[Openid-specs-ab] Spec Call Notes 16-May-22

Mike Jones Michael.Jones at microsoft.com
Tue May 17 00:08:28 UTC 2022


Spec Call Notes 16-May-22

Mike Jones
Vittorio Bertocci
Monty Wiseman
Tony Nadalin
Edmund Jay
David Waite (DW)

Whitepaper
              We published V1 of the OpenID for Verifiable Credentials Whitepaper
                            https://openid.net/2022/05/12/openid-for-verifiable-credentials-whitepaper/
              It was a big hit during EIC
              Thanks to all who contributed!
              Vittorio said that it was well received
                           He said we still need work on the use cases for the next version
                           He said we need to better define why & when to use these flows rather than more traditional methods
              Tony said that at least one person advocated DIDcomm instead in a side conversation

Logout Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Logout
              1492: RP-Initiated Logout specification and the back channel
                           Vittorio said a back-channel flavor could be based on SSE
                           Vittorio doesn't know what the carrot would be for the providers to support a back-channel rp-initiated logout
                           Because this would be a different spec, we agreed to close this issue
              1491: Do we want to communicate details of why a back-channel logout failed?
                           Vittorio thought that having "error" and "error_description" would be useful to developers
                                         But he also said that different error codes could leak information
                           Mike asked whether they should be mandatory or optional
                                         Vittorio thought they should be optional
                           Mike said that if we do add this, we should define some specific error codes
                                         Possibly from the OAuth 2.0 vocabulary

Small Specifications Status
              unmet_authentication_requirements Specification
                           Should we do working group review in preparation for Implementer's Draft or Final status?
                           Vittorio said this might be useful for the step-up authentication work
              prompt=create Specification
                           Is this ready for WGLC or does it need further updates?
              Native SSO Specification
                           Should we do working group review in preparation for Implementer's Draft or Final status?

Events
              IIW
                           There were good sessions about SIOP, browsers, FIDO, attestations, credential types, and trust frameworks
              OSW
                           Dominic Baer let us know that he's switched to Back-channel Logout in his implementations
                           Roland, Andreas, and Mike triaged all the Federation issues
                                         They talked to most of the people that filed them in person
                                         We made substantial progress that we would not have made if we were not together in person
                           Brian did great sessions on DPoP and JWT
                           Daniel did a session on Advanced Syntax for Claims
                           There were discussions on identity in browsers
                           Kristina and Torsten presented on OpenID for Verifiable Credentials
                                         And substantial progress happened on the whitepaper
                           Pieter led a good discussion on cross-device flows
                           Justin described the HTTP Signatures work
              EIC
                           The OpenID Workshop was well attended
                           The OpenID for Verifiable Credentials presentation and whitepaper were well received
                           There was a lot of discussion of GAIN
                                         It was more a demonstration of goodwill than engineering solutions
                                         There is a proof-of-concept with code, but that wasn't what was discussed at EIC
                           The Kim Cameron scholarship is an effective and actionable way of honoring Kim that makes a difference
                                         Both recipients, Rachelle Sellung and Alen Horvat, were very engaged
                                         There will be two more at Identiverse
                                         Other organizations have also expressed interest in sponsoring scholarships

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              We ran out of time to discuss PRs

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              We ran out of time to discuss issues

Next Call
              The next call will the regular call on Thursday, May 19, 2022 at 7am Pacific Time (followed by a SIOP call)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220517/638932de/attachment.html>


More information about the Openid-specs-ab mailing list