[Openid-specs-ab] whitepaper, PRs, and the next Atlantic Connect call RE: SIOP Special Topic Call Notes 14-Apr-22
Tom Jones
thomasclinganjones at gmail.com
Mon Apr 18 21:32:45 UTC 2022
We chose the term"mobile credential" in PEMC fwiw
thx ..Tom (mobile)
On Mon, Apr 18, 2022, 9:07 AM David Chadwick via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
>
> On 14/04/2022 23:18, Kristina Yasuda via Openid-specs-ab wrote:
>
> Thanks for the notes, Mike!
>
> Following up with one question and two asks on whitepaper, PRs, and the
> next Atlantic Connect call.
>
>
>
> Regarding the Whitepaper. We would like to get *WG’s input regarding the
> naming (branding) of the work*.
>
> We are making a change to base Credential Issuance specification on
> Oauth2.0 rather than OpenID Connect (PR #149). However, because the
> issuance is about identity assertions, we discussed that we want to keep
> using OpenID (note: no Connect after OpenID).
>
> What would people think *of “OpenID for Decentralized Identity
> (OpenID4DI)”* naming for the specification family of SIOPv2, OIDC4VP and
> OpenID4CI (OpenID for Credential Issuance)?
>
> Whilst it is true that the specs cater for DIDs, they also cater for VCs
> and mDLs, but none of these technologies are mandatory to implement.
> Therefore using the term DI in the title is misleading. Rather we need a
> generic term that implies all 3 of these technologies may be including
> without naming or mandating any of them. Suggestions are self-sovereign
> identity SSI (OID4SSI) or User Control (OID4UC) or SIOP (OID4SIOPv2) or
> ...<add your suggestion here>
>
> Kind regards
>
> David
>
>
> Since people are so used to calling our work “SIOP”, maybe a better idea
> is to *call the entire body of work “SIOPv2”* as an alternative….
>
> And again, huge thank you to Jo, David C., Torsten and Kenichi for being
> the lead editors and actively contributing to the whitepaper!
>
>
>
> On behalf of the editors of SIOPv2, OIDC4VP, OpenID4CI specs, I also
> wanted to highlight that we are trying to make as much progress as possible
> before IIW, OSW and EIC.
>
> *Please, please review the PRs and related issues and explicitly note if
> you approve, have no objections, or want to request changes* – you can
> use whatever is convenient to you – make a comment, clicking an
> Approve/Request Changes button, or directly tell the feedback to the
> editors.
>
>
>
> I would also like to ask if we can *spend at least half of the next
> week’s Atlantic Connect WG call (the one before the SIOP call) on OpenID4DI
> related issues*, since I think we need more time than a SIOP call to
> cover all the important ones prior to IIW.
>
>
>
> Thank you very much!
>
> Kristina
>
>
>
> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net>
> <openid-specs-ab-bounces at lists.openid.net> *On Behalf Of *Mike Jones via
> Openid-specs-ab
> *Sent:* Thursday, April 14, 2022 2:40 PM
> *To:* openid-specs-ab at lists.openid.net
> *Cc:* Mike Jones <Michael.Jones at microsoft.com>
> <Michael.Jones at microsoft.com>
> *Subject:* [Openid-specs-ab] SIOP Special Topic Call Notes 14-Apr-22
>
>
>
> SIOP Special Topic Call Notes 14-Apr-22
>
>
>
> Mike Jones
>
> Kristina Yasuda
>
> Brian Campbell
>
> Charlie Fontana
>
> Petteri Stenius
>
> Torsten Lodderstedt
>
> Kenichi Nakamura
>
> Ben (bengo)
>
> David Schmudde
>
> Joseph Heenan
>
> Juan Caballero
>
> George Fletcher
>
> Petteri Stenius
>
> Jo Vercammen
>
> David Waite
>
>
>
> SIOP Whitepaper
>
> A draft is available
>
>
> https://docs.google.com/document/d/1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI/edit
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI%2Fedit&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cb603a5a31fc34e19e98108da1e5f4db1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855693434810420%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZvTYuufYE%2FMjzIeLujvPj6USvdiazssi984unP6YF4o%3D&reserved=0>
>
> The plan is to publish it on openid.net
>
>
>
> SIOP Call Schedule
>
> Kristina asked whether to move the SIOP Special Topic call
