[Openid-specs-ab] SIOP Special Topic Call Notes 8-Sep-22
Mike Jones
Michael.Jones at microsoft.com
Thu Sep 8 23:42:25 UTC 2022
SIOP Special Topic Call Notes 8-Sep-22
Kristina Yasuda
Mike Jones
Petteri Stenius
David Chadwick
Torsten Lodderstedt
David Waite (DW)
Jeremie Miller
George Fletcher
Kaliya Young
Brian Campbell
Paul Grehan
Bjorn Hjelm
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #294: clarifying that aud is not required in a signed request in SIOPv2, issue #1602
Kristina said that the SHOULD is problematic for testing
Torsten said that we changed SIOPv2 so that the issuer and the subject match
Torsten said that as long as you can resolve the issuer, everything's fine
Kristina will update the PR
PR #295: OpenID4VCI editorial
Kristina will merge it after the call
PR #293: Separated binding method from attestations (Issue #1585)
Kristina updated the PR
John Bradley suggested being more specific
Torsten added an example
Torsten said that we should add more on binding format
Kristina plans to remove binding material
Kristina to update
There was a discussion on the differences between attestation and binding
Jeremie said that they serve different purposes
Jeremie said that like Torsten, he wants to see an example
We also discussed the differences between key attestation and device attestation
George asked what the purpose of the attestation is and what we're trying to attest to
Kristina said that Google uses SafetyNet in their mDL issuance
Torsten said that this PR is about key attestation
He said that it should be a separate PR for device attestation
He asked for an example that we can talk about
Tosten posted this for background: https://developer.android.com/training/articles/security-key-attestation
PR #269: multiple credentials in the initiate issuance request (Issue #1569)
To be merged
PR #285: Adding batch credential endpoint: fixes #1544
Torsten, Kristina, and Mike asked for clarifications
PR #243: Ordering claims in OP Metadata (Issue #1593)
David Chadwick said that order is for display purposes
David will update the PR
PR #232: Support for Informed Consent in the OIDC4VCI protocol between the wallet and the issuer
This introduced a new consent model
There are four requests for changes
Kristina suggested that we should decline this for now
David wants it to be recorded that his consent model isn't in the protocol
He said that consent is out-of-band
Torsten said that consent is being established between the user and the server
There isn't a protocol aspect to that
PR #240: Add "type" to OP Metadata (Issues #1566, #1592, #1628)
There are three requests for changes
Torsten would prefer to have the type under the format object
Then we wouldn't have to invent our own types
David Chadwick said that the type is independent of the format
He wants the type to be at the top level
He wants it to be a mandatory property
Kristina agrees that the type needs to be mandatory
Torsten said that in W3C VCs, the type is represented in the credential
Torsten said that we did not agree that the type is a mandatory part of the metadata
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
We ran out of time to discuss other issues
Next Call
The next call will be Monday, September 12, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220908/6b7b54db/attachment.html>
More information about the Openid-specs-ab
mailing list