[Openid-specs-ab] SIOP call agenda (2022-Apr-7) - Atlantic call @ 8AM PST

Kristina Yasuda Kristina.Yasuda at microsoft.com
Wed Apr 6 23:54:44 UTC 2022 

Hi All,

Below is a proposed agenda for the SIOP call. See you soon!


- IPR reminder/recording

- Introductions/re-introductions

- Agenda bashing/adoption

- Events/External orgs (borrowed from MODERNA WG's notes, since it had a great summary)
o OpenID Foundation Workshop Spring, Mountain View, CA, Apr. 25, 2022 (in person and remote)
o IIW Spring, Mountain View, CA, Apr. 26-28, 2022
o OAuth Security Workshop<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foauth.secworkshop.events%2F&data=05%7C01%7Ckristina.yasuda%40microsoft.com%7C4ee20d726247447b7cfb08da1191c070%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841616144031171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=miJtjuTN7RdpP6E6zRDnN97608VCgqdzgrSRSPrbxss%3D&reserved=0>, Trondheim, Norway, May 4-6, 2022
o European Identity and Cloud Conference (EIC)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kuppingercole.com%2Fevents%2Feic2022&data=05%7C01%7Ckristina.yasuda%40microsoft.com%7C4ee20d726247447b7cfb08da1191c070%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841616144031171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=QxU3VplOV6as%2BejGZ7AEg3Igv0Y0yb41drtOT8vP%2BKo%3D&reserved=0>, Berlin, Germany, May 10-13, 2022
o RSA<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsaconference.com%2Fusa&data=05%7C01%7Ckristina.yasuda%40microsoft.com%7C4ee20d726247447b7cfb08da1191c070%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841616144031171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=%2FUNaWN9240530f4CpKZDG7KN6TIR9uloDHr2%2BZ36Kuo%3D&reserved=0>, San Francisco, CA, Jun. 6-9, 2022
o Identiverse<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidentiverse.com%2F&data=05%7C01%7Ckristina.yasuda%40microsoft.com%7C4ee20d726247447b7cfb08da1191c070%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841616144081160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=GNs%2BlfjT6Nk8lDke4beUm%2B%2FCx2wQiOdHce%2FKzGlcJBA%3D&reserved=0>, Denver, CO, Jun. 20-23, 2022
- PRs https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C076de138a9434313d7df08da07b1c590%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637830758257768797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=NvwjmfI%2Fu8jgnKi%2FREuHrJnm0RjZmYT6F5I1XjaCxiY%3D&reserved=0>

  *   Discuss - please review (discussion max 15min each)

     *   PR #138 - oidc4vci: pre-authorized code. Issue 1465

        *   Discuss Security Considerations

     *   PR# 147 - SIOPv2 code flow. Issue 1399

        *   Introduce a PR

     *   PR#148 - metadata indicating support for SIOPv2. Issue 1430/1431

        *   Introduce a PR

     *   PR #145: oidc4vci: Revises the approach to credential metadata publishing. Issue 1466

        *   Discuss

     *   PR#143: siopv2: usage of encrypted id_token_hint

        *   Hoping to merge

     *   PR #142 oidc4vp: example with anoncreds

        *   Hoping to merge

     *   PR #144 Update SIOPv2 definition

        *   Hoping to merge. Might need to do another one based on PRs 147, 148.
- Issues https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DSIOP%26component%3DVerifiable%2520Presentation%26component%3DCredential%2520Issuance&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C076de138a9434313d7df08da07b1c590%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637830758257768797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=ccce9PXmdGPLv%2FssVmoUlIkXN%2FudMScnnEVJSuAegHQ%3D&reserved=0>

  *   (Max 15min per issue)

  *   #1473: RP as synonym for wallet might be misleading
- As discussed in the previous SIOP call, editors triaged the issues to identify potential breaking changes in SIOPv2 and OIDC4VP specifications. This is important to be able to refer to these standards in ISO documents.

  *   Breaking

     *   1470: [oidc4vp] response_type = vp_token only in OIDC4VP

        *   [siopv2] guidance around which claim the RP uses to re-authenticate the user, if it does (many issues boil down to this)

     *   1399: [siopv2] add text to SIOP that it can be used with traditional Ops
     *   1430/1431: [siopv2] adding RP/SIOP metadata to clarify it is SIOP
     *   1402: [siopv2] Cross device flow w/ and w/o authorization_endpoint

  *   Non-breaking

     *   1412: [siopv2] (optional) attestation claim to the ID Token - would not be breaking unless optional
     *   1401: [siopv2] Advanced/Better discovery/registration - might be important in light of solving a NASCAR problem
     *   1448: [siopv2] def of cross-device
     *   1389: [oidc4vp] unify vp_formats

- AOB





Best,

Kristina




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220406/7d66dd45/attachment.html>

More information about the Openid-specs-ab mailing list