[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0
Amir Sharif
asharif at fbk.eu
Thu Aug 22 03:59:01 UTC 2024
I support adoption
Best regards,
Amir
*Amir Sharif*
*Researcher*
*Security and Trust Research Unit*
*Cybersecurity Center*
*Fondazione Bruno Kessler, Trento, Italy*
personal page:https://st.fbk.eu/people/amir-sharif
FBK web: www.fbk.eu
Cybersecurity center web: www.cs.fbk.eu <https://cs.fbk.eu>
Security &Trust web: st.fbk.eu
On Wed, 21 Aug 2024 at 19:47, Leif Johansson via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> I support adoption
>
>
> 20 aug. 2024 kl. 19:14 skrev Michael Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
>
>
>
> Adding the information to this thread that the authors contributed an
> updated specification incorporating feedback received during the adoption
> call, as described at
> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010394.html.
> We expect this contribution to be discussed during the next working group
> call on Thursday.
>
>
>
> -- Mike
>
>
>
> *From:* Kristina Yasuda <yasudakristina at gmail.com>
> *Sent:* Monday, August 19, 2024 7:12 AM
> *To:* Artifact Binding/Connect Working Group <
> openid-specs-ab at lists.openid.net>
> *Cc:* torsten at lodderstedt.net; Michael Jones <michael_b_jones at hotmail.com>;
> Nat Sakimura <nat at sakimura.org>
> *Subject:* Re: [Openid-specs-ab] Call for Working Group Adoption of
> OpenID Federation Wallet Architectures 1.0
>
>
>
> I missed the part that you are trying to address concerns by moving
> problematic sections to the informative annex, sorry. That is confusing to
> say the least. Please remove those sections entirely. They should either be
> normative or not be in the specifications.
>
>
>
> Also, please add an explicit out of scope section saying that there is no
> intention to define openid4vc parameter extensions.
>
>
>
> Best,
>
> Kristina
>
>
>
> On Mon, Aug 19, 2024 at 4:06 PM Kristina Yasuda <yasudakristina at gmail.com>
> wrote:
>
> Hi All,
>
> It is honestly confusing that there are two thread happening on the same
> topic, one following the minutes (another one) and another following call
> for adoption announcement (this one).
>
> So I copy my comment on another email thread here, too:
>
>
>
> Can you please explain how your updated draft addresses any of Joseph's
> comments?
>
> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html
>
>
>
> With all respect, but just adding a scope section that it is a profile of
> an OpenID Federation does not make it less of a profile of OpenID4VC specs
> without removing any of the sections that have been pointed out to be
> problematic.
>
>
>
> Thank you,
>
> Kristina
>
>
>
>
>
> On Mon, Aug 19, 2024 at 6:01 AM Michael Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> Hi Torsten,
>
>
>
> Per the Scope section of the document
> <https://peppelinux.github.io/federation-wallet/main.html#name-scope>
> that we added at Nat’s suggestion, the specification is first and foremost
> a profile of OpenID Federation. The experts on Federation are in the
> OpenID Connect working group, which is why the document was contributed
> there. Also as described in the Scope section, we intend to work with the
> DCP working group to define metadata parameters in the OpenID4VC specs when
> they would be applicable both without and with Federation. Also, see my
> response to Kristina
> <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010395.html>,
> which describes that the spec no longer defines any metadata parameters.
>
>
>
> Hopefully this alleviates any concerns you had.
>
>
>
> Best
> wishes,
>
> -- Mike
>
>
>
> *From:* torsten at lodderstedt.net <torsten at lodderstedt.net>
> *Sent:* Tuesday, August 13, 2024 9:18 AM
> *To:* Artifact Binding/Connect Working Group <
> openid-specs-ab at lists.openid.net>
> *Cc:* Michael Jones <michael_b_jones at hotmail.com>
> *Subject:* Re: [Openid-specs-ab] Call for Working Group Adoption of
> OpenID Federation Wallet Architectures 1.0
>
>
>
> Hi,
>
> Am 10. Aug. 2024, 23:47 +0200 schrieb Michael Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
>
> Hi all,
>
> I don’t support adoption of this document in the Connect WG.
>
>
>
> <cut>
>
>
>
>
>
> The gist of the discussion then was that the spec records what the Italian
> wallet deployment is actually doing and so it is useful to have these
> things written down now to enable interoperable implementations of them
> (which did make it into the notes).
>
> Having a write up is very useful. However, I think a whitepaper or blog
> post would be the appropriate format for that.
>
>
>
> Writing a spec to allow for interoperability is something different. It
> requires discussions with other implementers to find a common ground, which
> brings me to my next point.
>
>
>
> This draft defines extensions to the OID4VP and OID4VCI spec, something I
> would feel more comfortable with in the DCP WG simply because that’s were
> expertise and implementers of OID4VC are. Also, some of the proposed
> extensions were proposed to the DCP WG already but haven’t been adopted
> (yet). So it feels like this draft tries to create facts without a WG
> discussion.
