<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Kristina,</p>
    <p>I was thinking of SIOPv2 use in scenarios like auth, consent or
      credential presentation at physical endpoints where a protocol
      like NFC could fit nicely, and make for a more intuitive and
      friendly experience.<br>
    </p>
    <p>The nature of a self-issued IdP is also such that internet
      connectivity for the user device is not an absolutely critical
      thing (whereas with a classic 3rd party IdP internet connectivity
      is a must). So SIOPv2 could potentially take advantage of this
      possibility, and support transactions where we have physical
      proximity and / or mobile network coverage is missing. My feeling
      is this could greatly enhance the appeal of SIOPv2. This will also
      allow for more robust and versatile wallet applications. The
      "classic" wallet does not require network connectivity to work,
      and if we are able to have this in SIOPv2 (where technically
      possible) it will be really nice :)<br>
    </p>
    <p>Vladimir<br>
    </p>
    <pre class="moz-signature" cols="72">Vladimir Dzhuvinov</pre>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On 29/03/2022 20:32, Kristina Yasuda
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:DM6PR00MB088958831983F3304FB3ADF2E51E9@DM6PR00MB0889.namprd00.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style>@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
        {font-family:"Yu Gothic";
        panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
        {font-family:"\@Yu Gothic";
        panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}h3
        {mso-style-priority:9;
        mso-style-link:"Heading 3 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:13.5pt;
        font-family:"Calibri",sans-serif;
        font-weight:bold;}a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        font-size:10.0pt;
        font-family:"Courier New";}span.Heading3Char
        {mso-style-name:"Heading 3 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 3";
        font-family:"Calibri Light",sans-serif;
        color:#1F3763;}span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}div.WordSection1
        {page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Hi Vladimir,<o:p></o:p></p>
        <p class="MsoNormal">Thank you for the question! SIOPv2 over NFC
          has not been discussed in the WG before.
          <o:p></o:p></p>
        <p class="MsoNormal">I think it would be interesting to explore
          this topic. We could use NFC/BLE instead of QR codes to convey
          `request_uri` as a first step, or sending ID Token and VPs
          (and other issuer-signed credentials) over NFC/BLE in the
          response (though it will be a leap from RESTful nature of
          OIDC). We would need someone knowledgeable in NFC (and BLE?)
          to participate and contribute in the WG if we are to pursue
          this path.<o:p></o:p></p>
        <p class="MsoNormal">I am curious, is there an emerging use-case
          beyond 2.1 and 2.2 quoted below?<o:p></o:p></p>
        <p class="MsoNormal">Best,<o:p></o:p></p>
        <p class="MsoNormal">Kristina<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div>
          <div style="border:none;border-top:solid #E1E1E1
            1.0pt;padding:3.0pt 0in 0in 0in">
            <p class="MsoNormal"><b>From:</b> Openid-specs-ab
              <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a>
              <b>On Behalf Of </b>Vladimir Dzhuvinov via
              Openid-specs-ab<br>
              <b>Sent:</b> Tuesday, March 29, 2022 8:27 AM<br>
              <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
              <b>Cc:</b> Vladimir Dzhuvinov
              <a class="moz-txt-link-rfc2396E" href="mailto:vladimir@connect2id.com"><vladimir@connect2id.com></a><br>
              <b>Subject:</b> [Openid-specs-ab] SIOPv2 over NFC?<o:p></o:p></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p>I wonder if there have been thoughts or considerations of the
          NFC protocol for SIOPv2 to interact with RPs?<o:p></o:p></p>
        <p>Especially given the adopted use cases 2.1 and 2.2?<o:p></o:p></p>
        <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
          <h3 id="name-resilience-against-sudden-o"><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23section-2.1&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252107589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vlelxTSklxdpG0%2FxuJGBCRAeR3BsOQwA5wcHheoGpnk%3D&reserved=0"
              moz-do-not-send="true">2.1.
            </a><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23name-resilience-against-sudden-o&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252107589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e8PLTMfOwdcq7B9zJsK9TsHsH8jdb8N1eyCC1ecOIuQ%3D&reserved=0"
              moz-do-not-send="true">Resilience against Sudden or
              Planned Hosted OP Unavailability</a> <o:p></o:p></h3>
          <p id="section-2.1-1">A hosted third-party provided OP's
            infrastructure may become unavailable or even destroyed due
            to natural disasters such as hurricanes, tsunamis and fires,
            or may be removed from service as a planned business
            decision. End-Users using Self-Issued OPs local to their
            environment, have lower chances of being simultaneously
            affected by such events.<o:p></o:p></p>
          <h3 id="name-authentication-at-the-edge"><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23section-2.2&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252157595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=r0nXzyhNgMEojyL1txVXlY1ICYZ68Pafl05H8LAoDe8%3D&reserved=0"
              moz-do-not-send="true">2.2.
            </a><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-self-issued-v2-1_0-06.html%23name-authentication-at-the-edge&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf193ddebb1634ee8724608da1198b080%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637841646252157595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EpbHRZgVM62uRZDhpKdw9HSMbrCq6PL5A%2Biat5B%2FIlU%3D&reserved=0"
              moz-do-not-send="true">Authentication at the Edge</a> <o:p></o:p></h3>
          <p class="MsoNormal">As internet-connected smartphones have
            risen in availability, traditionally in-person interactions
            and services have begun to be optimized with digital
            alternatives. These services often have requirements for
            digital authentication and for other identity credentials.
            Self-Issued OPs can provide this authentication directly,
            without needing to delegate to remote, hosted OPs. This
            potentially allows for increased efficiency as well as
            allowing for authentication in environments which may have
            reduced connectivity.<o:p></o:p></p>
        </blockquote>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p>~ Vladimir<o:p></o:p></p>
        <pre>-- <o:p></o:p></pre>
        <pre>Vladimir Dzhuvinov<o:p></o:p></pre>
      </div>
    </blockquote>
  </body>
</html>