[Openid-specs-ab] SIOP Special Topic Call Notes 23-Feb-23
Mike Jones
Michael.Jones at microsoft.com
Thu Feb 23 23:58:38 UTC 2023
SIOP Special Topic Call Notes 23-Feb-23
Mike Jones
Kristina Yasuda
Takahika Kawasaki
Torsten Lodderstedt
Brian Campbell
David Waite
Oliver Terbu
Joseph Heenan
Agenda E-mail
Kristina asked if pepole find having an agenda e-mail in advance useful
Torsten said that it is
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #384: Add a cwt proof type
Torsten updated the draft and asked Mike to to review it again
Brian pointed out out that nonce is already registered in https://www.iana.org/assignments/cwt/cwt.xhtml
Oliver also pointed us to the registered x5chain header parameter at https://www.iana.org/assignments/cose/cose.xhtml#header-parameters
Torsten will look at these
PR #463: removing the requirement around JSON-LD processing
Torsten said that we need to wait for implementation feedback on whether JSON-LD processing is appropriate or not
PR #461: Changed "types" claim to "type" to comply with VC data model
There seemed to be support for this change
PR #452: add proof_types_supported parameter for the Credential Issuer (Issue #1697)
This is related to "cryptographic_binding_methods_supported"
PR #431: Separate the missing and invalid proof cases
Oliver asked whether there is a use case for making this distinction
Torsten said that in either case, you would need to create a valid proof
We discussed changing the name to invalid_proof but keeping there just being one error code
PR #462: clarifying how request_uri can be used with OID4VP - Issue #1821
This documents existing OAuth practices
Security Analysis
Torsten reported that Daniel Fett has been working on a security analysis of the full OpenID4VC suite
He plans to create a PR submitting it to the WG next week
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance
#1827: OpenID4VCI: The initial c_nonce is not issued by the credential issuer
Torsten pushed back on Brian's suggestion to remove c_nonce
Brian didn't find the complexity worth it
An initial request needn't include a c_nonce
It's a decision of the AS whether to support providing an initial nonce in the request
Torsten would like to observe what developers are implementing
Taka suggested more discussion and possibly a table listing the available options
Torsten said that c_nonce is already listed as being OPTIONAL
Kristina will create a clarification PR
#1828: OpenID4VCI: simplification of deferred issuance
Torsten pointed out that if we were to return an error, the requester wouldn't know when to retry
He said that the acceptance token is essentially a transaction identifier
He said that CIBA similarly has a transaction ID
Torsten said that issuance may result in expensive offline back-office actions
You don't want to repeat those actions upon retrying
Oliver's mental model is that you'd create a second request with the full parameter set
Torsten said that authorization pending is different than issuance pending
Taka was convinced by Torsten's description of the need to identify the pending issuance transaction
#1667: Tracking Implementations of VCI spec
Nat had opened this issue to track implementations
Taka had been asking about known implementations
Next Call
The next call will be Monday, February 27th at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230223/3aff3e58/attachment.html>
More information about the Openid-specs-ab
mailing list