[Openid-specs-ab] SIOP Special Topic Call Notes 23-Jun-22

Torsten Lodderstedt torsten at lodderstedt.net
Fri Jun 24 21:57:19 UTC 2022 

Hi,

> Am 24.06.2022 um 15:36 schrieb Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
> 
> 
> SIOP Special Topic Call Notes 23-Jun-22
>  
> Kristina Yasuda
> Mike Jones
> Filip Skokan
> Giuseppe De Marco
> Nat Sakimura
> Jo Vercammen
> Gail Hodges
> German Navarro
> Thomas Bellebaum
> David Chadwick
> Kenichi Nakamura
> Dr. Mattio Zago
> Jeremie Miller
> Joseph Heenan
>  
> Introductions
>               Dr. Mattio Zago
>  
> We published new drafts of the OpenID for VC specs
>               https://openid.net/specs/openid-connect-self-issued-v2-1_0-10.html
>               https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-06.html
>               https://openid.net/specs/openid-4-verifiable-presentations-1_0-12.html
>  
> Kristina asked for feedback on the whitepaper
>               We are preparing to publish another draft
>  
> Jeremie mentioned the VC presentation interop profile
>               aka.ms/vcinterop -> https://identity.foundation/jwt-vc-presentation-profile/
>  
> The IETF has approved the JSON Web Proofs BoF
>               https://datatracker.ietf.org/doc/bofreq-miller-json-web-proofs/
>               It may reform the JOSE working group
>               All these things should be in scope
>                            JSON Web Proofs
>                            Selective Disclosure JWTs
>                            Registering new algorithm identifiers
>  
> Kristina said that we're working on major revisions of the issuance draft
>               Among other things, reworking the introduction
>  
> Pull Requests
>               https://bitbucket.org/openid/connect/pull-requests/
>               #198: Two new uses cases added
>                            This will be replaced by PR #221 and PR #222
>               PR #221: Update Issuer Initiated Credential Issuance
>                            One of the two use cases described in PR #198
>                            Please review
>               PR #222: Added Credential Refresh Use Case
>                            One of the two use cases described in PR #198
>                            Please review
>               PR #127: Added support for JWK URI
>                            This has been sitting for a while
>                            David mentioned that others have created did:jwk, which would do the same thing
>                                          https://github.com/quartzjer/did-jwk/blob/main/spec.md
>                                          Jeremie said that did:jwk is a quick path to deployment and that Ping is doing that
>                            Mike added that the JWK Thumbprint URI specification has reached the RFC Editor
>                            Mike pointed out that months ago, there was consensus to not add another subject type
>  
> Issues
>               https://bitbucket.org/openid/connect/issues?status=new&status=open
>               #1537: Presenting VC without a VP using OpenID4VP
>                            Mark Haine brought this to Kristina's attention during Identiverse
>                            Kristina asked about decisions to sign over VCs that don't belong to you
>                            Kristina said that if you don't have a holder binding, she doesn't see the point of signing
>               #1517: Using ordinary global scopes instead of namespace'd scopes specific to OIDC4VC
>                            David Chadwick wants the scope names to be globally unique
>                            Mike pointed out that that's orthogonal to whether there's a scope prefix
>                            Mike said that there's no registry for scope values
>                            Kristina said that we could add a statement that scopes must be understood between the parties in the context
>                            There appeared to be consensus to remove the prefix

Just removing the prefix is not sufficient. Explanation: the way the spec works right now, the prefix shall be used by the issuer to determine it is a scope about issuance and determine the credential type from the rest of the scope value. That no longer works if the prefix is removed. Instead it would require a pre-registration or standardization of scope values, which resolve to a meaningful credential issuance authorization request. That’s basically fine with me (and I’m thinking about the same for presentation already) but requires a more significant change.

best regards,
Torsten.

>               #1464: Conformance testing for SIOP & VP
>                            Kristina and Joseph Heenan requested that people look at the issue
>  
> Next Call
>               The next call will be on Monday, June 27, 2022 at 4pm Pacific Time
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220624/c1a1cf04/attachment.html>

More information about the Openid-specs-ab mailing list