[Openid-specs-ab] Spec Call Notes 19-Apr-21

Tue Apr 20 00:25:29 UTC 2021

Spec Call Notes 19-Apr-21

Mike Jones
Tom Jones
Nat Sakimura
Vittorio Bertocci
Dmitri Zagidulin
Kristina Yasuda
Tim Cappalli
Adam Lemmon
Edmund Jay
John Bradley
Tobias Looker
Tony Nadalin

Internet Identity Workshop (IIW)
              IIW is the next three days.  Here's some possible sessions to look for...
              Introduction to OpenID Connect - Mike Jones, Session 1
              Options for including W3C VC objects in OpenID Connect flows (Kristina)
              SIOP Use Cases - Kristina
              Credential Provider draft - Tobias and Adam
              SIOP Chooser - Jeremy and DW and Tom
              Using BB+ with JOSE and JWTs - Jeremy and DW
              Claims Aggregation draft - Nat and Edmund
              Logout Options in the face of Browser Changes - John suggested asking DW to do it
                           Tim asked whether to also talk about what users understand about Web logout
              Authentic Data Economy series - David Huseby and Mike Lodder
                            https://dwhuseby.medium.com/dont-use-dids-58759823378c
                            https://github.com/TrustFrame/authentic-data-specifications

Mobile Driver's License
              mDL is ISO/IEC 18013-5 in SC17 WG10
              Tom told us about a request for comments by DHS on Mobile Driver's Licenses
              https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf
              [Docket No. DHS-2020-0028]
              Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver's Licenses
              Kristina said that the ISO specs don't use VCs or DIDs
              John talked about needing not only standards, but also regulations and issuers to get a working ecosystem
              Tony reported that Nat is working on a liaison agreement between SC17 WG4 and WG10 and the OpenID Foundation
                           Nat said that this would be a Category 3 liaison
              Tony suggested that we comment supporting use of the SIOP protocol for Mobile Driver's Licenses
              Tobias asked if there is an issuance protocol
                           Tony said that there is a protocol for retrieval but not issuance
              Tony suggested that he and Kristina take ownership of drafting a response to DHS
              Tom said that Kantara will be drafting a response mostly about privacy

Modified SIOP Special Call Schedule
              We will be alternating Pacific-friendly and Europe-friendly calls every two weeks
              The next Europe-Friendly call will be Tuesday, April 27 at 7am Pacific Time
              The next Pacific-Friendly call will be Tuesday, May 11th at 3pm Pacific Time
              Kristina will work with Mike Leszcz on updating the Foundation calendar
              We'll reconfirm the preferred call schedule during the next special call

Claims Aggregation Draft
              Nat asked Tobias and Adam about their progress on the Claims Aggregation Draft
              Tobias reported that they're working on addressing issues on their Credential Provider draft
              Tobias said that they've defined a new endpoint for indirect presentation of end-user claims
                           It can use different claims formats, including VCs, MDL, JWTs
              Tobias reported that Mike suggested using access tokens with single audiences
                           He said that both Edmund's draft and theirs use new endpoints
              Edmund said that the UserInfo Endpoint doesn't support request parameters to request subsets of claims
              Nat told Tom that we're talking about claims issuance and aggregation - not claims presentation
              Mike asserted that Edmund's and Nat's draft is an interface between the OP and Claims Providers
                           He asked whether the Credential Provider draft describes a different kind of interface
                           Tobias said that the intent of the two is similar
              Tobias said that their credential notion is suitable for indirect presentation
              There was a digression about the confusion caused by having multiple meanings for the work "credential"
                           To many, credentials are things like passwords, OTPs, biometrics, etc.
                           To others, they're things like medical degrees, law degrees, proof of vaccination, etc.
                           Hence the confusion
              Nat said that his primary interest was when Tobias and Adam could bring their work into the working group
                           They said they want to address a few more issues before sending a draft for public review

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              We ran out of time to get to this

Next Calls
              The next regular Connect call is scheduled for Thursday, April 22nd, 2021 at 7am Pacific Time
                           However this conflicts with IIW Day 3 agenda creation
                           I'll send a separate note asking if we should cancel for this week
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210420/c3dd90b6/attachment.html>