[Openid-specs-ab] SIOP Special Topic Call Notes 02-Mar-23

Joseph Heenan joseph at authlete.com
Thu Mar 2 16:04:51 UTC 2023 

Attendees:

Joseph Heenan
Kristina Kasuda
Brian Campbell
Daniel Fett
Takahiko Kawasaki
Andrew Hughes
Madhu Goundla
Oliver Terbu
Richard Barnes
David Waite
Gail Hodges
Bjorn Hjelm





Madhu introduced himself.




PR 384 - Add a cwt proof type

Please re-view. Kristina proposes to merge in a few days otherwise. Richard was happy with the PR. Madhu just implemented this part of spec and will review.



PR 431 - https://bitbucket.org/openid/connect/pull-requests/431 Separate the missing and invalid proof cases

Consensus on merging this, Richard to fix conflict then Kristina will marge.



PR https://bitbucket.org/openid/connect/pull-requests/463 - removing the requirement around JSON-LD processing

Text has now been clarified to say when JSON-LD processing needs to be used; Kristina will ask the reviewers to re-review.



PR https://bitbucket.org/openid/connect/pull-requests/468 - First draft of OpenID 4 VC Security Analysis

Daniel introduced the security analysis Torsten & he have written.

Please read & review this - in particularly the assumptions.

This will also form a starting point for a formal security analysis.

More discussion needs to happen about exactly which version of the specs are analysed.



European Commissions Liaison

Gail briefed us:

EU Architecture Reference Framework is pointing to the OpenID VC specs.

EU members will hopefully join the working group calls once IPR agreement is approved by EU lawyers and signed.



Issue https://bitbucket.org/openid/connect/issues/1777/vc-issuance-is-vulnerable-to-unknown-key

Richard summarised the issue. Brian wasn’t sure there was an attack here. Richard explained some and will document the attack on the issue so others can consider it in more detail.



https://bitbucket.org/openid/connect/pull-requests/465 - Initial c_nonce handling (Issue #1827)

Resolves one of the issues Taka raised - please review.



https://bitbucket.org/openid/connect/issues/1825/openid4vci-client-identification-and - OpenID4VCI: client identification and authentication at the token endpoint

Consensus on clarifying the text and I think Kristina is going to open a PR.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230302/c24c2baa/attachment.html>

More information about the Openid-specs-ab mailing list