stuff is being done using a wolf so how 
  that happens is quite simple so first of all the wallet sends an 
  authorization request on behalf of the user to.
Torsten_Lodderstedt:  the credential issue which specifies which 
  kind of.
Torsten_Lodderstedt: And after the issuer has for example of 
  antiquated the user and requested and gathered consent the 
  credential issue as an authorization server issue of access token 
  this is this is when the vanilla of stuff if there is a long-term 
  connection the credential issue of might also issue a refresh 
  token which is pretty interesting because that allows to for 
  example refresh credentials in a very pragmatic way so you can 
  issue a short term.
Torsten_Lodderstedt:  credentials and then from time to time for 
  a new career.
Torsten_Lodderstedt: As you can.
Torsten_Lodderstedt: So I request the authorization to obtain a 
  credential and then obtain that credential in different formats 
  because the open ID for verify credentials issuances credential 
  format agnostic so we want to we want to support a variety of 
  credential formats going forward and then there is the actual a 
  credential issuance ATI this is a 0 of protected and point a 
  resource solve a lot of terminology and the wallet uses the 
  access token and.
Torsten_Lodderstedt:  early request to credential with that 
  request also comes things.
Torsten_Lodderstedt: Proof of possession.
<kristina> wallet sends the request to the Issuer, wallet may 
  already know which issuer, which credential type (wallet 
  initiated); or it might get that idea from the initiate issuance 
  request (issuer initiated flow)
Torsten_Lodderstedt: And in response the credential issue issues 
  a credential or put a perhaps also multiple credentials we are 
  working on better issuance as well.
Torsten_Lodderstedt:  so the design.
<alex> How does the credential manifest fit in here? Is it 
  optional in transaction 0 ?
<kristina> credential manifest is not used
Torsten_Lodderstedt: Couple of protective potential and point we 
  leverage all the different flows that exists in the wok universe 
  and all the packages that existed including the different methods 
  for securing all this authorization flows we have defined a new 
  code new pre-authorized code flow for some of the user 
  experiences are can be found in the decentralized world but at 
  nicely fits into the into the OR framework or of open ID for a 
  very vibrant relationship.
Torsten_Lodderstedt:  science is credential format agnostic so 
  can be used with high voltage.
Torsten_Lodderstedt: With ISO mdl with over credentials and that 
  also it requires us to support different kinds of proof of 
  possession for key material which we do if a wallet wants to know 
  what the issue was capabilities are there is a metadata facility 
  which we in the end derived from the of an open idea metadata 
  facility that can be used to exactly determine this kind of 
  information.
Torsten_Lodderstedt:  so let me quickly go.
<kristina> the same access token (symbolizing user consent) can 
  be used to issue same credential of multiple formats (W3C VC and 
  ISO mDL for example) or bind the same credential format to 
  different key (mulitple DIDs)
Mike Prorock: +1 Kristina
Torsten_Lodderstedt: Is the request for a wallet that request 
  authorization to request a credential of type open batch 
  credential this is this is all vanilla opener off and when the 
  issuer is done processing the authorization request the the 
  wallet gets in the code that it changes for an access token and 
  that access token which is shown here in that in that part of the 
  message is sent to the HTTP a protected API.
Torsten_Lodderstedt:  so we've got a couple of parameters over.
Torsten_Lodderstedt: The older type which.
<mprorock> that multi format / binding behaviour may be of help 
  when bridging mDL to VCs
Torsten_Lodderstedt: The format in this case it's lldp on the 
  scoby see which means it's an Audi proof we want to bind to 
  credential to a dead key and we also have a gws object that is 
  the proof of perception of the private key corresponding to that 
  date so that's basically it is and then in as a result what we 
  get is a response which determines the format no surprise that's 
  ldp on the school BC and we've got the credential which can be.
Torsten_Lodderstedt:  which must be of the format that they 
  decline.
