[Openid-specs-ab] whitepaper, PRs, and the next Atlantic Connect call RE: SIOP Special Topic Call Notes 14-Apr-22
Mike Jones
Michael.Jones at microsoft.com
Mon Apr 18 19:01:30 UTC 2022
"User-Centric" is an established and positive term in the industry that more closely matches the scope of all that we're achieving than does "Decentralized". Per my comments in the doc, while decentralized data structures have their place, many aspects of User-Centric Identity are achievable without decentralized data structures.
See the proposed definitions of "User-Centric" and "User-Centric Identity" in the Terminology section. I would assert that it would be difficult to instead have a definition of "Decentralized" that made sense by itself and still encompassed the full scope of what we're achieving. Whereas adding definitions for "User-Centric" and "User-Centric Identity" tie the whole thing together.
Please see my proposed edits in the doc. I believe you'll find that using the term "User-Centric Identity" makes more sense than "Decentralized Identity" in the context of our messages.
Best wishes,
-- Mike
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Kristina Yasuda via Openid-specs-ab
Sent: Monday, April 18, 2022 11:55 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Kristina Yasuda <Kristina.Yasuda at microsoft.com>
Subject: Re: [Openid-specs-ab] whitepaper, PRs, and the next Atlantic Connect call RE: SIOP Special Topic Call Notes 14-Apr-22
Do we agree that we are looking for a term that characterizes a model where "an End-User presents a cryptographically verifiable credential (not necessarily W3C VC data model, but in a more generic definition) directly to the verifier without verifier needing to talk to the issuer"?
If we do, what is the best word?
If we are looking for a term to characterize an above-mentioned model, I would want to avoid "Self-Sovereign", or even "Self-Issued". Credentials presented by the user are issued by the Issuer and are not "Self-Issued" by the End-User; It's up to the RP/Verifier to decide if they will accept credentials presented by the End-User, so it's not "Self-sovereign".
When proposing OpenID for Decentralized Identity, I did not have in mind an absolute necessity of DIDs, but the above-mentioned model. So, it's interesting to learn that you automatically associated a term "Decentralized Identity" to DIDs.
For me "user-centric"/"Direct Presentation" has been the most appealing term, though I fear it might be a little too generic.
Best,
Kristina
---
Copying Giuseppe's preferences below, since I chose to respond to David's email for more context.
"In order of personal preference:
1. OID4SSI
2. SIOID (Self Issued OpenID)
3. OID4SIOPv2 (even if we should consider that the specs cover more than the SIOP)
4. OID4UC
"
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of David Chadwick via Openid-specs-ab
Sent: Monday, April 18, 2022 9:08 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: David Chadwick <d.w.chadwick at verifiablecredentials.info<mailto:d.w.chadwick at verifiablecredentials.info>>
Subject: Re: [Openid-specs-ab] whitepaper, PRs, and the next Atlantic Connect call RE: SIOP Special Topic Call Notes 14-Apr-22
On 14/04/2022 23:18, Kristina Yasuda via Openid-specs-ab wrote:
Thanks for the notes, Mike!
Following up with one question and two asks on whitepaper, PRs, and the next Atlantic Connect call.
Regarding the Whitepaper. We would like to get WG's input regarding the naming (branding) of the work.
We are making a change to base Credential Issuance specification on Oauth2.0 rather than OpenID Connect (PR #149). However, because the issuance is about identity assertions, we discussed that we want to keep using OpenID (note: no Connect after OpenID).
What would people think of "OpenID for Decentralized Identity (OpenID4DI)" naming for the specification family of SIOPv2, OIDC4VP and OpenID4CI (OpenID for Credential Issuance)?
Whilst it is true that the specs cater for DIDs, they also cater for VCs and mDLs, but none of these technologies are mandatory to implement. Therefore using the term DI in the title is misleading. Rather we need a generic term that implies all 3 of these technologies may be including without naming or mandating any of them. Suggestions are self-sovereign identity SSI (OID4SSI) or User Control (OID4UC) or SIOP (OID4SIOPv2) or ...<add your suggestion here>
Kind regards
David
Since people are so used to calling our work "SIOP", maybe a better idea is to call the entire body of work "SIOPv2" as an alternative....
And again, huge thank you to Jo, David C., Torsten and Kenichi for being the lead editors and actively contributing to the whitepaper!
On behalf of the editors of SIOPv2, OIDC4VP, OpenID4CI specs, I also wanted to highlight that we are trying to make as much progress as possible before IIW, OSW and EIC.
Please, please review the PRs and related issues and explicitly note if you approve, have no objections, or want to request changes - you can use whatever is convenient to you - make a comment, clicking an Approve/Request Changes button, or directly tell the feedback to the editors.
