<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;">Hi All,</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;">Please find below the note from today's SIOP Special call. </span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
We have three options on how to include W3C Verfiable Credential Objects in OIDC - separate tokens, credential sources (library), and custom claim names. <span style="background-color:rgb(255, 255, 255);display:inline !important">Attaching the notes to an email
with the relevant slides and links that Torsten kindly shared.</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Looking forward to the discussion at IIW.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<b>Note that the next call will be on 27th at Europe-friendly Atlantic time</b><span style="font-family:Calibri, Helvetica, sans-serif;text-align:left;background-color:rgb(255, 255, 255);display:inline !important"><span> </span>(7am PST, 5pm CET, 0AM JST).</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Best,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Kristina</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin:0px;font-size:12pt"><span style="margin:0px"><span style="margin:0px;font-family:Calibri, Helvetica, sans-serif">PS Notes can also be found in the Wiki: </span><span style="margin:0px;font-family:Calibri, Helvetica, sans-serif"><a href="https://bitbucket.org/openid/connect/wiki/SIOP%20Special%20call%202021-04-13" style="margin:0px">https://bitbucket.org/openid/connect/wiki/SIOP%20Special%20call%202021-04-13</a></span></span></span><br>
<span style="margin:0px;font-size:12pt"></span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;"><span style="background-color:rgb(255, 255, 255);display:inline !important"></span></span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;">---</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;">Mike Jones</span>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Adam Lemmon</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tom Jones</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Anthony Nadalin</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Justin Richer</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tim Cappalli</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">John Bradley</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Jeremie Miller</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Torsten Lodderstedt</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Oliver Terbu</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">David Waite</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Vittorio Bertocci</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tobias Looker</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Bjorn Hjelm</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Edmund Jay</span></div>
<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Kristina Yasuda</span></div>
<div style="margin:0px;font-size:14px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;background-color:rgb(255, 255, 255)">
<div dir="ltr" style="margin:0px">
<div style="margin:0px">
<ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Proposal to set up a Europe-friendly SI</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">OP special call time</span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">same time as Atlantic calls (7am PST, 5pm CET, 0AM JST) on Tuesday, bi-weekly cadence, </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;">starting
27th April</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;">.<br>
</span></li></ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Update for </span><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1212%2Funiversal-url-based-discovery-for-siop&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C3a64af5de9524b4ea87b08d8fed02d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539517352090693%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5eeT6I4YFavEacR6f90jGYDFz9%2BgLqY5lL76cVV2k%2Bk%3D&reserved=0" originalsrc="https://bitbucket.org/openid/connect/issues/1212/universal-url-based-discovery-for-siop" shash="oQVGCoBeN7oQGm2cwUjgZamoFdrY+dD6oODUrAsx5V03vOM+9T/jaDuFhZP4DRZNYbKfq8CFRR8rbkly22K+fvzMS6qAAz57yAAJKfQyQwgBVVknJQxmSLjttvrNuLlkSoAfm+A3pBzEdplUlE/FN6FHYFQsRX0NnVYNEetj4CI=" style="margin:0px"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">#1212
- Universal URL Based Discovery for SIOP</span></a><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">Jeremie - working on it; agreed to rename the issue to "SIOP Chooser"</span><br>
</li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">First implementation by Tom Jones - seems to work plan to use MSFT hello as a proof of presence</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">Some conversation happening over DIF C&C channel</span><br>
</li></ul>
<li style="font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Defining JWT Claims to represent W3C Verifiable Credentials objects discussion</span></li><ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Summary of the discussions up to date (see</span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important; font-size: 12pt;">Spec
Call Notes 8-Apr-21,</span><span style="margin:0px;font-family:calibri, arial, helvetica, sans-serif;background-color:rgb(255, 255, 255);display:inline !important"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Spec
Call Notes 12-Apr-21 and ML for details)</span></li><ul>
