[Openid-specs-ab] SIOP Special Call Notes 13-Jan-22

Fri Jan 14 00:17:36 UTC 2022

SIOP Special Call Notes 13-Jan-22

Kristina Yasuda
Guiseppe De Marco
Kenichi Nakamura
Oliver Terbu
Mike Jones
David Chadwick
Torsten Lodderstedt
Thomas Bellebaum
Bjorn Hjelm
Jo Vercammen
Tony Nadalin

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #98: added issuance initiation endpoint
                           There was good discussion including Thomas, Torsten, Kristina, and Daniel Fett
                           This enables the issuance process to be triggered by the issuer
                           Torsten said that it is strictly additive
                           Mike spoke in favor of merging, since we'll want to support this flow
                           It was agreed to merge this PR
              PR #101: Fetching presentation definitions from a remote repository
                           The PR was updated to remove the proposal to support many different query languages
                           It now just allows for queries by reference
                           A change to the parameter name was requested by Torsten
                           Daniel Fett commented that security considerations should accompany this PR
                           David will update
              PR #50: Response-as-Push
                           Jeremie Miller had agreed to instead write an IETF draft for this feature
                           We decided to close this PR on that basis

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1374: Credential Issuance: OAuth 2.0 Token Exchange compatibility
                           Thomas spoke about similarities with OAuth Token Exchange [RFC 8693]
                           Torsten thought that the similarities weren't compelling enough to switch to Token Exchange
                           Torsten said that Token Exchange doesn't have support for proof of possession, or its nonces
                           It was requested that David and Thomas write up their use cases
                           We agreed to close this issue
              #1341: Requesting credentials issued by a federation member
                           We discussed ways to request VPs from members of a federation
                           It could be that the federation is identified in a terms of use field
                                         That field could be used in Presentation Exchange requests
                           David said that TRAIN uses URLs as federation identifiers
                                         As does OpenID Connect Federation
                           Or we could standardize a federation claim and issues queries against that
                                         Torsten is supportive of that approach
                                         It also could apply to financial services memberships

Next Call
              The next Connect call will be Monday, January 17, 2022 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220114/dbdd747e/attachment.html>