[Openid-specs-ab] SIOP Special Topic Call Notes 25–May-23

[torsten at lodderstedt.net]

SIOP Special Topic Call Notes 25–May-23

Kristina Yasuda
Ali Farmer
Jelle Millenaar
Nander Stable
Sudesha Shetty
Brian Campbell
Takahiko Kawasaki
Giuseppe de Marco
Christian Bormann
Oliver Terbu
Victor Lu
Torsten Lodderstedt

Introductions
Ali Farmer - CTO Forgerock
Jelle Millenaar - Impierce
Nander Stable - Impierce
Sudesha Shetty - Gen Digital

PR 519 & 520 - enhances spec to tell wallet what scope values to use for requesting certain credentials. Both PRs are motivated by the high assurance profile’s assumption that scope is the mandatory to implement mechanism for requesting credentials
Taka pointed out: the AS needs to recognize the scope values from the issuer’s metadata and/or the credential offer
PR 485 - client id schemes for authentication with x.509 certificates
PR 523 - aims at fixing Issue #1932 (CWT proof type)
Giuseppe - trust_chain JWS header now available in OpenID Connect Federation, suggests adding it to OID4VCI - Giuseppe will file an issue describing details.
There is a workshop on digital identity in the first week of June https://st.fbk.eu/events/TDI2023/program, Giuseppe is presenting there
Issue 1941 - requests addition of encrypted response from the credential issuance
	Brian: credential issuer is less tightly coupled to AS than Userinfo
	Giuseppe: in Italy nested JWT is used to encrypt Userinfo response, propose to use public key from wallet attestation for encryption.
	Oliver: static vs ephemeral keys - prefer ephemeral but would not be able to use client metadata, but client metadata might not be a good idea anyway
	Taka: share key through access token
	Oliver: parameter with key would be preferable
	Torsten: +1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230525/7303d399/attachment.html>