## OpenID Connect Call - September 20, 2021 <!-- Notes by DW --> # Events W3C Federated Identity CG Call - Documenting use cases of what would be considered in-scope - Still in initial discussions (e.g. terminology) - Some disagreements on where the line for unsanctioned tracking would be drawn - Some consequences to the tracking document in the W3C not being updated ## EIC 2021 Attendee comments Recordings: https://www.kuppingercole.com/events/eic2021/agenda ### Vittorio - most useful feature was the networking - GAIN announcement - rather well received - not much challenge from the crowd - Dick Hardt's Hello announcement also got interest - Cooperative IDP - Non-profit - Privacy focused - Some musings on how the two are related - Self-given session on browser change impacts - raised awareness - not much action expected as a result unfortnately - Decentralized Identity had its own room/track - Kuppinger's summary did not mention D.I. - Considered this a transition event like Identiverse - e.g. Hybrid event - Fewer sales, attempt to instead carry ideas ### Tim - Vittorio's session was great - Somewhat new information for the audience (especially at C-level) - Useful for simplifying it down to high-level topics ### Mike - Productive due to in-person collaboration (finally) - DPoP progress due to interaction with editors - Hard to get buy-in on new ideas virtually - About a third of the number of people - many as speakers and vendors ### Kristina - Agrees D.I. was not highlighted as part of the core - Individual use-cases seem to be making progress, but still within its own silo - The OIDC work seemed to get more interest as a result ### Nat - GAIN proof of concept - By a combination of OIX and IIF (international institute of finance) # Specification Updates Thanks to Edmund, Torsten, Kristina and more for their work in publishing new drafts before EIC ## OpenID Federation Draft 3 - Additions since Draft 2 - Draft 3 likely the last before final release - Encourage review of any sections which may be used by your work (e.g. entity statements) ## FAPI Grant management - implementors draft vote succeeded ## OpenId Connect for Identity Assurance Draft 3 - Used by GAIN work and banking federations (yes.com) ## SIOPv2 - release in two weeks - Expect to merge cross-device SIOP and resolvable entity identifiers - Proposal by Jeremie for a solution for larger responses, nearly identical to PAR - Discussion by Mike and Jeremie on how to resolve that PAR talks about requests exclusively - New document replacing request with response - Do you redefine the metadata values - Mike: better to describe what is different rather than copying text # Issues ## [1339](https://bitbucket.org/openid/connect/issues/1339/jwt-handling-of-edge-case-vcs) JWT Handling of Edge-Case VCs Kristina: Believe issue is out of scope w.r.t. OIDC Defining language on VCs/VPs would serve as restrictions on what sort of credentials could be transported. ## [1340](https://bitbucket.org/openid/connect/issues/1340/sending-the-presentation-definition-by) Sending the Presentation Definition by Reference Jeremie: use case given can be solved by `request_uri`, asked to do a PR but lower priority DW: use case for presentation definitions by reference in general (e.g. defining credential format as part of a trust framework of issuers), but not needed for this particular issue ## [1338](https://bitbucket.org/openid/connect/issues/1338/custom-scheme-for-post_logout_redirect_uri) Custom Scheme for Post logout redirect uri Terminate RP-intiiated logout on a non http(s) URL. Resolved to ask for clarification of the use case/architecture