[Openid-specs-ab] Issue #1230: Adopt Presentation Exchange as an officially supported mechanism within SIOP (openid/connect)

nadalin at prodigy.net nadalin at prodigy.net
Fri May 7 19:17:28 UTC 2021


So from what I heard was that the use case was for people to be able to use
W3C VP in OIDC, or is there another usecase? It seems that the DIF solution
solves this, adding another way just add to confusion and more technical
solutions that have to be supported. So what is the additional value of
doing this in OIDC, if there are issues with the DIF solution maybe address
them in DIF so as to limit the technical divide.



From: Kristina Yasuda <Kristina.Yasuda at microsoft.com>
Sent: Friday, May 7, 2021 8:38 AM
To: Artifact Binding/Connect Working Group
<openid-specs-ab at lists.openid.net>; Anthony Nadalin <nadalin at prodigy.net>
Cc: David Waite <david at alkaline-solutions.com>; Daniel Buchner
<issues-reply at bitbucket.org>
Subject: Re: [Openid-specs-ab] Issue #1230: Adopt Presentation Exchange as
an officially supported mechanism within SIOP (openid/connect)



DIF PE is a finished spec in DIF and technically nothing prevents
implementations to use DIF PE in SIOP or any other OIDC flow to request
claims. What needs to be discussed is what do we want to use PE for in OIDC
and where would it bring most additional value? Once we identify that, we
just need to clearly define in some document how implementations can do so
in an interoperable way, because DIF PE can be complicated and too flexible
sometimes as David Chadvick has pointed out.



> Presentation exchange is a data model for representing a requested format
for presentations, and for providing additional metadata for understanding
the response.



This exactly why I think this is not an issue specific to a Self-issued OP
model, which focuses on solving the issues particular to this model - such
as discovery, registration, proving control over the subject identifier,
etc.



The main use-cases I have seen using DIF PE in OIDC is to request Verifiable
Presentations, in which case, I believe reference to PE belongs to OIDC4VP
(OpenID Connect for Verifiable Presentations) draft under call for adoption.
SIOP V2 draft can reference that passage in OIDC4VP draft.



>  this issue from Daniel was in part a result of me reaching out to him in
_anticipation_ of this becoming an adopted document.



Is the proposal here to adopt DIF PE document in OIDF? as a way to use it
with any OIDC flow with any claims? In that case, it should be merged with
expression language work that has been worked on in ekyc-ida WG (
<https://bitbucket.org/openid/ekyc-ida/issues/1186/expression-language>
openid / ekyc-ida / issues / #1186 - Expression Language - Bitbucket). But
again, I believe reference to a query language belongs to OIDC for VP draft
if any.



Best,

Kristina





  _____

差出人: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net
<mailto:openid-specs-ab-bounces at lists.openid.net> > が David Waite via
Openid-specs-ab <openid-specs-ab at lists.openid.net
<mailto:openid-specs-ab at lists.openid.net> > の代理で送信
送信日時: 2021年5月7日 14:36
宛先: Artifact Binding/Connect Working Group
<openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>
>; Anthony Nadalin <nadalin at prodigy.net <mailto:nadalin at prodigy.net> >
CC: David Waite <david at alkaline-solutions.com
<mailto:david at alkaline-solutions.com> >; Daniel Buchner
<issues-reply at bitbucket.org <mailto:issues-reply at bitbucket.org> >
件名: Re: [Openid-specs-ab] Issue #1230: Adopt Presentation Exchange as an
officially supported mechanism within SIOP (openid/connect)





> On May 6, 2021, at 7:56 PM, nadalin--- via Openid-specs-ab
<openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>
> wrote:
>
> So why have we spent time on this in OIDF of DIF has done this,

DIF has not “done this”. Presentation exchange is a data model for
representing a requested format for presentations, and for providing
additional metadata for understanding the response. It is not a protocol,
and specifically defines carve-outs for the actual request/response to be
defined by separate specifications like SIOP.

OIDC has a simpler scheme for requesting claims, so the decision was likely
made to model that option for the initial submission. I would be surprised
if people were unwilling to collaborate on a common ground with DIF,
considering the current SIOP work is a joint effort between DIF and OIDF.

> this is just another reason why we should not adopt this until we get
issues worked out,

“We” (Connect A/B group) will not get technical issues worked out until we
accept something as input. This is currently an external document.

Although I cannot speak for everyone, my ability to justify contributions to
non-adopted documents and to work under ‘handshake’ IPR does have limits.

> There is no real reason to do this in OIDF, any work can be done in DIF to
fit this into SIOP.

I would think that changes to SIOP to support new representations of
authentication and of claims are squarely in scope of the Connect A/B group.
Although my employer was not participating in DIF at the time, I suspect
this is the opinion by some of the DIF membership as well, hence the current
joint effort.

> I'm surprised that this was not all worked out before Mike and others
created this draft.

The purpose of an adopting a submission is not to have a small subset of
people work on a document in their own GitHub repo without any IPR
protection until they are ready for it to be a ratified standard. A
side-effect of this work not being an adopted item is that I was unaware of
it until rather recently.

Also, I would like to point out that this issue from Daniel was in part a
result of me reaching out to him in _anticipation_ of this becoming an
adopted document and wanting his input (as primary editor of Presentation
Exchange). My hope is that we will reach the other side of SIOP not just
being compatible with PE, but providing feedback to make PE an even more
capable specification.

-DW
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openi
d.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab
<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.open
id.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Ya
suda%40microsoft.com%7C8e2fc8cd654147dfb49b08d9111a1e52%7C72f988bf86f141af91
ab2d7cd011db47%7C1%7C0%7C637559626199763291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=
x0qBcvHMyQzeDjzQVAh3T%2B8xRqaMdy12krBrCr3o2vs%3D&reserved=0>
&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C8e2fc8cd654147dfb49b08
d9111a1e52%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559626199763291%7
CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL
CJXVCI6Mn0%3D%7C1000&sdata=x0qBcvHMyQzeDjzQVAh3T%2B8xRqaMdy12krBrCr3o2vs
%3D&reserved=0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210507/aef9ec66/attachment.html>


More information about the Openid-specs-ab mailing list