<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">SIOP Special Call Notes 17-Feb-22<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">David Chadwick<o:p></o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Kenichi Nakamura<o:p></o:p></p>
<p class="MsoNormal">Daniel Fett<o:p></o:p></p>
<p class="MsoNormal">Jo Vercammen<o:p></o:p></p>
<p class="MsoNormal">Petteri Stenius<o:p></o:p></p>
<p class="MsoNormal">Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #124: [oidc4vci] clarify sub value in the ID Token Issue #1426<o:p></o:p></p>
<p class="MsoNormal"> We agreed to merge this<o:p></o:p></p>
<p class="MsoNormal"> PR #107: Support for federations using the termsOfUse property<o:p></o:p></p>
<p class="MsoNormal"> Torsten tried to validate the JSON and it failed<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick said that he believes the JSON is correct<o:p></o:p></p>
<p class="MsoNormal"> He discussed this on the DIF PE call in the past week<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that the PE JSON Schema doesn't work<o:p></o:p></p>
<p class="MsoNormal"> And that some ideas that have been discussed are not actually in the spec<o:p></o:p></p>
<p class="MsoNormal"> Torsten checks all the examples he adds to specs to make sure they are valid<o:p></o:p></p>
<p class="MsoNormal"> Mike stated that we should fix the known syntax problems in the examples before merging<o:p></o:p></p>
<p class="MsoNormal"> This is related to:<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/decentralized-identity/presentation-exchange/issues/303">
https://github.com/decentralized-identity/presentation-exchange/issues/303</a><o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/decentralized-identity/presentation-exchange/issues/280">
https://github.com/decentralized-identity/presentation-exchange/issues/280</a><o:p></o:p></p>
<p class="MsoNormal"> Torsten said that he would work with the PE folks on these issues<o:p></o:p></p>
<p class="MsoNormal"> PR #120: Issuer Handling SIOP<o:p></o:p></p>
<p class="MsoNormal"> The corresponding issue is #1400, where there's been good discussion lately<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that DW indicated on the last Connect call that Ping Identity plans to use "iss" for a trust framework reference<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that a trust framework reference could be included elsewhere in the ID Token<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that the PR is in good shape and includes the rationale for this change<o:p></o:p></p>
<p class="MsoNormal"> Kristina referenced Stephane Durand's comments<o:p></o:p></p>
<p class="MsoNormal"> Mike said that merging this will enable us to put trust in the issuer - unlike self-issued.me<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that the PR has been updated to reflect actionable comments<o:p></o:p></p>
<p class="MsoNormal"> Unless more actionable comments have been filed, we proposed to merge it in a week<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that this change surfaces differences in people's mental models of SIOP<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that DW's comments mostly mean that we need additional data in the ID Token<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that these should be captured in separate issues and not block merging this PR<o:p></o:p></p>
<p class="MsoNormal"> PR #101: Fetching presentation definitions from a remote repository<o:p></o:p></p>
<p class="MsoNormal"> David said that he copied the metadata text from OpenID Connect Discovery<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that there's three ways to pass parameters in connect - in the URI, using "request", and using "request_uri"<o:p></o:p></p>
<p class="MsoNormal"> He said that the default is that a request conveys all the parameters in the URI<o:p></o:p></p>
<p class="MsoNormal"> Kristina expressed support for having a default<o:p></o:p></p>
<p class="MsoNormal"> Mike did too<o:p></o:p></p>
<p class="MsoNormal"> David said that presentation requests can be too big to include in URIs<o:p></o:p></p>
<p class="MsoNormal"> Torsten said to use PAR then<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that using request_uri is another way to handle the large size<o:p></o:p></p>
<p class="MsoNormal"> David said that request_uris can be referenced by multiple parties, which he sees as being a feature<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that doing anything by reference increases complexity for all parties<o:p></o:p></p>
<p class="MsoNormal"> Including hosting and maintaining the externally referenced data<o:p></o:p></p>
<p class="MsoNormal"> Mike asked if Torsten could propose specific changes to establish the default<o:p></o:p></p>
<p class="MsoNormal"> Kristina suggested that we file an issue asking people's opinion on whether there should be a default and what it should be<o:p></o:p></p>
<p class="MsoNormal"> David agreed to file that issue<o:p></o:p></p>
<p class="MsoNormal"> Jo asked for another week to consider this PR<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open">
https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal"> #1436: Mental Models<o:p></o:p></p>
<p class="MsoNormal"> David observed that sometimes people are talking past one another because they have different mental models of SIOP<o:p></o:p></p>
<p class="MsoNormal"> He listed a number of them in the issue<o:p></o:p></p>
<p class="MsoNormal"> Kristina made a detailed comment in the issue<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that in a recent Connect call, the biggest confusion observed was between authentication and conveying claims about the user<o:p></o:p></p>
<p class="MsoNormal"> Torsten thanked David for filing the issue<o:p></o:p></p>
<p class="MsoNormal"> He wants to think about the points made and respond<o:p></o:p></p>
<p class="MsoNormal"> Mike also requested time to review the details of the issue<o:p></o:p></p>
<p class="MsoNormal"> We agreed to discuss this on the next SIOP call in a week<o:p></o:p></p>
<p class="MsoNormal"> #1399: SIOP with any OIDC flow<o:p></o:p></p>
<p class="MsoNormal"> We agreed to park this until PR #120 is merged<o:p></o:p></p>
<p class="MsoNormal"> #1379: Resolving Client_ID<o:p></o:p></p>
<p class="MsoNormal"> Kristina expressed that we don't need to mandate registration<o:p></o:p></p>
<p class="MsoNormal"> Mike said in Connect Core, we enable registration but don't mandate it<o:p></o:p></p>
<p class="MsoNormal"> In some cases, registration happens out of band<o:p></o:p></p>
<p class="MsoNormal"> He thought we should do the same here<o:p></o:p></p>
<p class="MsoNormal"> Torsten agreed with Mike's comments<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that there's a difference between mandating something and there being a default<o:p></o:p></p>
<p class="MsoNormal"> Torsten pointed out that there's a description of Mandatory to Implement features in OpenID Connect Core<o:p></o:p></p>
<p class="MsoNormal"> See <a href="https://openid.net/specs/openid-connect-core-1_0.html#ImplementationConsiderations">
https://openid.net/specs/openid-connect-core-1_0.html#ImplementationConsiderations</a><o:p></o:p></p>
<p class="MsoNormal"> Mike credited Torsten for that and said that it has been very useful<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that we should do the same thing for SIOP<o:p></o:p></p>
<p class="MsoNormal"> Kristina is resolving this issue until we gain more deployment experience<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID Foundation SIOP Strategy<o:p></o:p></p>
<p class="MsoNormal"> Kristina reported that there is $12,000 approved for writing a SIOP whitepaper<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> We are cancelling the Monday, February 21, 2022 call due to the Presidents Day holiday in the United States<o:p></o:p></p>
<p class="MsoNormal"> The next Connect call will be on Thursday, February 24, 2022 at 7am Pacific Time<o:p></o:p></p>
</div>
</body>
</html>