<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 29-Mar-21<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Adam Lemmon<o:p></o:p></p>
<p class="MsoNormal">Tom Jones<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal">David Waite<o:p></o:p></p>
<p class="MsoNormal">Vittorio Bertocci<o:p></o:p></p>
<p class="MsoNormal">Jeremie Miller<o:p></o:p></p>
<p class="MsoNormal">Tobias Looker<o:p></o:p></p>
<p class="MsoNormal">Pamela Dingle<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">External Events<o:p></o:p></p>
<p class="MsoNormal"> Identiverse is planned as a hybrid event in Denver, June 21-23, 2021<o:p></o:p></p>
<p class="MsoNormal"> Vittorio is doing a session on new browser features<o:p></o:p></p>
<p class="MsoNormal"> Nat is doing a session on where are we with SIOP and DID<o:p></o:p></p>
<p class="MsoNormal"> Currently panel with Nat, Kim, Tobias<o:p></o:p></p>
<p class="MsoNormal"> Vittorio suggested adding someone with a different viewpoint<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Internet Identity Workshop (IIW), April 20-22<o:p></o:p></p>
<p class="MsoNormal"> Mike suggested architectural review sessions for some of key recent decisions<o:p></o:p></p>
<p class="MsoNormal"> Tobias volunteered to do some of this<o:p></o:p></p>
<p class="MsoNormal"> Possible topics<o:p></o:p></p>
<p class="MsoNormal"> Tobias would like us to be crisp about what we mean by SIOP and the problems that it's solving<o:p></o:p></p>
<p class="MsoNormal"> Portable Identifiers<o:p></o:p></p>
<p class="MsoNormal"> Using Verifiable Credentials with OpenID Connect<o:p></o:p></p>
<p class="MsoNormal"> Vision and Terminology<o:p></o:p></p>
<p class="MsoNormal"> Claims Provisioning<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> OpenID Workshop, April 29<o:p></o:p></p>
<p class="MsoNormal"> Working groups will present their status there<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">SIOP Wallet Choosing<o:p></o:p></p>
<p class="MsoNormal"> Jeremie summarized recent discussions on choosing<o:p></o:p></p>
<p class="MsoNormal"> He and DW had been working on mobile app-to-app style discovery<o:p></o:p></p>
<p class="MsoNormal"> They talked about URL-based discovery within particular trust frameworks for vertical use cases<o:p></o:p></p>
<p class="MsoNormal"> Such as health, etc.<o:p></o:p></p>
<p class="MsoNormal"> Can take a user experience into mobile world without need for NASCAR-style experience<o:p></o:p></p>
<p class="MsoNormal"> Lets the user make choices about providers to use<o:p></o:p></p>
<p class="MsoNormal"> Requires publishing metadata about providers within a trust framework<o:p></o:p></p>
<p class="MsoNormal"> DW said that the right term is probably "choosing"<o:p></o:p></p>
<p class="MsoNormal"> See "URL Based Discovery for Trust Frameworks using SIOP" at
<a href="https://hackmd.io/zhCHWDM6QcuX-CGRXzURlQ">https://hackmd.io/zhCHWDM6QcuX-CGRXzURlQ</a><o:p></o:p></p>
<p class="MsoNormal"> See a demo video at <a href="https://drive.google.com/file/d/1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps/view?usp=sharing">
https://drive.google.com/file/d/1PPt4uYuWncaKgq3_So8CpWTp6pYvC0ps/view?usp=sharing</a><o:p></o:p></p>
<p class="MsoNormal"> Tom said that in healthcare, they'd already decided to register apps<o:p></o:p></p>
<p class="MsoNormal"> He said that they can put a selector in front of their existing trust registry<o:p></o:p></p>
<p class="MsoNormal"> Tobias reaffirmed that there's a distinction between selection, choosing, and discovery<o:p></o:p></p>
<p class="MsoNormal"> He wants to have clear conceptual separation between them<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">LD Proofs and JOSE<o:p></o:p></p>
<p class="MsoNormal"> Jeremie said he and DW have been thinking about how to make adoption of new techniques smooth for existing Connect implementations<o:p></o:p></p>
<p class="MsoNormal"> For instance, zero-knowledge proofs of multiple claims, such as with CL02, BBS+, Idemix, or U-Prove<o:p></o:p></p>
<p class="MsoNormal"> The holder can generate a presentation of those proofs with a subset of the claims<o:p></o:p></p>
<p class="MsoNormal"> There's then a proof of the validity of the selective disclosure of the subsets of the claims<o:p></o:p></p>
<p class="MsoNormal"> They're thinking about how to extend JOSE for these new kinds of proofs<o:p></o:p></p>
<p class="MsoNormal"> An early brainstorming doc is at <a href="https://hackmd.io/RybpiMT1ShGUtt5yNgE49A">
https://hackmd.io/RybpiMT1ShGUtt5yNgE49A</a><o:p></o:p></p>
<p class="MsoNormal"> Nat will contact Tony Nadalin, who was working on this kind of thing<o:p></o:p></p>
<p class="MsoNormal"> British Columbia didn't want to have registration of all clients<o:p></o:p></p>
<p class="MsoNormal"> They want to use the person as an "air gap"<o:p></o:p></p>
<p class="MsoNormal"> Nat said that one can solve these use cases with aggregated claims<o:p></o:p></p>
<p class="MsoNormal"> Nat said that unknown use cases are more of a challenge for aggregated claims<o:p></o:p></p>
<p class="MsoNormal"> Ability to use a credential in the future is a driver for these representations<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues">
https://bitbucket.org/openid/connect/issues</a><o:p></o:p></p>
<p class="MsoNormal"> #1213: private_key_jwt, client_secret_jwt audience<o:p></o:p></p>
<p class="MsoNormal"> We plan to have the certification suite allow use of the issuer as the audience value in JWT Client Authentications<o:p></o:p></p>
<p class="MsoNormal"> Decision recorded at <a href="https://gitlab.com/openid/conformance-suite/-/issues/877">
https://gitlab.com/openid/conformance-suite/-/issues/877</a><o:p></o:p></p>
<p class="MsoNormal"> Nat suggested we discuss this further on the next call<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Calls<o:p></o:p></p>
<p class="MsoNormal"> The next SIOP Special Topic Call is on Tuesday, March 30th, 2021 at 3pm Pacific Time (7am Japan Time)<o:p></o:p></p>
<p class="MsoNormal"> The next regular Connect call is on Monday, April 5th, 2021 at 3pm Pacific Time<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>