Torsten_Lodderstedt: You're real that's the sequential that was 
  issued which is a open Richmond Dental.
<kristina> if you have an existing OAuth infrastructure, the 
  minimum is to add a new credential endpoint, if you are using 
  scopes to request a certain credential (which allows even large 
  scale systems like msft to move to this model)
Torsten_Lodderstedt: Why should you consider to use open ID for 
  graduations their couple of reasons for that first of all it's it 
  leverages the Simplicity and security of Olaf I mean all of is is 
  successful because it is secure as a simple to use and there are 
  tons of libraries available in all what kinds of programming 
  languages and we are basing on that second the the protocol works 
  for all kinds of bullets so could be a native app can be weapon.
Torsten_Lodderstedt:  it can be can be something hybrid there are 
  protein.
<dmitri_zagidulin> @kristina - does that mean that the issuance 
  initiation endpoint is optional?
<kristina> yes
<dave_longley> How are the acceptable cryptosuites for the DID 
  proof expressed? (not vc-jwt vs. ldp, but rather ... 
  Ed25519Signature2020 or JsonWebSignature2020, etc.)
<kristina> for the issuer, issuer metadata
Torsten_Lodderstedt: More advanced implementations that that 
  utilize our protocol and a guy for that and if you want to 
  implement it you can use the off library of your choice and there 
  are plenty of them available all it needs is in addition to the 
  of Library you need to set up the HTTP protective and point to 
  actually in this is symmetric fashion process the credential 
  issuance request and reduce the response and if you happen to 
  have an existing oauth or open ID deployment.
Mike Prorock: +1 Kristina - this also maps well to the system to 
  system use cases at scale we see in supply chain that are alos 
  leveraging oauth and scopes in a similar manner
<dave_longley> how easily can you separate the authz server from 
  the issuer server?
<kristina> very easy
<dmitri_zagidulin> @kristina - what about for the wallet? (how 
  does the wallet specify which crypto suite it prefers to 
  receive?)
Torsten_Lodderstedt: More lecithin you and pointed at deployment 
  and use your existing infrastructure the authorized access and 
  even use the existing identity data to turn your open a t.o.p 
  into a credential issue which we think is a key success factor 
  because credentials needs to be minted from parties that already 
  have identity data and so I think we this is a way to really 
  foster adoption of the decentralized identity principles the 
  protocol itself.
Torsten_Lodderstedt:  self does not have a certain selection or 
  Discovery back.
<alex> Can you do selective disclosure using BBS+ signatures?
<kristina> in microsoft's implementation, we use existing authz 
  endpoints that deal with billions of transactions and for the 
  issuance, building a new endpoint
<sam_curren> Yes
<mprorock> easily speperable, and also easy to get support 
  plugged into existing oauth services
<dave_longley> does the issuer server or the authz check the DID 
  proof? ... if the issuer server, does it also function as an 
  authz server by serving authz server metadata RFC8414?
Torsten_Lodderstedt: With all kinds of those mechanisms so for 
  example you can use custom schemes which works well along a 
  across a cohort of native wallets you can have selectors you can 
  have something like choppy so you can combine it with whatever is 
  needed and there are different different examples deployed in the 
  wild one other thing that I would like to emphasize is that you 
  to the way out.
Torsten_Lodderstedt:  oh up works and open at the works.
<kristina> @dmitri, for the wallet depends on the chooser 
  mechanism
<kristina> @dave, issuer server
Torsten_Lodderstedt: Out of flexibility how you are constructed 
  designed the user interaction at the issuance site because you've 
  got the full user interface control can authenticate the user can 
  do whatever you want and needs to gather user content and so on 
  the protocol works for same device and cross-device scenario and 
  it supports different security levels we have recently been 
  working on a design options for really substantial and high 
  security levels which are required for example for regulating.
Torsten_Lodderstedt:  these schemes like ìitís but a simple.
