[Openid-specs-ab] Spec Call Notes 28-Jun-21
Mike Jones
Michael.Jones at microsoft.com
Tue Jun 29 00:20:08 UTC 2021
Spec Call Notes 28-Jun-21
Mike Jones
John Bradley
Nat Sakimura
Kristina Yasuda
Anthony Nadalin
Tom Jones
Jeremie Miller
Edmund Jay
David Waite (DW)
IPR Policy for Special Calls
Tony asked what IPR regime the special calls operate under
Nat and Mike affirmed that these are OpenID Connect calls operating under the OpenID IPR Regime
Kristina wondered whether we can have some calls with joint OpenID and DIF IPR policy
John said that that would be a field day for lawyers
The DIF spec operates under the DIF IPR Policy
Kristina said that DIF could have their own call under their own IPR Policy
Mike said that he'll respond to Tony's e-mail query
Nat suggested that the same person file duplicate issues for Connect and DIF, where applicable
Events
Identiverse
Identiverse was last week - held as a hybrid event
Kristina reported that the Solar Winds attack was actually an identity attack
Jeremie reported that Ping announced the ShoCard personal credentials product
It uses JWT serializations
Applied Cryptography and Network Security Conference
Nat will reprise the talk at virtual Identiverse
He gave challenges to cryptographers
European Identity and Cloud Conference (EIC) in Munich in mid-September
There will be an OpenID Workshop
The FAPI WG is working on a meet-up there
This may be the first in-person identity conference that many people choose to attend
Federation Specification
The current draft is https://openid.net/specs/openid-connect-federation-1_0-16.html
Roland is responding to Torsten's review
DW sent a review today
Mostly on nomenclature
He's also advocating against per-audience metadata
He's advocating deterministic resolution rules
He's interested in use by SIOP
Tom read it
He thought that some of the dynamic possibilities might be a feature
Mike suggested that we could have a call dedicated to Federation
We would want Roland and hopefully the implementers there
DW would be interested if it's one of the morning calls
Tony asked about the relationship to the proposed W3C Federation CG
Mike described that federations use federated login, and so both communities are interested in keeping federated login working
Potentially pertinent to the Browser Interactions Special Call
Nat reported that in Android 12 Beta2, App Links (https scheme) from ChromeCustomTabs seems to have stopped working
DW reported they are making changes to App Links, so this likely is an issue we should raise as a regression (in hopes it isn't a policy change)
Kristina said that this could influence SIOP chooser work
Nat said that it could also affect OAuth Native Applications Best Practices
DHS Response
Kristina applied feedback received, including from Tony and Torsten
Kristina needs to respond to a question from Torsten about the mDL use case
Torsten also made suggestions about a CIBA-like flow, which we should try to understand
We're asking for internal comments by June 30th
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #23: introduce "presentation_definition" element
To be discussed on the next SIOP special call
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1250: Separating Claims Aggregation and Credential Provider drafts
Kristina described the differences in the flows that she was calling out in the issue
Nat said this is related to issue #1253: Threat analysis for Binding between VC and VP
He said there's danger in completely separating issuance from presentation
Kristina suggested discussing the call on an Atlantic call, so Torsten can attend
1253: Threat analysis for Binding between VC and VP
Nat said the security issues discussed pertain to the security discussion in PR #22
Next Call
The next regular Connect call will be on Thursday, July 1, 2021 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210629/58bb1f30/attachment.html>
More information about the Openid-specs-ab
mailing list