<li><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Mike: vc vp claims defined in vc-data-model spec do not encompass entire VCs VPs, rather the function to contain JWT claims specific to VC alongside other JWT claims</span></li><li><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Dmitri Zagudulin gave input that there are implementations that embed entire VC VPs </span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">the question being discussed not is do we want IANA registered claims or data structure with dictionaries like </span><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><span style="margin: 0px; background-color: rgb(255, 255, 255); display: inline !important; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">aggregated/distributed
claims syntax</span></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">.</span><br>
</li><li><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">VC/VPs can be embedded in a JWT as long as their processing rulesare compatible with the enclosing JWT</span></li></ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Torsten presented </span><span style="margin: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif;">early
thinking on </span><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fawoie%2Fvp-token-spec%2Fpull%2F23&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C3a64af5de9524b4ea87b08d8fed02d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539517352100649%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5WdZrafx04rjXsviI0kjCPQgYQ5VkrLw44anagSsI%2Bk%3D&reserved=0" originalsrc="https://github.com/awoie/vp-token-spec/pull/23" shash="slR+2tr9y6aJEdu/LUYUMgBi4T2gXIOHcIwF8ahdUe0XMWm/0t9BbsBT8P7PtPpsbPgr+OoBixySZYgAq/WsIM+GmSeTQ6Vbv2TvjuT951n8knwuyPrMNM23theAULraT9DkSqEx5VwmD2hXVsMqMX/eWmdg6Bfcf3OHp49weGY=" style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">using
aggregated/distributed claims for VCs/VPs</span></a><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="margin: 0px; background-color: rgb(255, 255, 255); display: inline !important; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">(presentation
slides sent in a separate email)</span><span style="margin:0px;background-color:rgb(255, 255, 255);display:inline !important"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">: </span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">Had a discussion with Mike, Kim, Oliver and Kristina on the specification how to request and convey VC objects (VCOs - includes
both VC and VP) in OIDC</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">VCOs can come from wherever - ID Token and UserInfo endpoint,etc.</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);"><b>Requests are controlled by the claims parameters,</b></span><span style="margin:0px;font-size:12pt;font-family:calibri, arial, helvetica, sans-serif;background-color:rgba(0, 0, 0, 0)"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">not
to overload or invent new response types</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">initial thinking was to have a separate artfact VP token, to compartmentalize different kind of tokens to prevent processing issues
especially with JWT and JSON-LD. </span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">There was also an idea to to use ID Token as VP, but they have different processing rules.</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">Current option is JWT claims that are arrays and can provision more than one VCO.</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);"><b>Torsten showed the examples of how vp_jwt and vp_ldp will be embedded in the ID token.</b></span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);"><b>Torsten also showed how aggregated and distributed claims syntax can be used to return VCOs</b></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">,
using the dictionary that maps to the source</span></li></ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tony said that there is a need for a userinfo endpoint support in SIOP.</span></li><li><span style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Tom said that there is no use-cases where V</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">C is sent back directly,
without being included in a VP.</span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Kristina and Torsten agreed, and said it would be clearer once we have more implementation experience.</span></li></ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tony clarified the difference between vc-data-model defined vc vp claims and new claim names used in these slides.</span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tobias, DW, Mike and Kristina clarified that vp_ldp proof is a container that includes entire VCO and is independent of</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;"> vc
vp claims defined in </span><span style="margin:0px;display:inline !important"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;">vc-data-model that are used inside the VCO to contain @context,
type, etc. </span></span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Note from Kristina: vc-data-model spec language is one of the reasons of the confu</span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">sion
because </span><code style="color:rgb(200, 53, 0);font-family:Menlo, Consolas, "DejaVu Sans Mono", Monaco, monospace;font-size:0.9em;hyphens:none;orphans:3;widows:3;break-before:avoid"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">vp
claims is defined as t</span></code><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">he object that "contains the</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><a href="https://www.w3.org/TR/vc-data-model/#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" style="margin:0px;border-width:0px 0px 1px;border-bottom-style:solid;border-bottom-color:rgb(153, 153, 204);font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;text-decoration-skip-ink:none"><span style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">verifiable