I would also like to ask if we can spend at least half of the next week's Atlantic Connect WG call (the one before the SIOP call) on OpenID4DI related issues, since I think we need more time than a SIOP call to cover all the important ones prior to IIW.
Thank you very much!
Kristina
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net><mailto:openid-specs-ab-bounces at lists.openid.net> On Behalf Of Mike Jones via Openid-specs-ab
Sent: Thursday, April 14, 2022 2:40 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: Mike Jones <Michael.Jones at microsoft.com><mailto:Michael.Jones at microsoft.com>
Subject: [Openid-specs-ab] SIOP Special Topic Call Notes 14-Apr-22
SIOP Special Topic Call Notes 14-Apr-22
Mike Jones
Kristina Yasuda
Brian Campbell
Charlie Fontana
Petteri Stenius
Torsten Lodderstedt
Kenichi Nakamura
Ben (bengo)
David Schmudde
Joseph Heenan
Juan Caballero
George Fletcher
Petteri Stenius
Jo Vercammen
David Waite
SIOP Whitepaper
A draft is available
https://docs.google.com/document/d/1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI/edit<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI%2Fedit&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C908e2849c2294a93433808da21559a0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637858950319054394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0ZHkJCvbwpiCl1wSm1BrmQy9rg49rMl29kPuKtcVnXk%3D&reserved=0>
The plan is to publish it on openid.net
SIOP Call Schedule
Kristina asked whether to move the SIOP Special Topic call to always be at 8am Pacific Time
This would make the call time consistent week-to-week
People were supportive of the change
Rebooting the Web of Trust (RWoT)
https://www.weboftrust.info/next-event-page.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.weboftrust.info%2Fnext-event-page.html&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C908e2849c2294a93433808da21559a0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637858950319054394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lSUSCZ6MSOIe%2BGDq%2B0%2BmSWZK%2FteiFw1mUIwTVtJc5lg%3D&reserved=0>
Scheduled for September 26-30, 2022 in The Hague, Netherlands
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C908e2849c2294a93433808da21559a0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637858950319054394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WZ238oXBaHMpgpQLQyhgtNk7KXPwNHys3IZNQjlsr5Q%3D&reserved=0>
PR #149: Credential Issuance based on OAuth
No longer uses "openid" scope
It uses an "openid_credential" scope instead
George asked about other OpenID parameters that are used
Torsten said that login_hint is used, but that it could be removed
RFC 7523 defines private_key_jwt usage, for instance
This replaces the OpenID issuance flow with an OAuth-based one
Kristina said that an OpenID issuance flow could be layered on this
Torsten said that this uses RAR
Kristina asked if people wanted a week to review the PR
People said yes
We discussed the branding of the spec
It's no longer OpenID Connect
But it is about identity
OpenID for Credential Issuance is a possible brand
Kristina said that we want to merge this before IIW, ideally
PR #156: [OIDC4VP] and an example of presenting ISO/IEC 18013-5:2021 mDL
Kristina asked Kenichi to review
Kristina reviewed the PE syntax with others
We also want to merge this one before IIW
PR #152: OP Identification/Attestation
This is about providing the verifier information about the wallet
It defines an OP Attestation JWT
It has an OP identifier as the "iss" claim
George asked whether wallets are doing Dynamic Client Registration
George asked whether this is all self-asserted information
Torsten said that it is bound to the ID Token
Torsten asked people to think about whether this should always be added
George asked about whether we should also have an application attestation
Kristina discussed the secure area used for the signatures on the application
Torsten said that this sounds like key attestation to him, which is something different
George asserted that most users will want multi-device wallets
George said that the wallet may want more information about the application talking to it
Kristina asked George to add his thoughts as issue comments
PR #147: SIOP v2 Code Flow
Kristina said that we want to merge this before IIW
Torsten added functionality since last week
Mike will review
PR #148: SIOP support metadata & Request SIOP
This was also updated based on feedback from last week's call
Kristina said that we also want to merge this before IIW
George reviewed and approved
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C908e2849c2294a93433808da21559a0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637858950319054394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S1mpaZ%2FzX1dcotmQqLdunCFlKoYFP6nF2ImbH6%2B3fZU%3D&reserved=0>
#1470: SIOP response with vp_token only?
We will have a session on this at IIW
Next Call
The next Connect call will be on Monday, April 18, 2022 at 4pm Pacific Time
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C908e2849c2294a93433808da21559a0f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637858950319054394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FHRKdWZZkdCpMB5umVFEOdFW9jto9ZCtwmFz8JUeXMM%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220418/9ed4b732/attachment.html>
More information about the Openid-specs-ab
mailing list