[Openid-specs-ab] Spec Call Notes 28-Jun-21

Mike Jones Michael.Jones at microsoft.com
Tue Jun 29 00:20:08 UTC 2021


Spec Call Notes 28-Jun-21

Mike Jones
John Bradley
Nat Sakimura
Kristina Yasuda
Anthony Nadalin
Tom Jones
Jeremie Miller
Edmund Jay
David Waite (DW)

IPR Policy for Special Calls
              Tony asked what IPR regime the special calls operate under
              Nat and Mike affirmed that these are OpenID Connect calls operating under the OpenID IPR Regime
              Kristina wondered whether we can have some calls with joint OpenID and DIF IPR policy
                           John said that that would be a field day for lawyers
              The DIF spec operates under the DIF IPR Policy
              Kristina said that DIF could have their own call under their own IPR Policy
              Mike said that he'll respond to Tony's e-mail query
              Nat suggested that the same person file duplicate issues for Connect and DIF, where applicable

Events
              Identiverse
                           Identiverse was last week - held as a hybrid event
                           Kristina reported that the Solar Winds attack was actually an identity attack
                           Jeremie reported that Ping announced the ShoCard personal credentials product
                                         It uses JWT serializations
              Applied Cryptography and Network Security Conference
                           Nat will reprise the talk at virtual Identiverse
                           He gave challenges to cryptographers
              European Identity and Cloud Conference (EIC) in Munich in mid-September
                           There will be an OpenID Workshop
                           The FAPI WG is working on a meet-up there
                           This may be the first in-person identity conference that many people choose to attend

Federation Specification
              The current draft is https://openid.net/specs/openid-connect-federation-1_0-16.html
              Roland is responding to Torsten's review
              DW sent a review today
                           Mostly on nomenclature
                           He's also advocating against per-audience metadata
                           He's advocating deterministic resolution rules
                           He's interested in use by SIOP
              Tom read it
                           He thought that some of the dynamic possibilities might be a feature
              Mike suggested that we could have a call dedicated to Federation
                           We would want Roland and hopefully the implementers there
                           DW would be interested if it's one of the morning calls
              Tony asked about the relationship to the proposed W3C Federation CG
                           Mike described that federations use federated login, and so both communities are interested in keeping federated login working

Potentially pertinent to the Browser Interactions Special Call
              Nat reported that in Android 12 Beta2, App Links (https scheme) from ChromeCustomTabs seems to have stopped working
              DW reported they are making changes to App Links, so this likely is an issue we should raise as a regression (in hopes it isn't a policy change)
              Kristina said that this could influence SIOP chooser work
              Nat said that it could also affect OAuth Native Applications Best Practices

DHS Response
              Kristina applied feedback received, including from Tony and Torsten
              Kristina needs to respond to a question from Torsten about the mDL use case
                           Torsten also made suggestions about a CIBA-like flow, which we should try to understand
              We're asking for internal comments by June 30th

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #23: introduce "presentation_definition" element
                           To be discussed on the next SIOP special call

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1250: Separating Claims Aggregation and Credential Provider drafts
                           Kristina described the differences in the flows that she was calling out in the issue
                           Nat said this is related to issue #1253: Threat analysis for Binding between VC and VP
                           He said there's danger in completely separating issuance from presentation
                           Kristina suggested discussing the call on an Atlantic call, so Torsten can attend
              1253: Threat analysis for Binding between VC and VP
                           Nat said the security issues discussed pertain to the security discussion in PR #22

Next Call
              The next regular Connect call will be on Thursday, July 1, 2021 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210629/58bb1f30/attachment.html>


More information about the Openid-specs-ab mailing list