[Openid-specs-ab] SIOP call notes (2021-Nov-11) - Atlantic call

Kristina Yasuda Kristina.Yasuda at microsoft.com
Sat Nov 13 01:28:30 UTC 2021 

Giuseppe De Marco
Roland Hedberg
Daniel Fett
Niels Klomp
Oliver Terbu
David Waite
Joseph Heenan
Jeremie Miller
Tom Jones
David Chadwick
Mike Jones
Juan Cabarello
Bjorn Hjelm
Kristina Yasuda


- IPR reminder/recording

- Introductions/re-introductions

- Agenda adopted

- Events/External orgs

  *   VC-data-model v.1.1 draft is out. Voting until Jan 2021.
     *   mainly editorial, clarifications; biggest change is in LDP
        *   https://www.w3.org/TR/vc-data-model<https://www.w3.org/TR/vc-data-model/#proof-formats>
     *   Please review the following PR to incorporate JWT-VC clarification part to v1.1
        *   https://github.com/w3c/vc-data-model/pull/828#issuecomment-965569673

        *   once PR is merged, the text in the latest editor's draft will be updated
     *   Two contentious issues in JWT-VCs were related to 1/ nonces - remove or not; and 2/ claims

- PRs https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Cc25cb6e6379d4902265408d99fa5aa70%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637716356217740950%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Z5lqVpVObmvm4JvGjplzu2DiT4np%2B1h2M2YCMoXJ1aQ%3D&reserved=0>

  *   PR#70 simplifying did_methods_supported metadata.
     *   Jeremie suggested to generalize `did_methods_supported`​ parameter to `methods_supported` so that it can support not only DIDs
        *   Kristina said that we currently do not have `methods_supported` for URIs other than DIDs, and she would be against generalizing without a concrete example what would be added in addition to did_methods
        *   DW commented that another option is to generalize two registration parameters `sub_syntax_type` and `did_methods_supported` into one parameter
        *   Jeremie to make a comments regarding `methods_supported`.
     *   For jwk URI scheme, one of `sub_syntax_type`, Mike is planning to define it in IETF within the next few weeks
     *   Niels suggested defining a language that allows to specify which DID Methods are NOT supported by the implementation.
        *   Mike said that in general, OpenID Connect has avoided negative metadata. Not including a parameter is used to signal that a certain parameter is not supported.
        *   Niels said that it is unrealistic for an implementation to list nearly 100 DID methods when it supports all DID methods except for 2 or 3.
        *   Niels to suggest a language in this PR regarding negative metadata
  *   PR#50 response-as-push
     *   Overview of the suggested PARM flow is, when the response is too large in size, SIOP can HTTP POST the response to the PARM endpoint newly hosted by the RP, receive `response_uri` and send a `response_uri` (response version of OAuth2.0 PAR - Pushed Authorization Request)
     *   Jeremie explained that PARM is a superset of response_mode=post. Parties who want to do response_mode=post will start a PARM flow, but will end a flow after HTTP POST to the endpoint and will not receive response_uri.
        *   Kristina said that she would prefer full PARM and a simple HTTP POST be a different response_mode, because the PARM endpoint will be different from an endpoint for a simple HTTP POST (=redirect_uri)
        *   Mike suggested to define a new response_type or response_mode for PARM to adhere to Connect architecture that differentiates different flows based on those parameters
        *   Kristina said that support for OAuth 2.0 PAR is advertised based on the support for the endpoint in the RP metadata, without a new endpoint
     *   Mike pointed out that currenlty the entire Cross-device section has been deleted and adviced that the general descriptionof a cross-device flow explaining why it exists, what it does, and what its security implications are should be retained. Jeremie agreed.
     *   Jeremie said he would edit the PR based on the feedback received today
     *

- Issues - we did not have time for the issues

  *   https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DSIOP%26component%3DVerifiable%2520Presentation&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Cc25cb6e6379d4902265408d99fa5aa70%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637716356217760961%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BUjd1xBOM5qxPawjodzfkcQu3ercnM9DJSWLmHlsoVQ%3D&reserved=0>

Best,

Kristina



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211113/6417efe9/attachment.html>

More information about the Openid-specs-ab mailing list