[Planning] Internet Identity Workshop (IIW) - October 2023

[timcappalli]

Issue to help coordinate IIW sessions for next week.

/cc @samuelgoto

[samuelgoto]

Here are a proposal for sessions that I figured it would be constructive to agitate, some of the people that would be involved and a how i'd break down them into the 3 days:

Day 1: Level Setting

Title	Agitators	Agitators
The Identity Credential Work Stream in WICG	@timcappalli	An introduction on the recently formed work stream in the Web Incubation Community Group (WICG), how it got to be and how it relates to the CCG, FedID CG, OIDF, IETF, FIDO and ISO. What is it trying to accomplish, who is involved, what questions are we asking ourselves and what does success look like. A preview for the general audience and an opportunity for the community to get together to influence what we make out of this IIW (e.g. scheduling sessions).
The Android && Web API Proposal	@leecam, @samuelgoto	An introduction and overview of the architecture and design choices of Android’s IdentityCredential API and the Web's IdentityCredential counterpart. Open questions and early intuitions on credentials choosers vs wallet choosers, extensibility (e.g. WASM matchers), format-independence, response encryption, layering, sandboxing and privacy properties, UX design choices, etc, demos (https://www.identitycredential.dev/), Q&A, timelines, how Browser API Incubation works, etc (Needs a room with a projector)
Credential Selectors vs Wallet Selectors	@Sakurann ? @msporny?, @samuelgoto , @leecam	Which direction should we go? What are the trade-offs?

Day 2: Formats && Transports

Title	Agitators	Agitators
Query languages	@OR13? @msporny? @csuwildcat?	What should be the browser's API query language? should it be extensible? should it be presentation exchange? should it be format specific or format agnostic? Should it be opaque to the browser?
The Web API && Credential Formats	ISO: @davidz25, @GarethCOliver, VCWG: @msporny / @Sakurann / @OR13 / @tlodderstedt?	An open discussion of how ISO/VCWG thinks of the various Android and Web APIs: good? bad ? meh? How would the Browser API actually work with VCs/mDocs? Anything missing? Anything broken?
The Web API && OpenID4VP	@Sakurann / @tlodderstedt / @samuelgoto / @leecam	What's the relationship between the Web API and OpenID4VP? how does it compare to custom schemes (mdoc:// and mdoc-openid4vp://) in 18013-7. An open discussion the development of the browser API and OpenID4VP. Do they compete with each other or complement each other?.

Demo Tables

Title	Agitators	Agitators
Hackathon	@leecam / @samuelgoto + anyone interested	Anyone interested in coding against the APIs
Demo tables	@leecam / @samuelgoto + anyone interested	Anyone interested in seeing the hands on demos

Day 3: Lots of Open Questions

Title	Agitators	Agitators
Federated and Digital Identities	federation (the OpenID / SAML folks?) and wallet experts (@Sakurann? @OR13? @msporny?)	An open discussion around the relationship between federated and digital identities and how we expect things to play out, the development of FedCM, the Identity Credentials API. Are they mutually exclusive? Are they complementary? What kinds of UI do we want to build?
Identity Verification and Authentication	OpenID + FIDO folks?	What's the relationship between Federation/Wallets and Passkeys? Are they used in conjunction to one another? Or to the exclusion of one another? What kinds of UI do we want to build?

Not super well thought out, but this is what occurs to me as things that would be interesting to get out of IIW.

WDYT?

[Sakurann]

wrt demo tables, IIW has demo hour during lunch on day 2. here is the list of demo tables as of now: https://iiw.idcommons.net/IIW_37_Speed_Demo_Hour

[samuelgoto]

wrt demo tables, IIW has demo hour during lunch on day 2. here is the list of demo tables as of now: https://iiw.idcommons.net/IIW_37_Speed_Demo_Hour

Neat! Thanks for the advice! I think I got us the last slot!

[csuwildcat]

Can we shift the query portion to Day 2? I can't attend Day 3 😕

[msporny]

Can we shift the query portion to Day 2? I can't attend Day 3 😕

Same issue here, I won't be at day 3. I'll try to provide as much input as possible during day 1 and day 2... I expect some of day 3 items will come up during day 1 and day 2.

[Sakurann]

Thanks! few comments:

On "credential selectors vs wallet selectors", would like to do it on end day 1 or in the beginning of day 2. The topic does require an understanding of the browser API and presentation protocols like OpenID4VP, so 101 sessions to those should happen first, but this topic could have impact on the design of things so would like to do it sooner rather than later.

Two sessions "The Browser API && VCs" and "The Browser API && ISO mdocs" could probably combined into "The Browser API and credential formats".

Curious why "The Android API Proposal" and "The Browser API Proposal" are proposed to be separate sessions? I might be wrong, but aren't they better understood when described together?

A bit concerned with a description of how does it compare to URI-schemes (mdoc:// and mdoc-openid4vp://) in 18013-7. OID4VP does not mandate custom url schemes :) the topic sounds like "browser API and 18013-7".

[paulbastian]

To me "Credential Selectors vs Wallet Selectors" seems like the trend setting topic, so it makes most sense to do that at day1.

[samuelgoto]

Curious why "The Android API Proposal" and "The Browser API Proposal" are proposed to be separate sessions? I might be wrong, but aren't they better understood when described together?

Yeah, we could combine these. There is a LOT of ground to cover here, so I was thinking that two separate sessions would be helpful allowing them more time, but I don't mind combining them and in case we overflow we can schedule more time.

Done.

[samuelgoto]

Two sessions "The Browser API && VCs" and "The Browser API && ISO mdocs" could probably combined into "The Browser API and credential formats".

Done. I was a bit concerned that the people involved would rather have a dedicated time for their format, but I don't mind combining and having everybody be in the same room.

[samuelgoto]

I hear from @paulbastian

To me "Credential Selectors vs Wallet Selectors" seems like the trend setting topic, so it makes most sense to do that at day1.

and @Sakurann

On "credential selectors vs wallet selectors", would like to do it on end day 1 or in the beginning of day 2. The topic does require an understanding of the browser API and presentation protocols like OpenID4VP, so 101 sessions to those should happen first, but this topic could have impact on the design of things so would like to do it sooner rather than later.

Done. Moved this discussion to Day 1.

Day 1 is going to be heavy, with three full sessions, but I think that's manageable.

I think I addressed most of the comments here.

What do you all think of how the schedule is now?

[Sakurann]

Thanks Sam! just a note that there will be an OpenID4VC 101 session on day 1, which we should avoid having conflict with :)

[samuelgoto]

Thanks Sam! just a note that there will be an OpenID4VC 101 session on day 1, which we should avoid having conflict with :)

Yeah, that's what I was worried to not overloading the days too much, since there are going to be a lot of parallel sessions that most of us would normally attend.

[samuelgoto]

Can we close this? IIW happened and we hosted most of these discussion in formal/informal sessions.

[msporny]

+1 to close, though it would be good to have a list of actions/outcomes from each session. I know, I know, none of us have the time to write that up ... don't know if people were taking IIW notes and we could use those as a bulleted list of each topic?

[timcappalli]

Closing after 2+ weeks.