[Openid-specs-ab] Spec Call Notes 10-Feb-22

Thu Feb 10 21:37:09 UTC 2022

Spec Call Notes 10-Feb-22

Mike Jones
Torsten Lodderstedt
Joseph Heenan
Rifaat Shekh-Yusef
David Chadwick
George Fletcher
Brian Campbell
Bjorn Hjelm
Giuseppe De Marco
Kristina Yasuda

Implementer's Drafts Approved
              Our three candidate Implementer's Drafts were approved yesterday, as announced at
              https://openid.net/2022/02/08/first-implementers-draft-of-initiating-user-registration-via-openid-connect-approved/ and
              https://openid.net/2022/02/08/first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications-approved/

Federation Specification
              Torsten asked about results signed by the resolver in merged PR #122
              He will file an issue asking about it

Issuance Specification
              Torsten reported that he and Kristina have been getting feedback from multiple parties
              It may be stable enough for Implementer's Draft review after IIW

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #124: [oidc4vci] clarify sub value in the ID Token Issue #1426
                           Kristina couldn't make this part of the call, so we deferred discussion on this PR
              PR #101: Fetching presentation definitions from a remote repository
                           To be discussed in the SIOP call following this one
                           Torsten added comments about the structure of the PR
              PR #120: Issuer Handling SIOP
                           We discussed the "iss" and "sub" being the same for self-issued OPs
                                         They would be self-signed
                           This blurs the distinction between self-issued and third-party OPs
                           It's not currently possible to determine whether an OP supports SIOP or not
                                         We could introduce another metadata parameter
                           Mike asked how to retrieve the .well-known/openid-connect metadata if the "iss" isn't a prefix for it
                                         Torsten said that for SIOP, these are decoupled
                                         Even in SIOP v1, .well-known/openid-connect metadata isn't used

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1430: How to determine SIOP support?
                           There was support for adding metadata to determine this
                           We discussed whether to repurpose "subject_types_supported"
                           George was against repurposing because it mixes semantics
                           Mike would prefer a new parameter "op_types_supported" with values "third-party" and "self-issued"
              #1431: How to request SIOP?
                           There currently isn't a way for an RP to request a SIOP ID Token
                           Mike asked whether it's the RP's job to request OP types or whether it should be willing to take what it receives, leaving the choice up to the person
                           Torsten does want RP metadata to say which types it supports
                           Kristina said that in some use cases, RPs may care which kind of issuer they use
                           David said the RP sends different messages to third-party and self-issued OPs
                           George agreed with Mike that, philosophically, any kind of OP can return any kind of claim
                                         We've designed our other specifications to make this true

Next Call
              The next Connect call will be on Monday, February 14, 2022 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220210/68528d05/attachment.html>