<kristina> @dave currently, issuer server's metadata is being 
  published in the authz server metadata
Torsten_Lodderstedt: And as I said it's credential format 
  courtesy diagnostic so if you once you have implemented it in 
  your issue it's easy to support different different kind of 
  credential formats because I'm in my opinion that's important 
  because this Market is so emerging and there are so different 
  approaches on the way it's good to do to have that option in the 
  pocket there are couple of of implementations already underway 
  and I will also like to mention that I so has decided to adopt 
  that for.
Torsten_Lodderstedt:  a 
  couphttps://unix.stackexchange.com/questions/243207/how-can-i-delete-everything-until-a-pattern-and-everything-after-another-patternle 
  of there's Donuts in the in the in the world of nature.
Torsten_Lodderstedt: Take credentials and with that I'm through 
  with my slide deck if time permits.
<niels_klomp_-_sphereon> yes
Mike Prorock:  That one one quick kind of chair question with the 
  iso note there with this potentially then provide a path for use 
  of mdl and verifiable credentials say for dual issuance cut type 
  scenarios or bridging mdl over to verifiable credentials where 
  required.
<dave_longley> @kristina - so would that perhaps be separable in 
  the future? it seems that the issuer should be responsible for 
  generating the challenge nonce and expiration period since it 
  will be checking the DID proof it is used in (not the authz 
  server)
Kristina: Yeah so they're really implementations emerging where 
  people are using up any pervasive product location most ISO mdl 
  format a credential and every CVC on so diet is possible that 
  your site on the presentation on depends on the choices that I 
  saw working at feel make the near future but there is really high 
  probability we can enable a password the same presentation 
  response can include those I swim Geo and there was received.
<bumblefudge> Inshallah!
Kristina: See if they're successful.
Torsten_Lodderstedt: All right just met I can run you a quickly 
  through the demo just takes a minute or so.
Dmitri Zagidulin:  Yes sir if you don't mind real quick since I 
  think there's more questions go ahead.
Shawn Butterfield: +1 To this approach... Using OAuth to 
  bootstrap the interaction is extremely valuable for enterprises 
  with identity walled gardens. Allows for a much smoother 
  transition to decentralized trust infra.
Manu Sporny:  Yes, it is not easy and hence big caveat "if we are 
  successful" :D
Torsten_Lodderstedt: Okay so let's assume I'm in my wallet is in 
  this case it's a web it's a web wallet.
Dave Longley: +1 To ensuring authz and issuing servers in 
  OIDC4VCI can be cleanly separated (i think there's more work to 
  be done there, but it's a really important goal)
<mprorock> chair hat off: +1 to this approach - and mesur.io 
  plans to add support
Torsten_Lodderstedt: So I don't have to credential in my wallet 
  now I request a credential in this case the wallet offers me 
  several issues I mean it's a bit similar to what we have seen in 
  the first presentation so we already know some of the issues and 
  then I'm being sent to the issue and this is this is a simple 
  standard oauth authorization request as you might see from the 
  URL and I'm logging in to the site and I.
Torsten_Lodderstedt: Confirm the issuance of.
Torsten_Lodderstedt: Nashville that's not.
<mprorock> that is for human in the loop use cases for us
Torsten_Lodderstedt: Screen but it's a prototype and here's the 
  see that that's that's that's everything so I went through the 
  authorization process the walnuts get an access token and and 
  obtained the credential and then I accept that credential and 
  that's it right so that's how easy as it can look and with that 
  I'm done with my presentation.
<shawn_butterfield> Shortest demo ever. Love that.