presentation</span></a><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">according to this specification", but in the description
above the definition it says that vp claim only "</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">contains those parts of the standard</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><a href="https://www.w3.org/TR/vc-data-model/#dfn-verifiable-presentations" class="internalDFN" data-link-type="dfn" style="margin:0px;border-width:0px 0px 1px;border-bottom-style:solid;border-bottom-color:rgb(153, 153, 204);font-size:medium;font-family:sans-serif;text-decoration-skip-ink:none"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">verifiable
presentations</span></a><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">where no explicit encoding rules for JWT exist"
and the examples follow the description and only VP specific claims (@context, type, etc.) are included in vp claim.</span><br>
</li></ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">There was a discussion in</span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">the</span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">chat
in favor of a </span><span lang="EN-US" style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">separate token approace that lives separate from the OIDC claims and contexts. Justin wrote that
the ID Token should be about the authentication event, more than anything </span><span style="margin:0px;font-size:12pt;font-family:calibri, arial, helvetica, sans-serif;background-color:rgba(0, 0, 0, 0)"></span></li><ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span lang="EN-US" style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; background-color: rgba(0, 0, 0, 0);">Mike said that the problem with the separate token approach
is it probably means you're inventing new response type values, which isn't an extension point that most of the existing OAuth and OIDC libraries actually have, Whereas all the libraries enable extensions via adding claims - it's a more straightforward way
of integration.</span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Vittorio said that</span><b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"><b>proposed
new claim is not the same as any other new claim.</b></span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">If the entire reason you are asking
for an ID token is to get that claim, that's changing the semantics - you are loading an existing primitive for a different out come. </span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">In that case, re-using existing logic may be disastrous since something that looks like an old stuff actually has different
semantics. He said he is worried about the code that is being used already, that now can parse new artifacts and draw conclusions that are not what we wanted to do to draw.</span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Justin said that</span><b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"><b>new
response_type may not be required.</b></span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> The utility of the response type is to allow clients to signal that they're requesting the different parts of the response separately
from each other and in specific combinations. Including VCs in OIDC is different - it is specifically additive and can be defined as being returned in a specific slot. we are going towards claims query language.</span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">it's just another data artifact that, if we don't want to, or need to get overly specific about exactly how, and when we
want to give clients, options, about how and where it comes back, then we don't have to.</span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Torsten asked if it would make sense for a client to ask for a set of claims and do not care whether they can be provided
as an ID token or as VCO.</span></li><li style="font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Mike said that the</span><b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"><b>more
choices you give implementations, the less interoperable they're going to be</b></span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">. Standards is exactly the process of making choices so that people interoperate. which is why
existing mechanisms should be used.</span></li></ul>
<li style="font-family:Calibri, Arial, Helvetica, sans-serif"><b><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Currently there are three options - separate tokens, credential sources (library), and custom claim names. </span><span style="margin: 0px; background-color: rgb(255, 255, 255); display: inline !important; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">The
group agreed to take a deeper look at each and</span><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> continue the conversation on the ML, IIW and future calls.</span></b><br>
</li></ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Update on Portable Identifiers draft (if any)</span></li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tobias said that he added use-cases and asked for feedback: </span><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><a href="https://mattrglobal.github.io/oidc-portable-identities/#name-usecases" style="margin:0px"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">https://mattrglobal.github.io/oidc-portable-identities/#name-usecases</span></a></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></li><li><span style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">It is an alternative type of subject identifier. Currently end user subject identifier is a product of hte provider, the iss claim and the subject. cryptographically
