# 05.11.2021 Risk Assessment Meeting Notes ###### tags: `risk assessment` ## Agenda - Governikus ID-Gateway Interface description - Perfectly Keyless - any other news ### Governikus ID-Gateway Interface description - SSI Provisioning Service (OpenIDConnect Client) - sepearate application on the Phone that speaks OpenIDConnect? - in case of HelloGuest, yes - not possible as the client must be known to the authorization server (crypto material) - external server? - Service Backend? still not clear - only possible option - IDwallet on its own? (Verified Credential Issuance) - not necessarily, only in eID CASE, not possible, see above - SSI Provisioning Service, especially for eID, not yet agreed, who will supply this service, might be joint JOLOCOM and Governikus - Protocoll binding eID-OpenIDConnect (Authentication Flow) - Authentication Request in clear text? tcTokenURL, redirectUR(L/I) - RedirectUR(L/I) from above? - see https://hackmd.io/@once-sdi/SJg-v6OXt/edit ### Perfectly Keyless - notes on worst case damages - continue next year ### AOB - SSI standardization talk (ID-Union) - https://docs.google.com/spreadsheets/d/1R0Y4ec1KVYErkcEgC3Qww7VR4CsCY2Lv2Bt-gfryEdw/edit?usp=sharing