2F/ OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
Tuesday 2F
Convener: Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
Notes-taker(s): Kristina Yasuda
Tags for the session - technology discussed/ideas considered:
OpenID Connect, Verifiable Credentials, Verified Claims
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Presentation Slides: https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects
Have been incubated in OpenID Foundation and DIF’s joint Self-Issued OpenID Provider WG - contact Kristina (kristina.yasuda@microsoft.com for participation details)
Presentation (link will be posted later)
Goal is to make this work with any OIDC flow, any credential format
Propose to extend a standard way to request claims in OIDC - `claims` parameter
Option 1
Are `credential_types` meant to be IRIs to VC type definitions?
From Paul DIetrich to Everyone: 02:13 AM
A bit of a OpenID newbie. The RP is the verifier and the OP is the wallet(holder)?
Option 2
Option 3
Discussion/Questions:
David Chadvick: more complicated request syntax is needed to cover more complicated use-cases
Mike: embedding VCOs inside an ID Token is the option easiest from the extensibility PoV
Vittorio: Re-using existing code is a painful illusion.
Tobias: another way to think about this - will all claims presentations require end-user re-authentication
DW: There are other credential formats (CBOR-LD, CWTs, etc.) coming up. Having VC/VP as a separate concept from ID token is a preferred option. Some use-cases might not require ID token.
Mike: possible to use the "claims" request parameter to request information from the UserInfo Endpoint
Daniel McGrogan: why using “userInfo” is not a preferred option from the consent aspect?
