[Openid-specs-ab] SIOP Special Call Notes 20-Jan-22

Mike Jones Michael.Jones at microsoft.com
Thu Jan 20 18:48:10 UTC 2022 

SIOP Special Call Notes 20-Jan-22

Kristina Yasuda
Mike Jones
David Chadwick
Thomas Bellebaum
Petteri Stenius
Gail Hodges
Joseph Heenan
Torsten Lodderstedt
Giuseppe De Marco
Kenichi Nakamura
Oliver Terbu
Daniel Fett
Jo Vercammen

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #101: Fetching presentation definitions from a remote repository
                           Approved by Torsten, comments by Kristina
                           David to update
              PR #107: Support for federations using the termsOfUse property
                           This is intended to address issue #1341
                           Torsten said that this should be an Implementation Consideration - not normative text
                           Torsten will add this as a comment to the PR
                           Torsten asked David to add a PE example
              PR #50: Response-as-Push
                           Jeremie declined this PR
                           He plans to instead create an IETF draft doing this

Strategic Directions for SIOP
              Gail reviewed a slide created by the board strategic planning task force about the SIOP work
                           She sent the slide to the working group
              She reviewed relevant liaison relationships
              We're considering writing a whitepaper targeted at ecosystem leaders
                           Several people thought this would be a good idea
                           We don't have a candidate author in mind yet
              She asked if SIOP should be more prominently featured on our Web site
                           Mike and Torsten supported doing this
              She asked if SIOP should remain subordinate to Connect
                           Torsten stated that effectively, it's a distinct work stream already, with its own calls
                           Torsten said that SIOP may not be the best term
                                         He said that Kristina and he sometimes refer to the work as OIDC4SSI
                           Mike said that he doesn't see a problem that would be solved by creating a new working group
                           Mike pointed out that if we form a new working group, every participant would have to sign a new IPR agreement
              Jo said that we have a perception problem
                           He said that some other groups are assuming DIDComm as a protocol rather than considering OpenID Connect
                           Torsten agreed that we should work on the perception problem

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1377: Credential Issuance: Generalize specification so it works with generalized forms of Identities
                           Thomas wants to also be able to issue credentials about devices
                           He's thinking about using the OAuth Client Credentials flow, since it's non-interactive
                           He would use key-based authentication
                           Torsten would like the use case to be written up
                           Mike said that this would be a significant increase of scope, which we should explicitly decide whether to do
                                         Torsten agreed with this
              #1399: SIOP with any OIDC flow
                           Torsten said that there are wallets that have the ability to expose endpoints
                           This would enable them to use other flows, such as the Code flow or CIBA
                           Torsten said that the main thing that differs with these other flows is the trust model
                           He said that we could relax things a bit to enable use of SIOP with other flows
                           Mike asked whether this would be an expansion of the use cases we're trying to solve or not
                                         Torsten said that he doesn't think this would be an expansion of our scope
                           Torsten said that it would be an expansion of the mechanisms we support
                           Mike asked whether it would help or hurt interoperability to have six response types to choose from, rather than one
                           Daniel said that the normal security considerations would apply to the normal Connect response types
                           Kristina has heard of people wanting to use CIBA with SIOP
                           Kenichi supports this proposal
                                         He spoke about expanding our use cases
              #1400: Issuer Handling in SIOP
                           Torsten said that there are currently two mechanisms for determining that the OP is a SIOP
                           He's of the impression that we could do better
                           He wants the "iss" claim to identify that the claims are being signed on behalf of the user
                                         He's suggesting that the "sub" and "iss" claims have the same values
                                         This is true of some other kinds of self-signed data structures, such as self-signed certificates

JWK URI Draft
              David has written a proposed Internet Draft defining a URI passing a JWK by value
              Kristina pointed out that DW has written a similar draft
                           She suggested that he coordinate with DW plus the JWK Thumbprint URI authors

Next Call
              The next Connect call will be Monday, January 24th, 2022 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220120/44948f43/attachment.html>

More information about the Openid-specs-ab mailing list