verifiable identifiers would be used to redefine the relationship btw the end user and the provider.</span><br>
</li><li><font color="#000000" face="Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Kristina noted that there are two components emerging - Credential exchange (VCO in OIDC) and authentication using
cryptographically verifiable subject identifiers.</span></font></li></ul>
<li><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1215%2Fsiop-requires-user-consent&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C3a64af5de9524b4ea87b08d8fed02d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539517352110609%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yuqUgsUfuKNp28EDDpLjHjAADJfX3LKdVgFvr59AJqg%3D&reserved=0" originalsrc="https://bitbucket.org/openid/connect/issues/1215/siop-requires-user-consent" shash="G7NF+7bNepbszz2Ob/pvzbGSNWrf1w2QpYo9KsOo9zmnEPVWxxEujyNBHHqAi5wYNaLGuAmlXtJkdEj7x14HiU7eawhSQ3a+lZ/ILr1IOKDzdIJYYFUoGS8dTdBbeVL5vifpLFls+L5TCmjcLuU9zm25lrz5euNmD6TdPymKskg=" style="margin:0px"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">#1215
- SIOP requires user consent</span></a></span></li><li><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1217%2Frequire-jar-in-siop-to-strongly-id-the&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C3a64af5de9524b4ea87b08d8fed02d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539517352100649%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dpkiq5sbpg5gsHF%2BSVNQlBq9hSSP3S9HMNYA7gaTyf0%3D&reserved=0" originalsrc="https://bitbucket.org/openid/connect/issues/1217/require-jar-in-siop-to-strongly-id-the" shash="SRk6TP0sq3b8krMCIvX3cIf6GU9+hdiEfesYUnefQ6G49HbEtyfodGEOCd4o+8Df/FQUunja4fRp3vso0rR6QK5muU2fl1GGSYnD+N9y1zOeg1B9ND7eeAgaXrYopf54VHr/FjktcVH1t82zf/+dSrozP3wMWWd71scG7G73A8Q=" style="margin:0px"><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> #1217
- Require JAR in SIOP to strongly ID the Relying Party</span></a><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> - related to the last week's trust model of SIOP discussion</span></span><br>
</li><ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tom Jones said that consent in SIOP has to be required, and suggested using JAR so that the user knows about hte client</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Torsten asked what would you learn about client by signing request... </span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Jeremie said that in the context of a trust framework, it can make sense because the holder SW can verify against that trust framework. but without a trust framework</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">,
no way for a holder SW to display anything useful to a user. The client might need to present their VP first too.</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tom said that if TLS is used, domain name with a lock can be showed ot a user even without a framework.</span></li><li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Tom agreed to provide more details to help WG better understand the proposal</span></li></ul>
<li><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">We ran out</span><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">of
time to discuss</span><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif"><span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;"> </span></span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">userInfo
in SIOP</span><br>
</li><li>
<div style="margin:0px"></div>
<b><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Next call is </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;">27th April Atlantic time</span></b><span style="margin:0px;display:inline !important"><b><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;"> </span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;">(7am
PST, 5pm CET, 0AM JST)</span><span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; display: inline !important;"> </span></b></span></li></ul>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif">
<span style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Best,</span></div>
<span style="margin: 0px; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">Kristina</span></div>
</div>
</div>
<br>
</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="appendonsend"></div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>�$B:9=P?M�(B:</b> Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net> �$B$,�(B Torsten Lodderstedt via Openid-specs-ab <openid-specs-ab@lists.openid.net> �$B$NBeM}$GAw?.�(B<br>
<b>�$BAw?.F|;~�(B:</b> 2021�$BG/�(B4�$B7n�(B14�$BF|�(B 8:01<br>
<b>�$B08@h�(B:</b> Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net><br>
<b>CC:</b> Torsten Lodderstedt <torsten@lodderstedt.net><br>
<b>�$B7oL>�(B:</b> [Openid-specs-ab] OpenID Connect for W3C Verifiable Credential Objects</font>
<div> </div>
</div>
<div>
<div class="x_BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="x_PlainText">Hi all,<br>
<br>
as discussed in the SIOP Special Topic Call, I would like to share with the group the link to our draft and the PRs/branches containing the alternative representations for VPs & VCs.
<br>
<br>
The current revision of the draft can be found at <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fawoie%2Fvp-token-spec&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468934540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gHC2NGojYFW348vyKQDc%2FzGK48%2B1fSkmzqgWxXgnjec%3D&reserved=0" originalsrc="https://github.com/awoie/vp-token-spec" shash="Zw89t8NPhM44GeenzhYgS2XlQ7AFaEgQoClHMZJPOuT6gj20hCl6G9EUqtxODbrnSxxhZMhzaTrBoetkMOX+XaTgk9nmkdLplbISMSXPfaLHGaJvLij+/CBSFdPrpn6GkyS5fcjlE+DPW5bYXc2ZsHK5Nd+etaSs7d7PqKsqW1c=">
https://github.com/awoie/vp-token-spec</a>. It uses VP Tokens as separate artifact + ID Tokens as Verifiable Presentations.
