[Openid-specs-ab] Spec Call Notes 19-Apr-21

David Waite david at alkaline-solutions.com
Tue Apr 20 06:53:28 UTC 2021

Vittorio contacted me separately indicating that John mentioned/people were interested in the DTVA work I did several years ago [1][2]. This was a poll back-channel API, an alternative for the existing three OIDC logout mechanisms (as well as access token revocation). I’d be more than happy to lead something on day 2 or 3; I imagine this should be geared more toward the problem at hand (iframes losing access to third-party site state).

Re: What does Web logout mean, that is a great question. Back when I was doing the DTVA work we had an IIW session about “what are sessions” and that came up.

At the time, I proposed that (outside vague notions of organizational security policy/hygiene) it is a signal from the user that future interactions may be by someone else. I didn’t get push-back at the time, but that doesn’t mean we can’t have new discussion at IIW.


1: https://bitbucket.org/openid/connect/src/master/distributed-token-validity-api.txt <https://bitbucket.org/openid/connect/src/master/distributed-token-validity-api.txt>
2: https://bitbucket.org/openid/connect/src/master/dtva-hashgraph-system.txt <https://bitbucket.org/openid/connect/src/master/dtva-hashgraph-system.txt>

> On Apr 19, 2021, at 6:25 PM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> Spec Call Notes 19-Apr-21
> Mike Jones
> Tom Jones
> Nat Sakimura
> Vittorio Bertocci
> Dmitri Zagidulin
> Kristina Yasuda
> Tim Cappalli
> Adam Lemmon
> Edmund Jay
> John Bradley
> Tobias Looker
> Tony Nadalin
> Internet Identity Workshop (IIW)
>               IIW is the next three days.  Here's some possible sessions to look for...
>               Introduction to OpenID Connect - Mike Jones, Session 1
>               Options for including W3C VC objects in OpenID Connect flows (Kristina)
>               SIOP Use Cases - Kristina
>               Credential Provider draft - Tobias and Adam
>               SIOP Chooser - Jeremy and DW and Tom
>               Using BB+ with JOSE and JWTs - Jeremy and DW
>               Claims Aggregation draft - Nat and Edmund
>               Logout Options in the face of Browser Changes - John suggested asking DW to do it
>                            Tim asked whether to also talk about what users understand about Web logout
>               Authentic Data Economy series - David Huseby and Mike Lodder
>                             https://dwhuseby.medium.com/dont-use-dids-58759823378c <https://dwhuseby.medium.com/dont-use-dids-58759823378c>
>                             https://github.com/TrustFrame/authentic-data-specifications <https://github.com/TrustFrame/authentic-data-specifications>
> Mobile Driver's License
>               mDL is ISO/IEC 18013-5 in SC17 WG10
>               Tom told us about a request for comments by DHS on Mobile Driver's Licenses
>               https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf <https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf>
>               [Docket No. DHS–2020–0028]
>               Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver’s Licenses
>               Kristina said that the ISO specs don't use VCs or DIDs
>               John talked about needing not only standards, but also regulations and issuers to get a working ecosystem
>               Tony reported that Nat is working on a liaison agreement between SC17 WG4 and WG10 and the OpenID Foundation
>                            Nat said that this would be a Category 3 liaison
>               Tony suggested that we comment supporting use of the SIOP protocol for Mobile Driver's Licenses
>               Tobias asked if there is an issuance protocol
>                            Tony said that there is a protocol for retrieval but not issuance
>               Tony suggested that he and Kristina take ownership of drafting a response to DHS
>               Tom said that Kantara will be drafting a response mostly about privacy
> Modified SIOP Special Call Schedule
>               We will be alternating Pacific-friendly and Europe-friendly calls every two weeks
>               The next Europe-Friendly call will be Tuesday, April 27 at 7am Pacific Time
>               The next Pacific-Friendly call will be Tuesday, May 11th at 3pm Pacific Time
>               Kristina will work with Mike Leszcz on updating the Foundation calendar
>               We'll reconfirm the preferred call schedule during the next special call
> Claims Aggregation Draft
>               Nat asked Tobias and Adam about their progress on the Claims Aggregation Draft
>               Tobias reported that they're working on addressing issues on their Credential Provider draft
>               Tobias said that they've defined a new endpoint for indirect presentation of end-user claims
>                            It can use different claims formats, including VCs, MDL, JWTs
>               Tobias reported that Mike suggested using access tokens with single audiences
>                            He said that both Edmund's draft and theirs use new endpoints
>               Edmund said that the UserInfo Endpoint doesn't support request parameters to request subsets of claims
>               Nat told Tom that we're talking about claims issuance and aggregation - not claims presentation
>               Mike asserted that Edmund's and Nat's draft is an interface between the OP and Claims Providers
>                            He asked whether the Credential Provider draft describes a different kind of interface
>                            Tobias said that the intent of the two is similar
>               Tobias said that their credential notion is suitable for indirect presentation
>               There was a digression about the confusion caused by having multiple meanings for the work "credential"
>                            To many, credentials are things like passwords, OTPs, biometrics, etc.
>                            To others, they're things like medical degrees, law degrees, proof of vaccination, etc.
>                            Hence the confusion
>               Nat said that his primary interest was when Tobias and Adam could bring their work into the working group
>                            They said they want to address a few more issues before sending a draft for public review
> Open Issues
>               https://bitbucket.org/openid/connect/issues?status=new&status=open <https://bitbucket.org/openid/connect/issues?status=new&status=open>
>               We ran out of time to get to this
> Next Calls
>               The next regular Connect call is scheduled for Thursday, April 22nd, 2021 at 7am Pacific Time
>                            However this conflicts with IIW Day 3 agenda creation
>                            I'll send a separate note asking if we should cancel for this week
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210420/abbbbc96/attachment-0001.html>

More information about the Openid-specs-ab mailing list