RE: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT]) from Mike Jones on 2022-03-25 (public-credentials@w3.org from March 2022)

From: Mike Jones <Michael.Jones@microsoft.com>
Date: Fri, 25 Mar 2022 15:33:49 +0000
To: Credentials Community Group <public-credentials@w3.org>
Message-ID: <SA2PR00MB1002D25D87CCFB76C3866C21F51A9@SA2PR00MB1002.namprd00.prod.outlook.com>

Rather than encouraging centralization, OpenID Connect was explicitly designed to give people choice of their identity providers (including being able to be their own identity provider – which is true of both SIOP v1 and SIOP v2). In particular, https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery describes a way to facilitate that user choice.  That some RPs didn't facilitate that choice enabled by OpenID Connect isn't a valid reason to criticize either the OpenID Connect protocol or the community behind it.

                                                       -- Mike

Received on Friday, 25 March 2022 15:34:04 UTC