[Openid-specs-ab] Spec Call Notes 26-Jan-23

Thu Jan 26 16:18:37 UTC 2023

Spec Call Notes 26-Jan-23

Mike Jones
Morteza Ansari
Kristina Yasuda
Richard Barnes
Brian Campbell
Rifaat Shekh-Yusef
Joseph Heenan
Pieter Kasselman
Filip Skokan

Adoption of UserInfo VC Draft
              https://bifurcation.github.io/userinfo-vc/
              Richard talked about end-to-end security
              For instance, if there were end-to-end security for this meeting, then Zoom couldn't access the audio and archives
              There are encryption and identity layers
              A goal is protection against intermediaries
              The missing piece is the ability to do secure end-to-end identity
              Bearer tokens don't work for this
              Rifaat asked if DPoP tokens were considered
                           Richard said that it's possible to create a version of this that works with DPoP Tokens
                           The requirement is having a public key bound to the credential
              Verifiable Credentials meet the need
              What's made OpenID Connect successful is easy interoperability
              The UserInfo spec profiles the OpenID for Verifiable Credential Issuance spec
                           Defines UserInfo VC endpoint
                           Pulls UserInfo claims into VC
                           Also adds a public key
                           There's a scope that authorizes this additional functionality
              Mike asked if there are objections to adoption
                           There were none
                           Kristina said that a call for adoption was already sent to the mailing list
                                         Adoption was requested in https://lists.openid.net/pipermail/openid-specs-ab/2022-December/009580.html on December 12, 2022
                                         No objections were raised
              The draft is adopted
                           Mike requested that Richard push the source to BitBucket
                           Please use the path openid-connect-userininfo-vc-1_0
                           Please add "1.0" to the title in the draft
                           Richard will e-mail the source and html to Mike
                           Mike will then publish it to openid.net/specs/
              Brian asked about the key use in the draft
                           Richard assured him that there is no key reuse
                           The spec uses did:jwk
                           Brian appreciates the specificity of using did:jwk
              Brian asked about multiple encodings of the key
                           It seems inefficient to him
                           Richard said that JWK Thumbprints could be used instead

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #421: [Federation] Historical Keys endpoint - revocation status and not only for the TA
                           Merged
              PR #423: [Federation] ascii sequence diagram
                           To be merged after conflicts are resolved

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1395: usage of id_token_hint in OIDC.Core
                           Kristina pointed to proposed text to be applied during the errata process
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230126/f5b03e53/attachment.html>