<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 28-Jan-21<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">Tom Jones<o:p></o:p></p>
<p class="MsoNormal">Oliver Terbu<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">External Organizations<o:p></o:p></p>
<p class="MsoNormal"> DIF F2F recording and highlights<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://medium.com/decentralized-identity/dif-face-to-face-jan-2021-highlights-89e78cb80f54">
https://medium.com/decentralized-identity/dif-face-to-face-jan-2021-highlights-89e78cb80f54</a><o:p></o:p></p>
<p class="MsoNormal">MODRNA Update<o:p></o:p></p>
<p class="MsoNormal"> Bjorn updated us on the MODRNA working group<o:p></o:p></p>
<p class="MsoNormal"> Completed Implementer's Draft of User Questioning API<o:p></o:p></p>
<p class="MsoNormal"> Getting ready for Implementer's Draft of MODRNA CIBA Profile<o:p></o:p></p>
<p class="MsoNormal"> The WG has the CIBA Core spec<o:p></o:p></p>
<p class="MsoNormal"> The MODRNA CIBA Profile contains features originally in the FAPI Core spec<o:p></o:p></p>
<p class="MsoNormal"> Considering certification<o:p></o:p></p>
<p class="MsoNormal"> Orange is looking at developing tests<o:p></o:p></p>
<p class="MsoNormal"> GSMA is still discussing where they will be doing their specification work in the future<o:p></o:p></p>
<p class="MsoNormal"> Some are advocating that the MODRNA WG be the spec development body for Mobile Connect<o:p></o:p></p>
<p class="MsoNormal"> There's been discussions about the Account Porting spec<o:p></o:p></p>
<p class="MsoNormal"> It was written at a high level to accommodate multiple use cases<o:p></o:p></p>
<p class="MsoNormal"> It has been deployed by the US ZenKey collaboration of mobile operators (<a href="https://myzenkey.com/">https://myzenkey.com/</a>)<o:p></o:p></p>
<p class="MsoNormal"> In ZenKey, all the parties are known<o:p></o:p></p>
<p class="MsoNormal"> The MODRNA WG could create a MODRNA profile of Account Porting<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that those working on portable identifiers are also looking at the Account Porting spec<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Certification Update<o:p></o:p></p>
<p class="MsoNormal"> Joseph gave an update on the Certification program<o:p></o:p></p>
<p class="MsoNormal"> The certification page <a href="https://openid.net/certification/">
https://openid.net/certification/</a> was reorganized to use separate tabs for each group of profiles<o:p></o:p></p>
<p class="MsoNormal"> The certification team is mostly working on FAPI updates<o:p></o:p></p>
<p class="MsoNormal"> Including revising the tests to match the approved final FAPI 1.0 specs<o:p></o:p></p>
<p class="MsoNormal"> We're working on moving the certification data to a database<o:p></o:p></p>
<p class="MsoNormal"> Enabling customized displays based on queries<o:p></o:p></p>
<p class="MsoNormal"> A few new tests have been added<o:p></o:p></p>
<p class="MsoNormal"> One is testing that private_key_jwt certifications have the "sub" claim<o:p></o:p></p>
<p class="MsoNormal"> We launched the Australian profile of the FAPI tests for Consumer Data Rights (CDR)<o:p></o:p></p>
<p class="MsoNormal"> We're hopeful that they'll mandate both OP and RP certification<o:p></o:p></p>
<p class="MsoNormal"> We received the first Australian bank certification this week<o:p></o:p></p>
<p class="MsoNormal"> We launched tests for Pushed Authentication Tests (PAR)<o:p></o:p></p>
<p class="MsoNormal"> This is used by the Australian profile<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">DID SIOP V2 Parameters<o:p></o:p></p>
