Markdown Version | Session Recording

Session Date/Time: 22 Jul 2025 07:30

spice

Summary

The SPICE working group meeting focused on document discussions and future directions. Key topics included updates to the use case document, the proposal for a traceability claims draft, progress on the glue document, considerations for CIBOR OpenID Connect claims, an architecture draft for direct presentation flows, and significant updates to the SD-JWT Selective Disclosure for CBOR (SD COT) document.

Key Discussion Points

• Use Cases Document:
  • Merged telecom use cases.
  • Discussion on whether to include digital wallets and embedded credentials use cases.
  • Considered the document's informative nature and whether RFC publication is necessary.
  • Suggestion to potentially split roles into a separate section focusing on credential providers.
• Traceability Claims Draft:
  • Presentation of a draft to register JWT/CWT claims for traceability in physical goods supply chains.
  • Concerns raised about the lack of units for measurable quantities.
  • Suggestion to categorize information and add a hierarchy for new claims.
  • Discussion on mutable and immutable information during transportation.
  • Need for supply chain expertise to validate the initial set of claims.
• Spice Glue Document:
  • Document to provide a consistent way to identify organizations, particularly in supply chain scenarios.
  • Addressed remaining open issues.
  • Consideration of organizational namespaces to include in the registry.
  • Discussions on national-level registration procedures.
  • Potential conflict with other URN naming schemes.
• CIBOR OpenID Connect Claims
  • Proposal to register 19 OpenID Connect claims for CBOR tokens
  • Aim for standard action and one-on-one mapping to existing OIDC definitions
• Architecture Draft for Direct Presentation Flows
  • Seeking a better name than digital wallet
  • Concerns around the usage of "wallet" and suggestion to instead use "Credential Provider"
• SD COT Document:
  • Significant updates including AEAD encrypted disclosures, default algorithm for SDALG, clarification of audience and disclosure order, CDDL self-consistency, and a definition for the "to be redacted" tag.
  • Discussion about the use of Cozay versus dedicated AEAD encryption.
  • Review and rewrite of the security and privacy consideration sections.
  • Consideration to use content format integers in place of media type strings
  • Cozy key thumbprint as a valid confirmation method

Decisions and Action Items

• Use Cases Document:
  • Brent Zundell to consider Tim Kabili's suggestion to split roles into a separate section focusing on credential providers and to address Kathleen's comments.
  • The group will leave the Digital Wallets and Embedded Credentials sections to be worked on if people show interest, otherwise, the issues will be closed by the next IETF.
• Traceability Claims Draft:
  • Brent Zundell to incorporate feedback from Rowan May and Peter Hawley, and Mike Jones into the next draft.
  • Address issues raised by Hank regarding the use of standard SI units.
  • Encourage more discussion on the mailing list before a working group adoption call.
• Spice Glue Document:
  • Brent Zundell to attempt contact with Dun & Bradstreet.
  • Consider ISO 3166-1 codes for nations in URN registration.
  • Designated experts will provide guidance to handle the registration of nation-specific URNs.
• CIBOR OpenID Connect Claims:
  • The group will perform a working group last call, but needs more people to read the draft first
  • Kathleen and others agreed to review the document.
• SD COT Document:
  • Rowan will make the content format integers a "should" in the document and make note of using Cozay key thumbprint as a valid confirmation method.

Next Steps

• Use Cases Document: Await further input and possibly address the comments and proposed changes.
• Traceability Claims Draft: Revise and circulate the next draft based on the received comments and schedule for a working group adoption call.
• Spice Glue Document: Address review issues and solicit feedback on organizational namespaces for inclusion and after this, suggest a working group last call.
• CIBOR OpenID Connect Claims: Proceed with working group last call if no further issues are raised.
• SD COT Document: Continue to address remaining issues and close them and consider for a last call
• Encourage the working group members to review the documents and provide feedback on the mailing list or GitHub repository.