**Session Date/Time:** 22 Jul 2025 07:30

# spice

## Summary

The SPICE working group meeting focused on document discussions and future directions. Key topics included updates to the use case document, the proposal for a traceability claims draft, progress on the glue document, considerations for CIBOR OpenID Connect claims, an architecture draft for direct presentation flows, and significant updates to the SD-JWT Selective Disclosure for CBOR (SD COT) document.

## Key Discussion Points

*   **Use Cases Document:**
    *   Merged telecom use cases.
    *   Discussion on whether to include digital wallets and embedded credentials use cases.
    *   Considered the document's informative nature and whether RFC publication is necessary.
    *   Suggestion to potentially split roles into a separate section focusing on credential providers.
*   **Traceability Claims Draft:**
    *   Presentation of a draft to register JWT/CWT claims for traceability in physical goods supply chains.
    *   Concerns raised about the lack of units for measurable quantities.
    *   Suggestion to categorize information and add a hierarchy for new claims.
    *   Discussion on mutable and immutable information during transportation.
    *   Need for supply chain expertise to validate the initial set of claims.
*   **Spice Glue Document:**
    *   Document to provide a consistent way to identify organizations, particularly in supply chain scenarios.
    *   Addressed remaining open issues.
    *   Consideration of organizational namespaces to include in the registry.
    *   Discussions on national-level registration procedures.
    *   Potential conflict with other URN naming schemes.
*   **CIBOR OpenID Connect Claims**
    *   Proposal to register 19 OpenID Connect claims for CBOR tokens
    *   Aim for standard action and one-on-one mapping to existing OIDC definitions
*   **Architecture Draft for Direct Presentation Flows**
    *   Seeking a better name than digital wallet
    *   Concerns around the usage of "wallet" and suggestion to instead use "Credential Provider"
*   **SD COT Document:**
    *   Significant updates including AEAD encrypted disclosures, default algorithm for SDALG, clarification of audience and disclosure order, CDDL self-consistency, and a definition for the "to be redacted" tag.
    *   Discussion about the use of Cozay versus dedicated AEAD encryption.
    *   Review and rewrite of the security and privacy consideration sections.
    *   Consideration to use content format integers in place of media type strings
    *   Cozy key thumbprint as a valid confirmation method

## Decisions and Action Items

*   **Use Cases Document:**
    *   Brent Zundell to consider Tim Kabili's suggestion to split roles into a separate section focusing on credential providers and to address Kathleen's comments.
    *   The group will leave the Digital Wallets and Embedded Credentials sections to be worked on if people show interest, otherwise, the issues will be closed by the next IETF.
*   **Traceability Claims Draft:**
    *   Brent Zundell to incorporate feedback from Rowan May and Peter Hawley, and Mike Jones into the next draft.
    *   Address issues raised by Hank regarding the use of standard SI units.
    *   Encourage more discussion on the mailing list before a working group adoption call.
*   **Spice Glue Document:**
    *   Brent Zundell to attempt contact with Dun & Bradstreet.
    *   Consider ISO 3166-1 codes for nations in URN registration.
    *   Designated experts will provide guidance to handle the registration of nation-specific URNs.
*   **CIBOR OpenID Connect Claims:**
    *   The group will perform a working group last call, but needs more people to read the draft first
    *   Kathleen and others agreed to review the document.
*   **SD COT Document:**
    *   Rowan will make the content format integers a "should" in the document and make note of using Cozay key thumbprint as a valid confirmation method.

## Next Steps

*   **Use Cases Document:** Await further input and possibly address the comments and proposed changes.
*   **Traceability Claims Draft:** Revise and circulate the next draft based on the received comments and schedule for a working group adoption call.
*   **Spice Glue Document:** Address review issues and solicit feedback on organizational namespaces for inclusion and after this, suggest a working group last call.
*   **CIBOR OpenID Connect Claims:** Proceed with working group last call if no further issues are raised.
*   **SD COT Document:** Continue to address remaining issues and close them and consider for a last call
*   Encourage the working group members to review the documents and provide feedback on the mailing list or GitHub repository.