<p class="MsoNormal"> Kristina led a review of request and response parameters<o:p></o:p></p>
<p class="MsoNormal"><a href="https://bitbucket.org/openid/connect/src/de2c744a3dec11ef2e08300e3823ad10276df905/openid-connect-self-issued-v2-1_0.md">https://bitbucket.org/openid/connect/src/de2c744a3dec11ef2e08300e3823ad10276df905/openid-connect-self-issued-v2-1_0.md</a><o:p></o:p></p>
<p class="MsoNormal"> Request Parameters<o:p></o:p></p>
<p class="MsoNormal"> Like the V1 SIOP flow, no redirect_uri is included<o:p></o:p></p>
<p class="MsoNormal"> registration_uri added<o:p></o:p></p>
<p class="MsoNormal"> request_uri added<o:p></o:p></p>
<p class="MsoNormal"> Use of "request" or "request_uri" is REQUIRED<o:p></o:p></p>
<p class="MsoNormal"> Response ID Token Claims<o:p></o:p></p>
<p class="MsoNormal"> "sub" is required<o:p></o:p></p>
<p class="MsoNormal"> "sub_jwk" is required<o:p></o:p></p>
<p class="MsoNormal"> "iss" remains <a href="https://self-issued.me/">
https://self-issued.me/</a><o:p></o:p></p>
<p class="MsoNormal"> This could become <a href="https://self-issued.me/v2">
https://self-issued.me/v2</a><o:p></o:p></p>
<p class="MsoNormal"> There's a question on whether we want to keep the JWK Thumbprint option<o:p></o:p></p>
<p class="MsoNormal"> "vp" claim is optional<o:p></o:p></p>
<p class="MsoNormal"> Registration Parameters<o:p></o:p></p>
<p class="MsoNormal"> "authorization_endpoint" added<o:p></o:p></p>
<p class="MsoNormal"> "sub_typ_sup" added<o:p></o:p></p>
<p class="MsoNormal"> Registration Errors<o:p></o:p></p>
<p class="MsoNormal"> New error responses are defined<o:p></o:p></p>
<p class="MsoNormal"> ID Token Validation<o:p></o:p></p>
<p class="MsoNormal"> When DIDs are used, you do DID resolution and obtain the keys from the DID document<o:p></o:p></p>
<p class="MsoNormal"> Validation steps 3, 4, and 5 are new/updated<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> No objections were voiced but no proposed refinements were voiced either<o:p></o:p></p>
<p class="MsoNormal"> Mike asked whether we could get some feedback from implementers<o:p></o:p></p>
<p class="MsoNormal"> We should ask for implementer feedback on the Pacific-friendly calls as well<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Kristina asked Oliver his opinion of the layering of the draft<o:p></o:p></p>
<p class="MsoNormal"> Oliver liked the use of the "vp" claim<o:p></o:p></p>
<p class="MsoNormal"> Oliver said that Verifiable Credentials have both external and embedded proofs<o:p></o:p></p>
<p class="MsoNormal"> The "vp" claim is used for external proofs - JWT-based proofs<o:p></o:p></p>
<p class="MsoNormal"> He said that embedded proofs have a different format<o:p></o:p></p>
<p class="MsoNormal"> Some using Linked Data signatures<o:p></o:p></p>
<p class="MsoNormal"> Some using zero knowledge proofs<o:p></o:p></p>
<p class="MsoNormal"> These don't use the "vp" and "vc" claims<o:p></o:p></p>
<p class="MsoNormal"> Oliver said he wants to think about it some more<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Board Election is Open<o:p></o:p></p>
<p class="MsoNormal"><a href="https://openid.net/foundation/members/elections/46">https://openid.net/foundation/members/elections/46</a><o:p></o:p></p>
<p class="MsoNormal"> Please participate<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues">
https://bitbucket.org/openid/connect/issues</a><o:p></o:p></p>
<p class="MsoNormal"> There are no new issues<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call is on Monday, February 1st, 2021 at 3pm Pacific Time<o:p></o:p></p>
</div>
</body>
</html>