[Openid-specs-ab] Spec Call Notes 5-Apr-21

Mike Jones Michael.Jones at microsoft.com
Mon Apr 5 23:49:59 UTC 2021 

Spec Call Notes 5-Apr-21

Nat Sakimura
Mike Jones
David Waite
Vittorio Bertocci
Jeremie Miller
Edmund Jay
Kristina Yasuda
Tim Cappalli

Working Group Status Page Updates
              Mike updated the working group status page
                            https://openid.net/wg/connect/status/
              Newly adopted drafts were added
              Active working group members were updated

OpenID Connect Federation Spec
              Published draft -14, incorporating feedback from last year's three interop events
              The spec may be nearing final status
              People are encouraged to review the spec now
                           Particularly, look at changes in history entries from the last three releases
              We should discuss the spec status and next steps on the next European-friendly call
                           This will be Thursday, April 8th, 2021 at 7am Pacific Time

Claims Aggregation Spec
              Edmund is reviewing the credential provider draft
                           Apparently they're working on down-scoping
              Both drafts are trying to pass claims from Claims Providers to RPs
              Nat wants to review the credential provider draft
              Note that the credential provider draft hasn't yet been contributed to the working group

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1214: Certification: remove requirement for RP to support unsigned jwt
                           To be consistent, we should probably allow RPs to pass with only a warning if they don't support unsigned ID Tokens
              #1213: private_key_jwt, client_secret_jwt audience
                           Filip summarized discussions from the 25-Mar-21 call in an issue comment
                           We discussed that it should remain an error if the Token Endpoint value isn't supported
                                         and that it should be a warning if the Issuer value isn't supported
              #1217: Require JAR in SIOP to strongly ID the Relying Party
                           It's not clear what attack this proposal is intended to mitigate
                           Deferred discussion until Tom is on the call

SIOP Special Call
              Kristina reported on discussions from the last SIOP Special Call
              One topic discussed was how End-Users could select which SIOP to use

Next Calls
              The next regular Connect call is on Thursday, April 8th, 2021 at 7am Pacific Time

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210405/2dcacf14/attachment.html>

More information about the Openid-specs-ab mailing list