[Openid-specs-ab] SIOP Special Call Notes 6-Jan-22

Mike Jones Michael.Jones at microsoft.com
Thu Jan 6 22:47:45 UTC 2022 

SIOP Special Call Notes 6-Jan-22

Kristina Yasuda
Mike Jones
David Chadwick
Daniel Fett

SIOP and OIDC4VP Implementer's Draft Process
              The Implementer's Draft review is under way
              https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #103: Mike's cleanups for Credential Issuance draft 03
                           Merged, per decision on the 6-Jan-22 call
              PR #98: added issuance initiation endpoint
                           Additional reviews requested
                           There's a need for security considerations
              PR #101: Fetching presentation definitions from a remote repository
                           This attempts to make OIDC independent of policy languages used
                           It enables policies to be fetched from other servers
                           Kristina noted that this is about query languages - not policy languages
                           This is related to issue #1369: Make requesting verifiable presentations extensible
                           Mike said that it's better to make a choice than to enshrine the lack of a choice
                           David said that there may be a PE v3 that is simpler
                                         Kristina said that it should be called a minimum profile

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1390: Term "Wallet" is used without being defined
                           David is adding a comment about corresponding terminology used in the VC Data Model spec
              #1389: Improve metadata for vp formats
                           David said that our metadata doesn't declare what's supported
                           Kristina said we may want to be more general to also enable mDLs, smart health cards, etc.
              1380: Using the subject identifier to re-identify the subject
                           David is proposing using properties of Verifiable Credentials to identify users
                                         Rather than the "iss" "sub" pair
                           Kristina said that using mutable claims to identify users is an anti-pattern
                           Daniel sand that using claims to identify the user is a common attack vector

Next Call
              The next Connect call will be Monday, January 10, 2022 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220106/58eff423/attachment.html>

More information about the Openid-specs-ab mailing list