<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>it would be feasible to write an OIDC profile of DIF PE to say
which elements must be included, which may be included and which
must not be included when used with OIDC. This would allow the
group to simplify the use of PE when carried in OIDC messages.</p>
<p>Kind regards</p>
<p>David<br>
</p>
<div class="moz-cite-prefix">On 08/05/2021 13:11, Torsten
Lodderstedt via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0DC2B30F-AA92-42BD-930D-CDE6BE8ED334@lodderstedt.net">
<pre class="moz-quote-pre" wrap="">DIF PE uses a transport agnostic approach with a very powerful request language and an additional level of indirection for presentation (descriptor map). This results in a high degree of flexibility but seems to be complex and problematic regarding ease of use and interoperability. DIF PE also only sketches out how it could be used in conjunction with OIDC.
Having a small extension natively built on top OIDC seems a reasonable approach to provide developers with a simple and secure solution. We should certainly investigate how we can leverage DIF PE primitives as best as we can to benefit from existing work and implementations.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Am 07.05.2021 um 21:17 schrieb nadalin--- via Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>:
So from what I heard was that the use case was for people to be able to use W3C VP in OIDC, or is there another usecase? It seems that the DIF solution solves this, adding another way just add to confusion and more technical solutions that have to be supported. So what is the additional value of doing this in OIDC, if there are issues with the DIF solution maybe address them in DIF so as to limit the technical divide.
From: Kristina Yasuda <a class="moz-txt-link-rfc2396E" href="mailto:Kristina.Yasuda@microsoft.com"><Kristina.Yasuda@microsoft.com></a>
Sent: Friday, May 7, 2021 8:38 AM
To: Artifact Binding/Connect Working Group <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>; Anthony Nadalin <a class="moz-txt-link-rfc2396E" href="mailto:nadalin@prodigy.net"><nadalin@prodigy.net></a>
Cc: David Waite <a class="moz-txt-link-rfc2396E" href="mailto:david@alkaline-solutions.com"><david@alkaline-solutions.com></a>; Daniel Buchner <a class="moz-txt-link-rfc2396E" href="mailto:issues-reply@bitbucket.org"><issues-reply@bitbucket.org></a>
Subject: Re: [Openid-specs-ab] Issue #1230: Adopt Presentation Exchange as an officially supported mechanism within SIOP (openid/connect)
DIF PE is a finished spec in DIF and technically nothing prevents implementations to use DIF PE in SIOP or any other OIDC flow to request claims. What needs to be discussed is what do we want to use PE for in OIDC and where would it bring most additional value? Once we identify that, we just need to clearly define in some document how implementations can do so in an interoperable way, because DIF PE can be complicated and too flexible sometimes as David Chadvick has pointed out.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Presentation exchange is a data model for representing a requested format for presentations, and for providing additional metadata for understanding the response.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
This exactly why I think this is not an issue specific to a Self-issued OP model, which focuses on solving the issues particular to this model - such as discovery, registration, proving control over the subject identifier, etc.
The main use-cases I have seen using DIF PE in OIDC is to request Verifiable Presentations, in which case, I believe reference to PE belongs to OIDC4VP (OpenID Connect for Verifiable Presentations) draft under call for adoption. SIOP V2 draft can reference that passage in OIDC4VP draft.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap=""> this issue from Daniel was in part a result of me reaching out to him in _anticipation_ of this becoming an adopted document.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Is the proposal here to adopt DIF PE document in OIDF? as a way to use it with any OIDC flow with any claims? In that case, it should be merged with expression language work that has been worked on in ekyc-ida WG (openid / ekyc-ida / issues / #1186 - Expression Language — Bitbucket). But again, I believe reference to a query language belongs to OIDC for VP draft if any.
Best,
Kristina
差出人: Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a> が David Waite via Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a> の代理で送信
送信日時: 2021年5月7日 14:36
宛先: Artifact Binding/Connect Working Group <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>; Anthony Nadalin <a class="moz-txt-link-rfc2396E" href="mailto:nadalin@prodigy.net"><nadalin@prodigy.net></a>
CC: David Waite <a class="moz-txt-link-rfc2396E" href="mailto:david@alkaline-solutions.com"><david@alkaline-solutions.com></a>; Daniel Buchner <a class="moz-txt-link-rfc2396E" href="mailto:issues-reply@bitbucket.org"><issues-reply@bitbucket.org></a>
件名: Re: [Openid-specs-ab] Issue #1230: Adopt Presentation Exchange as an officially supported mechanism within SIOP (openid/connect)
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On May 6, 2021, at 7:56 PM, nadalin--- via Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a> wrote:
So why have we spent time on this in OIDF of DIF has done this,
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
DIF has not “done this”. Presentation exchange is a data model for representing a requested format for presentations, and for providing additional metadata for understanding the response. It is not a protocol, and specifically defines carve-outs for the actual request/response to be defined by separate specifications like SIOP.
OIDC has a simpler scheme for requesting claims, so the decision was likely made to model that option for the initial submission. I would be surprised if people were unwilling to collaborate on a common ground with DIF, considering the current SIOP work is a joint effort between DIF and OIDF.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">this is just another reason why we should not adopt this until we get issues worked out,
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
“We” (Connect A/B group) will not get technical issues worked out until we accept something as input. This is currently an external document.
Although I cannot speak for everyone, my ability to justify contributions to non-adopted documents and to work under ‘handshake’ IPR does have limits.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">There is no real reason to do this in OIDF, any work can be done in DIF to fit this into SIOP.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
I would think that changes to SIOP to support new representations of authentication and of claims are squarely in scope of the Connect A/B group. Although my employer was not participating in DIF at the time, I suspect this is the opinion by some of the DIF membership as well, hence the current joint effort.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">I'm surprised that this was not all worked out before Mike and others created this draft.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
The purpose of an adopting a submission is not to have a small subset of people work on a document in their own GitHub repo without any IPR protection until they are ready for it to be a ratified standard. A side-effect of this work not being an adopted item is that I was unaware of it until rather recently.
Also, I would like to point out that this issue from Daniel was in part a result of me reaching out to him in _anticipation_ of this becoming an adopted document and wanting his input (as primary editor of Presentation Exchange). My hope is that we will reach the other side of SIOP not just being compatible with PE, but providing feedback to make PE an even more capable specification.
-DW
_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C8e2fc8cd654147dfb49b08d9111a1e52%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559626199763291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=x0qBcvHMyQzeDjzQVAh3T%2B8xRqaMdy12krBrCr3o2vs%3D&reserved=0">https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C8e2fc8cd654147dfb49b08d9111a1e52%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559626199763291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=x0qBcvHMyQzeDjzQVAh3T%2B8xRqaMdy12krBrCr3o2vs%3D&reserved=0</a>
_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ab&source=gmail-imap&ust=1621019871000000&usg=AOvVaw2WCCKlkma8b-zP0xmdvOzX">https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ab&source=gmail-imap&ust=1621019871000000&usg=AOvVaw2WCCKlkma8b-zP0xmdvOzX</a>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>