<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">SIOP Special Topic Call Notes 20-Jul-23<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Mike Leszcz<o:p></o:p></p>
<p class="MsoNormal">Felix Linkler<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">David Waite<o:p></o:p></p>
<p class="MsoNormal">Dmitri Zagidulin<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">Mark Dobrinic<o:p></o:p></p>
<p class="MsoNormal">Nander Stabel<o:p></o:p></p>
<p class="MsoNormal">Pedro Felix<o:p></o:p></p>
<p class="MsoNormal">Oliver Terbu<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">IETF<o:p></o:p></p>
<p class="MsoNormal"> The deadline to upload OAuth slides is Friday<o:p></o:p></p>
<p class="MsoNormal"><a href="https://datatracker.ietf.org/meeting/117/session/oauth">https://datatracker.ietf.org/meeting/117/session/oauth</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OSW<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://oauth.secworkshop.events/osw2023">
https://oauth.secworkshop.events/osw2023</a><o:p></o:p></p>
<p class="MsoNormal"> Registrations are open<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Digital Credentials Protocols Working Group<o:p></o:p></p>
<p class="MsoNormal"> The new Digital Credentials Protocols working group was approved<o:p></o:p></p>
<p class="MsoNormal"> There isn't a deadline to sign a new Contribution Agreement<o:p></o:p></p>
<p class="MsoNormal"> One is needed if your existing agreement doesn't specify the "all working groups" option<o:p></o:p></p>
<p class="MsoNormal"> We likely need to continue work on some specs in the Connect working group for a bit longer<o:p></o:p></p>
<p class="MsoNormal"> Kristina observed that we may need to create Implementer's Drafts to transition some of the specs to the new WG<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Merging Policy<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that PRs will be merged once there are approvals from two editors and sufficient time to review<o:p></o:p></p>
<p class="MsoNormal"> Taka had requested that we not spend time on the calls discussing editorial PRs<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #542: adding key proof verification steps<o:p></o:p></p>
<p class="MsoNormal"> Needs additional reviews<o:p></o:p></p>
<p class="MsoNormal"> PR #551: feat: [OpenID4VCI] added trust_chain in proof types<o:p></o:p></p>
<p class="MsoNormal"> There are enough approvals to merge<o:p></o:p></p>
<p class="MsoNormal"> PR #557: Adds encrypted credential response<o:p></o:p></p>
<p class="MsoNormal"> Oliver believes changes need to be made based on Kristina's comment<o:p></o:p></p>
<p class="MsoNormal"> Change to have the issuer request encrypted responses<o:p></o:p></p>
<p class="MsoNormal"> Requested encryption "alg" and "enc" have been added to the issuer metadata<o:p></o:p></p>
<p class="MsoNormal"> Brian thought it would be weird to also have a require_encryption metadata parameter<o:p></o:p></p>
<p class="MsoNormal"> Brian thought that using jwks is overkill - only one key is needed<o:p></o:p></p>
<p class="MsoNormal"> Mike observed that you can tell what algorithms the recipient supports through metadata<o:p></o:p></p>
<p class="MsoNormal"> PR #577: add security considerations on TLS (Issue #1621)<o:p></o:p></p>
<p class="MsoNormal"> We will reference the TLS BCP<o:p></o:p></p>
<p class="MsoNormal"> PR #455: OID4VP add train client id scheme<o:p></o:p></p>
<p class="MsoNormal"> Needs additional reviews<o:p></o:p></p>
<p class="MsoNormal"> PR #570: clarify requirements when credential offer is not signed (issue #1687)<o:p></o:p></p>
<p class="MsoNormal"> Clarifications about whether to use alg:none are needed<o:p></o:p></p>
<p class="MsoNormal"> PR #360: Add an access token hash to the proof of possession<o:p></o:p></p>
<p class="MsoNormal"> We plan to close this unless Richard says why not to<o:p></o:p></p>
<p class="MsoNormal"> PR #559: Change last_name to family_name<o:p></o:p></p>
<p class="MsoNormal"> Ready for merging<o:p></o:p></p>
<p class="MsoNormal"> PR #560: Change driver's license to driving license<o:p></o:p></p>
<p class="MsoNormal"> Ready for merging<o:p></o:p></p>
<p class="MsoNormal"> PR #561: Tighten Introduction<o:p></o:p></p>
<p class="MsoNormal"> Needs another editor approval to merge<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Findings on BLE<o:p></o:p></p>
<p class="MsoNormal"> Felix Linkler told us about his OpenID4VP over BLE findings<o:p></o:p></p>
<p class="MsoNormal"> Used the Tamarin prover to analyze the protocol<o:p></o:p></p>
<p class="MsoNormal"> Abstracted protocol to enable modelling using a formal model<o:p></o:p></p>
<p class="MsoNormal"> One property is Secrecy<o:p></o:p></p>
<p class="MsoNormal"> Another property is Injective Agreement<o:p></o:p></p>
<p class="MsoNormal"> The design should meet certain security requirements against a certain adversary<o:p></o:p></p>
<p class="MsoNormal"> Specify both!<o:p></o:p></p>
<p class="MsoNormal"> Felix will file issues requesting additions/changes<o:p></o:p></p>
<p class="MsoNormal"> Kristina observed that we will want to work on this spec in the new working group<o:p></o:p></p>
<p class="MsoNormal"> But it's fine to file issues in the Connect working group in the meantime<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance">
https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP&component=Verifiable%20Presentation&component=Credential%20Issuance</a><o:p></o:p></p>
<p class="MsoNormal"> #1923: OID4VCI: Enable issuance of the same credential type<o:p></o:p></p>
<p class="MsoNormal"> Kristina asked if it would be useful to add identifiers<o:p></o:p></p>
<p class="MsoNormal"> If so, also add to Credential Offer<o:p></o:p></p>
<p class="MsoNormal"> The identifiers would be managed by the issuer<o:p></o:p></p>
<p class="MsoNormal"> Pedro Felix said that their meaning would be opaque to the Wallet<o:p></o:p></p>
<p class="MsoNormal"> Kristina said that when the Wallet receives two identifiers, it should know to send two credential requests<o:p></o:p></p>
<p class="MsoNormal"> Kristina talked about ways that the identifiers might not be opaque<o:p></o:p></p>
<p class="MsoNormal"> More reviews are requested<o:p></o:p></p>
<p class="MsoNormal"> An example about multiple birth certificates for multiple children was discussed<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call would be Monday, July 24th at 4pm Pacific Time but this conflicts with IETF<o:p></o:p></p>
<p class="MsoNormal"> The call may be cancelled<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>