<br>
<br>
In the context of the ongoing discussion regarding the best way to represent, we created two PRs describing further alternatives in detail:<br>
<br>
- vp_jwt/vp_ldp/vc_jwt/vc_ldp Claims (<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fawoie%2Fvp-token-spec%2Fpull%2F20&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468944494%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5KyjcvxVHzFo%2F2CJF4CgCp4wdSNG0qYQi5rcL6Ge1VU%3D&reserved=0" originalsrc="https://github.com/awoie/vp-token-spec/pull/20" shash="kFlG2VFj3ta42nF4ARgZSqskBTpmcZ/f3NLk2Y12R8kwDgf4DaIY7zYPTEjntREoJhhrbXaFYG5XveDm0Fn1p4CduouN/3p5uVAC/Qa5sJN63OPXIxEUXPuTh8sd6vzJ6l4kA1VNJ4aOMRJZtXNYUhYWlCZSalQZB/PNu9c0c6E=">https://github.com/awoie/vp-token-spec/pull/20</a>)<br>
- <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSakurann%2Fvp-token-spec&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468944494%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zvTS%2F30zA5vuL0%2BVDlyCuE4ns46R6Bl%2F8YUM4stNhwk%3D&reserved=0" originalsrc="https://github.com/Sakurann/vp-token-spec" shash="ULciuPOzLAdWS6XieHzMOsFMN5DjRT+aB0XcxXhy2/w9/4htwbj4Ewhkyft0IPQnTve4qjBRJVOWOy5ZbHK3RxR//jS/TvddUpNoaIz8hIA3WVdT+lIPjTZKGlUDjRyF7oUAkXzEXih/gCqCmeo/0D20zKQ0yZaohmDqCwyi61I=">
https://github.com/Sakurann/vp-token-spec</a><br>
<br>
- Aggregated & Distributed Claims (<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fawoie%2Fvp-token-spec%2Fpull%2F23&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468954450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vvL%2Fu2DfVYnqmuOf1%2B9VxltnBgmwh7%2FOiA%2BypmQI6OA%3D&reserved=0" originalsrc="https://github.com/awoie/vp-token-spec/pull/23" shash="nk3rg/Sc++MNb4mdEMqjIcNC4GNmrkMHmGb8akiTHA2vPQ1zHlNWKQWXF+mSVe6WBL5CXdSVWiGrSH2GO5JKLMiODx+dbS2ro7e0aCDb0b7vEhso2sy/IZo2/qH7iKBD0j6XSc8GaxMQBzJsLXWXeXVybVxbo6nlh3jxdhLOEAQ=">https://github.com/awoie/vp-token-spec/pull/23</a>)<br>
- <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fawoie%2Fvp-token-spec%2Ftree%2Fadc&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468954450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8AbJw85Hr%2B3HGu7eCN6ClAKWN%2B1iKF8V78R0kVNfR6s%3D&reserved=0" originalsrc="https://github.com/awoie/vp-token-spec/tree/adc" shash="ZvBP5o2Y4iLR4N3sF9mGDsFJnq5aGBYL7W8t7wv65l87MID8J1z2uLFmHsqrvTbj8Rn9tLiOTFsb1vrESDeT2Ou65Lx75zA0bEG9XfEodX8WZHeGqP2OPYgRifuIVByTvcy5ZoDnw9fVOvnanK4JUCzfDxJURJg09LgBEyY1nPU=">
https://github.com/awoie/vp-token-spec/tree/adc</a><br>
<br>
Look forward to getting your feedback. We would like to work towards the WG adopting our draft.
<br>
<br>
I also added the deck I have shown in the call. <br>
<br>
best regards,<br>
Torsten. <br>
<br>
</div>
</span></font></div>
<div class="x_BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="x_PlainText">_______________________________________________<br>
Openid-specs-ab mailing list<br>
Openid-specs-ab@lists.openid.net<br>
<a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C82300f294e18488d347308d8fed061d0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637539518468954450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Tx%2BHW6NdES%2BN6hrigf6ydfSWkqksE6tj6qkFQvomqOo%3D&reserved=0" originalsrc="http://lists.openid.net/mailman/listinfo/openid-specs-ab" shash="KTmfwcho0bmhpbFp9PZ4OpLdi1sZ9INyCGtdk99Cafjdz3uG9lLPMLYVw8bN1IpQNSgX3ksrC+IZNZU5La+XRchMm4H8yN2gn28aFVQOXWABEsQ7QgYEVdAa54XA1tMjcjPJaenP6M2lVUXzVh3luksEdYVheC+5L/dcnB7O/Z4=">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>