<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">SIOP Special Topic Call Notes 28-Jul-22<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">David Chadwick<o:p></o:p></p>
<p class="MsoNormal">Mark Haine<o:p></o:p></p>
<p class="MsoNormal">Jeremie Miller<o:p></o:p></p>
<p class="MsoNormal">David Waite (DW)<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">Sunesh Shetty<o:p></o:p></p>
<p class="MsoNormal">Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal">Rolson Quadras<o:p></o:p></p>
<p class="MsoNormal">Jo Vercammen<o:p></o:p></p>
<p class="MsoNormal">Tobias Looker<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">IETF 114 is under way<o:p></o:p></p>
<p class="MsoNormal"> A call for adoption of SD-JWT will go out to the OAuth WG<o:p></o:p></p>
<p class="MsoNormal"> The JWP BoF went well, but didn't finish<o:p></o:p></p>
<p class="MsoNormal"> It will be continued in a virtual interim BoF<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #127: Added support for JWK URI<o:p></o:p></p>
<p class="MsoNormal"> There are three requests for changes<o:p></o:p></p>
<p class="MsoNormal"> Declined due to lack of consensus<o:p></o:p></p>
<p class="MsoNormal"> PR #221: Update Issuer Initiated Credential Issuance<o:p></o:p></p>
<p class="MsoNormal"> There are three requests for changes<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick asked us to reference a PR replacing it - PR #232 when declining<o:p></o:p></p>
<p class="MsoNormal"> Declined due to lack of consensus<o:p></o:p></p>
<p class="MsoNormal"> PR #222: Added Credential Refresh Use Case<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that there's consensus that this is out of scope<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick said that refresh is important<o:p></o:p></p>
<p class="MsoNormal"> Jeremie said this kind of refresh isn't supported by OAuth<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that there are three requests for changes<o:p></o:p></p>
<p class="MsoNormal"> Jeremie described this being a policy decision by the issuer, rather than part of the protocol<o:p></o:p></p>
<p class="MsoNormal"> Mike said that just wanting to do refresh without defining protocol messages to do this is incomplete<o:p></o:p></p>
<p class="MsoNormal"> Jeremie and Kristina and Mark said these are policy decisions<o:p></o:p></p>
<p class="MsoNormal"> Mark said that we should be focusing on what the protocol does - not on policy decisions<o:p></o:p></p>
<p class="MsoNormal"> Declined due to lack of consensus, referencing related issue #1552<o:p></o:p></p>
<p class="MsoNormal"> PR #140: How is User Consent provided (Issue #1459)<o:p></o:p></p>
<p class="MsoNormal"> Kristina advocating for declining the PR<o:p></o:p></p>
<p class="MsoNormal"> Mike agreed<o:p></o:p></p>
<p class="MsoNormal"> We made the meta point that it's better to agree in issues first before speculatively creating PRs<o:p></o:p></p>
<p class="MsoNormal"> Declined<o:p></o:p></p>
<p class="MsoNormal"> PR #259: (ed) Fixing mis-spelling etc. openid-4-verifiable-credential-issuance-1_0.md edited online with Bitbucket<o:p></o:p></p>
<p class="MsoNormal"> Approved and merged<o:p></o:p></p>
<p class="MsoNormal"> PR #252: clarified iat parameter of a proof (Issue #1568)<o:p></o:p></p>
<p class="MsoNormal"> Mike to review and make suggestions<o:p></o:p></p>
<p class="MsoNormal"> PR #226: change to openid://initiate-issuance:<o:p></o:p></p>
<p class="MsoNormal"> This makes the proposed custom URL scheme legal<o:p></o:p></p>
<p class="MsoNormal"> There are two requests for changes<o:p></o:p></p>
<p class="MsoNormal"> Jeremie suggested that we discuss this in an issue<o:p></o:p></p>
<p class="MsoNormal"> This solves #1500 - agreed to update based on #1570, #1560<o:p></o:p></p>
<p class="MsoNormal"> PR #260: (ed) Fixing spelling and grammar errors in 3.5. of openid-4-verifiable-credential-issuance-1_0.md<o:p></o:p></p>
<p class="MsoNormal"> Approved and merged<o:p></o:p></p>
<p class="MsoNormal"> PR #247: folded deferred credential issuance into credential endpoint<o:p></o:p></p>
<p class="MsoNormal"> Torsten recently updated the PR based on feedback<o:p></o:p></p>
<p class="MsoNormal"> There was a discussion between Torsten, Kristina, and Jeremie on restrucuring the PR<o:p></o:p></p>
<p class="MsoNormal"> Jeremie found it confusing that a handle or session identifier was called a token<o:p></o:p></p>
<p class="MsoNormal"> Torsten suggested transaction_id<o:p></o:p></p>
