[Openid-specs-ab] Spec Call Notes 19-Apr-21
David Waite
david at alkaline-solutions.com
Tue Apr 20 06:53:28 UTC 2021
Vittorio contacted me separately indicating that John mentioned/people were interested in the DTVA work I did several years ago [1][2]. This was a poll back-channel API, an alternative for the existing three OIDC logout mechanisms (as well as access token revocation). I’d be more than happy to lead something on day 2 or 3; I imagine this should be geared more toward the problem at hand (iframes losing access to third-party site state).
Re: What does Web logout mean, that is a great question. Back when I was doing the DTVA work we had an IIW session about “what are sessions” and that came up.
At the time, I proposed that (outside vague notions of organizational security policy/hygiene) it is a signal from the user that future interactions may be by someone else. I didn’t get push-back at the time, but that doesn’t mean we can’t have new discussion at IIW.
-DW
1: https://bitbucket.org/openid/connect/src/master/distributed-token-validity-api.txt <https://bitbucket.org/openid/connect/src/master/distributed-token-validity-api.txt>
2: https://bitbucket.org/openid/connect/src/master/dtva-hashgraph-system.txt <https://bitbucket.org/openid/connect/src/master/dtva-hashgraph-system.txt>
> On Apr 19, 2021, at 6:25 PM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>
> Spec Call Notes 19-Apr-21
>
> Mike Jones
> Tom Jones
> Nat Sakimura
> Vittorio Bertocci
> Dmitri Zagidulin
> Kristina Yasuda
> Tim Cappalli
> Adam Lemmon
> Edmund Jay
> John Bradley
> Tobias Looker
> Tony Nadalin
>
> Internet Identity Workshop (IIW)
> IIW is the next three days. Here's some possible sessions to look for...
> Introduction to OpenID Connect - Mike Jones, Session 1
> Options for including W3C VC objects in OpenID Connect flows (Kristina)
> SIOP Use Cases - Kristina
> Credential Provider draft - Tobias and Adam
> SIOP Chooser - Jeremy and DW and Tom
> Using BB+ with JOSE and JWTs - Jeremy and DW
> Claims Aggregation draft - Nat and Edmund
> Logout Options in the face of Browser Changes - John suggested asking DW to do it
> Tim asked whether to also talk about what users understand about Web logout
> Authentic Data Economy series - David Huseby and Mike Lodder
> https://dwhuseby.medium.com/dont-use-dids-58759823378c <https://dwhuseby.medium.com/dont-use-dids-58759823378c>
> https://github.com/TrustFrame/authentic-data-specifications <https://github.com/TrustFrame/authentic-data-specifications>
>
> Mobile Driver's License
> mDL is ISO/IEC 18013-5 in SC17 WG10
> Tom told us about a request for comments by DHS on Mobile Driver's Licenses
> https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf <https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf>
> [Docket No. DHS–2020–0028]
> Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver’s Licenses
> Kristina said that the ISO specs don't use VCs or DIDs
> John talked about needing not only standards, but also regulations and issuers to get a working ecosystem
> Tony reported that Nat is working on a liaison agreement between SC17 WG4 and WG10 and the OpenID Foundation
> Nat said that this would be a Category 3 liaison
> Tony suggested that we comment supporting use of the SIOP protocol for Mobile Driver's Licenses
> Tobias asked if there is an issuance protocol
> Tony said that there is a protocol for retrieval but not issuance
> Tony suggested that he and Kristina take ownership of drafting a response to DHS
> Tom said that Kantara will be drafting a response mostly about privacy
>
> Modified SIOP Special Call Schedule
> We will be alternating Pacific-friendly and Europe-friendly calls every two weeks
> The next Europe-Friendly call will be Tuesday, April 27 at 7am Pacific Time
> The next Pacific-Friendly call will be Tuesday, May 11th at 3pm Pacific Time
> Kristina will work with Mike Leszcz on updating the Foundation calendar
> We'll reconfirm the preferred call schedule during the next special call
>
> Claims Aggregation Draft
> Nat asked Tobias and Adam about their progress on the Claims Aggregation Draft
> Tobias reported that they're working on addressing issues on their Credential Provider draft
> Tobias said that they've defined a new endpoint for indirect presentation of end-user claims
> It can use different claims formats, including VCs, MDL, JWTs
> Tobias reported that Mike suggested using access tokens with single audiences
> He said that both Edmund's draft and theirs use new endpoints
> Edmund said that the UserInfo Endpoint doesn't support request parameters to request subsets of claims
> Nat told Tom that we're talking about claims issuance and aggregation - not claims presentation
> Mike asserted that Edmund's and Nat's draft is an interface between the OP and Claims Providers
> He asked whether the Credential Provider draft describes a different kind of interface
> Tobias said that the intent of the two is similar
> Tobias said that their credential notion is suitable for indirect presentation
> There was a digression about the confusion caused by having multiple meanings for the work "credential"
> To many, credentials are things like passwords, OTPs, biometrics, etc.
> To others, they're things like medical degrees, law degrees, proof of vaccination, etc.
> Hence the confusion
> Nat said that his primary interest was when Tobias and Adam could bring their work into the working group
> They said they want to address a few more issues before sending a draft for public review
>
> Open Issues
> https://bitbucket.org/openid/connect/issues?status=new&status=open <https://bitbucket.org/openid/connect/issues?status=new&status=open>
> We ran out of time to get to this
>
> Next Calls
> The next regular Connect call is scheduled for Thursday, April 22nd, 2021 at 7am Pacific Time
> However this conflicts with IIW Day 3 agenda creation
> I'll send a separate note asking if we should cancel for this week
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210420/abbbbc96/attachment.html>
More information about the Openid-specs-ab
mailing list