[Openid-specs-ab] Spec Call Notes 23-Nov-20

Mike Jones Michael.Jones at microsoft.com
Wed Nov 25 01:49:53 UTC 2020 

Spec Call Notes 23-Nov-20

Mike Jones
Nat Sakimura
Tom Jones
Tobias Looker
Kristina Yasuda
Kengo Suzuki
Brian Campbell
Edmund Jay
Adam Lemmon
Kyle Den Hartog

External Organizations
              Tom reported on Blink On and WebID
              IETF - Mike believes that IETF wasn't very productive because you couldn't gauge the sense of the room during discussions
                           It was impossible to know what other people in the "room" were thinking
                           Brian pointed out that HTTP and OAuth chose not to meet and instead have interim meetings
                           Brian reminded people that there's an OAuth interim next Monday on DPoP
              Kristina reported that there's an OIX workshop coming up December 15th at 1500-1700 GMT
                           There will be a SIOP/DIF presentation at the OIX workshop

SIOP Requirements
              Kristina reported on the SIOP Requirements draft
              https://bitbucket.org/openid/connect/src/master/SIOP/siop-requirements.md
              There's a discussion on registration requirements
              There's a discussion on how to represent Verifiable Presentations
                           The VC Data Model defines the JWT claims "vc" and "vp"
                           It's expected to use the "vp" claim for Verifiable Presentations
                           Using the "vp" claim in the ID Token would be an interoperable way to use this
              There's a discussion on the requirements of Progressive Web Applications (PWAs)
                           Experts are encouraged to provide input
              Adam shared that people should review the draft that Kim Cameron had sent
                           See https://bitbucket.org/openid/connect/issues/1196/siop-credential-wallet-as-a-pwa
              Tobias reported that Torsten, Kristina, Oliver, and he have been discussing which issues should be in scope for SIOP
                           They're currently thinking that it's best to consider solutions to each issue separately
                           They've drafted https://hackmd.io/xIPrCWbSRJm8cxclRZ-Ubw , which has five largely independent points to consider

Contributed SIOP V2 Draft
              Kristina contributed a SIOP V2 draft that's in the spirit of OpenID Connect and meets some of the new requirements
                           She said that the draft meets points 1, 3, and 4 from Tobias' draft
              Mike said that he thinks the SIOP V2 draft is a good step forward
                           Among other things, it enables registration information to be sent either by value or by reference
                           Tobias asked whether the registration improvements could apply to all OPs
                           Kristina said that first, we're solving SIOP problems, but that we should consider general applicability
                           Tobias said that we could consider amendments to the core protocol
                           Tobias said that we could do request-time registration, rather than in-advance registration
                           Mike pointed out that OpenID Connect Federation enables request-time registration using entity statements
              Tobias pointed out that to the extent that things are generally applicable, we should consider how to do that
                           Mike agreed and said that it's good that Tobias' document has 5 largely orthogonal points
              Tom mentioned portable identifiers
                           He said that Keri and others talk about this
                           Mike pointed out that the OpenID 2.0 experience was that most people couldn't understand even URLs
                                         DIDs are orders of magnitude worse, as they contain large random numbers
              Kristina asked for adoption of the draft by the working group
                           Tom asked about the section numbering - which currently mirrors the OpenID Connect Core 1.0 draft
                           Kristina said that section numbering can be discussed by the working group
              Nat asked for editors and a copyright statement
                           He said that we could still have a call for adoption
                           Mike volunteered to add the boilerplate sections and be a second editor
                           Nat asked for a scope statement
                           Tobias expressed support for the intent of the document
                           Tobias volunteered to also be an editor
              The week's adoption clock will start once we publish the updated draft with editors, boilerplate, etc.

Session Management Status
              RP-Initiated Logout was split out into its own document
              We also added warnings about cookies to the Session Management and Front-Channel Logout specifications

Next Call
              The next call is a week from now on Monday, November 30th at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20201125/db03ba82/attachment.html>

More information about the Openid-specs-ab mailing list