[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0
Davide Vaghetti
davide.vaghetti at garr.it
Wed Aug 21 22:09:23 UTC 2024
I support adoption of the specification.
On 21/08/24 23:18, Giada Sciarretta via Openid-specs-ab wrote:
> I support adoption of this document.
>
> Il Mer 21 Ago 2024, 18:47 Leif Johansson via Openid-specs-ab
> <openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>> ha scritto:
>
> I support adoption
>
>
>> 20 aug. 2024 kl. 19:14 skrev Michael Jones via Openid-specs-ab
>> <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>>:
>>
>>
>>
>> Adding the information to this thread that the authors contributed
>> an updated specification incorporating feedback received during
>> the adoption call, as described at
>> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010394.html <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010394.html>. We expect this contribution to be discussed during the next working group call on Thursday.____
>>
>> __ __
>>
>> --
>> Mike____
>>
>> __ __
>>
>> *From:*Kristina Yasuda <yasudakristina at gmail.com
>> <mailto:yasudakristina at gmail.com>>
>> *Sent:* Monday, August 19, 2024 7:12 AM
>> *To:* Artifact Binding/Connect Working Group
>> <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>>
>> *Cc:* torsten at lodderstedt.net <mailto:torsten at lodderstedt.net>;
>> Michael Jones <michael_b_jones at hotmail.com
>> <mailto:michael_b_jones at hotmail.com>>; Nat Sakimura
>> <nat at sakimura.org <mailto:nat at sakimura.org>>
>> *Subject:* Re: [Openid-specs-ab] Call for Working Group Adoption
>> of OpenID Federation Wallet Architectures 1.0____
>>
>> __ __
>>
>> I missed the part that you are trying to address concerns by
>> moving problematic sections to the informative annex, sorry. That
>> is confusing to say the least. Please remove those sections
>> entirely. They should either be normative or not be in the
>> specifications.____
>>
>> __ __
>>
>> Also, please add an explicit out of scope section saying that
>> there is no intention to define openid4vc parameter extensions.____
>>
>> __ __
>>
>> Best, ____
>>
>> Kristina____
>>
>> __ __
>>
>> On Mon, Aug 19, 2024 at 4:06 PM Kristina Yasuda
>> <yasudakristina at gmail.com <mailto:yasudakristina at gmail.com>>
>> wrote:____
>>
>> Hi All,____
>>
>> It is honestly confusing that there are two thread happening
>> on the same topic, one following the minutes (another one) and
>> another following call for adoption announcement (this one).____
>>
>> So I copy my comment on another email thread here, too:____
>>
>> __ __
>>
>> Can you please explain how your updated draft addresses any of
>> Joseph's comments?____
>>
>> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html
>> <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html>____
>>
>> __ __
>>
>> With all respect, but just adding a scope section that it is a
>> profile of an OpenID Federation does not make it less of a
>> profile of OpenID4VC specs without removing any of the
>> sections that have been pointed out to be problematic.____
>>
>> __ __
>>
>> Thank you,____
>>
>> Kristina____
>>
>> __ __
>>
>> __ __
>>
>> On Mon, Aug 19, 2024 at 6:01 AM Michael Jones via
>> Openid-specs-ab <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>> wrote:____
>>
>> Hi Torsten,____
>>
>> ____
>>
>> Per the Scope section of the document
>> <https://peppelinux.github.io/federation-wallet/main.html#name-scope> that we added at Nat’s suggestion, the specification is first and foremost a profile of OpenID Federation. The experts on Federation are in the OpenID Connect working group, which is why the document was contributed there. Also as described in the Scope section, we intend to work with the DCP working group to define metadata parameters in the OpenID4VC specs when they would be applicable both without and with Federation. Also, see my response to Kristina <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010395.html>, which describes that the spec no longer defines any metadata parameters.____
>>
>> ____
>>
>> Hopefully this alleviates any concerns you had.____
>>
>> ____
>>
>> Best wishes,____
>>
>> -- Mike____
>>
>> ____
>>
>> *From:*torsten at lodderstedt.net
