[Openid-specs-ab] SIOP call notes 2nd June 2022

Joseph Heenan joseph at authlete.com
Thu Jun 2 16:04:36 UTC 2022 

Attendees:

Joseph Heenan
David Chadwick
Brian Campbell
Torsten Lodderstedt
Kristina Yasuda
Mike Jones
Nat Sakimura
David Waite
John Bradley


https://bitbucket.org/openid/connect/pull-requests/176

Agreed that SIOP is an informative reference

Discussion about presentation_submission as a mandatory extra parameter; David Chadwick said it’s unnecessary as it’s already in the VP and you have to process the VP. Torsten said there are formats where it can’t be in the VP, for example ISO mobile driving license. David doesn’t think this matches the W3C definition of a VP. VP is not defined to require JSON (this was agreed).

There was discussion about whether an MDL needs an outer wrapper to allow it’s type to be defined. Torsten said this was essentially was presentation_submission achieves.

David said that VCs shouldn’t contain presentation_submission then, as it could cause issues where there are then two presentation_submissions which aren’t the same.

Kristina will open a separate issue for this to be considered, and hence it was agreed this PR can be merged as-is to unblock other work.



https://bitbucket.org/openid/connect/pull-requests/145 - Revises the approach to credential metadata publishing

Discussion about whether there should be a top level object per language/locale or use the OIDC type approach of having one object but having the claim name have things like "#fr-CA” appended.

It was agreed we need a solution for this. Torsten suggested that perhaps display information within the claims information should be moved to the display object.

David mentioned a different problem that the claims need be displayed in particular orders in some cases, which isn’t currently possible.

Kristina will try to produce a new proposal based on today’s discussion; David Waite offered to help.



https://bitbucket.org/openid/connect/pull-requests/157 - Building Trust between Wallet and Issuer

Probably good now. Kristina to do final review.



https://bitbucket.org/openid/connect/pull-requests/152 - OP Identification/Attestation

Torsten suggested using JARM ( https://openid.net/specs/openid-financial-api-jarm-ID1.html - currently being finalised by FAPI WG) to solve this by signing the response with a key under the control of the provider (rather than the user). John asked how the verifier could find the key. Torsten said this might come from an ecosystem trust registry or from out of band knowledge of a jwks_uri. John wanted to give it more thought. Torsten suggested he creates a new PR and that 152 is a dead end and should be closed, which was agreed.



https://bitbucket.org/openid/connect/pull-requests/189 -  encoding of the issued vc

Good progress been made. Still some comments from Mike Jones to be addressed.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220602/2619a290/attachment.html>

More information about the Openid-specs-ab mailing list