Try   HackMD

OpenID Connect Call - September 20, 2021

Events

W3C Federated Identity CG Call

  • Documenting use cases of what would be considered in-scope
  • Still in initial discussions (e.g. terminology)
  • Some disagreements on where the line for unsanctioned tracking would be drawn
  • Some consequences to the tracking document in the W3C not being updated

EIC 2021 Attendee comments

Recordings: https://www.kuppingercole.com/events/eic2021/agenda

Vittorio

  • most useful feature was the networking
  • GAIN announcement
    • rather well received
    • not much challenge from the crowd
  • Dick Hardt's Hello announcement also got interest
    • Cooperative IDP
    • Non-profit
    • Privacy focused
    • Some musings on how the two are related
  • Self-given session on browser change impacts
    • raised awareness
    • not much action expected as a result unfortnately
  • Decentralized Identity had its own room/track
    • Kuppinger's summary did not mention D.I.
  • Considered this a transition event like Identiverse
    • e.g. Hybrid event
    • Fewer sales, attempt to instead carry ideas

Tim

  • Vittorio's session was great
    • Somewhat new information for the audience (especially at C-level)
    • Useful for simplifying it down to high-level topics

Mike

  • Productive due to in-person collaboration (finally)
    • DPoP progress due to interaction with editors
    • Hard to get buy-in on new ideas virtually
  • About a third of the number of people - many as speakers and vendors

Kristina

  • Agrees D.I. was not highlighted as part of the core
  • Individual use-cases seem to be making progress, but still within its own silo
    • The OIDC work seemed to get more interest as a result

Nat

  • GAIN proof of concept
    • By a combination of OIX and IIF (international institute of finance)

Specification Updates

Thanks to Edmund, Torsten, Kristina and more for their work in publishing new drafts before EIC

OpenID Federation Draft 3

  • Additions since Draft 2
  • Draft 3 likely the last before final release
  • Encourage review of any sections which may be used by your work (e.g. entity statements)

FAPI Grant management

  • implementors draft vote succeeded

OpenId Connect for Identity Assurance Draft 3

  • Used by GAIN work and banking federations (yes.com)

SIOPv2

  • release in two weeks
  • Expect to merge cross-device SIOP and resolvable entity identifiers
  • Proposal by Jeremie for a solution for larger responses, nearly identical to PAR
  • Discussion by Mike and Jeremie on how to resolve that PAR talks about requests exclusively
    • New document replacing request with response
    • Do you redefine the metadata values
    • Mike: better to describe what is different rather than copying text

Issues

1339 JWT Handling of Edge-Case VCs

Kristina: Believe issue is out of scope w.r.t. OIDC

Defining language on VCs/VPs would serve as restrictions on what sort of credentials could be transported.

1340 Sending the Presentation Definition by Reference

Jeremie: use case given can be solved by request_uri, asked to do a PR but lower priority

DW: use case for presentation definitions by reference in general (e.g. defining credential format as part of a trust framework of issuers), but not needed for this particular issue

1338 Custom Scheme for Post logout redirect uri

Terminate RP-intiiated logout on a non http(s) URL.

Resolved to ask for clarification of the use case/architecture

Last changed by 
dwaite
0
259

Read more

Untitled

This document is obsoleted view source for contents

Jun 5, 2023
Reconsilation Possibility for SD-JWT and JWP Proposals

Issuer creation: The issuer general several pieces of data e.g. base JWT payload, data to make selectively disclosable Generating releasable payloads: For each value: Generate random salt, create JSON text for salt, key and value (which can be any valid JSON structure):

Nov 7, 2022
SIOP with OpenID Federation Entity Statements

@startuml autoactivate on hide footbox skinparam monochrome true skinparam roundcorner 5 actor User control "Relying Party" as RP boundary "Redirect URI" as Redir boundary "Authorization Endpoint" as AE

Oct 1, 2021
SIOP Properties

A.K.A. We should stop using "SIOP" as an umbrella term Note: This is meant to be for collaboration on the list of properties referenced in this OpenID issue. If you do not think there is concensus around a change, feel free to use the comment feature in HackMD (by selecting text in the rendered view) to start discussing the topic. Also, please describe changes made to this document while it is being collaborated on to the bulleted list at the bottom. Revisions to this document are tracked and are visible by going to the ellipsis menu (…) on the top right and selecting "Versions and Github Sync" There have been repeated misunderstandings when “SIOP” is used to describe an umbrella feature-set, especially when we are discussing creating subsets and extensions of these features to solve specific problems. This is an attempt to document all the existing properties that people may associate with SIOP today, for the purpose of identifying desirable properties and attempting to break them out as first-class behavioral concepts. The goal would be to eventually have specific feature names in discussions, and that “SIOP” is used exclusively as the name of the existing https://self-issued.me issuer.

Jun 16, 2021
Read more from dwaite
Published on HackMD