>> <mailto:torsten at lodderstedt.net> <torsten at lodderstedt.net
>> <mailto:torsten at lodderstedt.net>>
>> *Sent:* Tuesday, August 13, 2024 9:18 AM
>> *To:* Artifact Binding/Connect Working Group
>> <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>>
>> *Cc:* Michael Jones <michael_b_jones at hotmail.com
>> <mailto:michael_b_jones at hotmail.com>>
>> *Subject:* Re: [Openid-specs-ab] Call for Working Group
>> Adoption of OpenID Federation Wallet Architectures 1.0____
>>
>> ____
>>
>> Hi,____
>>
>> Am 10. Aug. 2024, 23:47 +0200 schrieb Michael Jones via
>> Openid-specs-ab <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>>:____
>>
>> Hi all, ____
>>
>> I don’t support adoption of this document in the Connect
>> WG.____
>>
>> ____
>>
>> <cut>____
>>
>> ____
>>
>> ____
>>
>> The gist of the discussion then was that the spec
>> records what the Italian wallet deployment is actually
>> doing and so it is useful to have these things written
>> down now to enable interoperable implementations of
>> them (which did make it into the notes).____
>>
>> Having a write up is very useful. However, I think a
>> whitepaper or blog post would be the appropriate format
>> for that.____
>>
>> ____
>>
>> Writing a spec to allow for interoperability is something
>> different. It requires discussions with other implementers
>> to find a common ground, which brings me to my next point.____
>>
>> ____
>>
>> This draft defines extensions to the OID4VP and OID4VCI
>> spec, something I would feel more comfortable with in the
>> DCP WG simply because that’s were expertise and
>> implementers of OID4VC are. Also, some of the proposed
>> extensions were proposed to the DCP WG already but haven’t
>> been adopted (yet). So it feels like this draft tries to
>> create facts without a WG discussion.____
>>
>> ____
>>
>> Content wise, I‘m wondering why the specification includes
>> a token endpoint for the wallet provider. It seems it is
>> used to issue wallet attestations. I think wallet instance
>> to wallet provider communication is not related to
>> interoperability, the design should be left at the wallet
>> provider’s discretion.____
>>
>> ____
>>
>> best regards,____
>>
>> Torsten.____
>>
>> ____
>>
>> ____
>>
>> ____
>>
>> ____
>>
>> People on the call also expressed agreement with
>> Joseph’s written feedback that metadata values that
>> are in the contributed draft that are more generally
>> applicable should be moved to the appropriate
>> OpenID4VC specs and then deleted from the Federation
>> Wallet spec. But no one on the call expressed the
>> opinion that having written them down in the
>> contributed spec before their inclusion in other
>> specifications should block consideration of adopting
>> the contribution as-is now. The call was well
>> attended, with 14 people participating, and no one
>> expressed reservations with starting the call for
>> adoption.____
>>
>> ____
>>
>> Joseph helpfully provided specifics on what metadata
>> values he would suggest moving to other specifications
>> and other clarifications that could be applied in his
>> message
>> <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html> before the Thursday, August 8^th call. We discussed that additional feedback on that call, as recorded in the notes <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html>. Giuseppe took the action item to reply to the call for adoption enumerating the existing OpenID4VC issues about the metadata values currently specified in the Federation Wallet contribution, which if resolved, would result in them being added to the appropriate places in the OpenID4VC specs. And he agreed to file new OpenID4VC issues to fill any gaps identified in what it would take to define these metadata values there.____
>>
>> ____
>>
>> I agree with Joseph that future versions of the spec
>> should be clearer about what is new normative text and
>> what is repeating already normative text in other
>> specifications.____
>>
>> ____
>>
>> Kristina wrote: “Please do not adopt this draft until
>> all the changes that define OpenID4VP or OpenID4VCI
>> parameters that are not currently defined in those
>> specs right now are removed from this document.”
