<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">SIOP Special Topic Call Notes 18-Aug-22<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">Mark Haine<o:p></o:p></p>
<p class="MsoNormal">Oliver Terbu<o:p></o:p></p>
<p class="MsoNormal">David Chadwick<o:p></o:p></p>
<p class="MsoNormal">Jeremie Miller<o:p></o:p></p>
<p class="MsoNormal">Thomas Bellebaum<o:p></o:p></p>
<p class="MsoNormal">David Waite<o:p></o:p></p>
<p class="MsoNormal">George Fletcher<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">David Waite (DW)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There's a whole bunch of new PRs for people to review<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #271: added base64utl definition from rfc7517 (Issue #1403)<o:p></o:p></p>
<p class="MsoNormal"> Merged<o:p></o:p></p>
<p class="MsoNormal"> PR #280: When the requested scope value is invalid, unknown, or malformed, the AS (Issue #1572)<o:p></o:p></p>
<p class="MsoNormal"> We discussed whether to ignore not-understood scopes<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that returning an error is standard OAuth practice<o:p></o:p></p>
<p class="MsoNormal"> PR #278: Where to include a presentation submission (Issue #1518)<o:p></o:p></p>
<p class="MsoNormal"> Planned to merge<o:p></o:p></p>
<p class="MsoNormal"> PR #285: Adding batch credential endpoint: fixes #1544<o:p></o:p></p>
<p class="MsoNormal"> Kristina asked how errors are handled<o:p></o:p></p>
<p class="MsoNormal"> Oliver said that we could return errors in the response array but we don't currently<o:p></o:p></p>
<p class="MsoNormal"> Mike commented that we should define the error handling before merging this<o:p></o:p></p>
<p class="MsoNormal"> George thinks we should keep it simple by having all-or-nothing error handling<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick said that there might be different errors for different credential requests<o:p></o:p></p>
<p class="MsoNormal"> George asked whether the extra complexity of fine-grained error handling is worth it for our use cases<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that she is hearing a lot of support for all-or-none error handling<o:p></o:p></p>
<p class="MsoNormal"> Mark Haine said that the eKYC-IDA Selective Abort and Omit feature might be applicable<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://openid.bitbucket.io/ekyc/openid-connect-advanced-syntax-for-claims.html">
https://openid.bitbucket.io/ekyc/openid-connect-advanced-syntax-for-claims.html</a><o:p></o:p></p>
<p class="MsoNormal"> He will add a link to the PR<o:p></o:p></p>
<p class="MsoNormal"> PR #261: added implementation considerations on credential refresh<o:p></o:p></p>
<p class="MsoNormal"> Jeremie thinks this is ready to go<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick added some comments<o:p></o:p></p>
<p class="MsoNormal"> Kristina suggested merging it after addressing the comments<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open">
https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal"> #1572: [has-PR] Should AS entirely ignore the scopes in OpenID4VCI and 4VP that it does not understand<o:p></o:p></p>
<p class="MsoNormal"> PR #280 addresses this issue<o:p></o:p></p>
<p class="MsoNormal"> #1603: How to request specific claims to be included in a Self-Issued ID Token when SIOP v2 is used with OpenID4VP?<o:p></o:p></p>
<p class="MsoNormal"> George said that processing "claims" is simpler than "presentation_definition"<o:p></o:p></p>
<p class="MsoNormal"> George is worried about the interoperability of using scopes<o:p></o:p></p>
<p class="MsoNormal"> Jeremie asked what the use case is for claims in the ID Token rather than a VC<o:p></o:p></p>
<p class="MsoNormal"> George stated that many deployments will be hybrid for the foreseeable future<o:p></o:p></p>
<p class="MsoNormal"> David Waite said that he sees the use case as being different<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick said that verifiers are capable of processing VPs<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that she does have a requirement for this functionality<o:p></o:p></p>
<p class="MsoNormal"> We discussed returning self-signed VCs<o:p></o:p></p>
<p class="MsoNormal"> Possibly embedded in another VC<o:p></o:p></p>
<p class="MsoNormal"> George said that verifiers will be very specific about what they need<o:p></o:p></p>
<p class="MsoNormal"> Mike said that this feels very much like the eKYC-IDA fine-grained requests<o:p></o:p></p>
<p class="MsoNormal"> Mike spoke in favor of using "claims" for consistency<o:p></o:p></p>
<p class="MsoNormal"> Mark said that use of "claims" is picking up<o:p></o:p></p>
<p class="MsoNormal"> He said that the Advanced Syntax for Claims spec also enables claims transformation<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that requesting self-signed VCs seems to be a straightforward path<o:p></o:p></p>
<p class="MsoNormal"> #1602: Signed request - what is the audience?<o:p></o:p></p>
<p class="MsoNormal"> DW said that guessing about the audience will create problems<o:p></o:p></p>
<p class="MsoNormal"> Including "aud" is a SHOULD in signed requests - both in Connect and OAuth JAR<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call will be Monday, August 22, 2022 at 4pm Pacific Time<o:p></o:p></p>
</div>
</body>
</html>