> to always be at 8am Pacific Time
>
> This would make the call time consistent
> week-to-week
>
> People were supportive of the change
>
>
>
> Rebooting the Web of Trust (RWoT)
>
> https://www.weboftrust.info/next-event-page.html
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.weboftrust.info%2Fnext-event-page.html&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cb603a5a31fc34e19e98108da1e5f4db1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855693434810420%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZiI%2BWYjrkKplZVtoKhFJQEpCoPjzuoa4GIcK6A4jmQo%3D&reserved=0>
>
> Scheduled for September 26-30, 2022 in The Hague, Netherlands
>
>
>
> Open Pull Requests
>
> https://bitbucket.org/openid/connect/pull-requests/
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cb603a5a31fc34e19e98108da1e5f4db1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855693434810420%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5b6dkiSex1Td%2BKPK8DR8fSp1YB1L20IWAMRIw31xzqY%3D&reserved=0>
>
> PR #149: Credential Issuance based on OAuth
>
> No longer uses "openid" scope
>
> It uses an "openid_credential"
> scope instead
>
> George asked about other OpenID parameters that
> are used
>
> Torsten said that login_hint is
> used, but that it could be removed
>
> RFC 7523 defines private_key_jwt usage, for
> instance
>
> This replaces the OpenID issuance flow with an
> OAuth-based one
>
> Kristina said that an OpenID issuance flow
> could be layered on this
>
> Torsten said that this uses RAR
>
> Kristina asked if people wanted a week to
> review the PR
>
> People said yes
>
> We discussed the branding of the spec
>
> It's no longer OpenID Connect
>
> But it is about identity
>
> OpenID for Credential Issuance is
> a possible brand
>
> Kristina said that we want to merge this before
> IIW, ideally
>
> PR #156: [OIDC4VP] and an example of presenting ISO/IEC
> 18013-5:2021 mDL
>
> Kristina asked Kenichi to review
>
> Kristina reviewed the PE syntax with others
>
> We also want to merge this one before IIW
>
> PR #152: OP Identification/Attestation
>
> This is about providing the verifier
> information about the wallet
>
> It defines an OP Attestation JWT
>
> It has an OP identifier as the "iss" claim
>
> George asked whether wallets are doing Dynamic
> Client Registration
>
> George asked whether this is all self-asserted
> information
>
> Torsten said that it is bound to
> the ID Token
>
> Torsten asked people to think about whether
> this should always be added
>
> George asked about whether we should also have
> an application attestation
>
> Kristina discussed the secure area used for the
> signatures on the application
>
> Torsten said that this sounds
> like key attestation to him, which is something different
>
> George asserted that most users will want
> multi-device wallets
>
> George said that the wallet may want more
> information about the application talking to it
>
> Kristina asked George to add his thoughts as
> issue comments
>
> PR #147: SIOP v2 Code Flow
>
> Kristina said that we want to merge this before
> IIW
>
> Torsten added functionality since last week
>
> Mike will review
>
> PR #148: SIOP support metadata & Request SIOP
>
> This was also updated based on feedback from
> last week's call
>
> Kristina said that we also want to merge this
> before IIW
>
> George reviewed and approved
>
>
>
> Open Issues
>
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cb603a5a31fc34e19e98108da1e5f4db1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855693434810420%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=akDegYdK%2Bc76YJ9L4f9GEdNKJ%2FjcJxqPIp%2FGj2%2FSqdk%3D&reserved=0>
>
> #1470: SIOP response with vp_token only?
>
> We will have a session on this at IIW
>
>
>
> Next Call
>
> The next Connect call will be on Monday, April 18, 2022 at
> 4pm Pacific Time
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttps://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220418/f78e4f66/attachment.html>
More information about the Openid-specs-ab
mailing list