[Openid-specs-ab] UserInfo Verifiable Credentials

Tue Dec 13 08:59:49 UTC 2022

Thanks, Jer!

Just to clarify, because it came up during the Pacific Connect call today, "the draft profile does not use UserInfo endpoint (tho the name might imply so)". The endpoint used to issue VCs is Ceedential Endpoint defined in VCI spec.

We realize the name of the draft might be a little confusing - we are open to suggestions - the core idea is that the claim set included in the VCs is the same as the basic claim set defined in OIDC Core.

Cheers,
Kristina

Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> on behalf of Jeremie Miller via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Sent: Tuesday, December 13, 2022 10:16:50 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Jeremie Miller <jmiller at pingidentity.com>
Subject: Re: [Openid-specs-ab] UserInfo Verifiable Credentials

Hi Richard, welcome!

I'm in complete support of this, a quick read of the proposed draft looks very complete already as well, great work and thank you!

Jer

On Mon, Dec 12, 2022 at 4:08 PM Richard Barnes (richbarn) via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

Hi everyone,

I’m Richard Barnes from Cisco.  I’m new to OpenID, but might be familiar to some folks from the IETF, where I’ve worked on crypto things like TLS, MLS, and ACME (and JOSE back in the day).

I wanted to bring to the group some proposed new work on “UserInfo Verifiable Credentials” that I’ve been working on with Kristina Yasuda, Pieter Kasselman, and Morteza Ansari.

MD: https://github.com/bifurcation/userinfo-vc/blob/main/userinfo-vc.md<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbifurcation%2Fuserinfo-vc%2Fblob%2Fmain%2Fuserinfo-vc.md&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cc508d439e932420455ac08dadc9f640d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638064874837454207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Gark2ZVyVS%2BhbxKL4%2BbS0VFWppbE7K%2F95g4g8rmnBI4%3D&reserved=0>

HTML: https://bifurcation.github.io/userinfo-vc<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbifurcation.github.io%2Fuserinfo-vc&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cc508d439e932420455ac08dadc9f640d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638064874837454207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Eq7ojFO1OY6PQoSCyd7Bsb26hu%2BT7lhdnaeFphBHje8%3D&reserved=0>

The high-level idea here is to take the OpenID for Verifiable Credential Issuance spec and give it the same level of easy interoperability as OpenID Connect.  The generality of the VCI mechanism is powerful, but means the wallet and issuer need to agree on a bunch of details, each of which is a chance for interop failure.

Concretely, the proposal is to define a profile of VC and VCI that is tailored to OpenID Connect.  A “UserInfo VC” carries the same claims that are provided by the UserInfo endpoint, wrapped as a VC.  The issuance process is just VCI with certain knobs pre-set (e.g., proof of possession is always via a JWT).

We would love to see this work adopted by this WG.  In any case, feedback welcome!

Thanks,

--Richard

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cc508d439e932420455ac08dadc9f640d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638064874837454207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=bejZLSXs%2BcFLMSM%2FSw23RyLmex8RRZquL0kESgZPQ%2B8%3D&reserved=0>

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221213/ab004aa4/attachment-0001.html>