Wiki

Clone wiki

connect / 2021-02-16

SIOP Special Topic Call Notes 16-Feb-21

Kristina Yasuda - Microsoft Identity Standards

David Moeller - Affinidi

Mike Jones - Microsoft Identity Standards, OIDF

Tom Jones - Independent

Alen Horvat - AceBlock

Adam Lemmon - Tribe ID

Xavier Vila - Validated ID

Oliver Terbu - DIF, ConsenSys

Markus Sabadello - W3C and DIF

Tony Nadalin - Independent

Vittorio Bertocci - Auth0

Wayne Change - Spruce Systems

Albert Solana - Validated ID and DIF

Edmund Jay - MGI1

Bjorn Hjelm - Verizon, OIDF

David Waite - Ping Identity

John Bradley - Yubico, OIDF

Jeremie Miller - Ping Identity

Implementation Reports

          Alen described his implementations

                       Their first implementation was based on OpenID Connect Core Chapter 7

                       The main issue they ran into was lack of RP support

          Albert described his implementations

                       They based theirs on the DIF SIOP draft

                       They also defined their own protocol

                       They defined a way to select wallets

          Adam described his implementation

                       They are using the credential provider extension to issue health certificates in Singapore

          Kristina described Microsoft's implementations

                       It started with the DIF SIOP draft and is migrating towards the SIOP V2 draft

          Tom described his implementation

                       It started with Section 7

                       He then changed it to use loopback

                       It doesn't solve the multiple wallets problems

Agenda

          Agenda Issues/PR review for SIOP V2 draft

          1. SIOP Discovery/Invocation: #1199, #1207

          2. SIOP Registration: #1198

          3. Support for VP in SIOP response: #1206, #1205

          4. sub_jwk when sub is DID in SIOP: #1203

Open SIOP PRs

          https://bitbucket.org/openid/connect/pull-requests/9

                       People can review this PR

Open SIOP Issues

          https://bitbucket.org/openid/connect/issues?status=new&status=open&component=SIOP

          #1198: Registration in SIOP

                       Tom asked how the information gets to the OP

                       Mike responded that it's sent in the authorization request

                       Alen reported that many SIOP OPs won't have a place to host Web URLs

                       Alen asked about signing registration requests

                       Tony described the use of a query language to select the desired claims

          #1205: Indicating support for VCs (SIOP)

          #1206: How to support LD-Proofs in Verifiable Presentations

                       We discussed the IANA-registered "vc" and "vp" claims

                       Oliver said that the "vp" claim has some limitations

                                     It's intended to be used for JWT-based verifiable presentations

                                     It isn't intended for LD Proof-based VPs

                       Wayne said that there isn't a normative proof requirement in the VC spec

                       Tony said that there is required @context processing for JSON-LD VCs

                       Mike said that if we need an additional claim for LD-based proofs, we could define one

                                     That's more likely to work than adding an additional parameter

                                     Tony agreed with that approach

                                     People seemed to be good with that approach

                       Oliver wants us to spend more time on this, going through pros and cons

                                     He said that there's a hackmd document describing some tradeoffs

                       Mike encouraged people to file comments in the issue itself

          #1203: sub_jwk when sub is DID in SIOP

                       John said that sub_jwk was in Chapter 7 because there wasn't another key representation available

                       Wayne said that some DIDs don't have a representation of the key available

                                     John said that that would be a reason to keep the key

                       DW said that we might want to support multiple subjects

                                     For instance, to enable migration among hosted providers

                                     John wondered about security downsides of proving only one of the multiple proofs

Call Schedule

          The next SIOP special topic call is in two weeks at the same time

Updated