[Openid-specs-ab] SIOP Special Topic Call Notes 14-Apr-22

Mike Jones Michael.Jones at microsoft.com
Thu Apr 14 21:39:30 UTC 2022


SIOP Special Topic Call Notes 14-Apr-22

Mike Jones
Kristina Yasuda
Brian Campbell
Charlie Fontana
Petteri Stenius
Torsten Lodderstedt
Kenichi Nakamura
Ben (bengo)
David Schmudde
Joseph Heenan
Juan Caballero
George Fletcher
Petteri Stenius
Jo Vercammen
David Waite

SIOP Whitepaper
              A draft is available
              https://docs.google.com/document/d/1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI/edit
              The plan is to publish it on openid.net

SIOP Call Schedule
              Kristina asked whether to move the SIOP Special Topic call to always be at 8am Pacific Time
                           This would make the call time consistent week-to-week
                           People were supportive of the change

Rebooting the Web of Trust (RWoT)
              https://www.weboftrust.info/next-event-page.html
              Scheduled for September 26-30, 2022 in The Hague, Netherlands

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #149: Credential Issuance based on OAuth
                           No longer uses "openid" scope
                                         It uses an "openid_credential" scope instead
                           George asked about other OpenID parameters that are used
                                         Torsten said that login_hint is used, but that it could be removed
                           RFC 7523 defines private_key_jwt usage, for instance
                           This replaces the OpenID issuance flow with an OAuth-based one
                           Kristina said that an OpenID issuance flow could be layered on this
                           Torsten said that this uses RAR
                           Kristina asked if people wanted a week to review the PR
                                         People said yes
                           We discussed the branding of the spec
                                         It's no longer OpenID Connect
                                         But it is about identity
                                         OpenID for Credential Issuance is a possible brand
                           Kristina said that we want to merge this before IIW, ideally
              PR #156: [OIDC4VP] and an example of presenting ISO/IEC 18013-5:2021 mDL
                           Kristina asked Kenichi to review
                           Kristina reviewed the PE syntax with others
                           We also want to merge this one before IIW
              PR #152: OP Identification/Attestation
                           This is about providing the verifier information about the wallet
                           It defines an OP Attestation JWT
                           It has an OP identifier as the "iss" claim
                           George asked whether wallets are doing Dynamic Client Registration
                           George asked whether this is all self-asserted information
                                         Torsten said that it is bound to the ID Token
                           Torsten asked people to think about whether this should always be added
                           George asked about whether we should also have an application attestation
                           Kristina discussed the secure area used for the signatures on the application
                                         Torsten said that this sounds like key attestation to him, which is something different
                           George asserted that most users will want multi-device wallets
                           George said that the wallet may want more information about the application talking to it
                           Kristina asked George to add his thoughts as issue comments
              PR #147: SIOP v2 Code Flow
                           Kristina said that we want to merge this before IIW
                           Torsten added functionality since last week
                           Mike will review
              PR #148: SIOP support metadata & Request SIOP
                           This was also updated based on feedback from last week's call
                           Kristina said that we also want to merge this before IIW
                           George reviewed and approved

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1470: SIOP response with vp_token only?
                           We will have a session on this at IIW

Next Call
              The next Connect call will be on Monday, April 18, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220414/17372a4b/attachment.html>


More information about the Openid-specs-ab mailing list