[Openid-specs-ab] SIOP Special Topic Call Notes 16-Feb-21
Mike Jones
Michael.Jones at microsoft.com
Tue Feb 16 23:17:43 UTC 2021
SIOP Special Topic Call Notes 16-Feb-21
Kristina Yasuda - Microsoft Identity Standards
David Moeller - Affinidi
Mike Jones - Microsoft Identity Standards, OIDF
Tom Jones - Independent
Alen Horvat - AceBlock
Adam Lemmon - Tribe ID
Xavier Vila - Validated ID
Oliver Terbu - DIF, ConsenSys
Markus Sabadello - W3C and DIF
Tony Nadalin - Independent
Vittorio Bertocci - Auth0
Wayne Change - Spruce Systems
Albert Solana - Validated ID and DIF
Edmund Jay - MGI1
Bjorn Hjelm - Verizon, OIDF
David Waite - Ping Identity
John Bradley - Yubico, OIDF
Jeremie Miller - Ping Identity
Implementation Reports
Alen described his implementations
Their first implementation was based on OpenID Connect Core Chapter 7
The main issue they ran into was lack of RP support
Albert described his implementations
They based theirs on the DIF SIOP draft
They also defined their own protocol
They defined a way to select wallets
Adam described his implementation
They are using the credential provider extension to issue health certificates in Singapore
Kristina described Microsoft's implementations
It started with the DIF SIOP draft and is migrating towards the SIOP V2 draft
Tom described his implementation
It started with Section 7
He then changed it to use loopback
It doesn't solve the multiple wallets problems
Agenda
Agenda Issues/PR review for SIOP V2 draft
1. SIOP Discovery/Invocation: #1199, #1207
2. SIOP Registration: #1198
3. Support for VP in SIOP response: #1206, #1205
4. sub_jwk when sub is DID in SIOP: #1203
Open SIOP PRs
https://bitbucket.org/openid/connect/pull-requests/9
People can review this PR
Open SIOP Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP
#1198: Registration in SIOP
Tom asked how the information gets to the OP
Mike responded that it's sent in the authorization request
Alen reported that many SIOP OPs won't have a place to host Web URLs
Alen asked about signing registration requests
Tony described the use of a query language to select the desired claims
#1205: Indicating support for VCs (SIOP)
#1206: How to support LD-Proofs in Verifiable Presentations
We discussed the IANA-registered "vc" and "vp" claims
Oliver said that the "vp" claim has some limitations
It's intended to be used for JWT-based verifiable presentations
It isn't intended for LD Proof-based VPs
Wayne said that there isn't a normative proof requirement in the VC spec
Tony said that there is required @context processing for JSON-LD VCs
Mike said that if we need an additional claim for LD-based proofs, we could define one
That's more likely to work than adding an additional parameter
Tony agreed with that approach
People seemed to be good with that approach
Oliver wants us to spend more time on this, going through pros and cons
He said that there's a hackmd document describing some tradeoffs
Mike encouraged people to file comments in the issue itself
#1203: sub_jwk when sub is DID in SIOP
John said that sub_jwk was in Chapter 7 because there wasn't another key representation available
Wayne said that some DIDs don't have a representation of the key available
John said that that would be a reason to keep the key
DW said that we might want to support multiple subjects
For instance, to enable migration among hosted providers
John wondered about security downsides of proving only one of the multiple proofs
Call Schedule
The next SIOP special topic call is in two weeks at the same time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210216/277cf6ae/attachment.html>
More information about the Openid-specs-ab
mailing list