[Openid-specs-ab] SIOP Special Topic Call Notes 16-Mar-23

Mike Jones Michael.Jones at microsoft.com
Thu Mar 16 17:26:25 UTC 2023 

SIOP Special Topic Call Notes 16-Mar-23

Mike Jones
Torsten Lodderstedt
Takahiko Kawasaki
Brian Campbell
Oliver Terbu
Kristina Yasuda
Torsten Lodderstedt
Bjorn Hjelm
Mark Haine
Jeremie Miller
Gail Hodges

OpenID4VP
              Torsten had a productive conversation with Daniel Fett about security considerations and implementation considerations
                           They want to better differentiate between replay and session fixation attacks
              As a result, he is still updating PR #489: OpenID4VP: direct post improvements
              We plan to merge after Torsten finishes his updates Brian and a few others approve
                           Taka and Oliver agreed to review
              After the merge, then Mike and possibly others will review the full specification

Pull Requests
              PR #482: Added JARM encryption only security considerations
                           This relates to the already-merged PR #483
                           Oliver updated this right before the call
                           Additional reviews are requested
              PR #496: adding Requirements Notation and Conventions section and removing conditional (Issue #1850)
                           We now reference RFC 2119 and remove CONDITIONAL
                           Torsten suggested updating the error response descriptions
              PR #492: clarify the examples are payloads and not full JWTs with headers
                           Merged
              PR #464: Diagram on Flow (response_mode is fragment) Issue #1816
                           Merged
              PR #494: improve the description of presentation_submission (Issue #1796)
                           Will merge after a few more approvals
              PR #495: add implementation considerations around state management (Issue #1737)
                           We hope to get a review from David Chadwick
              PR #493: adding additional security considerations for PE
                           We discussed creating a top-level presentation exchange section
              PR #491: Updating the active editor's and contributor's list
                           Merged

              There are six PRs we still need additional reviews on for OpenID4VP

              PR #384: Add a cwt proof type
                           Torsten plans to update descriptions to use "label"
              PR #487: init ld vp proof
                           This introduces a JSON-LD example
                           Reviews from people with JSON-LD expertise are requested
                           Oliver will review

Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance
              #1423: 7 How is the VC replay is being addressed?
                           This is being addressed in PR #489: OpenID4VP: direct post improvements
              #1537: Presenting VC without a VP using OpenID4VP
                           Torsten said that there will be presentations without cryptographic holder binding
                           Oliver said that we may need to update descriptions in the spec to accomodate this
                           PR #489 affects this

Next Call
              The next call will be Monday, March 20th at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230316/90adcffa/attachment.html>

More information about the Openid-specs-ab mailing list