[Openid-specs-ab] SIOP Special Topic Call Notes 16-Mar-23
Mike Jones
Michael.Jones at microsoft.com
Thu Mar 16 17:26:25 UTC 2023
SIOP Special Topic Call Notes 16-Mar-23
Mike Jones
Torsten Lodderstedt
Takahiko Kawasaki
Brian Campbell
Oliver Terbu
Kristina Yasuda
Torsten Lodderstedt
Bjorn Hjelm
Mark Haine
Jeremie Miller
Gail Hodges
OpenID4VP
Torsten had a productive conversation with Daniel Fett about security considerations and implementation considerations
They want to better differentiate between replay and session fixation attacks
As a result, he is still updating PR #489: OpenID4VP: direct post improvements
We plan to merge after Torsten finishes his updates Brian and a few others approve
Taka and Oliver agreed to review
After the merge, then Mike and possibly others will review the full specification
Pull Requests
PR #482: Added JARM encryption only security considerations
This relates to the already-merged PR #483
Oliver updated this right before the call
Additional reviews are requested
PR #496: adding Requirements Notation and Conventions section and removing conditional (Issue #1850)
We now reference RFC 2119 and remove CONDITIONAL
Torsten suggested updating the error response descriptions
PR #492: clarify the examples are payloads and not full JWTs with headers
Merged
PR #464: Diagram on Flow (response_mode is fragment) Issue #1816
Merged
PR #494: improve the description of presentation_submission (Issue #1796)
Will merge after a few more approvals
PR #495: add implementation considerations around state management (Issue #1737)
We hope to get a review from David Chadwick
PR #493: adding additional security considerations for PE
We discussed creating a top-level presentation exchange section
PR #491: Updating the active editor's and contributor's list
Merged
There are six PRs we still need additional reviews on for OpenID4VP
PR #384: Add a cwt proof type
Torsten plans to update descriptions to use "label"
PR #487: init ld vp proof
This introduces a JSON-LD example
Reviews from people with JSON-LD expertise are requested
Oliver will review
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance
#1423: 7 How is the VC replay is being addressed?
This is being addressed in PR #489: OpenID4VP: direct post improvements
#1537: Presenting VC without a VP using OpenID4VP
Torsten said that there will be presentations without cryptographic holder binding
Oliver said that we may need to update descriptions in the spec to accomodate this
PR #489 affects this
Next Call
The next call will be Monday, March 20th at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230316/90adcffa/attachment.html>
More information about the Openid-specs-ab
mailing list