[Openid-specs-ab] SIOP Special Topic Call Notes 25-Aug-22
Mike Jones
Michael.Jones at microsoft.com
Thu Aug 25 16:59:15 UTC 2022
SIOP Special Topic Call Notes 25-Aug-22
Kristina Yasuda
Mike Jones
Giuseppe De Marco
Torsten Lodderstedt
Brian Campbell
Petteri Stenius
Mark Haine
Brian Clickenbeard
David Chadwick
Joseph Heenan
Jeremie Miller
David Waite (DW)
Oliver Terbu
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #261: added implementation considerations on credential refresh
To be merged after applying grammatical suggestions
PR #257: Issuance example designs
Giuseppe asked David Chadwick for clarification of a comment
David Chadwick said that the user is normally the resource owner
Whereas in our case, the issuer is the resource owner
Torsten advocated for app attestation - which he said requires a back-end system
Oliver asked if the back-end can be the issuer
Kristina said that what Google calls "key attestation" is actually more like device attestation
We are trying to find a home for the non-normative diagrams
Kristina requested that we merge the diagrams in
Then have discussions about details in issues
David Chadwick requested that we get them approximately correct before merging them
PR #285: Adding batch credential endpoint: fixes #1544
Oliver believes he has the information he needs to update the PR
PR #240: Add "type" to OP Metadata
David Chadwick said that there may need to be mappings between our type values and the type values in credentials
Oliver said that types we define should use collision-resistant identifiers
Torsten said that types are always format-specific
He doesn't know why we're trying to invent our own type system
We want to be credential format agnostic
Oliver agreed with that
Mike said that we shouldn't define our own type identifiers
Kristina said that we're not defining our own type identifiers but we need a place to say what types are supported
Torsten asked for an example where a credential is defined in an abstract way and then is mapped to specific types
Kristina commented that there is no international registry for types
Each implementation is allowing their customers to define types
Oliver advocated using the fully qualified URI in the type descriptions
Torsten asked Oliver if the current example is incomplete because it doesn't have the @context value
Kristina asked Oliver to specify how this should be elaborated for LD VCs
David Chadwick said that there's an alias for the types that is separate from the @context value
But that it is not necessarily unique
Brian Clickenbeard asked a question about name/value pairs
He described mapping challenges
David Chadwick wants the schema to be in the metadata
Kristina identified these related issues
#1566: [has-PR] Add credential type to OP Metadata
#1578: Add schema to OP Metadata
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
We ran out of time to discuss issues
Next Call
The next call will be Monday, August 29, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220825/93adf9b6/attachment.html>
More information about the Openid-specs-ab
mailing list