>
>
>
> Content wise, I‘m wondering why the specification includes a token
> endpoint for the wallet provider. It seems it is used to issue wallet
> attestations. I think wallet instance to wallet provider communication is
> not related to interoperability, the design should be left at the wallet
> provider’s discretion.
>
>
>
> best regards,
>
> Torsten.
>
>
>
>
>
>
>
>
>
> People on the call also expressed agreement with Joseph’s written feedback
> that metadata values that are in the contributed draft that are more
> generally applicable should be moved to the appropriate OpenID4VC specs and
> then deleted from the Federation Wallet spec. But no one on the call
> expressed the opinion that having written them down in the contributed spec
> before their inclusion in other specifications should block consideration
> of adopting the contribution as-is now. The call was well attended, with
> 14 people participating, and no one expressed reservations with starting
> the call for adoption.
>
>
>
> Joseph helpfully provided specifics on what metadata values he would
> suggest moving to other specifications and other clarifications that could
> be applied in his message
> <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010370.html>
> before the Thursday, August 8th call. We discussed that additional
> feedback on that call, as recorded in the notes
> <https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html>.
> Giuseppe took the action item to reply to the call for adoption enumerating
> the existing OpenID4VC issues about the metadata values currently specified
> in the Federation Wallet contribution, which if resolved, would result in
> them being added to the appropriate places in the OpenID4VC specs. And he
> agreed to file new OpenID4VC issues to fill any gaps identified in what it
> would take to define these metadata values there.
>
>
>
> I agree with Joseph that future versions of the spec should be clearer
> about what is new normative text and what is repeating already normative
> text in other specifications.
>
>
>
> Kristina wrote: “Please do not adopt this draft until all the changes
> that define OpenID4VP or OpenID4VCI parameters that are not
> currently defined in those specs right now are removed from this document.”
> Speaking as an individual, this is a point where reasonable people can and
> do hold different positions. Having them written down now for
> interoperability purposes is useful. Moving the definitions of them to
> other specifications where they are also applicable would be good. There’s
> agreement on that. But whether adoption of the spec containing their
> current descriptions should be blocked by not having first incorporated
> them into other specifications – a process that could take a while – is a
> fair question.
>
>
>
> Finally, I’ll observe that using Federation for trust establishment in
> wallet ecosystems (the purpose of the draft) necessary involves topics
> pertinent to both the Connect and DCP working groups, so coordination and
> collaboration will be required. The good news is that that practical
> coordination happens by having individuals active in both working groups do
> so, and there are numerous individuals active in both. (For what it’s
> worth, developing important specifications in coordination across multiple
> working groups and organizations isn’t new for the OpenID Foundation.
> Developing OpenID Connect involved participants working together in all of
> the Connect, OAuth, and JOSE working groups.)
>
>
>
> Thanks all for your attention to these important topics!
>
>
>
> -- Mike
>
>
>
> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> *On
> Behalf Of* Joseph Heenan via Openid-specs-ab
> *Sent:* Friday, August 9, 2024 1:00 PM
> *To:* Artifact Binding/Connect Working Group <
> openid-specs-ab at lists.openid.net>
> *Cc:* Joseph Heenan <joseph at authlete.com>
> *Subject:* Re: [Openid-specs-ab] Call for Working Group Adoption of
> OpenID Federation Wallet Architectures 1.0
>
>
>
> Hi all
>
>
>
> Thanks Kristina!
>
>
>
> Just to reply to a specific point:
>
>
>
> On 9 Aug 2024, at 13:14, Kristina Yasuda via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>
>
> Moreover, in the minutes of a Connect WG call that happened after Joseph's
> email with not supporting adoption say "[Openid-specs-ab] Call for Working
> Group Adoption of OpenID Federation Extended Subordinate Listing 1.0 All
> respondents so far support adoption", which could have been an oversight,
> but please be precise.
>
>
>
> There’s unfortunately two different calls for adoption for Federation
> extensions right now which I think has caused confusion - I’m happy that my
> feedback was correctly record in yesterday’s minutes at
> https://lists.openid.net/pipermail/openid-specs-ab/2024-August/010371.html and
> I’m pleased to see that Giuseppe plans to look into them.
>
>
>
> Thanks
>
>
>
> Joseph
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
--
Le informazioni contenute nella presente comunicazione sono di natura
privata e come tali sono da considerarsi riservate ed indirizzate
esclusivamente ai destinatari indicati e per le finalità strettamente
legate al relativo contenuto. Se avete ricevuto questo messaggio per
errore, vi preghiamo di eliminarlo e di inviare una comunicazione
all’indirizzo e-mail del mittente.
--
The information transmitted is
intended only for the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you received this in
error, please contact the sender and delete the material.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240822/95602bef/attachment-0001.html>
More information about the Openid-specs-ab
mailing list