[Openid-specs-ab] Spec Call Notes 29-Mar-21
Mike Jones
Michael.Jones at microsoft.com
Tue Mar 30 00:10:29 UTC 2021
Spec Call Notes 29-Mar-21
Nat Sakimura
Mike Jones
Adam Lemmon
Tom Jones
Edmund Jay
David Waite
Vittorio Bertocci
Jeremie Miller
Tobias Looker
Pamela Dingle
External Events
Identiverse is planned as a hybrid event in Denver, June 21-23, 2021
Vittorio is doing a session on new browser features
Nat is doing a session on where are we with SIOP and DID
Currently panel with Nat, Kim, Tobias
Vittorio suggested adding someone with a different viewpoint
Internet Identity Workshop (IIW), April 20-22
Mike suggested architectural review sessions for some of key recent decisions
Tobias volunteered to do some of this
Possible topics
Tobias would like us to be crisp about what we mean by SIOP and the problems that it's solving
Portable Identifiers
Using Verifiable Credentials with OpenID Connect
Vision and Terminology
Claims Provisioning
OpenID Workshop, April 29
Working groups will present their status there
SIOP Wallet Choosing
Jeremie summarized recent discussions on choosing
He and DW had been working on mobile app-to-app style discovery
They talked about URL-based discovery within particular trust frameworks for vertical use cases
Such as health, etc.
Can take a user experience into mobile world without need for NASCAR-style experience
Lets the user make choices about providers to use
Requires publishing metadata about providers within a trust framework
DW said that the right term is probably "choosing"
See "URL Based Discovery for Trust Frameworks using SIOP" at https://hackmd.io/zhCHWDM6QcuX-CGRXzURlQ
See a demo video at https://drive.google.com/file/d/1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps/view?usp=sharing
Tom said that in healthcare, they'd already decided to register apps
He said that they can put a selector in front of their existing trust registry
Tobias reaffirmed that there's a distinction between selection, choosing, and discovery
He wants to have clear conceptual separation between them
LD Proofs and JOSE
Jeremie said he and DW have been thinking about how to make adoption of new techniques smooth for existing Connect implementations
For instance, zero-knowledge proofs of multiple claims, such as with CL02, BBS+, Idemix, or U-Prove
The holder can generate a presentation of those proofs with a subset of the claims
There's then a proof of the validity of the selective disclosure of the subsets of the claims
They're thinking about how to extend JOSE for these new kinds of proofs
An early brainstorming doc is at https://hackmd.io/RybpiMT1ShGUtt5yNgE49A
Nat will contact Tony Nadalin, who was working on this kind of thing
British Columbia didn't want to have registration of all clients
They want to use the person as an "air gap"
Nat said that one can solve these use cases with aggregated claims
Nat said that unknown use cases are more of a challenge for aggregated claims
Ability to use a credential in the future is a driver for these representations
Open Issues
https://bitbucket.org/openid/connect/issues
#1213: private_key_jwt, client_secret_jwt audience
We plan to have the certification suite allow use of the issuer as the audience value in JWT Client Authentications
Decision recorded at https://gitlab.com/openid/conformance-suite/-/issues/877
Nat suggested we discuss this further on the next call
Next Calls
The next SIOP Special Topic Call is on Tuesday, March 30th, 2021 at 3pm Pacific Time (7am Japan Time)
The next regular Connect call is on Monday, April 5th, 2021 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210330/4183b365/attachment.html>
More information about the Openid-specs-ab
mailing list