[Openid-specs-ab] SIOPv2 over NFC?

[Nakamura Kenichi (中村 健一)]

Hello Kristina,

I can participate NFC discussion.

Best regards,
Kenken

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Kristina Yasuda via Openid-specs-ab
Sent: Wednesday, March 30, 2022 2:32 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Kristina Yasuda <Kristina.Yasuda at microsoft.com>
Subject: Re: [Openid-specs-ab] SIOPv2 over NFC?

Hi Vladimir,
Thank you for the question! SIOPv2 over NFC has not been discussed in the WG before.
I think it would be interesting to explore this topic. We could use NFC/BLE instead of QR codes to convey `request_uri` as a first step, or sending ID Token and VPs (and other issuer-signed credentials) over NFC/BLE in the response (though it will be a leap from RESTful nature of OIDC). We would need someone knowledgeable in NFC (and BLE?) to participate and contribute in the WG if we are to pursue this path.
I am curious, is there an emerging use-case beyond 2.1 and 2.2 quoted below?
Best,
Kristina


From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Vladimir Dzhuvinov via Openid-specs-ab
Sent: Tuesday, March 29, 2022 8:27 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: Vladimir Dzhuvinov <vladimir at connect2id.com<mailto:vladimir at connect2id.com>>
Subject: [Openid-specs-ab] SIOPv2 over NFC?


I wonder if there have been thoughts or considerations of the NFC protocol for SIOPv2 to interact with RPs?

Especially given the adopted use cases 2.1 and 2.2?

2.1. <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23section-2.1&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252107589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vlelxTSklxdpG0%2FxuJGBCRAeR3BsOQwA5wcHheoGpnk%3D&reserved=0> Resilience against Sudden or Planned Hosted OP Unavailability<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23name-resilience-against-sudden-o&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252107589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e8PLTMfOwdcq7B9zJsK9TsHsH8jdb8N1eyCC1ecOIuQ%3D&reserved=0>

A hosted third-party provided OP's infrastructure may become unavailable or even destroyed due to natural disasters such as hurricanes, tsunamis and fires, or may be removed from service as a planned business decision. End-Users using Self-Issued OPs local to their environment, have lower chances of being simultaneously affected by such events.

2.2. <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23section-2.2&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252157595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=r0nXzyhNgMEojyL1txVXlY1ICYZ68Pafl05H8LAoDe8%3D&reserved=0> Authentication at the Edge<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23name-authentication-at-the-edge&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252157595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EpbHRZgVM62uRZDhpKdw9HSMbrCq6PL5A%2Biat5B%2FIlU%3D&reserved=0>
As internet-connected smartphones have risen in availability, traditionally in-person interactions and services have begun to be optimized with digital alternatives. These services often have requirements for digital authentication and for other identity credentials. Self-Issued OPs can provide this authentication directly, without needing to delegate to remote, hosted OPs. This potentially allows for increased efficiency as well as allowing for authentication in environments which may have reduced connectivity.


~ Vladimir

--

Vladimir Dzhuvinov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220330/70e70f5e/attachment.html>