[Openid-specs-ab] SIOP Special Call Notes 15-Jun-21

Tue Jun 15 23:28:17 UTC 2021

SIOP Special Call Notes 15-Jun-21

Kristina Yasuda
Mike Jones
John Bradley
Tony Nadalin
Jeremie Miller
David Waite (DW)
Adam Lemmon
Edmund Jay
Pamela Dingle
Nat Sakimura

External Organizations
              Identiverse (next week)
                           Panel: Where we are with SIOP and DIDs
              https://identiverse.com/idv2021/session/SESCJBD86OHB664FD/

Open SIOP Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP
              #1242: Specify how multiple claims should be included in a Verifiable Presentation
                           The draft specifies an array
                           Closed during the call since the array format in the specification already enables this
              #1230: Adopt Presentation Exchange as an officially supported mechanism within SIOP
                           Closed during the call, since PR #20 accomplishes this
              #1218: Verifiable Presentations do not work outside of their own protocol
                           Closed during the call, since PR #21 addressed this issue
                           There was an ensuing discussion about presentation requests and formats for them

Terminology HackMD Document
              https://hackmd.io/@dwaite/Hyg0vTZFd
              This arose from issue #1239: We should stop using "SIOP" as an umbrella term and instead talk about individual features.
              Mike disagreed with including the "Collective" term, as the instances are not cooperating with one another
              There was a discussion on the definition of "Trust Framework"
                           Tony pointed out that OIX has a definition - in The Open Identity Trust Framework (OITF) Model
              There was a discussion on the use of the issuer self-issued.me as a protocol switch
                           We agreed that it was OK to say this non-normatively in the SIOP V2 draft
                           DW said that using universal links might require using a different authorization endpoint
                                         Mike suggested that we write down a proposal for how to use universal links
              We agreed to the "Cryptographically Proven Subject Authority" remarks
              We discussed the "No Cryptographically-stated Subject Userinfo" point
                           Mike said that even for the UserInfo Endpoint, there's still a cryptographic chain assuring the integrity of the claims
                           DW said that with 3rd party issuers, they're asserting the claims, rather than the SIOP
                           Nat said that the Claims Aggregation draft is partly dealing with that
                           Mike said that, per Tom Jones' earlier issue #1232, the signature on claims merely provides integrity protection for the claims
                                         It doesn't mean that they're verified, in general
                           We said that eKYC, VCs, and/or Claims Aggregation can fill this gap for particular use cases
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210615/f371cd76/attachment.html>