OpenID AB/Connect WG Meeting Notes (2021-06-03)

Date & Time: 2021-06-03 15:00 UTC
Location: https://global.gotomeeting.com/join/181372694

Agenda

1. Roll Call
2. Adoption of Agenda (Nat)
3. Internal Liaisons
- 3.1. SIOP Special Call (Kristina)
- 3.2. Browser Sepcial Call (Tim)
4. PR
5. Issues

The meeting was called to order at 15:__ UTC.

1. Roll Call

Attending: Nat, John, Filip, Tony, Joseph, Brian, Kristina, Adam, Pam, Tim, Brian, Tom, George, Oliver
Regrets: Mike J.
Guest:

2. Adoption of Agenda (Nat)

Bashed the agenda on-the-fly

3. Internal Liaisons

3.1. SIOP Special Call (Kristina)

Discussed and disentangled different limitations and properties of the SIOP model.

DW filed issue #1239.

The notion of collective instances of OPs was discussed.

Discussed different properties.

In the SIOP model, the RP does know which instance it is talking to every time, so the concept of an OP collective is proposed.

The RP may not know if it’s the same instance, but does know that it belongs to the same collective which has the same configuration data, due to limitations like lack of registration.

Needs to refine ideas. People are encouraged to comment in the MD document.

3.2. Browser Sepcial Call (Tim)

Recap of the workshop.

All the browser vendors were there.

Federated Identity Community Group is being proposed at W3C.

Once formed, the Browser special topics call will stop and discussion will happen in the new group.

Want to steer the conversation so that WebID is one of the solutions instead of the default solution.

There’s confusion regarding what is WebID.

Need to take a closer look at WebID. Take use cases and try to map them to one of the three solution areas that

WebID is proposing and start discussing unmapped cases.

Should propose solutions when we can or at least understand what’s being proposed to offer alternatives to enable use cases.

The heuristic model is Chrome centric and cannot be standardized.

Maybe standardized parts of the heuristic model.

The W3C community group can’t build specs, but once consensus is reached, the work will move to a group that can do specs.

From an identity perspective, some of the work should move to an identity foundation and not a browser foundation.

Make sure the CG has the correct IPR to allow work to be transferred to a spec.

10 years ago: https://www.w3.org/2011/identity-ws/report.html

Tom asked if the password managers are part of browser discussion. APIs are. WebAppSec WG.

4. PR

pull request #20 - Design for adopting DIF PE to OIDC4VP
- Will discuss in next call
pull request #17 - openid-connect-claims-aggregation-1_0.md -- Added Introduction text
- Deferred to next call
pull request #13, pull request #14, pull request #15
- Deferred due to Edmund not present

5. Issues

#1239, ~~#1240~~, ~~#1241~~ as a group.

~~#1241~~ - Use OpenID Federations for RP metadata/auto-registration
- OpenID Federation draft proposes using automatic registration to self-sign metadata statements about supported features that goes up the trust anchor. In SIOP, RP does not perform dynamic registration, that is proposed as a way for a RP to send configuration data to SIOP OP.
~~#1240~~ - OpenID Provider as Collective
#1239 - stop using "SIOP" as an umbrella term and instead talk about individual features
- Lists different functionalities of SIOP
~~#1186~~ - when to use invalid_request_object error
- Conformance suite changed to accept wider range of errors
- Changed status to resolved
~~#1185~~ - Mention of POST requests and SameSite cookie attributes (RP Initiated Logout)
- Waiting for members to suggest revised text
~~#1187~~ - id_token_hint and non-repudiation
- Mike provided clarification in comments. Mark resolved.
~~#1175~~ - Create a documentation for Self-Issued Identifiers
- Skipped
#1227 - Core 5.5 - Claims parameter requirements
- Some clarification text will be provided by Mark to help explain the issue
#1228 - Discovery 3 - New metadata item for claims request
- Skipped
~~#1238~~ - Requesting Verifiable Presentation
- Skipped
~~#1212~~ - SIOP Chooser
- Issue status changed to open
~~#1218~~ - Verifiable Presentations do not work outside of their own protocol
- Kristina will add comment for issue and discuss in SIOP special call
~~#1216~~ - query over rp initiated logout certification test outcomes for tests that use invalid information
- Add clarification to spec
~~#1183~~ - Handling errors during OpenID Connect RP-Initiated Logout
- Add clarification to spec
~~#1210~~ - SIOP V2: openid:// should not be required but an optional URI scheme
- No solution yet

The meeting was adjourned at 15:06 UTC

Wiki

connect / Connect_Meeting_Notes_2021-06-03_Atlantic