[Openid-specs-ab] SIOP Special Topic Call Notes 12-Jan-23

Thu Jan 12 17:12:14 UTC 2023

Attendees:

Joseph Heenan
Brian Campbell
Takahiko Kawasaki
Mike Jones
George Fletcher
Kristina
David Chadwick
Pedro Felix
Daniel McGrogan
Vittorio
Jeremie Miller

Kristina gave a catch up as some PRs/issues were discussed on the Connect Atlantic call:

 Editional PRs merged & issues related closed

https://bitbucket.org/openid/connect/issues/1777/vc-issuance-is-vulnerable-to-unknown-key was discussed and comment left on issue, same for issue 1621.

Pedro introduced himself, he’s with Curity.

https://bitbucket.org/openid/connect/pull-requests/389 - passing credential offer by reference

Agreed to merge.

https://bitbucket.org/openid/connect/pull-requests/374 - new VP errors

Kristina has fixed conflicts / made updates as discussed. Agreed to merge.

https://bitbucket.org/openid/connect/issues/1766/response-type-vp_token-does-not-stack-well https://bitbucket.org/openid/connect/pull-requests/392

George suggested a table to clarify what’s allowed.

Brian suggests a note about what combinations are illegal due to the way response_type is defined/used.

WG agreed code vp_token (where vp_token is returned from both authorization & token endpoint) does not need to be valid.

https://bitbucket.org/openid/connect/pull-requests/403

Agreement on the direction & to be updated to use Brian’s suggested wording.

https://bitbucket.org/openid/connect/pull-requests/410

Mike approved, agreed to merge.

https://bitbucket.org/openid/connect/pull-requests/409

Agreed to move text about PKCE to the code flow section as it doesn’t work with preauth code flow.

https://bitbucket.org/openid/connect/issues/1778/openid4vci-relation-between-the-metadatas

Pedro: Is it okay that the credential issuer identifier is a url, but the issuer claim in the issued verifiable credential is a did?

David: the issuer claim only needs to be checked by the verifier, not the wallet, as the verifier never sees the credential issuer identifier url.

Daniel: The wallet does need to manage lifecycle - check for revocation, expiry, etc.

Agreed to add some text that the wallet may want to verify the credential and having some implementation considerations on that would be good.

https://bitbucket.org/openid/connect/pull-requests/241

Some discussion, people are encouraged to review it and various people said they would make comments.

Kristina pleads with everyone to review & If applicable approve the many other outstanding PRs, which are all quite small and hence easy to review. Kristina plans to merge anything uncontroversial if it gets 3 approvals.

Kristina plans to start calls for adoption for the userinfo profile and bluetooth specs that were posted to the list a while ago, please review them if you haven’t already.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230112/9aea99ed/attachment-0001.html>