[Openid-specs-ab] Spec Call Notes 29-Mar-21
Kristina Yasuda
Kristina.Yasuda at microsoft.com
Wed Mar 31 05:47:20 UTC 2021
We have been working with Tony on mDL for SIOP use case. Should be able to share a document soon.
Thank you,
Kristina
________________________________
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> on behalf of Tobias Looker via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Sent: Wednesday, March 31, 2021 11:47:19 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Tobias Looker <tobias.looker at mattr.global>
Subject: Re: [Openid-specs-ab] Spec Call Notes 29-Mar-21
Tony can you link to this proposed mDL usage? The current conversations around SIOP and DIDs is not to couple them together, if you want to use DIDs use them otherwise don't.
Thanks,
[Mattr website]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmattr.global%2F&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690396018%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5w56xeZYTzHgitjcWgQ1WcScW3LBV5FCtlHkQbL8b5Y%3D&reserved=0>
Tobias Looker
Mattr
+64 (0) 27 378 0461
tobias.looker at mattr.global<mailto:tobias.looker at mattr.global>
[Mattr website]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmattr.global%2F&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690396018%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5w56xeZYTzHgitjcWgQ1WcScW3LBV5FCtlHkQbL8b5Y%3D&reserved=0> [Mattr on LinkedIn] <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmattrglobal&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690405982%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Uf2YQHhCyvVOOHT7q%2BjPmiBA9XJVN%2BetN%2B%2FT2dhUwjw%3D&reserved=0> [Mattr on Twitter] <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fmattrglobal&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690405982%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2lw4IsKv6ZaTHGBAC6kB%2BhwhHJMLIf3tAHOyg4m7TJY%3D&reserved=0> [Mattr on Github] <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmattrglobal&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690405982%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WfNNcyaVVXzLRhkTUoorVUn%2Bx4X7kV38lDs0KZVBKNo%3D&reserved=0>
This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
On Wed, Mar 31, 2021 at 3:42 PM Tom Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
I agree and can help with mDL. But I don't have time to write up the whole use case.
thx ..Tom (mobile)
On Tue, Mar 30, 2021, 7:38 PM nadalin--- via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
I would suggest that you add the mDL proposed usage of SIOP, as this is non-DID based, not VC/VP based, this is based on the OIDC implementation of mDL that has been through interop already. SIO is NOT just for DID
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Mike Jones via Openid-specs-ab
Sent: Monday, March 29, 2021 5:10 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
Subject: [Openid-specs-ab] Spec Call Notes 29-Mar-21
Spec Call Notes 29-Mar-21
Nat Sakimura
Mike Jones
Adam Lemmon
Tom Jones
Edmund Jay
David Waite
Vittorio Bertocci
Jeremie Miller
Tobias Looker
Pamela Dingle
External Events
Identiverse is planned as a hybrid event in Denver, June 21-23, 2021
Vittorio is doing a session on new browser features
Nat is doing a session on where are we with SIOP and DID
Currently panel with Nat, Kim, Tobias
Vittorio suggested adding someone with a different viewpoint
Internet Identity Workshop (IIW), April 20-22
Mike suggested architectural review sessions for some of key recent decisions
Tobias volunteered to do some of this
Possible topics
Tobias would like us to be crisp about what we mean by SIOP and the problems that it's solving
Portable Identifiers
Using Verifiable Credentials with OpenID Connect
Vision and Terminology
Claims Provisioning
OpenID Workshop, April 29
Working groups will present their status there
SIOP Wallet Choosing
Jeremie summarized recent discussions on choosing
He and DW had been working on mobile app-to-app style discovery
They talked about URL-based discovery within particular trust frameworks for vertical use cases
Such as health, etc.
Can take a user experience into mobile world without need for NASCAR-style experience
Lets the user make choices about providers to use
Requires publishing metadata about providers within a trust framework
DW said that the right term is probably "choosing"
See "URL Based Discovery for Trust Frameworks using SIOP" at https://hackmd.io/zhCHWDM6QcuX-CGRXzURlQ<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhackmd.io%2FzhCHWDM6QcuX-CGRXzURlQ&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690415932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1XWtF%2BLqTRhAfS1nP6lXwb9drLPrSqdoNb4XIS47mCg%3D&reserved=0>
See a demo video at https://drive.google.com/file/d/1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps/view?usp=sharing<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps%2Fview%3Fusp%3Dsharing&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690415932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wkWKweD%2B4EAfMOhOK%2BVuAtQ4ngFtnKdlBwJOXuPEOyg%3D&reserved=0>
Tom said that in healthcare, they'd already decided to register apps
He said that they can put a selector in front of their existing trust registry
Tobias reaffirmed that there's a distinction between selection, choosing, and discovery
He wants to have clear conceptual separation between them
LD Proofs and JOSE
Jeremie said he and DW have been thinking about how to make adoption of new techniques smooth for existing Connect implementations
For instance, zero-knowledge proofs of multiple claims, such as with CL02, BBS+, Idemix, or U-Prove
The holder can generate a presentation of those proofs with a subset of the claims
There's then a proof of the validity of the selective disclosure of the subsets of the claims
They're thinking about how to extend JOSE for these new kinds of proofs
An early brainstorming doc is at https://hackmd.io/RybpiMT1ShGUtt5yNgE49A<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhackmd.io%2FRybpiMT1ShGUtt5yNgE49A&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690415932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mjFIxDIrGkEaAl0hDOjnqyJaoVv8QMBe%2FFyd89B%2BPSc%3D&reserved=0>
Nat will contact Tony Nadalin, who was working on this kind of thing
British Columbia didn't want to have registration of all clients
They want to use the person as an "air gap"
Nat said that one can solve these use cases with aggregated claims
Nat said that unknown use cases are more of a challenge for aggregated claims
Ability to use a credential in the future is a driver for these representations
Open Issues
https://bitbucket.org/openid/connect/issues<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690425898%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=74Cg5RkpjX6tgdkJBNHihXgbSINu%2B1dUCBH%2F6TyngIs%3D&reserved=0>
#1213: private_key_jwt, client_secret_jwt audience
We plan to have the certification suite allow use of the issuer as the audience value in JWT Client Authentications
Decision recorded at https://gitlab.com/openid/conformance-suite/-/issues/877<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fopenid%2Fconformance-suite%2F-%2Fissues%2F877&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690425898%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gBOJUypl%2FGLuRmMO6fhL4ASca%2F4UDdnqrL0KmsMqt7g%3D&reserved=0>
Nat suggested we discuss this further on the next call
Next Calls
The next SIOP Special Topic Call is on Tuesday, March 30th, 2021 at 3pm Pacific Time (7am Japan Time)
The next regular Connect call is on Monday, April 5th, 2021 at 3pm Pacific Time
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690425898%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0Dz8L8WXcaYqBVClyFDthZNMrQYzamqR2%2BiJpABTNbM%3D&reserved=0>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce8b7690d84104e808d7608d8f3ef5c0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527556690435845%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PZ%2FePTjsA2m8evGF%2FVzhbLEtUNqLQeoR1smQY8tV2JE%3D&reserved=0>
This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210331/10a8794d/attachment.html>
More information about the Openid-specs-ab
mailing list