[Openid-specs-ab] SIOPv2 over NFC?

[David Waite]

> On Mar 29, 2022, at 11:32 AM, Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> Hi Vladimir,
> Thank you for the question! SIOPv2 over NFC has not been discussed in the WG before.
> I think it would be interesting to explore this topic. We could use NFC/BLE instead of QR codes to convey `request_uri` as a first step, or sending ID Token and VPs (and other issuer-signed credentials) over NFC/BLE in the response (though it will be a leap from RESTful nature of OIDC). We would need someone knowledgeable in NFC (and BLE?) to participate and contribute in the WG if we are to pursue this path.
> I am curious, is there an emerging use-case beyond 2.1 and 2.2 quoted below?

I can help a fair bit here with capabilities; no so much with real world deployment issues (such as real numbers on things like battery impact).

Usability and experience wind up driving a lot of the design choices here. For instance, CTAP combines the tap with the user presence consent which makes the flow pretty simple. For credential release though, we would want to have a prompt in-between.

From a usability standpoint it might be better to initiate with a QR code and confirm with a NFC tap (or BLE broadcast.)

-DW

> Best,
> Kristina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220329/c095824e/attachment.html>