[Openid-specs-ab] Spec Call Notes 2-Dec-21

Fri Dec 3 01:56:48 UTC 2021

Spec Call Notes 2-Dec-21

Torsten Lodderstedt
Tom Jones
Adam Lemmon
Kristina Yasuda
Mike Jones
Thomas Bellebaum
Joseph Heenan
Brian Campbell
John Bradley
Domingos Creado
Filip Skokan
Chandan Bokka - Deloitte
Giuseppe De Marco

OpenID Connect for Verifiable Credential Issuance Specification
              Individual draft by Torsten Lodderstedt and Kristina Yasuda
https://bitbucket.org/openid/connect/src/master/individual/draft-lodderstedt-openid-connect-4-credential-issuance-1_0.md
              Torsten gave an overview of the draft and its goals
              Goal to specify profile of Connect used in SSI as interface between Issuer and Wallet
                           Complementary to OpenID Connect for Verifiable Presentations specification
              Based on implementation experience
              OpenID Connect OPs can become credential issuers
              Enables dynamic inline credential issuance in the context of a process where the credential is used
              Can use OpenID Connect metadata
              Introduces Credential Endpoint for issuance
              Enables requesting issuance in different formats
              Separates client authentication from message integrity protection
              Thomas asked about the relationship to the Claims Aggregation draft
                           Torsten said that Claims Aggregation is about the RP's relationships, where this is about the OP's
              John asked about use in some additional scenarios
              John moved that we adopt the draft as a working group document
                           Tom asked a clarifying question about having OpenID Providers also be Credential Issuers
                                         John said that Credential Issuers need authentication and Connect gives them that
                                         Kristina said that Microsoft had reached the same conclusion
                           No objections were raised to adoption
                           The working group is asked to comment on the adoption proposal within a week

prompt=create Specification
              https://openid.net/specs/openid-connect-prompt-create-1_0.html
              The attendees unanimously approved advancing it to Implementer's Draft status
              Please thoroughly review the specification and send comments by next Friday, December 10th

PKCE and Certification
              Joseph asked what actions the Certification team should take with respect to adding certification tests for PKCE
              Mike said that Connect doesn't mention PKCE, so we shouldn't require it for certification
              Mike said that it would be OK to have a test to verify that implementations don't blow up with PKCE is used
                           John also supported that plan
              Time was short for this discussion, so we may want to continue it in a future call

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              We ran out of time to consider pull requests

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              We ran out of time to consider open issues

Next Call
              The next Working Group call is Monday, December 6th at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211203/f736877d/attachment.html>