[Openid-specs-ab] SIOP Special Topic Call Notes 5-May-22

Mike Jones Michael.Jones at microsoft.com
Thu May 5 23:39:00 UTC 2022 

SIOP Special Topic Call Notes 5-May-22

In person at OSW:
              Mike Jones
              Kristina Yasuda
              Torsten Lodderstedt
              Daniel Fett
              Dima Postnikov
              Andreas Åkre Solberg
              Kushal Das
              Nat Sakimura
              Roland Hedberg

On the call:
              Jo Vercammen
              David Waite
              Giuseppe de Marco
              Francesco Marino
              Gail Hodges
              David Chadwick

SIOP Whitepaper
              We're working on this draft
              https://docs.google.com/document/d/1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI/edit
              Torsten spoke to changing the title to "OpenID for Verifiable Credentials"
                           Mike agreed, with the caveat that we need a clear definition of Verifiable Credentials
                                         The definition should make it clear that it's a generic term and not just W3C Verifiable Credentials
              Mike proposed the shorthand OpenID4VC
                           People agreed
              Kristina asked whether we want to use the term RP or Verifier
                           Mike said that "Verifier" is the term that will be familiar to those we're trying to communicate with
                           Nat spoke in favor of "Verifier"
                           DW said that we may have per-spec roles - just like an OAuth Client is an OpenID Connect RP
                           Torsten said that we have entities and roles, which can be orthogonal
              Torsten said that he prefers "Wallet" over "Holder"
                           Nat said that "Holder" means issuer in Open Banking, and so is not a term we want to use
              Kristina asked about the definition of "End-User"
                           Mike made the meta-point that wherever definitions from OpenID Connect apply, we should use them without changes
                                         The one case where we chose not to do that was "Credential". In that case, we explicitly said that it's different.
              David Chadwick asked whether OpenID4VC can be used by non-human participants
                           Torsten said that the flow is explicitly designed to be driven by user interaction
              David Chadwick doesn't like the term "Wallet Provider"
                           Torsten said that there are providers that operate wallets - cloud wallet providers
                           David C. said that wallets in the cloud are different than wallets on your smart phone
                           Nat said that wallets on a phone may still be controlled by other parties
                           Kristina proposed keeping the word "operate" and clarified that there can be different locations for wallets
                                         People were supporting using the word "operate"
                                         Torsten proposed turning wordsmithing of this over to the editors
              We mused about what "control" means
                           Torsten asked "Do you control your money if you put it in a bank?"
                           Torsten said that whether something matches SSI principles is a philosophical discussion
              Kristina asked whether to keep using "Identity Credential" or to use "Verifiable Credential"
                           Mike spoke in favor of "Verifiable Credential", given the now title of the paper
                           We clarified to David Chadwick that Verifiable Credentials are not just W3C Verifiable Credentials
                                         For instance, they could be mDL objects
                           Our definition of Verifiable Credential (VC) in the whitepaper already works
              Gail asked whether to add a reference to LEIs in the Entity definition
                           Mike repeated that the principle stated earlier in the call to have our definitions be consistent with those in OpenID Connect and ISO
                                         He said that we could talk about LEIs elsewhere, as appropriate, but not in our definitions
                                         Nat agreed
              Kristina asked Jo if there are edits he's making to the document that we should discuss
                           He's making the edits as proposed changes
                           He's been making edits to the "Key Takeaways" section
              Kristina asked if we can get WG consensus for the editors to resolve comments
                           Mike supported that
                           Others did as well
                           The editors will proceed on that basis
              Gail asked about next steps to publish
                           We'll time the draft to be available for the talk at EIC
                           The board will have two days to review
                           Kristina hopes to have the first editor's draft during Norway time tomorrow

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              We didn't discuss pull requests

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              We didn't discuss open issues

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220505/37747a02/attachment.html>

More information about the Openid-specs-ab mailing list