>> Speaking as an individual, this is a point where
>> reasonable people can and do hold different
>> positions. Having them written down now for
>> interoperability purposes is useful. Moving the
>> definitions of them to other specifications where they
>> are also applicable would be good. There’s agreement
>> on that. But whether adoption of the spec containing
>> their current descriptions should be blocked by not
>> having first incorporated them into other
>> specifications – a process that could take a while –
>> is a fair question.____
>>
>> ____
>>
>> Finally, I’ll observe that using Federation for trust
>> establishment in wallet ecosystems (the purpose of the
>> draft) necessary involves topics pertinent to both the
>> Connect and DCP working groups, so coordination and
>> collaboration will be required. The good news is that
>> that practical coordination happens by having
>> individuals active in both working groups do so, and
>> there are numerous individuals active in both. (For
>> what it’s worth, developing important specifications
>> in coordination across multiple working groups and
>> organizations isn’t new for the OpenID Foundation.
>> Developing OpenID Connect involved participants
>> working together in all of the Connect, OAuth, and
>> JOSE working groups.)____
>>
>> ____
>>
>> Thanks all for your attention to these important
>> topics!____
>>
>> ____
>>
>> -- Mike____
>>
>> ____
>>
>> *From:* Openid-specs-ab
>> <openid-specs-ab-bounces at lists.openid.net
>> <mailto:openid-specs-ab-bounces at lists.openid.net>> *On
>> Behalf Of* Joseph Heenan via Openid-specs-ab
>> *Sent:* Friday, August 9, 2024 1:00 PM
>> *To:* Artifact Binding/Connect Working Group
>> <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>>
>> *Cc:* Joseph Heenan <joseph at authlete.com
>> <mailto:joseph at authlete.com>>
>> *Subject:* Re: [Openid-specs-ab] Call for Working
>> Group Adoption of OpenID Federation Wallet
>> Architectures 1.0____
>>
>> ____
>>
>> Hi all____
>>
>> ____
>>
>> Thanks Kristina!____
>>
>> ____
>>
>> Just to reply to a specific point:____
>>
>> ____
>>
>> On 9 Aug 2024, at 13:14, Kristina Yasuda via
>> Openid-specs-ab <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>> wrote:____
>>
>> ____
>>
>> Moreover, in the minutes of a Connect WG call that
>> happened after Joseph's email with not supporting
>> adoption say "[Openid-specs-ab] Call for Working
>> Group Adoption of OpenID Federation Extended
>> Subordinate Listing 1.0 All respondents so far
>> support adoption", which could have been an
>> oversight, but please be precise.____
>>
>> ____
>>
>> There’s unfortunately two different calls for adoption
>> for Federation extensions right now which I think has
>> caused confusion - I’m happy that my feedback was
>> correctly record in yesterday’s minutes at
>> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html> and I’m pleased to see that Giuseppe plans to look into them.____
>>
>> ____
>>
>> Thanks____
>>
>> ____
>>
>> Joseph____
>>
>> ____
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab <https://lists.openid.net/mailman/listinfo/openid-specs-ab>____
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>> <https://lists.openid.net/mailman/listinfo/openid-specs-ab>____
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>> <https://lists.openid.net/mailman/listinfo/openid-specs-ab>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> <mailto:Openid-specs-ab at lists.openid.net>
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
> <https://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
>
> --
> Le informazioni contenute nella presente comunicazione sono di natura
> privata e come tali sono da considerarsi riservate ed indirizzate
> esclusivamente ai destinatari indicati e per le finalità strettamente
> legate al relativo contenuto. Se avete ricevuto questo messaggio per
> errore, vi preghiamo di eliminarlo e di inviare una comunicazione
> all’indirizzo e-mail del mittente.
> --
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. If you received this in error, please contact the sender and
> delete the material.
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Davide Vaghetti
Consortium GARR
Mobile: +393357779542
Skype: daserzw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240822/32ea600c/attachment-0001.asc>
More information about the Openid-specs-ab
mailing list