[Openid-specs-ab] Spec Call Notes 14-Mar-22
Mike Jones
Michael.Jones at microsoft.com
Tue Mar 15 02:37:29 UTC 2022
Spec Call Notes 14-Mar-22
Mike Jones
Kristina Yasuda
Karthik Sivasamy (MATTR)
John Bradley
Vittorio Bertocci
Nat Sakimura
Brian Campbell
Edmund Jay
Jeremie Miller
Tobias Looker
David Waite
Tom Jones
Errata 2 and Logout Specs
Mike is actively working on applying errata edits this week
So that we have a solid base for PAS submissions to ITU and ISO
Mike is also addressing RP-Initiated Logout issues
This includes adding logout_hint and client_id parameters
IETF 113 in Vienna
DPoP - Brian wrote a draft deck for the OAuth WG
COSE & JOSE registration draft for BLS curves
https://www.ietf.org/archive/id/draft-looker-cose-bls-key-representations-00.html
Post-Quantum Cryptography Registration Draft
https://www.ietf.org/archive/id/draft-prorock-cose-post-quantum-signatures-00.html
Vittorio: The value of being there is the people
OSW
https://oauth.secworkshop.events/osw2022
Open for submissions until March 23rd
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #74: adds parameter for requesting credential type format
Edmund said that they're still working on that one
Kristina asked about convergence between Claims Aggregation and OIDC4VCI
Edmund thinks they're going on the same direction
Edmund mentioned possibly adding scopes
Edmund will alert us when it's ready for working group reviews
PR #57: Further specify how to use encrypted id_token_hint values
Skipped because DW wasn't on the call at that point
PR #131: fix: typo in 7.4.2. Status Response
This fixes a syntax error. We should merge this.
PR #134: Removing an option to submit a VC in the Authorization Request (#1443)
Kristina reviewed discussions on binding VCs to participants, including p_nonce use and flaws with it
She said that one option is embedding a presentation flow in an issuance flow
But it's fairly complicated
The alternative is something modelled on DPoP
Mike would be interested in seeing a PR adding this
PR #136: clarify holder binding
Tobias wants the PR to focus on cryptographic holder binding
He thinks that the subject binding could be out of scope
Kristina said that the subject binding is important for smart health card use cases
Possible implementation consideration on holder bindings
There's no mechanism to detect replay
Tobias and Jeremie said that sub_jwk is actually holder binding and not subject binding
Nat has concerns about the term "holder" because in some jurisdictions, it represents the credential issuer
Mike pointed out that we could reuse definitions from other specs, such as "holder" from the VC spec
Kristina did add a "holder" definition in the PR, and requests reviews
Nat asked if we possibly wanted to qualify the term "holder" with a prefix word
Federation Specification
Mike populated the IANA Considerations section
We plan to publish a new draft after Roland harmonizes the IANA Considerations section with the rest of the specification
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1450: [oidc4vci] Proposal: Move custom presentation exchange logic to a different spec
Jeremie and Kristina believe that the input VP logic in the authorization request has been removed
Kristina is working on an alternative
Jeremie said that when PR #134 is merged, we can close this
Jeremie says that we're doing a presentation exchange that's part of an issuance flow
He thinks that some of this should be part of the OIDC4VP spec
Next Call
The next call will be a regular working group call on Thursday, March 17, 2022 at 7am Pacific Time, followed by a SIOP call
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220315/fa11adb4/attachment.html>
More information about the Openid-specs-ab
mailing list