<div dir="ltr">I take the view that we create the chooser w/o any new browser support and then work with one of the vendors to create a proposal for changing the browser to make it work that way. It is much easier to make a case if we know exactly what it is that we want. I suspect it will be some combo of the p/w manager and the protocol picker.<div><br></div><div>I am not at all certain that anyone really understands what a useful semantic will be. After all, we have had this capability for over 20 years in xml and never make it truly useful.</div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">Be the change you want to see in the world </span>..tom</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 9, 2021 at 7:50 PM David Waite <<a href="mailto:david@alkaline-solutions.com">david@alkaline-solutions.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">The pr proposal i made would be that there can be openid metadata defining capabilities, such as presenting smart health cards or mdl, supporting different DID schemes, etc.<div><br></div><div>A wallet would choose which ones it supports. Some issuers, like self-issued/v2, are self certifying while others may be under a more controlled process. Self-issued/v2 isn’t great for more complex queries like presentation exchange, since you are now asking for capabilities that weren’t required/specified in the base metadata. </div><div><br></div><div>You say your app supports operation as a particular issuer by catching the authorization_endpoint.</div><div><br></div><div>This still leaves the possibility that the underlying platform or browser won’t present a multiple choice option to the user (which we still need to work toward fixing imho) but makes it far more likely that the request will go to some piece of software designed to handle that type of request or that vertical. </div><div><br><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br><blockquote type="cite">On Oct 9, 2021, at 10:34 AM, Tom Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">I understood and agreed with that up to the part about Chooser selecting multiple wallets.<div><br></div><div>Here is what I cannot get my head around. When the client makes a request (JAR, whatever) that involves creds in different wallets. How or who decides the split - or does every wallet get the entire request? But even then, where/how does the response (the ID token) get created. Sending separate ID tokens does not seem like a useful solution to me. Altho perhaps a collection of ID tokens might work if they all went in one packet.</div><div><br clear="all"><div><div dir="ltr"><div dir="ltr"><div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">Be the change you want to see in the world </span>..tom</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 9, 2021 at 3:05 AM David Chadwick <<a href="mailto:d.w.chadwick@verifiablecredentials.info" target="_blank">d.w.chadwick@verifiablecredentials.info</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div><br>
</div>
<div>On 08/10/2021 21:44, Tom Jones wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">As Mike has noted earlier, the wallet you describe
needs to be the only wallet that the user has on their device.
Very few of us believe that is possible, unless some gigantic
social media company takes control. </div>
</blockquote>
<p>It is possible that Apple and Google wallets will eventually
become the only wallets that people have on their smartphones. It
is likely, with mDL and their existing credit card support, that
this will leap frog them into pole position. OTOH it is also
possible that federations will specify the wallets, policies and
VCs that they will accept within their federation.<br>
</p>
<p>Until we have global dominance, it likely that users will hold
many different wallets as you say. The SIOP (chooser) component
will need to pass the policy onto the different wallets for them
to satisfy components of this. Having the same semantic policy
encoded in different syntaxes will enable different proprietary
wallets to interwork with the SIOP chooser.</p>
<p>Kind regards</p>
<p>David<br>
</p>
<blockquote type="cite">
<div dir="ltr">The sorts of wallets that are contemplated today
cannot hope to handle arbitrary credentials of the sorts that
users will need in their day-to-day life. My own university
tells me which wallet I can use to hold my VC diploma. My state
tells me which wallets are trusted to hold my mDL.
<div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">
</span></div>
<div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap"> </span>..tom<br>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Oct 8, 2021 at 12:07
PM David Chadwick via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>I would like to discuss the layering of OIDC with VCs,
so that the application layer would simply pass a policy
reference to the SIOP wallet and the wallet would respond
with a (set of) VP(s), using the OIDC protocol. Then the
management layer on top of this could define whatever
policies it wanted to for requesting combinations of VCs,
with or without selective disclosure, so that different
federations with their own wallets can implement their own
policies suitable for their requirements.<br>
<br>
This will decouple OIDC from presentation exchange (which
in my opinion is too complex for the majority of use
cases).</div>
<div><br>
</div>
<div>Comments?</div>
<div>Kind regards</div>
<div>David</div>
<div><br>
</div>
<div><br>
</div>
<div>On 08/10/2021 19:36, Mike Jones via Openid-specs-ab
wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal">I took the action item to bring
people’s concerns about the paucity of relevant IIW
sessions to Phil Windley’s attention. Both he and
Heidi essentially responded that “It’s open space –
make what you want to have happen happen.” Which is
fair.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">They suggested that we use the IIW
wiki pages <a href="https://iiw.idcommons.net/IIW_33_Proposed_Topics" target="_blank">
https://iiw.idcommons.net/IIW_33_Proposed_Topics</a>
and <a href="https://iiw.idcommons.net/IIW_33_Time_Zone_Session_Planning" target="_blank">
https://iiw.idcommons.net/IIW_33_Time_Zone_Session_Planning</a>
to coordinate and schedule clusters of sessions that
we want to see. They were supportive of people trying
to organize in advance to get the most out of IIW.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">
-- Mike</p>
<p class="MsoNormal"> </p>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
</div>
</blockquote></div>
<span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></div></blockquote></div></div></blockquote></div>