[Openid-specs-ab] Spec Call Notes 17-Aug-20

Mike Jones Michael.Jones at microsoft.com
Tue Aug 18 00:38:49 UTC 2020


Spec Call Notes 17-Aug-20

Nat Sakimura
Mike Jones
Tom Jones
Kristina Yasuda
Edmund Jay
Bjorn Hjelm
John Bradley
Tobias Looker

OAuth JAR
              Mike is continuing to work on a PR addressing IESG and WG comments

Aggregated Claims Draft
              Edmund will check this into the Connect repositories and Mike will publish a working group draft

Tom's Draft
https://github.com/KantaraInitiative/DistributedAssurance/blob/master/OpenID%20Self%20Issued%20Identifier.md
              Tom is asking Tobias for feedback on his draft
              He received from feedback from Markus Sabadello on recovery that he is incorporating

DIF/OpenID Liaison Relationship
              Kristina reported that there was a meeting about this at DIF and that people were enthusiastic
              DIF needs to send a signed liaison agreement to the OIDF
              Balázs Némethi reached out to Don with some questions, which Mike and Nat answered
              Kristina has volunteered to be the liaison officer between the two organizations
                           We should confirm that at the next executive committee call

Other External Organizations
              Nat suggested that some of the W3C community groups and WGs might also be pertinent
              For instance, the DID WG is pertinent
                           Mike reported that they're working towards having a Candidate Recommendation
                           Mike is already serving as an informal information exchange conduit

External Related Specs
              ISO 24760 Basic Identity Management spec
              ISO 29115 Entity Authentication Assurance
              ISO 29003 Identity Proofing
              The US is working on NIST 800-63-4
                           It's open for comments now
                           Tom commented that 800-63-2 certifications aren't valid for 800-63-3 in healthcare
              EIDAS
                           John said that EU is looking for feedback on EIDAS

Nat is running a panel on identity at a blockchain business conference next week
              https://www.bg2c.net/en_index.html
              [BG2C Prep-Meeting]Blockchain and Identity

Aggregated Claims Spec
              Nat described it as constraining the response from the resource server
              Like a UserInfo Endpoint V2
              At Identiverse, George Fletcher talked about the possibility of getting a constrained/downscoped access token
                           George's use case was use in networks of micro-services
              There was a discussion on the relationship between roles and scopes
              Once the working group draft has been published, we'll ask for people to review it

Use of "sub" in SIOP
              Tobias said that RPs use the "sub" field as a stable identifier for the party
              That prevents key rotation for SIOP
              He would still sign with the "sub_jwk" but break the linkage to the "sub" value
              John observed that what Tobias wants is the level of indirection we had for XRDS identifiers in OpenID 2.0
                           The XRDS document provided a pointer to the discovery information for the IdP
                           With XRDS you could build a multi-tenant self-issued service
              Tobias said that there would be an identifier that would be dereferenced to get the needed cryptographic material
              John said that the "sub" would be like that
                           He said that it would be up to the SIOP whether to use an externally referenced key source or an internal one
              Tobias said that we could define a URI that stands for the JWK Thumbprint
              John said that a DID could be simply a file on a Web Server
              Tobias would expand the OP metadata to indicate the methods supported
              Mike said that he wouldn't want RPs to all have to understand DID resolution
                           John and Tobias agreed, and had ideas about how to accomplish that
              Tobias plans to send his presentation deck to the working group

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              (The call went over time and we didn't spend any time on open issues.)

Next Call
              The next working group call is Thursday, August 27 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200818/79e19c83/attachment.html>


More information about the Openid-specs-ab mailing list