[Openid-specs-ab] Spec Call Notes 29-Mar-21
nadalin at prodigy.net
nadalin at prodigy.net
Wed Mar 31 02:28:27 UTC 2021
I would suggest that you add the mDL proposed usage of SIOP, as this is
non-DID based, not VC/VP based, this is based on the OIDC implementation of
mDL that has been through interop already. SIO is NOT just for DID
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf
Of Mike Jones via Openid-specs-ab
Sent: Monday, March 29, 2021 5:10 PM
To: openid-specs-ab at lists.openid.net
Cc: Mike Jones <Michael.Jones at microsoft.com>
Subject: [Openid-specs-ab] Spec Call Notes 29-Mar-21
Spec Call Notes 29-Mar-21
Nat Sakimura
Mike Jones
Adam Lemmon
Tom Jones
Edmund Jay
David Waite
Vittorio Bertocci
Jeremie Miller
Tobias Looker
Pamela Dingle
External Events
Identiverse is planned as a hybrid event in Denver, June
21-23, 2021
Vittorio is doing a session on new browser
features
Nat is doing a session on where are we with SIOP
and DID
Currently panel with Nat, Kim,
Tobias
Vittorio suggested adding someone
with a different viewpoint
Internet Identity Workshop (IIW), April 20-22
Mike suggested architectural review sessions for
some of key recent decisions
Tobias volunteered to do some of this
Possible topics
Tobias would like us to be crisp
about what we mean by SIOP and the problems that it's solving
Portable Identifiers
Using Verifiable Credentials with
OpenID Connect
Vision and Terminology
Claims Provisioning
OpenID Workshop, April 29
Working groups will present their status there
SIOP Wallet Choosing
Jeremie summarized recent discussions on choosing
He and DW had been working on mobile app-to-app style
discovery
They talked about URL-based discovery within particular trust
frameworks for vertical use cases
Such as health, etc.
Can take a user experience into mobile world without need for
NASCAR-style experience
Lets the user make choices about providers to use
Requires publishing metadata about providers
within a trust framework
DW said that the right term is probably "choosing"
See "URL Based Discovery for Trust Frameworks using SIOP" at
https://hackmd.io/zhCHWDM6QcuX-CGRXzURlQ
See a demo video at
https://drive.google.com/file/d/1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps/view?usp=s
haring
Tom said that in healthcare, they'd already decided to
register apps
He said that they can put a selector in front of
their existing trust registry
Tobias reaffirmed that there's a distinction between
selection, choosing, and discovery
He wants to have clear conceptual separation
between them
LD Proofs and JOSE
Jeremie said he and DW have been thinking about how to make
adoption of new techniques smooth for existing Connect implementations
For instance, zero-knowledge proofs of multiple claims, such
as with CL02, BBS+, Idemix, or U-Prove
The holder can generate a presentation of those
proofs with a subset of the claims
There's then a proof of the validity of the
selective disclosure of the subsets of the claims
They're thinking about how to extend JOSE for these new kinds
of proofs
An early brainstorming doc is at
https://hackmd.io/RybpiMT1ShGUtt5yNgE49A
Nat will contact Tony Nadalin, who was working on this kind of
thing
British Columbia didn't want to have registration of all
clients
They want to use the person as an "air gap"
Nat said that one can solve these use cases with
aggregated claims
Nat said that unknown use cases are more of a challenge for
aggregated claims
Ability to use a credential in the future is a driver for
these representations
Open Issues
https://bitbucket.org/openid/connect/issues
#1213: private_key_jwt, client_secret_jwt audience
We plan to have the certification suite allow use
of the issuer as the audience value in JWT Client Authentications
Decision recorded at
https://gitlab.com/openid/conformance-suite/-/issues/877
Nat suggested we discuss this further on the next
call
Next Calls
The next SIOP Special Topic Call is on Tuesday, March 30th,
2021 at 3pm Pacific Time (7am Japan Time)
The next regular Connect call is on Monday, April 5th, 2021 at
3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210330/54b98789/attachment.html>
More information about the Openid-specs-ab
mailing list