<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">On issue 1400.</div><div class=""><br class=""></div><div class=""><blockquote type="cite" class=""><div class="WordSection1" style="page: WordSection1;"><div class="" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Kristina said that DW indicated on the last Connect call that Ping Identity plans to use "iss" for a trust framework reference<o:p class=""></o:p></div><div class="" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> Torsten said that a trust framework reference could be included elsewhere in the ID Token</div></div></blockquote></div><div class=""><br class=""></div><div class="">I also mentioned that OpenID Connect 4 Identity Assurance (<a href="https://openid.net/specs/openid-connect-4-identity-assurance-1_0-ID3.html" class="">https://openid.net/specs/openid-connect-4-identity-assurance-1_0-ID3.html</a>) defines syntax for conveying information about trust frameworks and so on. I suggest to use this as basis for solving Ping’s requirements. </div><div class=""><br class=""></div><div class="">We also had a good discussion about trust frameworks and schemes in the context of OIDC4VPs. David has created a PR: <a href="https://bitbucket.org/openid/connect/pull-requests/107" class="">https://bitbucket.org/openid/connect/pull-requests/107</a></div><div class=""><br class=""></div><div class="">@DW: May I ask you to fill an issue with your requirements? </div><div class=""><br class=""></div><div class="">best regards,</div><div class="">Torsten. <br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Am 17.02.2022 um 20:11 schrieb Mike Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>>:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">SIOP Special Call Notes 17-Feb-22<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Mike Jones<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">David Chadwick<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Kristina Yasuda<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Kenichi Nakamura<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Daniel Fett<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Jo Vercammen<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Petteri Stenius<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Torsten Lodderstedt<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Open Pull Requests<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <span class="Apple-converted-space"> </span><a href="https://bitbucket.org/openid/connect/pull-requests/" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://bitbucket.org/openid/connect/pull-requests/</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> PR #124: [oidc4vci] clarify sub value in the ID Token Issue #1426<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> We agreed to merge this<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> PR #107: Support for federations using the termsOfUse property<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten tried to validate the JSON and it failed<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David Chadwick said that he believes the JSON is correct<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> He discussed this on the DIF PE call in the past week<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that the PE JSON Schema doesn't work<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> And that some ideas that have been discussed are not actually in the spec<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten checks all the examples he adds to specs to make sure they are valid<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike stated that we should fix the known syntax problems in the examples before merging<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> This is related to:<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <span class="Apple-converted-space"> </span><a href="https://github.com/decentralized-identity/presentation-exchange/issues/303" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://github.com/decentralized-identity/presentation-exchange/issues/303</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <span class="Apple-converted-space"> </span><a href="https://github.com/decentralized-identity/presentation-exchange/issues/280" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://github.com/decentralized-identity/presentation-exchange/issues/280</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that he would work with the PE folks on these issues<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> PR #120: Issuer Handling SIOP<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> The corresponding issue is #1400, where there's been good discussion lately<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina said that DW indicated on the last Connect call that Ping Identity plans to use "iss" for a trust framework reference<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that a trust framework reference could be included elsewhere in the ID Token<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that the PR is in good shape and includes the rationale for this change<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina referenced Stephane Durand's comments<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike said that merging this will enable us to put trust in the issuer - unlike<span class="Apple-converted-space"> </span><a href="http://self-issued.me/" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">self-issued.me</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina said that the PR has been updated to reflect actionable comments<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Unless more actionable comments have been filed, we proposed to merge it in a week<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that this change surfaces differences in people's mental models of SIOP<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that DW's comments mostly mean that we need additional data in the ID Token<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that these should be captured in separate issues and not block merging this PR<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> PR #101: Fetching presentation definitions from a remote repository<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David said that he copied the metadata text from OpenID Connect Discovery<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that there's three ways to pass parameters in connect - in the URI, using "request", and using "request_uri"<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> He said that the default is that a request conveys all the parameters in the URI<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina expressed support for having a default<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike did too<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David said that presentation requests can be too big to include in URIs<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said to use PAR then<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina said that using request_uri is another way to handle the large size<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David said that request_uris can be referenced by multiple parties, which he sees as being a feature<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that doing anything by reference increases complexity for all parties<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Including hosting and maintaining the externally referenced data<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike asked if Torsten could propose specific changes to establish the default<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina suggested that we file an issue asking people's opinion on whether there should be a default and what it should be<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David agreed to file that issue<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Jo asked for another week to consider this PR<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Open Issues<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <span class="Apple-converted-space"> </span><a href="https://bitbucket.org/openid/connect/issues?status=new&status=open" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> #1436: Mental Models<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> David observed that sometimes people are talking past one another because they have different mental models of SIOP<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> He listed a number of them in the issue<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina made a detailed comment in the issue<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina said that in a recent Connect call, the biggest confusion observed was between authentication and conveying claims about the user<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten thanked David for filing the issue<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> He wants to think about the points made and respond<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike also requested time to review the details of the issue<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> We agreed to discuss this on the next SIOP call in a week<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> #1399: SIOP with any OIDC flow<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> We agreed to park this until PR #120 is merged<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> #1379: Resolving Client_ID<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina expressed that we don't need to mandate registration<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike said in Connect Core, we enable registration but don't mandate it<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> In some cases, registration happens out of band<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> He thought we should do the same here<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten agreed with Mike's comments<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina said that there's a difference between mandating something and there being a default<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten pointed out that there's a description of Mandatory to Implement features in OpenID Connect Core<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> See<span class="Apple-converted-space"> </span><a href="https://openid.net/specs/openid-connect-core-1_0.html#ImplementationConsiderations" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://openid.net/specs/openid-connect-core-1_0.html#ImplementationConsiderations</a><o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Mike credited Torsten for that and said that it has been very useful<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Torsten said that we should do the same thing for SIOP<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina is resolving this issue until we gain more deployment experience<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">OpenID Foundation SIOP Strategy<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> Kristina reported that there is $12,000 approved for writing a SIOP whitepaper<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Next Call<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> We are cancelling the Monday, February 21, 2022 call due to the Presidents Day holiday in the United States<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> The next Connect call will be on Thursday, February 24, 2022 at 7am Pacific Time<o:p class=""></o:p></div></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Openid-specs-ab mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="mailto:Openid-specs-ab@lists.openid.net" style="color: rgb(5, 99, 193); text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">Openid-specs-ab@lists.openid.net</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color: rgb(5, 99, 193); text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a></div></blockquote></div><br class=""></div></body></html>