[Openid-specs-ab] SIOP call agenda (2021-08-19) - with a special guest

Kristina Yasuda Kristina.Yasuda at microsoft.com
Thu Aug 19 04:29:13 UTC 2021 

Hi All,



Below is a proposed agenda for a SIOP call. It's an Atlantic Pacific time-zone call on Thursday.


Note that we have a special guest, Daniel Fett, joining us, who has been conducting a cross-device SIOP security review.

Please review prior to the call: https://docs.google.com/document/d/1gWBV8Nhisdq-Pge_NgRXnfvVo5PMU9qvnhsq9vl84b8/edit?usp=sharing


We also have a number of new SIOP issues.


- IPR reminder

- Introductions/re-introductions

- Agenda bashing/adoption

- Events/External orgs

     - DIF Presentation Exchange/OIDF WG update (some good progress happening): https://github.com/decentralized-identity/presentation-exchange/issues

- PRs

  *   two ready to be merger: Cross-device SIOP & vp hash


- Discussion

  *   Draft for security considerations section: https://docs.google.com/document/d/1gWBV8Nhisdq-Pge_NgRXnfvVo5PMU9qvnhsq9vl84b8/edit?usp=sharing
  *   related issues:
     *   Security Considerations: https://bitbucket.org/openid/connect/issues/1269/add-security-considerations-for-cross<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1269%2Fadd-security-considerations-for-cross&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C0e97c31cf7894a31be4508d950d34339%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629690781019460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=okTAjch1DqHOvE3Su34gY%2FeU1sUryxrvS7FcBXlw%2FOA%3D&reserved=0>
     *   using WebAuthn: https://bitbucket.org/openid/connect/issues/1273/mitigating-security-risk-by-using-webauthn

- Issues

  *   SIOP V2
     *   List of new issues: https://bitbucket.org/openid/connect/issues?component=SIOP&status=new
        *   entity resolving identifiers
        *   removing client_id as redirect_uri and registration request parameters
        *   other client_id values than redirect URI
        *   subject resolving identifiers
        *   arbitrary SIOP v2 issuers
     *   Client_id in SIOP V2 https://bitbucket.org/openid/connect/issues/1272/client-identifier-in-siop-when-the-dids


- AOB


Best,

Kristina





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210819/da0a626f/attachment.html>

More information about the Openid-specs-ab mailing list