<p class="MsoNormal"> Mike suggested handle rather than transaction<o:p></o:p></p>
<p class="MsoNormal"> Jeremie suggested issuance_code<o:p></o:p></p>
<p class="MsoNormal"> People agreed<o:p></o:p></p>
<p class="MsoNormal"> Torsten will update<o:p></o:p></p>
<p class="MsoNormal"> Will merge then after ~3 approvals<o:p></o:p></p>
<p class="MsoNormal"> PR #239: OpenID4VPs Scopes<o:p></o:p></p>
<p class="MsoNormal"> Apparently the content of this PR had something odd happen to it and it no longer does the intended job<o:p></o:p></p>
<p class="MsoNormal"> Torsten suggests closing this in favor of PR #258<o:p></o:p></p>
<p class="MsoNormal"> PR #258: add scope support to OpenID4VPs<o:p></o:p></p>
<p class="MsoNormal"> This facilitates using agreements between parties on presentations<o:p></o:p></p>
<p class="MsoNormal"> Jeremie is in favor of the PR<o:p></o:p></p>
<p class="MsoNormal"> Mike agreed to review<o:p></o:p></p>
<p class="MsoNormal"> Kristina and Torsten agreed to clarifying changes to make the PR more parallel to other related text<o:p></o:p></p>
<p class="MsoNormal"> PR #251: adding an example of presenting an LDP_VC signed using bbs<o:p></o:p></p>
<p class="MsoNormal"> Torsten wants to review it<o:p></o:p></p>
<p class="MsoNormal"> Kristina asked those with LD Proof experience to also review it<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open">
https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal"> #1577: Cryptographic proof of possession nonce management<o:p></o:p></p>
<p class="MsoNormal"> Torsten described efforts to keep clients simpler<o:p></o:p></p>
<p class="MsoNormal"> He discussed lifetimes of nonces<o:p></o:p></p>
<p class="MsoNormal"> He asked how we want to provide nonces to the wallet, and whether to do so<o:p></o:p></p>
<p class="MsoNormal"> Mike said that we want to understand what threats we're mitigating before deciding what mechanisms to use<o:p></o:p></p>
<p class="MsoNormal"> Tobias said that there also usability considerations<o:p></o:p></p>
<p class="MsoNormal"> We discussed whether to call the nonce "nonce" or "c_nonce"<o:p></o:p></p>
<p class="MsoNormal"> If collisions with ID Token nonces are possible, we should use a different name<o:p></o:p></p>
<p class="MsoNormal"> #1563: Managing Credentials with changing claim values<o:p></o:p></p>
<p class="MsoNormal"> The proposal is to add an opaque identifier that uniquely identifies the set of credential claims<o:p></o:p></p>
<p class="MsoNormal"> It would be up to the provider to decide what constitutes an update<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick said this is related to our earlier refresh discussion<o:p></o:p></p>
<p class="MsoNormal"> Torsten said this identifier would be a shortcut<o:p></o:p></p>
<p class="MsoNormal"> Or you could send the whole credential to an endpoint and if no changes have occurred, it could return with a 202<o:p></o:p></p>
<p class="MsoNormal"> Or an ID could be included in a request<o:p></o:p></p>
<p class="MsoNormal"> Using the ID would be optional<o:p></o:p></p>
<p class="MsoNormal"> Tobias gave the example of wanting to get 10 instances of credentials with consistent claims<o:p></o:p></p>
<p class="MsoNormal"> Mike asked if we need to facilitate getting multiple consistent instances<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that batch issuance might not support unlinkability<o:p></o:p></p>
<p class="MsoNormal"> Mike realized that we're talking about this, because with a holder, things can get stale<o:p></o:p></p>
<p class="MsoNormal"> Unlike Connect, where things are always fresh because you always go to the issuer<o:p></o:p></p>
<p class="MsoNormal"> Torsten said there are two issues, which we should distinguish:<o:p></o:p></p>
<p class="MsoNormal"> (1) Updating a credential in a wallet is one topic<o:p></o:p></p>
<p class="MsoNormal"> (2) Having multiple consistent instances of a credential in a wallet is a different topic<o:p></o:p></p>
<p class="MsoNormal"> Kristina asked Tobias if he could update the issue to make this distinction clear<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that this might be a version identifier or a credential instance identifier<o:p></o:p></p>
<p class="MsoNormal"> The question is whether credentials are equivalent - not that it's an ID<o:p></o:p></p>
<p class="MsoNormal"> We agreed to continue discussion of the issue<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call will be Monday, August 1, 2022 at 4pm Pacific Time<o:p></o:p></p>
</div>
</body>
</html>