OID4VC Due Diligence Task Force

[hkny]

Introduction/Background Material

Currently, the OID4VC components for implementing decentralized identities such as OID4VCI and OID4VP are gaining traction, especially in Europe. These specifications are required by the European digital identity Architectural Reference Framework but also getting significant attention outside of Europe.

This task force would investigate the specifications belonging to the OID4VC family thoroughly, check the existing implementations, and start the preliminary work for potentially creating/hosting a reference implementation or a framework that can be used by a wider community for application implementations.

Objectives

• Deep dive into the specifications
• Survey existing implementations
• Contacting the (potential) implementors to see whether they'd be open for hosting their work at OWF
• Create a plan for hosting and continue the work for the reference implementation, if no codebase can be migrate then create a plan for the reference implementation /framework for implementing wallet ecosystems at OWF

List of Deliverables or Work Products

• Creation of a documentation that a) defines the necessary components and endpoints for the implementation of OID4VC specifications and b) reports the existing implementations
• Contacting and documenting the (potential) implementors and their response to see whether they'd be open for hosting their work at OWF
• Creation of a project plan for the continuation of the work as a OWF lab project

Time to Complete

3 Months

Leader

@hkny @tlodderstedt

Initial Participant List

@hkny @tlodderstedt @sakurann @vikyTM @skounis @troyronda

Remarks/Notes - Profiles

There are also interoperability profiles such as high assurance profile that should be reviewed to ensure the potential wallet ecosystem is interoperable with other implementations that are compatible with the profile.

[tlodderstedt]

I support this proposal. I suggest to extend the scope of the DD to the full range of specs of the OpenID 4 Verifiable Credentials protocol family. Please have a look at https://openid.net/openid4vc/ Further Specs: SIOP v2 was adopted by the EU ARF for pseudonymous authentication with a wallet. OpenID4VP over BLE is an emerging spec for VC presentation in "offline" scenarios via BLE.

[tlodderstedt]

Another item of interest. There is work under way to define an Interoperability profile for OID4VC with SD-JWT VCs. https://vcstuff.github.io/high-assurance-profile/draft-high-assurance-profile-oid4vc-sd-jwt-vc.html That could server as a starting point implement something that can directly be used to build VC-based solutions.

[hkny]

I support this proposal. I suggest to extend the scope of the DD to the full range of specs of the OpenID 4 Verifiable Credentials protocol family. Please have a look at https://openid.net/openid4vc/ Further Specs: SIOP v2 was adopted by the EU ARF for pseudonymous authentication with a wallet. OpenID4VP over BLE is an emerging spec for VC presentation in "offline" scenarios via BLE.

Thanks for the input @tlodderstedt. Extended the task force description accordingly.

[tlodderstedt]

Another note: OpenID Foundation is developing conformance tests for OID4VC. The OWF projects should use them to ensure Interoperability.

[tlodderstedt]

I suggest to not restrict the scope to wallet components only. If would see issuance or verification modules in scope, too. We should do everything we can to support implementation of solutions with OID4VC.

[tkuhrt]

Approved by the TAC on May 31, 2023

• [x] Create Discord channel - @tkuhrt (Created #oid4vc-due-diligence-tf in the Technical Advisory Council category)
• [x] Add information about Task Forces to TAC website - @tkuhrt (see https://openwallet-foundation.github.io/tac/task-forces/)
• [x] Add link to the above to the OpenWallet Foundation GitHub Profile - @tkuhrt

[tkuhrt]

Created https://github.com/openwallet-foundation/OID4VC-due-diligence-tf

[skounis]

Hi @tkuhrt

If we are going to create separate repos for each task force, could it be better to prefix them so we identify them easier when we list the repositories in the organization?

For example:

• tf-oid4vc-due-diligence instead OID4VC-due-diligence-tf
• tf-{slag repo name}

I would also suggest using lowercase for the slag names since they appear in the URL (this is a personal preference)

[alenhorvat]

Hi.

Should we review/discuss https://api-conformance.ebsi.eu/docs/wallet-conformance

There are 19 providers already https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Conformant+wallets

and the conformance is being extended to other components.

Could/would the WG benefit from the work?

[tlodderstedt]

Hi,

thanks for bringing this to our attention.

I think it makes sense to review this (and other conformance profiles).

Given the objectives of OWF and this TF, it would be good to know which of those implementations are Open Source.

Please note: the TF kicks off this week (21.6, 5pm CEST).

https://zoom.us/j/96334594470?pwd=QTRnZjdleXNJYWEwcFhDNWV6Q3g2dz09

best regards, Torsten. Am 19. Juni 2023, 13:57 +0200 schrieb Alen Horvat @.***>:

Hi. Should we review/discuss https://api-conformance.ebsi.eu/docs/wallet-conformance There are 19 providers already https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Conformant+wallets and the conformance is being extended to other components. Could/would the WG benefit from the work? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[alenhorvat]

Hi. Nice.

• Great, let's review the conformance profiles and see to which extent they converge (or not)
• I believe we can contact the wallet providers to provide the information (or invite them directly)

Thank you!