Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 18 Mar 2025 08:30

# spice

## Summary

The SPICE working group meeting covered several key topics, including updates on Selective Disclosure COTS (SD-COTS), glue identifiers, registration of OIDC claims in COSE, a public key service provider proposal, and the use case document. Significant progress has been made on SD-COTS, with ongoing discussions about encryption and ordering of disclosures. The glue identifier draft is nearing adoption, and there's strong support for adopting the draft for registering OIDC claims. A new proposal for a public key service provider using distributed ledgers was presented. The use case document has been updated with several new scenarios.

## Key Discussion Points

*   **SD-COTS:**
    *   Updated definition of allowed map keys.
    *   Discussion on the order of disclosures for values.
    *   Concerns raised about the encrypted disclosures being in the same document or a separate one.
    *   Security considerations regarding nonce, ciphertext and mac.
*   **Glue Identifiers:**
    *   Justification for the use of URN namespaces for identifying different ID schemes.
    *   Debate over using reverse domain names versus airport code-like abstractions for identifier schemes.
    *   Discussion of a possible land grab.
*   **OIDC Claims:**
    *   Goal to register prevalent OpenID Connect claims in the COSE registry.
    *   Focus on user information claims.
    *   General support for working group adoption.
*   **Public Key Service Provider (PKSP):**
    *   Proposal for a PKSP using distributed ledger technology to manage public keys from multiple issuers.
    *   Questions regarding trust and whether PKSP is necessary.
*   **Use Case Document:**
    *   Updated with new use cases including microcredentials in education, physical supply chain, IoT control systems, critical infrastructure, authenticity and provenance, and offline exchange of credentials.

## Decisions and Action Items

*   **SD-COTS:** Continue working on open issues, address PR regarding encryption fixes, consider the best place for encryption in the doc or a separate document, and aim for working group last call by Madrid.
*   **Glue Identifiers:**  The working group will pursue adoption. The chairs will set up a process, probably with the confirmation tool on the list.
*   **OIDC Claims:** The working group will pursue adoption. Chairs to send message shortly after this asking for adoption.

## Next Steps

*   **SD-COTS:** Implementation and interrupt testing, address the PR on GitHub
*   **Glue Identifiers:** Await adoption call on the mailing list.
*   **OIDC Claims:** Await adoption call on the mailing list.
*   **Use Case Document:** Review and provide feedback on the updated use cases, consider contributing additional use cases or joining as a co-author.
*   **Architecture Document:**  Encourage community review and contributions to the existing draft to address identified gaps.