[Openid-specs-ab] SIOP Special Topic Call Notes 19-Jan-21

Mike Jones Michael.Jones at microsoft.com
Tue Jan 19 23:29:39 UTC 2021


SIOP Special Topic Call Notes 19-Jan-21

Kristina Yasuda - Microsoft Identity Standards
Dion Bramley - Affinidi
David Bantz - University of Alaska
Albert Solana - Validated ID and DIF
Oliver Terbu - DIF
Tom Jones - Independent
Mike Jones - Microsoft Identity Standards, OIDF
Torsten Lodderstedt - yes.com
Tim Cappalli - Microsoft Identity Standards
John Bradley - OIDF Board, Yubico
Tobias Looker - Mattr
Kim Cameron - Tribe ID
Chris Phillips - CANARIE
Henrik Biering - Peercraft
Markus Sabadello - W3C and DIF
Kyle Den Hartog - Mattr
David Waite - Ping Identity
Nader Helmy - Mattr
Bjorn Hjelm - Verizon, OIDF
Adam Lemmon - Tribe ID
Jeremie Miller - Ping Identity
Edmund Jay - MGI1

Agenda
              1. Quick intros

              2. Discussion on purpose of SIOP special topic calls

              3. Discussion on the goals of new SIOP work
              a) Review requirements from requirements document: https://bitbucket.org/openid/connect/src/master/SIOP/siop-requirements.md
              b) Review discussions on scopes of work
              c) Process (e.g., tools, issues on bitbucket etc.)

              4. Overview of existing drafts and scopes addressed by each (in the order of introduction)
              a) OpenID Connect Claims Aggregation (adopted): https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md
              b) OpenID Self Issued Identifiers (adopted): https://bitbucket.org/openid/connect/src/master/SIOP/draft-jones-self_issued_identifier.md
              c) Self-Issued OpenID Provider V2, draft 01 (adopted): https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
              d) OpenID Connect Credential Provider: https://mattrglobal.github.io/oidc-client-bound-assertions-spec/
              e) Smart Credentials: https://docs.google.com/document/d/1LuTuznSvmqveUKELNtV8eZOctcBgShND2e-Pemj5EYc/edit#heading=h.fsq33ckg25iw
              f) Portable Identifiers: WIP
              g) Anything missing?

              5. Next steps

Requirements Review
https://bitbucket.org/openid/connect/src/master/SIOP/siop-requirements.md

Goals Discussion
              Kristina asked what people's goals are
              Tobias talked about self-issued OPs and credential exchange
              Mike said that we're adding new functionality for new use cases, while keeping existing things working
              Albert has been working on the DIF SIOP spec
                           He said that people already know and are using OpenID Connect
              John said that there may be work for hosted providers and potentially multi-tenant providers
              Tobias: The current SIOP chapter is designed for a particular deployment model
                           He'd like us to think about hosted providers and PWAs
              Oliver: Want to use SIOP for SSI and Credentials
              Tom: SIOP doesn't require the use of DIDs
                           It should work with traditional identities as well
                           John seconded Tom's remarks

Document Survey
b) OpenID Self Issued Identifiers (adopted): https://bitbucket.org/openid/connect/src/master/SIOP/draft-jones-self_issued_identifier.md
              Tom said that there is also a draft talking about identifiers
              Tom talked about recovery - both lost key and lost account
              Markus mentioned https://github.com/decentralized-identity/secret-recovery-methods

c) Self-Issued OpenID Provider V2, draft 01 (adopted): https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
              Kristina described the scopes of work covered by this specification
              Most importantly, it enables a level of indirection
              Mike said that the draft definitely does not do some things, such as portable identifiers, which could be in other drafts
              Adam asked about the use of https://self-issued.me/v2 as the issuer
              John said that self-issued.me shouldn't be used for discovery
              Kim said that PWA and web hosted wallets need ways to identify where the issuer is located
                           Kim said that you can tell that it's self-issued because there's a "sub_jwk" claim
              John said that the issuer has two purposes: discovery and the "iss" claim value
              Kim wants things to be as symmetrical as possible
                           Kim said that we need a strong discovery mechanism based on the OP's name
              Tobias is interested in portable identities
                           He wants them to work with any provider
                           Tom asked whether there is a flow that starts with the OP yet.  Tobias said no.
              Kim said that Tribe ID has all of this running and he could show us sometime
                           That includes discovery
              Mike said that self-issued.me is a logical identifier for your own identity provider
                           We're continuing to use it that way
                           That doesn't mean that other issuers couldn't also be used to locate providers on the Web

d) OpenID Connect Credential Provider: https://mattrglobal.github.io/oidc-client-bound-assertions-spec/
              Tobias said that the draft can be used to request Credentials
              Mike said that this could be used with either self-issued or standard OP and so probably does belong in its own specification
              Tom said that a credential service provider needn't be the same as an OP
                           John said that a CSP is more like what we call a Claims Provider
              Torsten said that a server that can provide Verified Claims could also be extended to provide Credentials

a) OpenID Connect Claims Aggregation (adopted): https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md
              Edmund said that it enables a SIOP to make a request to a Claims Provider to get Aggregated and Distributed Claims

e) Smart Credentials: https://docs.google.com/document/d/1LuTuznSvmqveUKELNtV8eZOctcBgShND2e-Pemj5EYc/edit#heading=h.fsq33ckg25iw
              Adam said that it enables RPs to discover wallets and providers and communicate with them
              Kim said that Verifiable Credentials conform to particular Trust Frameworks
                           It happens in a privacy-friendly way

f) Portable Identifiers: WIP
              Tobias, Torsten, Kristina, and Oliver are working on this

g) Anything missing?
              No other drafts were mentioned

Call Schedule
              We agreed on a bi-weekly schedule and use of Bitbucket issues
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210119/e2964992/attachment-0001.html>


More information about the Openid-specs-ab mailing list