[Openid-specs-ab] SIOP Special Topic Call Notes 22-Jun-23

Fri Jun 23 17:10:34 UTC 2023

(Thanks to Oliver for taking notes!)

Attendees:

Kristina
Brian Campbell
Joseph Heenan
Oliver Terbu
Giuseppe De Marco
Julian (Identity.com <http://identity.com/>)
Takahiko Kawasaki
Felix Linker
Martin Riedel
Judith Kahler
Pedro Felix
Ramesh Narayanan

Agenda
- Intros
- External work
- Draft charter for new WG dedicated to OpenID4VC work
- PRs and issues

# Intros

Felix Linker intro. PhD student in Zurich. In contact with Torsten and Daniel. Worked and was one of the lead authors of the OpenID4VC over BLE spec. Wants to contribute more in the future.

Julian: Software Engineer that works at identity.com <http://identity.com/> along with Martin Riedel.
External work
OWF due diligence TF kicking off this week.
https://openwallet-foundation.github.io/tac/task-forces/OID4VC-due-diligence/
Torsten is co-leading it.
Good group of implementers of OpenID4VC.
Plan is to do some AMA by editors.
TF meets at Wednesday 5pm CEST, and might move to weekly cadence.
Draft charter:
The proposed charter was presented.

The link is here: https://docs.google.com/document/d/10pzVIpYF8gWVp2F6l0kinsBC9XVS5xZt4n55TzIcNLg/edit?usp=sharing

The name of the WG is intentionally inclusive of multiple credential formats.

The name of the WG was discussed, and the scope. Specifically, discussions around the usage of the term three-party-model. The group found the issuer-holder-verifier model suited. 

Charter also includes protocols such as SIOPv2 too that are required for issuer-holder-verifier use cases that don’t require credentials directly but contribute necessary supporting functions such as authentication in the case of SIOPv2.

Next steps:

The WG charter document is kept up for tomorrow and over the weekend. The WG would give the group a chance to have their own repository which is potentially hosted on Github. Everbody is invited to make comments in the proposed WG charter document. Comments and discussions will be resolved in the next SIOP call.

The main focus to get consensus on is the name of the WG.

# Discussion on Figure 1 in OpenID4VCI

Taka noted that the box about the user in figure 1 should be made smaller. Also 2nd last line has a broken life lane.

# PRs

## PR 539

It was noted that the spec should be only linked to PE 2.0, and not to 1.1. PE 2.0 is also a published specification. If anything else than PE 2.0 is linked then this should be fixed.

Only concern would then be a future PE 3.0 version.

### PE subtopic

Torsten mentioned that there will be a discussion of the evolutation of PE. Mainly around the richness of the syntax, and how selective disclosure and filtering is done with the same element. Goal is to make PE simpler and easier to get it secure. Today, filter expressions can include almost everything, also a full JSON schema, which is hard to parse and might create security issues.

Torsten invited the group to participate in that discussion with DIF.

Next steps:
OpenID4VC editors will have call with PE editors.
If the group has concerns about PE, then they should file issues in bitbucket or in the DIF PE repository until 3rd of july.

## PR 542
It was discussed whether same key proof can be used more than once. The answer is yes but it depends on the issuer. The specification does not make any requirements around that.

## PR 520
No time to discuss PR 520, but the group was invited to review PR 520.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230623/f2715ef4/attachment-0001.html>