[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0

Michael Jones michael_b_jones at hotmail.com
Mon Aug 19 03:58:55 UTC 2024 

Hi Kristina,

The responses to the process questions were written as a working group chair.  The responses to questions about the notes were written as the note-taker.

Per the conversation we had last week during the OpenID4VC editors’ call, I’m fine postponing any adoption decision until we’ve had the next European-friendly Connect WG call on Thursday, August 22nd.  The authors of the draft would also be glad to discuss it on a DCP WG call, perhaps the call right after the Connect call on Thursday?

As an individual who has helped design and create a lot of the OAuth and OpenID specs we’re building on across both the Connect and DCP working groups, I disagree with your position below that the OpenID4VC specs should prohibit extensions by other specifications.  In response to the brief conversation on the topic during Tuesday’s DCP call, I filed these two related issues, both titled “Enable non-breaking extensibility”: https://github.com/openid/OpenID4VP/issues/227 https://github.com/openid/OpenID4VCI/issues/375.  I won’t go deeply into it here, but if we didn’t have that kind of extensibility in OAuth and Connect, we wouldn’t have Connect, FAPI, OpenID Connect for Identity Assurance, or yes, OpenID4VC as we know them.  The ability to evolve ecosystems without breaking things requires the ability to extend.

Actually, most of the metadata parameters described in the contribution had been brought up to the DCP working group before.  See Giuseppe’s list of DCP issues in his message at https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010390.html and his description parameter-by-parameter of the motivations behind them at https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010377.html.

Finally, I’ll add that in response the feedback from Joseph and others, and at Nat’s suggestion, the authors have added a Scope section<https://peppelinux.github.io/federation-wallet/main.html#name-scope> to the specification saying what it does and doesn’t do, and stating that they intend to work with other working groups to define metadata parameters in their specs when they would be applicable both without and with Federation.  And also at Nat’s suggestion and in response to feedback from Joseph and others, we moved the existing text describing possible use of metadata parameters to a non-normative appendix.  See https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010394.html for the updated contributed draft.

Hopefully this alleviates any concerns you had.

                                                                Best wishes,
                                                                -- Mike

From: Kristina Yasuda <yasudakristina at gmail.com>
Sent: Tuesday, August 13, 2024 6:20 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Michael Jones <michael_b_jones at hotmail.com>
Subject: Re: [Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0

Hi Mike,

Thank you for the response. It would help me to interpret your email better if you could clarify if you were responding as a co-chair or as an individual?

Yes, you/John/Giuseppe participate in DCP WG, but I still believe that it is the bare minimum, as a courtesy, to mention this draft in DCP WG and ask that WG's opinion. Some of the parameters introduced in the draft up for adoption have not been brought up to DCP WG's attention before.

OpenID4VC specs allow profiling based on what is already defined in the specifications, but they do not enable defining new parameters for various endpoints in separate documents. So, yes, adoption of the spec containing their current descriptions of parameters that should be defined in OpenID4VC specifications should not proceed.

I hope my feedback would not be closed with this one response. Realistically, the next call that Joseph and I can join to discuss this feedback is Atlantic call on 22nd. I strongly hope we get a chance to discuss this on a call, and it would be unfortunate if this draft were declared adopted before that.

Thank you,
Kristina


On Sat, Aug 10, 2024 at 11:47 PM Michael Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Hi all,

I wanted to provide a thoughtful response to some of the feedback on this thread, particularly since some process questions were asked.

Joseph had written:  “It is unfortunate that the call for adoption was started without the promised discussion at a Thursday working group meeting<https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010349.html> happening first.”  On the Monday, July 29th working group call when the Federation Wallet contribution was first discussed, I was mistaken in thinking that the next call was Thursday.  The next call was Monday, August 5th, so we discussed it then instead.

Kristina had written: “The call of adoption started without properly discussing Joseph's concerns posted before call of adoption (https://lists.openid.net/pipermail/openid-specs-ab/2024-July/010347.html), and the minutes of a Connect WG call where the call for adoption started does not even mention Joseph's feedback: https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010352.html. Yes, Giuseppe responded to Joseph's email, but the nature of the feedback required more discussion in my opinion.”  Joseph’s feedback and Giuseppe’s response to it were discussed on the Monday, August 5th call.  I was both running the call and taking notes and was remiss in not capturing more of that discussion in the call minutes.  The gist of the discussion then was that the spec records what the Italian wallet deployment is actually doing and so it is useful to have these things written down now to enable interoperable implementations of them (which did make it into the notes).  People on the call also expressed agreement with Joseph’s written feedback that metadata values that are in the contributed draft that are more generally applicable should be moved to the appropriate OpenID4VC specs and then deleted from the Federation Wallet spec.  But no one on the call expressed the opinion that having written them down in the contributed spec before their inclusion in other specifications should block consideration of adopting the contribution as-is now.  The call was well attended, with 14 people participating, and no one expressed reservations with starting the call for adoption.

Joseph helpfully provided specifics on what metadata values he would suggest moving to other specifications and other clarifications that could be applied in his message<https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html> before the Thursday, August 8th call.  We discussed that additional feedback on that call, as recorded in the notes<https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html>.  Giuseppe took the action item to reply to the call for adoption enumerating the existing OpenID4VC issues about the metadata values currently specified in the Federation Wallet contribution, which if resolved, would result in them being added to the appropriate places in the OpenID4VC specs.  And he agreed to file new OpenID4VC issues to fill any gaps identified in what it would take to define these metadata values there.

I agree with Joseph that future versions of the spec should be clearer about what is new normative text and what is repeating already normative text in other specifications.

Kristina wrote: “Please do not adopt this draft until all the changes that define OpenID4VP or OpenID4VCI parameters that are not currently defined in those specs right now are removed from this document.”  Speaking as an individual, this is a point where reasonable people can and do hold different positions.  Having them written down now for interoperability purposes is useful.  Moving the definitions of them to other specifications where they are also applicable would be good.  There’s agreement on that.  But whether adoption of the spec containing their current descriptions should be blocked by not having first incorporated them into other specifications – a process that could take a while – is a fair question.

Finally, I’ll observe that using Federation for trust establishment in wallet ecosystems (the purpose of the draft) necessary involves topics pertinent to both the Connect and DCP working groups, so coordination and collaboration will be required.  The good news is that that practical coordination happens by having individuals active in both working groups do so, and there are numerous individuals active in both.  (For what it’s worth, developing important specifications in coordination across multiple working groups and organizations isn’t new for the OpenID Foundation.  Developing OpenID Connect involved participants working together in all of the Connect, OAuth, and JOSE working groups.)

Thanks all for your attention to these important topics!

                                                                -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Joseph Heenan via Openid-specs-ab
Sent: Friday, August 9, 2024 1:00 PM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>
Cc: Joseph Heenan <joseph at authlete.com<mailto:joseph at authlete.com>>
Subject: Re: [Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0

Hi all

Thanks Kristina!

Just to reply to a specific point:

On 9 Aug 2024, at 13:14, Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

Moreover, in the minutes of a Connect WG call that happened after Joseph's email with not supporting adoption say "[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Extended Subordinate Listing 1.0 All respondents so far support adoption", which could have been an oversight, but please be precise.

There’s unfortunately two different calls for adoption for Federation extensions right now which I think has caused confusion - I’m happy that my feedback was correctly record in yesterday’s minutes at https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html and I’m pleased to see that Giuseppe plans to look into them.

Thanks

Joseph

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240819/8fca7e75/attachment-0001.html>

More information about the Openid-specs-ab mailing list