[Openid-specs-ab] SIOP Special Topic Call Notes 21-Jul-22
Mike Jones
Michael.Jones at microsoft.com
Thu Jul 21 17:29:06 UTC 2022
SIOP Special Topic Call Notes 21-Jul-22
Kristina Yasuda
Mike Jones
Brian Campbell
David Chadwick
Joseph Heenan
Giuseppe De Marco
Bjorn Hjelm
Gail Hodges
Jo Vercammen
Mark Haine
Thomas Bellebaum
David Waite
IETF 114 is next week
OAuth and the JWP BoF are both on Monday
FedID is August 6-9 in Atlanta
Gail is speaking on multiple panels
One is on digital identity as a pillar of civil society
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #235: clarified that vp_formats include formats of verifiable credentials too
Merged
PR #237: Clarify how response type vp_token is used per issue #1538
Merged
PR #238: OpenID4VCI scopes (was: Global scopes (Issue #1517))
Agreed to merge, following fixing a typo
PR #251: adding an example of presenting an LDP_VC signed using bbs
We plan to merge this next week
PR #247: folded deferred credential issuance into credential endpoint
Kristina requests reviews of this PR
Thomas proposed renaming a field to Process ID
David Chadwick said that it could be a Credential ID
This is related to issue #1553: Remove Deferred Credential Endpoint
PR #252: clarified iat parameter of a proof (Issue #1568)
This needs review
PR #240: Add "type" to OP Metadata
This needs review
PR #242: Example Response
This needs review
PR #244: OpenID4VPs simple response example
This overlaps with #242
PR #239: OpenID4VPs Scopes
This needs review
PR #232: Support for Informed Consent
Torsten is requesting changes
PR #221: Update Issuer Initiated Credential Issuance
Needs changes
PR #243: Ordering claims in OP Metadata
Needs review
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1564: Request body data encoding for credential endpoint as JSON instead of form encoding
Tobias is advocating this
Kristina asked for feedback
Brian asked how client authentication is performed for this endpoint
He said that OAuth client authentication is built on form encoding
He said that JSON requests were considered for PAR but they had to back out of that due to client authentication
Whereas if it's an API without client authentication, JSON might be more appropriate
DW volunteered to look into the client authentication question
Kristina asked Brian to file a comment in the issue
#1563: Managing Credentials with changing claim values
Discusses refreshing/reissuing credentials
Mark Haine said that this crosses over into the domain of Shared Signals and Events
Mark said that this might result in implementation guidelines rather than a change to the spec
Next Call
The next call would normally be Monday, July 25, 2022 at 4pm Pacific Time but this conflicts with the IETF OAuth dinner
I'll send a message to cancel it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220721/14683715/attachment.html>
More information about the Openid-specs-ab
mailing list