[Openid-specs-ab] SIOP Special Call Notes 2-Dec-21

Fri Dec 3 01:57:51 UTC 2021

SIOP Special Call Notes 2-Dec-21

Kristina Yasuda
David Chadwick
Daniel Fett
Jo Vercammen
Mike Jones
John Bradley
Tom Jones
Chandan Bokka
Stephane Durand

SIOP and OIDC4VP Implementer's Draft Process
              Kristina said that ISO can only reference Implementer's Drafts or Final Specifications
              ISO/IEC 23220-4 is referencing SIOP
              Kristina asked what you can change after making an Implementer's Draft
                           John replied that you can change anything
              Daniel Fett plans to take a first stab at Security Considerations for the SIOP draft next week
              After merging #70 for SIOP and #75 for OIDC4VP, we plan to progress them to Implementer's Drafts
              John described the OpenID Intellectual Property process
              Daniel suggested a week of internal review before the public review starts
                           People should get their detailed review comments in on both by Friday, December 10th

OAuth Security Workshop
              Daniel summarized some discussions at the just-concluded OAuth Security Workshop
              The sessions were recorded
                           There's YouTube channel called OAuth Security Workshop
              https://www.youtube.com/channel/UC49TGnjbTmGEeuTAF7naMuQ

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              #70: simplifying did_methods_supported metadata
                           Kristina requested that Mike review the changes made in response to his comments
                           We agreed to merge after Mike's review
              #75: [OIDC4VP] adding few sections and clarifications
                           We agreed to merge this

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1361: Is `i_am_siop` sufficient to distinguish SIOP and non-SIOP ID tokens?
                           We talked about RPs ignoring this claim when they don't understand it
              #1340: Sending the presentation definition by reference
                           David Chadwick will write a PR for this
              We proposed to close these issues due to agreements with DIF about Presentation Exchange
                           #1329: Attempt to converge format/selection in verifiable_presentations with presentation_submission
                           #1245: Correct the format property's name/location
                           #1264: Include input_descriptor `id` in OIDC4VP response and request
                           #1252: Replace PE Schema with Type
                           They will be closed soon unless people object
                           David will create a new issue about making Presentation Submission optional
              #1363: SIOP error response
                           Mike said that it's always legal to return additional errors
                           And he said that we can define new errors if wanted
                           Kristina will ask those giving her the feedback what errors they want to be defined
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211203/683c67a3/attachment.html>