<niels_klomp_-_sphereon> If you ask me without going into 
  politics of SSI, the integration into OID allows for far easier 
  adoption in existing enterprise systems
<anil_john_[us/dhs/svip]> It feels as though the metadata created 
  by the issuer is distributed across multiple locations (did 
  document, revocation status info, OIDC stuff etc.) Given that DID 
  resolution provides a cross-network mech for mapping the 
  identifier of an issuer to a did document.. Would it make sense 
  to consolidate the location long term (i.e. target of resolution(
Dmitri Zagidulin:  Wonderful thank you so much so we're eight 
  minutes till the top of the hour I'm got a lot to go through in 
  the interests of time we usually repeat the questions asked in 
  chat but in this case we're going to skip them so if those are 
  you joining in voice only please take a look at the chat 
  transcript afterwards to make sure you haven't missed the 
  questions for the opening you connect group I want to say a 
  couple more words and then handed over to.
Dmitri Zagidulin:   Aaron to to talk about.
<mprorock> Chair Note: please do feel free to engage on list to 
  keep things rolling and deep dive on various items
Dmitri Zagidulin:  Jeff next steps I see there's mono and the Q 
  so before before we go over to tamanho I want to mention that so 
  thank you so much to all three presenters for coming and talking 
  about API snacks developers who are unsure which which protocols 
  to to implement please direct questions to the either the ccg 
  public mailing list or the.
Dmitri Zagidulin:   VC-EDU.
Dmitri Zagidulin:  Public mailing list certainly your questions 
  will generate no drama or or dissenting opinions.
<aditya_-_entrustient> Is there a playground available for OpenID 
  connect? And should we be using SIOPV2 as a guide?
<kerri_lemoie> VC-EDU Listserv: 
  https://lists.w3.org/Archives/Public/public-vc-edu/
<kristina> please think of OpenID4VCI differently from 
  SIOPv2/OpenID4VP side
Dmitri Zagidulin:  Reminder to implementers that all three 
  protocol Stacks allow for did authentication and that is 
  something that I will be requiring at the jmf plugfest so 
  championed the VC API which we didn't get go into too much detail 
  here besides pointing out that it's there and it's kept separable 
  from credential Handler API I urge you to look into the details 
  on your own but couldn't handle it behind.
Dmitri Zagidulin:   CHAPI provides.
Dmitri Zagidulin:  Education wacky did Cam has a mechanism for 
  did off and then I'm going to connect 4 DC issuance has a 
  mechanism for did also when you pick a protocol that will 
  determine your method of did authentication which we will be 
  looking for a jff.
<kristina> Issuance using OAuth does not have the limitations of 
  turning user's native app into an authorization server :)
<kristina> @Adytya working on, conformance test suite for 
  OpenID4VC
Dmitri Zagidulin:  Sighs Cristina mentions an inch at the opening 
  to connect families Protocols are three separate protocols so 
  there's separately self issued opening you connect there is open 
  and you connect for VC issuance which is what was presented today 
  and then there's a separate one operated you connect for 
  presentation which is something that incidentally that the jmf 
  plugfest 3 will be testing okay any other quick questions before.
Dmitri Zagidulin:   Handed over to to.
David Chadwick:  Just to show tools that are available via 
  NGIAtlantic, profile for OIDC, web pages for people to join 
  details and tools to help them. [scribe assist by Manu Sporny]
Dmitri Zagidulin:  Wonderful thank you so much in case we run out 
  of time to show the tools can you paste the URLs to the tools in 
  chat here for people to investigate thank you so much.
Dmitri Zagidulin:  Any other questions.
David Chadwick:  Yes, I'll paste the URL. [scribe assist by Manu 
  Sporny]
<aditya_-_entrustient> @kristina - Thank you. Can I use 
  OpenID4VCI to package requests from Aries?
Dmitri Zagidulin:  All right Sharon if you if you want to say a 
  few words about next steps and deadlines.
Dmitri Zagidulin:  But like that.
<mprorock> handing things over to Harrison as I am at a hard stop 
  - really appreciate the time from everyone today - this is an 
  awesome topic
Sharon Leu:  Great thank you all for such a great presentation I 
  feel like all of the questions are answered and everyone is 
  exactly what they're supposed to do right perfect because the 
  deadline to choose a protocol for your participation in plugged 
  S2 is September 30th end of the day whatever your time zone is so 
  I think that everyone has gotten an email from us about how to do 
  this how to do the quote-unquote selection which is basically 
  updates a Google spreadsheet there.
