[Openid-specs-ab] SIOP Special Topic Call Notes 9-Mar-23
Brian Campbell
bcampbell at pingidentity.com
Mon Mar 13 22:25:04 UTC 2023
I wasn't able to join this call or the one right before it. But I was asked
via a different channel to take a look at the then very recently submitted
PR #474 <https://bitbucket.org/openid/connect/pull-requests/474> extending
direct_post to support redirect back to the verifier. It had already been
merged and published in draft -16 for the Public Review Period for Proposed
Second Implementer’s Draft
<https://openid.net/2023/03/09/public-review-period-for-proposed-second-implementers-draft-of-openid-for-verifiable-presentations-specification/>
by the time I was able to look at it (which really wasn't a long time
after). I get the intent of the PR but believe there's a lot of opportunity
for improvement of the spec text, which I'd argue makes its incorporation
into the public review draft premature. I added some commentary to the PR
and its author has engaged (thanks Torsten!) but it has already been
merged/published and I believe more than little editorial fixes are needed.
So, for lack of knowing how best to engage, I'm sending this email. Just as
a disclaimer or sorts - because I was asked to review it, the scope/intent
of my comment here is only about that particular PR.
On Thu, Mar 9, 2023 at 3:27 PM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> SIOP Special Topic Call Notes 9-Mar-23
>
>
>
> Mike Jones
>
> David Chadwick
>
> Takahiko Kawasaki
>
> Joseph Heenan
>
> Bjorn Hjelm
>
> Giuseppe De Marco
>
> Judith Kahrer
>
> Kristina Yasuda
>
> Torsten Lodderstedt
>
> Elizabeth Garber
>
> David Waite
>
> Oliver Terbu
>
> Christian Frees
>
> Sebastian Schmittner
>
>
>
> Introductions
>
> Christian Frees and Sebastian Schmittner from the European
> EPC Competence Center GmbH (EECC) introduced themselves
>
>
>
> Hackathon
>
> Torsten reported that ~20 developers participated in a
> hackathon last week implementing OpenID4VC
>
>
>
> OpenID4VP
>
> Kristina recapped ISO's desire to ballot their Mobile
> Driver's license spec
>
> It must point to a stable spec
>
> Therefore, we need a second Implementer's Draft
>
> During the Connect call prior, we merged PR #427 OID4VP:
> client id format
>
>
>
> Pull Requests
>
> https://bitbucket.org/openid/connect/pull-requests/478
> Fixed JARM JWE only encryption language
>
> Oliver updated a syntax error in the PR
>
> Merged
>
> https://bitbucket.org/openid/connect/pull-requests/474
> Extended direct_post to support redirect back to the verifier
>
> Torsten talked about the possibility of
> overflowing URL size restrictions
>
> Joseph was concerned about whether this would
> work on iOS
>
> Torsen showed us a flow diagram that the PR adds
>
> David Chadwick and Torsten discussed a possible
> security consideration that could be described
>
> Merged
>
> Some editorial improvements may still be needed
>
>
>
> Issues
>
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance
>
> https://bitbucket.org/openid/connect/issues/1551 Administrative
> Trust in the RP
>
> David Chadwick requested to keep this open
>
> https://bitbucket.org/openid/connect/issues/1768 simplify VP Token
> encoding when only one VP is returned?
>
> Torsten noted that we want more feedback from
> implementers before doing this
>
> Joseph dislikes polymorphic parameters because
> they can cause testing issues
>
> Kristina suggested adding text saying that
> single values must not be returned as an array
>
> Torsten thinks returning multiple VPs may be an
> infrequent corner case
>
> We agreed for Kristina to create a PR to add
> this clarification and then merge it after editors' review
>
> https://bitbucket.org/openid/connect/issues/1537 Presenting VC
> without a VP using OpenID4VP
>
> Torsten will add a comment about security
> considerations
>
> https://bitbucket.org/openid/connect/issues/1863 JARM JWE-only
> language is not consistent with JARM
>
> This is addressed by PR #478
>
> Oliver is closing
>
>
>
> New Implementer's Drafts for OpenID4VCI and SIOPv2
>
> Mike asked when we want to create Implementer's Drafts for
> the other OpenID4VC specs
>
> Kristina said as soon as we merge the major PRs
>
> We discussed adding client_id_scheme to the other specs
>
> We agreed to do so by reference to OpenID4VP
> for now
>
> We might eventually break this out into its own
> spec
>
>
>
> https://bitbucket.org/openid/connect/pull-requests/384 Add
> a cwt proof type
>
> Oliver asked for clarifications on how to
> represent COSE_Key values
>
> We discussed changing "Claim Key" to "Label"
>
>
>
> Next Call
>
> The next call will be Monday, March 13th at 3pm Pacific Time
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230313/ec6726d0/attachment.html>
More information about the Openid-specs-ab
mailing list