[Openid-specs-ab] Spec Call Notes 5-Apr-21
Tom Jones
thomasclinganjones at gmail.com
Mon Apr 5 23:55:36 UTC 2021
sorry i missed the meeting. I guess I still have the time wrong. I even
checked the open calendar.
What time is the meeting in PDT?
Be the change you want to see in the world ..tom
On Mon, Apr 5, 2021 at 4:50 PM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Spec Call Notes 5-Apr-21
>
>
>
> Nat Sakimura
>
> Mike Jones
>
> David Waite
>
> Vittorio Bertocci
>
> Jeremie Miller
>
> Edmund Jay
>
> Kristina Yasuda
>
> Tim Cappalli
>
>
>
> Working Group Status Page Updates
>
> Mike updated the working group status page
>
> https://openid.net/wg/connect/status/
>
> Newly adopted drafts were added
>
> Active working group members were updated
>
>
>
> OpenID Connect Federation Spec
>
> Published draft -14, incorporating feedback from last year's
> three interop events
>
> The spec may be nearing final status
>
> People are encouraged to review the spec now
>
> Particularly, look at changes in history
> entries from the last three releases
>
> We should discuss the spec status and next steps on the next
> European-friendly call
>
> This will be Thursday, April 8th, 2021 at 7am
> Pacific Time
>
>
>
> Claims Aggregation Spec
>
> Edmund is reviewing the credential provider draft
>
> Apparently they're working on down-scoping
>
> Both drafts are trying to pass claims from Claims Providers
> to RPs
>
> Nat wants to review the credential provider draft
>
> Note that the credential provider draft hasn't yet been
> contributed to the working group
>
>
>
> Open Issues
>
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open
>
> #1214: Certification: remove requirement for RP to support
> unsigned jwt
>
> To be consistent, we should probably allow RPs
> to pass with only a warning if they don’t support unsigned ID Tokens
>
> #1213: private_key_jwt, client_secret_jwt audience
>
> Filip summarized discussions from the 25-Mar-21
> call in an issue comment
>
> We discussed that it should remain an error if
> the Token Endpoint value isn't supported
>
> and that it should be a warning
> if the Issuer value isn't supported
>
> #1217: Require JAR in SIOP to strongly ID the Relying Party
>
> It's not clear what attack this proposal is
> intended to mitigate
>
> Deferred discussion until Tom is on the call
>
>
>
> SIOP Special Call
>
> Kristina reported on discussions from the last SIOP Special
> Call
>
> One topic discussed was how End-Users could select which
> SIOP to use
>
>
>
> Next Calls
>
> The next regular Connect call is on Thursday, April 8th,
> 2021 at 7am Pacific Time
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210405/6c45fa9f/attachment.html>
More information about the Openid-specs-ab
mailing list