<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 10/10/2021 03:50, David Waite wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8A5EB64F-ECEE-4B09-8C18-B5B81499456B@alkaline-solutions.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
The pr proposal i made would be that there can be openid metadata
defining capabilities, such as presenting smart health cards or
mdl, supporting different DID schemes, etc.
<div><br>
</div>
<div>A wallet would choose which ones it supports. Some issuers,
like self-issued/v2, are self certifying while others may be
under a more controlled process. Self-issued/v2 isn’t great for
more complex queries like presentation exchange, since you are
now asking for capabilities that weren’t required/specified in
the base metadata. <br>
</div>
</blockquote>
But couldn't we also enhance the metadata to also describe the
policy syntaxes that are supported (such as presentation exchange).
This then removes knowledge of the policy from the OIDC protocol,
which is my main objective. Then different policies can be layered
on top of OIDC.<br>
<blockquote type="cite"
cite="mid:8A5EB64F-ECEE-4B09-8C18-B5B81499456B@alkaline-solutions.com">
<div><br>
</div>
<div>You say your app supports operation as a particular issuer by
catching the authorization_endpoint.</div>
<div><br>
</div>
<div>This still leaves the possibility that the underlying
platform or browser won’t present a multiple choice option to
the user (which we still need to work toward fixing imho) but
makes it far more likely that the request will go to some piece
of software designed to handle that type of request or that
vertical. <br>
</div>
</blockquote>
<p>The youtube video I posted
(<a class="moz-txt-link-freetext" href="https://www.youtube.com/watch?v=w0FJayxCYwk">https://www.youtube.com/watch?v=w0FJayxCYwk</a>) shows how an app can
display the multiple choices to the user, allowing them to pick
the required VCs.</p>
<p>Kind regards</p>
<p>David<br>
</p>
<blockquote type="cite"
cite="mid:8A5EB64F-ECEE-4B09-8C18-B5B81499456B@alkaline-solutions.com">
<div><br>
<div dir="ltr">Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On Oct 9, 2021, at 10:34 AM, Tom Jones
via Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">I understood and agreed with that up to the
part about Chooser selecting multiple wallets.
<div><br>
</div>
<div>Here is what I cannot get my head around. When the
client makes a request (JAR, whatever) that involves
creds in different wallets. How or who decides the split
- or does every wallet get the entire request? But even
then, where/how does the response (the ID token) get
created. Sending separate ID tokens does not seem like a
useful solution to me. Altho perhaps a collection of ID
tokens might work if they all went in one packet.</div>
<div><br clear="all">
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">Be the change you want to see in the world </span>..tom</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Oct 9, 2021 at
3:05 AM David Chadwick <<a
href="mailto:d.w.chadwick@verifiablecredentials.info"
moz-do-not-send="true">d.w.chadwick@verifiablecredentials.info</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div><br>
</div>
<div>On 08/10/2021 21:44, Tom Jones wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">As Mike has noted earlier, the wallet
you describe needs to be the only wallet that the
user has on their device. Very few of us believe
that is possible, unless some gigantic social
media company takes control. </div>
</blockquote>
<p>It is possible that Apple and Google wallets will
eventually become the only wallets that people have
on their smartphones. It is likely, with mDL and
their existing credit card support, that this will
leap frog them into pole position. OTOH it is also
possible that federations will specify the wallets,
policies and VCs that they will accept within their
federation.<br>
</p>
<p>Until we have global dominance, it likely that
users will hold many different wallets as you say.
The SIOP (chooser) component will need to pass the
policy onto the different wallets for them to
satisfy components of this. Having the same semantic
policy encoded in different syntaxes will enable
different proprietary wallets to interwork with the
SIOP chooser.</p>
<p>Kind regards</p>
<p>David<br>
</p>
<blockquote type="cite">
<div dir="ltr">The sorts of wallets that are
contemplated today cannot hope to handle arbitrary
credentials of the sorts that users will need in
their day-to-day life. My own university tells me
which wallet I can use to hold my VC diploma. My
state tells me which wallets are trusted to hold
my mDL.
<div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">
</span></div>
<div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap"> </span>..tom<br>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Oct 8,
2021 at 12:07 PM David Chadwick via
Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div>I would like to discuss the layering of
OIDC with VCs, so that the application layer
would simply pass a policy reference to the
SIOP wallet and the wallet would respond
with a (set of) VP(s), using the OIDC
protocol. Then the management layer on top
of this could define whatever policies it
wanted to for requesting combinations of
VCs, with or without selective disclosure,
so that different federations with their own
wallets can implement their own policies
suitable for their requirements.<br>
<br>
This will decouple OIDC from presentation
exchange (which in my opinion is too complex
for the majority of use cases).</div>
<div><br>
</div>
<div>Comments?</div>
<div>Kind regards</div>
<div>David</div>
<div><br>
</div>
<div><br>
</div>
<div>On 08/10/2021 19:36, Mike Jones via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal">I took the action
item to bring people’s concerns about
the paucity of relevant IIW sessions to
Phil Windley’s attention. Both he and
Heidi essentially responded that “It’s
open space – make what you want to have
happen happen.” Which is fair.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">They suggested that
we use the IIW wiki pages <a
href="https://iiw.idcommons.net/IIW_33_Proposed_Topics"
target="_blank" moz-do-not-send="true">
https://iiw.idcommons.net/IIW_33_Proposed_Topics</a> and <a
href="https://iiw.idcommons.net/IIW_33_Time_Zone_Session_Planning"
target="_blank" moz-do-not-send="true">
https://iiw.idcommons.net/IIW_33_Time_Zone_Session_Planning</a> to
coordinate and schedule clusters of
sessions that we want to see. They were
supportive of people trying to organize
in advance to get the most out of IIW.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">
-- Mike</p>
<p class="MsoNormal"> </p>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
</div>
</blockquote>
</div>
<span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>