Sharon Leu:   Can you to be technical questions which I'm sure 
  there are.
<manu_sporny> hahaha :P -- yes, the path forward is crystal clear 
  :P
<dmitri_zagidulin> @manu - hahahaha glad to clarify! :)
Sharon Leu:  Are available on the PC edu mailing list so please 
  definitely subscribe to that send an email to public Dash pcc.edu 
  and hit the put the word subscribe in the headline I guess the 
  same way that you do any other listserv and ask your questions 
  there so I think that's it September 30th part of why we have 
  September 30th is the deadline is Because unless you select a 
  protocol it's very difficult for you to find partners with you 
  know.
Sharon Leu:   Go with him to.
David Chadwick: https://idp.research.identiproof.io/ for wallets 
  to test OIDC. It works for cloud wallets, same device smart 
  wallets and cross device smart wallets
Sharon Leu:  Ability with and the deadline for that will be the 
  following week after that so yeah let us know if you have any 
  additional questions or what some technical assistance but look 
  forward to working with everyone again and thank you all for your 
  time.
<davidc> You need to enter the un: user and the pw: password to 
  authenticate to the site
Dmitri Zagidulin:  Thank you so much Sharon so again if you have 
  questions about protocol Choice please please post on the mailing 
  list your next task is as implementers to decide in protocol and 
  find interoperability Partners meaning if you're issuers you're 
  going to need to find wallets if your wallet provider you're 
  going to need to find issuers other than your own to test with.
Dmitri Zagidulin:  I believe that's it Harrison over to you.
Harrison_Tang: Thank you thank you Dimitri thank you Sharon and 
  thank you to all the presenters.
Harrison_Tang: Maybe I'll see you around the queue but you 
  probably already on that make that announcement right.
<kristina> @Aditya, why would you do that..? package Aries req?
Dmitri Zagidulin:  Go ahead David.
Harrison_Tang: Sounds good we do have two minutes so please do.
<torsten_lodderstedt> need to leave for the next meeting - thanks 
  a lot for the opportunity to present our work
<dmitri_zagidulin> thanks everyone for attending, and for your 
  excellent questions. We realize that this is a difficult topic 
  that's hard to fully cover in 10 mins each, we encourage you to 
  ask follow-up questions.
<harrison_tang> thank you, Torsten, for sharing
<dmitri_zagidulin> thanks Torsten!
<sharon_leu> thank you, torsten!
<aditya_-_entrustient> @kristina - Create Out of band credentials 
  using Aries and use OpenID4VCI to transfer to a holder?
<niels_klomp_-_sphereon> I wouldn't see why that wouldn't be 
  possible
<rgrant_ryan> thx everyone
Dmitri Zagidulin:  Thank you again David for for demoing and this 
  brings up a good point so on the jmf side will be looking for API 
  communities to put forth testing sites like that to make it 
  easier for wallet implements test against and vice versa so we 
  look forward to using David's and similar similar projects on the 
  VC API and credential Handler side.
Dmitri Zagidulin:  Or and on the did cam site.
Dmitri Zagidulin:  All right I think that's up top of the hour 
  for us.
<kerri_lemoie> Thanks all! Great call!
<sharon_leu> Thank you!
<dave_longley> You can also use VC-API to generate VCs and then 
  delivery them using CHAPI + OIDC4VCI.
<julie_keane> Thanks all
Harrison_Tang: All right thank you Dimitri and thanks everyone 
  for attending will conclude this week's meeting will work on 
  publishing the minutes in the next few days and then you have any 
  questions please feel free to send it to the mailing list thanks.

Received on Wednesday, 2 November 2022 16:52:41 UTC