[Openid-specs-ab] SIOP Special Call Notes 6-Jan-22
Mike Jones
Michael.Jones at microsoft.com
Thu Jan 6 22:47:45 UTC 2022
SIOP Special Call Notes 6-Jan-22
Kristina Yasuda
Mike Jones
David Chadwick
Daniel Fett
SIOP and OIDC4VP Implementer's Draft Process
The Implementer's Draft review is under way
https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #103: Mike's cleanups for Credential Issuance draft 03
Merged, per decision on the 6-Jan-22 call
PR #98: added issuance initiation endpoint
Additional reviews requested
There's a need for security considerations
PR #101: Fetching presentation definitions from a remote repository
This attempts to make OIDC independent of policy languages used
It enables policies to be fetched from other servers
Kristina noted that this is about query languages - not policy languages
This is related to issue #1369: Make requesting verifiable presentations extensible
Mike said that it's better to make a choice than to enshrine the lack of a choice
David said that there may be a PE v3 that is simpler
Kristina said that it should be called a minimum profile
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1390: Term "Wallet" is used without being defined
David is adding a comment about corresponding terminology used in the VC Data Model spec
#1389: Improve metadata for vp formats
David said that our metadata doesn't declare what's supported
Kristina said we may want to be more general to also enable mDLs, smart health cards, etc.
1380: Using the subject identifier to re-identify the subject
David is proposing using properties of Verifiable Credentials to identify users
Rather than the "iss" "sub" pair
Kristina said that using mutable claims to identify users is an anti-pattern
Daniel sand that using claims to identify the user is a common attack vector
Next Call
The next Connect call will be Monday, January 10, 2022 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220106/58eff423/attachment.html>
More information about the Openid-specs-ab
mailing list