[Openid-specs-ab] SIOP and webauthn

Nikos Fotiou fotiou at aueb.gr
Sat Mar 11 22:53:49 UTC 2023 

I read Vittorio’s description and I came up with the attached meme. Probably inaccurate but the resemblance in terminology cannot be ignored. 

 

From: Vittorio Bertocci <vittorio.bertocci at okta.com> 
Sent: Sunday, March 12, 2023 12:03 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Nikos Fotiou <fotiou at aueb.gr>
Subject: Re: [Openid-specs-ab] SIOP and webauthn

 

Thank you :)

Information cards were an interoperable format representing the ability of a user to obtain a certain set of claims form a given issuer. The self issued cards mentioned above were cards sourcing claims from the client itself rather than an external issuer.

Cardspace was the Windows client that was capable of working with information cards.

HTH

 

On Sat, Mar 11, 2023 at 13:59 Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net> > wrote:

This message originated outside your organization.

 

  _____  

 

Sorry for asking but is “information cards“ and cardspace the same thing? FWIW I found this episode of Identity Unlocked about cardspace very educative 






 <https://identityunlocked.auth0.com/public/49/Identity%2C-Unlocked.--bed7fada/61103d3d> Windows CardSpace with Stuart Kwan

 <https://identityunlocked.auth0.com/public/49/Identity%2C-Unlocked.--bed7fada/61103d3d> identityunlocked.auth0.com

 





11 Μαρ 2023, 10:26 μμ, ο χρήστης «Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net> >» έγραψε:

 

SIOP standardization was completed in 2014 https://openid.net/specs/openid-connect-core-1_0.html#SelfIssued.  (The ideas for it were partially based on self-issued Information Cards, which used a public/private keypair held in a wallet for authentication.)

 

                                                       -- Mike

 

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net <mailto:openid-specs-ab-bounces at lists.openid.net> > On Behalf Of Sam Goto via Openid-specs-ab
Sent: Saturday, March 11, 2023 11:17 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net> >
Cc: Sam Goto <goto at google.com <mailto:goto at google.com> >
Subject: Re: [Openid-specs-ab] SIOP and webauthn

 

I don't recall the timelines precisely, but didn't we develop WebAuthn before SIOP?

 

I think i understand why SIOP was developed, if it was done after WebAuthn, because, IIRC, WebAuthn didn't have the cross platform syncing capabilities that it has today, but i do wonder where SIOP would fit today.

 

On Sat, Mar 11, 2023, 9:41 AM Tom Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net> > wrote:

Check out chapi

thx ..Tom (mobile)

 

On Sat, Mar 11, 2023, 2:45 AM Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net> > wrote:

Hi,

I have a question which is related to politics and standardization history.

I believe that SIOP (as defined in openid connect core) could have been used instead of WebAuthn. A combination of SIOP+ctap (rather than WebAuthn+ctap) would have more chances of getting adopted. So I was wondering how we came up with yet another API instead of adding support for SIOP to browsers. Did this ever occur as a possibility?

Best,
Nikos

--
Nikos Fotiou - https://www2.aueb.gr/users/fotiou/
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net> 
https://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net> 
https://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net> 
https://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net> 
https://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230312/bdfe8d48/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 89609 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230312/bdfe8d48/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: verifiable credentials.jpg
Type: image/jpeg
Size: 88616 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230312/bdfe8d48/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6501 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230312/bdfe8d48/attachment-0001.p7s>

More information about the Openid-specs-ab mailing list