[Openid-specs-ab] SIOP Special Call Notes 1-Jun-21

Mike Jones Michael.Jones at microsoft.com
Wed Jun 2 00:28:14 UTC 2021


SIOP Special Call Notes 1-Jun-21

Kristina Yasuda
Mike Jones
Tony Nadalin
Jeremie Miller
David Waite (DW)
Pamela Dingle
Dmitri Zagidulin
Tim Cappalli
Edmund Jay

Open SIOP Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP
              #1239: We should stop using "SIOP" as an umbrella term and instead talk about individual features.
              We continued discussing this issue, which we'd started on the previous SIOP call
              Dmitri said that self-issued.me is a protocol switch
              Mike said that part of that switch is that a self-issued OP can't host any metadata
              Mike said that a conceptual difference is that with SIOP, you host your own claims, rather than a third party
                           That's a control difference - not a protocol difference
                           But it's part of why SIOP is interesting to User-Centric Identity / SSI advocates
              Pam proposed that we create a document with shared editing to work on this
                           DW will create a HackMD document for us to work on together
                           He requests that people mostly make comments, rather than directly making edits
              Another difference is how the key is retrieved
                           3rd party OPs use the hosted JWK Set
                           SIOP V1 uses the sub_jwk
                           SIOP V2 enables a level of indirection, such was using a DID or an Entity Statement
              About "Non-identified SIOP instance", Kristina said that that is a benefit, as it prevents correlation
                           There is no identifier for a particular SIOP instance
              DW noted that his list in the issue is a list of what SIOP V1 does - not all the properties that we might want
              This issue is related to #1209: For migration, should support multiple subjects at once in portable identifiers cases
              On "Reduced back-channel accessibility", the problem is that there's no place to host Web Endpoints
              On "Implicit-only interactions", Mike said that only Implicit flows are possible because there's no place to host a Token Endpoint
              Mike suggested adding a point "No place to host Web Endpoints", from which some of the others derive
                           "Just-in-time Client Registration" is another consequence of "No place to host Web Endpoints"
              Pam asked about the relationship between Dynamic Client Registration and Ad-Hoc Trust
                           For instance, is the dynamic registration state remembered or is trust re-established on each use?
                           DW said that registrations are remembered so that pairwise identifiers can be maintained
                           DW wondered how Automatic Registration deals with changes in client properties
              Mike said this would be a fabulous time for people to review the OpenID Connect Federation spec to see if it's clear on these points
              DW espoused the role of Trust Frameworks to profile specifications and represent trust in entities
              Kristina asked Dmitri about Solid's use of something like Entity Statements
                           Dmitri said that Solid's Client IDs are URLs that you resolve to retrieve metadata
                           Mike thanked Dmitri for the parallel data point

Credential Provider Draft
              Tobias contributed the Credential Provider Draft
                           See http://lists.openid.net/pipermail/openid-specs-ab/2021-May/008356.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210602/125ca930/attachment.html>


More information about the Openid-specs-ab mailing list