Skip to content

2024 09 18 Meeting Notes

Jump to bottom
Tim Cappalli edited this page Sep 23, 2024 · 1 revision

2024-09-18 (B Call)

Organizer: Tim Cappalli

Scribe: Sam

Agenda

Attendees

  • Tim Cappalli (Okta)
  • Ted Thibodeau (he/him) (OpenLink Software)
  • Matthew Miller (Self)
  • Nick Doty (CDT)
  • Wendy Seltzer (Tucows)
  • Rick Byers (Google Chrome)
  • Heather Flanagan (Spherical Cow Consulting)
  • Sam Goto (Google Chrome)
  • Helen Qin (Google Android)
  • Hiroyuki Sano (Sony)

Notes

Administrivia

[ none ]

Intros from any new folks?

[ none ]

Any updates from incubation?

  • Rick: Chrome launched an origin trial and we have use counters
  • Rick: Starting to draft a TAG review, can be handy to have f2f conversations with TPAC
  • Matthew: Rick, any numbers that you could share?
  • Rick: Will add links to notes, % of page loads in Chrome (basically roughly zero, noisy at the start due to dev/beta experimentation pre-stable).
  • Matthew: Since the FO came out, wondering what others may be thinking.
  • Marcos: We could talk about the FO between ourselves and share our perspectives, especially if we believe as community group that we have a way to address the concerns
  • Wendy: Simone is preparing the team reporting, and has already requested the formation of the W3C council, to start the formal process. Part of what the council looks for is how the issues were raised; any evidence that folks here can share is helpful to that process. Simone has also been working with the objector to see if there are things that could be resolved by consensus and seek that in parallel with the W3C council.
  • Heather: We have that discussion in the WG at TPAC.
  • Matthew: High level impressions that I got was, if it is available people will use it … I get that … but if this doesn’t get worked on here, then it is going to happen somewhere else … and i question if those places are going to have as many considerations of privacy as we would in this group … I think the group should continue, and we have all of the mechanisms in place … that’s where I’m at and wanted to share if others match some of the intuition too …
  • Heather: We generally seem to be in alignment with that …
  • Heather: Thursday afternoon there is a FedID WG session where the recharter is going to be discussed.Subscrie here: https://www.w3.org/events/meetings/47b10aa6-3050-4714-ba22-736c4e748341/
  • Nick: permissions-related breakout session would also be relevant to the credentials question, for how sites can provide the additional context: https://github.com/w3c/tpac2024-breakouts/issues/64

Any updates from the OpenID DCP working group?

TPAC

Discussion

  • https://github.com/WICG/digital-credentials/pull/165
    • Tobias: How do we deal with backwards incompatible changes in Chrome? What happens when verifiers hit a new version of Chrome?
    • Sam: We think that we can make this specific proposal backwards compatible, so we think we can make this change and avoid breaking verifiers and wallets.
    • Sam: That is, during origin trials, we’d keep this backwards compatibility, but choose a specific variation before we ship (outside of the origin trial guards)
    • Nick: I appreciate the effort to maintain backwards compatibility, but I worry about being pulled back when in the future we figure out how to handle privacy and security problems …
    • Rick: Yeah, I agree with much of this … I think what we are trying to say is that the bar for backwards incompatible changes is rising
    • Marcos: Yeah, that matches my intuition … I do expect to make backwards-incompatible changes going forward as we learn from this exercise
    • Matthew: UintArray for values, rather than Base64 encoding strings.
    • Sam: hmmm the request.data and the response.data are “objects”, which are JSON-serializable objects.
    • Sam: Let’s kick off an issue and go from there to investigate this further
  • https://github.com/WICG/digital-credentials/labels/v1-blocker
  • Tim: Tag things here that we should address in the next 2 weeks
  • Tim: Is issuance a v1 blocker? Is registry for inclusion a v1 blocker?
  • Sam: Can you help me understand how you define v1?
  • Tim: Whatever OpenID4VP needs before they finalize their v1?
  • Sam: Anything that you are aware of that OpenID4VP needs from the API?
  • Tobias: The request is pretty transport agnostic so that seems what we’d need
  • Tim: https://github.com/WICG/digital-credentials/labels/fpwd-blocker
  • Marcos: FPWD requires a WG, and given the FO it is possible this may take ~year?
  • Wendy: there is also a mechanism that we can use to obtain patent commitments
  • Heather (from chat) : https://www.w3.org/community/reports/reqs/
    • “The report must not cause confusion about its status, in particular with respect to W3C Technical Reports. For example, reports must not suggest that they are standards or on the standards-track.”
  • Rick: that would be useful to the for the OpenID4VP
  • https://www.w3.org/community/reports/reqs/
  • Ted: W3C has a moratorium of 2-3 weeks after TPAC, and a CG Report is the right document to publish (see notes below)
  • Tim: October 15th, let’s address them and cut a CG report
  • Marcos: End of October might be more realistic
  • Sam: Maybe we could use it IIW as a target. Would that be too late for the OpenID4VP community to find it useful?
  • Brian:
  • Heather: the OIDF meeting happens the day before IIW
Clone this wiki locally