[Openid-specs-ab] SIOP Special Call Notes 13-May-21

Mike Jones Michael.Jones at microsoft.com
Thu May 13 16:19:59 UTC 2021

SIOP Special Call Notes 13-May-21

Kristina Yasuda
Mike Jones
Adrian Gropper - Brings a patient perspective to identity discussions
Jo Vercammen - CTO for Meeco, in Belgium
David Chadwick - CEO of Verifiable Credentials Ltd. - spinout from University of Kent, Covid Credentials with OpenID Connect
Oliver Terbu
Torsten Lodderstedt
Tony Nadalin
Nat Sakimura
Justin Richer
Adam Lemmon
Pamela Dingle
Jeremie Miller
Tim Cappalli
Alen Horvat
David Waite (DW)
John Bradley

Relationship between Claims Aggregation and OIDC4VCO drafts
              Tony spoke to his desire to see the drafts merged
                           He believes that they're solving the same problem at the high level
                           He wants to avoid having two ways to deliver sets of claims
              David Chadwick said that verifiable credentials are a single package, versus sets of claims
                           He said that with VPs, it's not an OpenID Provider doing the packaging
                           Tony said that it could be
              Torsten said that claims aggregation is a packaging mechanism
                           He said that we could investigate whether aggregated claims are suitable for delivering VPs
                           He said that the Claims Aggregation draft fills in gaps left in OpenID Connect Core
                           He reported that the special group and IIW thought that other mechanisms could be used instead of aggregated claims
              Nat said that the Claims Aggregation draft also talks about presentation
                           Torsten disagreed
                           Nat said that the current writing is a bit muddled, but it is talking about presentation
                           Nat has filed issues about improving the text
              Torsten said that we need request syntax for requesting verifiable presentations
              Torsten said that the OIDC4VCO draft hasn't yet been accepted by the working group
              Nat said that the call for adoption was done just a week ago
                           The adoption decision should occur by consensus
                           This discussion is happening as a result of concerns raised
                           This is explained in issue #1229
              Torsten was in favor of aggregated claims but is concerned that the WG and IIW said that that was not preferred
              Nat suggested possibly including the approach in OIDC4VCO in the Claims Aggregation draft
              Pam expressed that these things could be addressed separately
              Torsten thought that it would be more efficient for WG members to read both drafts and form their own opinions
              Nat said that it's normal for things to change after adoption
              Mike spoke up in favor adopting the existing draft
                           He said that we can later merge things if it makes sense - just as we did with the Messages and Standard drafts
              Nat said that, as chair, he's working towards consensus
              Tony said that he wants to understand the full scope of what we're trying to do
              Kristina noted that VCs are quite different than JWT claims in the current Connect specifications
              Torsten suggests that people read both drafts and we discuss next steps during the upcoming Connect calls
                           Nat agreed

Trust Frameworks and SIOP
              DW spoke to the message he said to the list
              He said that particular communities will specify profiles of how things work for their use cases
              He said that Trust Frameworks may also specify invocation mechanisms
                           As opposed to having a special-purpose mechanism using openid:// and https://self-issued.me/
              He talked about using universal links
                           This could avoid NASCAR-like behaviors
              Oliver said that he'd be interested in how this would apply to open source wallets
                           DW said that secure wallets could seek certification within trust frameworks
                           DW said that universal links can reduce the complexity
              DW said that using OpenID Federation Entity IDs could enable for automatic registrations using resolvable sets of metadata
              Adrian asked how Federation relates to Trust Frameworks and Authenticators
                           DW said that Trust Frameworks have the benefit of starting with more constrained profiles
                           There was discussion of CTAP authenticators and choices made by Trust Frameworks
                           Adrian said that he's concerned with what the CAIRN alliance is doing
              John spoke to Trust Frameworks, such as Open Banking in the UK
                           Adrian said that this is the opposite of self-sovereign technology
                           John said that self-sovereign deployments still need to know about the veracity of information used
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210513/e1820160/attachment-0001.html>

More information about the Openid-specs-ab mailing list