[Openid-specs-ab] Spec Call Notes 1-Mar-21
Mike Jones
Michael.Jones at microsoft.com
Tue Mar 2 19:59:09 UTC 2021
Spec Call Notes 1-Mar-21
Nat Sakimura
Mike Jones
David Waite
Tom Jones
Brian Campbell
George Fletcher
Tim Cappalli
Kristina Yasuda
Bjorn Hjelm
Vittorio Bertocci
Adam Lemmon
Edmund Jay
Tim Cappalli
John Bradley
Jeremie Miller
Connect Specs Recently Adopted
Claims Aggregation
https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md
Self-Issued Identifiers
https://bitbucket.org/openid/connect/src/master/SIOP/draft-jones-self_issued_identifier.md
SIOP V2 Spec
https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
Mike will add links to these to the working group pages
Identiverse
Identiverse has selected their presentations
Vittorio reported that Identiverse is planning for a hybrid conference, with some in-person participation
It's in Denver, June 21-23, 2021
Nat - Panel: Where are we with SIOP and DID?
Nat - Seven Principles of Digital Being
Vittorio: Dev 101
Vittorio: Browser Features for Identity
Brian: PAR - What is it good for?
(There is no GNAP talk)
HHS ONC Conference
Tom is presenting on SIOP at the conference on March 29th
https://www.healthit.gov/news/events/2021-onc-annual-meeting
Proposed Merger between Claims Aggregation and Credential Provider Specs
https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md and
https://github.com/mattrglobal/oidc-client-bound-assertions-spec
Adam said that they believe that the motivations of the two drafts are similar
Adam said that the Credential Provider spec would be the starting foundation
Nat had suggested filing issues and making PRs against the Claims Aggregation draft
Edmund said that there's reluctance to call it Credential Provider
Adam described the goal as an extension enabling OPs to issue sets of claims to RPs
Mike pointed out that Claims Providers are more like OAuth Resource Servers than OPs or RPs
You speak a different protocol to them (mostly RFC 6750)
Jeremie said that one commonality is attempting to bind sets of claims to recipients
Vittorio asked whether the work is being driven from particular customer use cases or more theoretically
Adam said they are leveraging this model for safe travel scenarios in Southeast Asia
Vittorio said that they're describing issuer/holder/consumer - not aggregation
This was first discussed during February 15, 2021 call
Open Issues
https://bitbucket.org/openid/connect/issues
All the new issues appear to be SIOP issues
Adam filed a number of issues as placeholders for discussions to occur
#1208: SIOP V2 dynamic iss claim ref: REQUIRED. Issuer. MUST be https://self-issued.me/v2
There was a discussion of PWAs in the context of this issue
Including whether they could have custom URLs associated with them
David said that there isn't a PWA spec with broad browser compatibility
Vittorio thinks that PWAs are on unstable foundations
For instance, https://www.fastcompany.com/90597411/mozilla-firefox-no-ssb-pwa-support
David thinks that RPs ideally won't know whether their OP is a PWA or not
John said that whether you can do discovery is key
Tim said that there's an Android identity API targeted at the Mobile Driver's License (MDL)
Next Calls
The next regular Connect call is on Monday, March 8th, 2021 at 3pm Pacific Time
The next SIOP Special Topic Call is on Tuesday, March 2nd, 2021 at 2pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210302/6464bc12/attachment.html>
More information about the Openid-specs-ab
mailing list