[Openid-specs-ab] Spec Call Notes 26-Jul-2021

Mon Jul 26 23:58:36 UTC 2021

Mike Jones
David Waite
Tim Cappali
Vittorio Bertocci
Jeremie Miller
Anthony Nadalin
Edmund Jay
Kristina Yasuda
Tobias Looker

Regrets: Nat Sakimura

Events

  *   https://www.kuppingercole.com/events/eic2021

Browser Special Call

  *   Wed 2021-07-28 will be the last special call held at OIDF
  *   Will be replaced by W3C Federated Identity Community Group that starts on Aug.2: https://www.w3.org/community/fed-id/
  *

SIOP Special Call

  *   Good progress on PRs/Issues; one issue to be discussed at the Connect WG call - to be brought up later

Response to DHS on mDL from OpenID Foundation

  *   Tony and Kristina had a call with Gail who recommended introducing some language that recommends some protocols over the other
  *   WG agreed to keep neutrality and focus on the description of the specification, and stay away from the recommendations on how the protocols should be used

OpenID Federation Spec

  *   expect response from the editors to the received comments this week
  *   editors plan to introduce editorial changes, but no breaking changes
     *   DW's detailed comments will be responded in detail, but will not result in the breaking changes at this moment, potentially later

PRs

  *

https://bitbucket.org/openid/connect/pull-requests/40

     *   To be discussed by the Federation Spec editors

  *

https://bitbucket.org/openid/connect/pull-requests/39

     *   Tobias working with Nat to incorporate comments that has been made

Issues

  *

https://bitbucket.org/openid/connect/issues?status=new&status=openhttps://bitbucket.org/openid/connect/issues

  *   #1267

     *
Mike to review whether this initial language regarding successful client registration response has been superseded by SIOP V2 work or not
  *
#1271
     *
Tobias explained that editors of CA are looking for a name to express a vehicle to carry (aggregated) user claims
        *
Credential is too generic, and already defined in OIDC Core
        *
Claim set does not bring forefront the properties important in Claims Aggregation (CA) - binding, etc.
     *
Vittorio asked what's the difference with the artifacts we already have, still not clear why new terms are needed
        *
Tobias explained that already existing mechanisms - ID Token and UserInfo. In CA, Indirect presentation via an Intermediary Provider
        *
Vittorio transmit the claims btw provider A and provider B, just differently scoped
  *
#1246
     *
Kristina noted the comments on the PR that point out that strong binding is not necessary
     *
Edmund commented that the initial motivation was to prevent impersonation at the presentation
  *
#1250
     *
Kristina described that the issue describes that merging CA and CP drafts means merging arguably quite distinct concepts of Aggregated Claims and Verifiable Credentials that may have separate binding mechanisms, request syntax, etc. as comments in PR #39 point out
     *
Mike commented that once PR #39 is merged we should evaluate if capabilities described in this issue are met
  *
#1268
     *
An issue that describes a bulk of comments made regarding the Credential Provider Draft
     *
Tobias to review
  *
#1255
     *
discussion that touches upon SIOP and Federation Specification, not actionable at this moment

The call adjourned at 16:50 PST

Kristina

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210726/e1dd1f21/attachment.html>