[Openid-specs-ab] SIOP call agenda (2022-Apr-21) - Atlantic call @ 8AM PST

Kristina Yasuda Kristina.Yasuda at microsoft.com
Thu Apr 21 03:18:33 UTC 2022 

Hi All,

Below is a proposed agenda for the SIOP call. Please review the PRs, especially those marked as "hoping to merge". See you soon!

Thank you so much to everyone who has given amazing feedback to the whitepaper "OpenID Connect for User Centric Identity" (preliminary name), please keep reviewing!
It is very helpful triaging existing comments/suggestions if you could indicate +1 or -1 to them.
The plan is to discuss at IIW and publish at EIC from OpenID Foundation.
https://docs.google.com/document/d/1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI/edit<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI%2Fedit&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2Onb%2BpwRvEb1%2FBoO5n%2BHFyfr%2BBkDLBod%2B8iOWAwQxEA%3D&reserved=0>

I have also compiled a sheet for the IIW sessions I have heard of so far, please feel free to edit/update: OIDF IIW Sessions??? :D - Google Sheets<https://docs.google.com/spreadsheets/d/1-vrUqJNOQxW8LQi3trmY0FVerHjuAtBiEOKiZVgUDHE/edit#gid=0>


- IPR reminder/recording

- Introductions/re-introductions

- Agenda bashing/adoption

- Events/External orgs (borrowed from MODERNA WG's notes, since it had a great summary)
o OpenID Foundation Workshop Spring, Mountain View, CA, Apr. 25, 2022 (in person and remote)

        *   OIDF-DIF dinner on Monday 25th from 6pm @ Craft House Sunnyvale
o IIW Spring, Mountain View, CA, Apr. 26-28, 2022
o OAuth Security Workshop<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foauth.secworkshop.events%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5ICd15TIbq5dJcsSUGiF7lKqv61eALbsvLKmLRAkMeI%3D&reserved=0>, Trondheim, Norway, May 4-6, 2022
o European Identity and Cloud Conference (EIC)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kuppingercole.com%2Fevents%2Feic2022&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FikPnFNzGcNJ5RubaYS9ze4K7hEbM3DUjbWMgWb2Jlc%3D&reserved=0>, Berlin, Germany, May 10-13, 2022
o RSA<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsaconference.com%2Fusa&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7m0UW5q3xJW6rehHX%2Fv9jJFNX6YRZESbUrdS2y35e50%3D&reserved=0>, San Francisco, CA, Jun. 6-9, 2022
o Identiverse<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidentiverse.com%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=tFGQ8ry9NaqhHbT83C4hzE1mIj9uixB9U8udse4t93o%3D&reserved=0>, Denver, CO, Jun. 20-23, 2022
- PRs https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZUZZcZhDOTWFewbtlRSm6eaolH1t9lK3wAF%2FXkfREac%3D&reserved=0>

  *   Discuss - please review (discussion max 15min each)

     *   Hoping to merge PR #149 - [OIDC4CI] Credential Issuance based on Oauth
     *   Hoping to merge PR #156 - [OIDC4VP] add an example of presenting ISO/IEC 18013-5:2021 mDL

     *   Hoping to merge PR #147 - SIOPv2 code flow. Issue 1399
     *   Hoping to merge PR #148 - metadata indicating support for SIOPv2. Issue 1430/1431

     *   Merged PR #143: siopv2: usage of encrypted id_token_hint
     *   New: PR #157: Building Trust Between Wallet and Issuer
     *   PR #145: oidc4vci: Revises the approach to credential metadata publishing. Issue 1466

     *   PR #152 - [siopv2] OP Identification/Attestation
- Issues https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DSIOP%26component%3DVerifiable%2520Presentation%26component%3DCredential%2520Issuance&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cba5b4ec634b946566acc08da1de9fe29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637855188852559904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUpS1l%2FKMtRg5cb98MPP72Q3hWFN2f5wQ2%2FrUlmmqb8%3D&reserved=0>

  *   (Max 15min per issue)

  *   #1470: SIOP response with vp_token only?
- As discussed in the previous SIOP call, editors triaged the issues to identify potential breaking changes in SIOPv2 and OIDC4VP specifications. This is important to be able to refer to these standards in ISO documents.

  *   Breaking

     *   1470: [oidc4vp] response_type = vp_token only in OIDC4VP

        *   [siopv2] guidance around which claim the RP uses to re-authenticate the user, if it does (many issues boil down to this)

     *   1399: [siopv2] add text to SIOP that it can be used with traditional Ops
     *   1430/1431: [siopv2] adding RP/SIOP metadata to clarify it is SIOP
     *   1402: [siopv2] Cross device flow w/ and w/o authorization_endpoint

  *   Non-breaking

     *   1412: [siopv2] (optional) attestation claim to the ID Token - would not be breaking unless optional
     *   1401: [siopv2] Advanced/Better discovery/registration - might be important in light of solving a NASCAR problem
     *   1448: [siopv2] def of cross-device
     *   1389: [oidc4vp] unify vp_formats

- AOB



Best,

Kristina




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220421/b0aefc3f/attachment.html>

More information about the Openid-specs-ab mailing list