[Openid-specs-ab] Spec Call Notes 20-May-21
Mike Jones
Michael.Jones at microsoft.com
Thu May 20 18:29:59 UTC 2021
Spec Call Notes 20-May-21
Nat Sakimura
Tim Cappalli
John Bradley
George Fletcher
Adam Lemmon
Tom Jones
Torsten Lodderstedt
Kristina Yasuda
Oliver Terbu
Joseph Heenan
Brian Campbell
Dmitri Zagidulin
Mike Jones
Bjorn Hjelm
Privacy CG Report
There appears to be more engagement by all the browser makers
Apple plans to participate in the workshop that Heather has organized for next week
An invitation for this should go out soon
On the other hand, there are people who believe that the browser is a critical component for all identity flows
This would require a new protocol - Not OpenID Connect, SAML, DIDs, etc.
As Tim pointed out, this would be a new active party in the identity flows
We should discuss this during the workshop
Tim reports that there are advertisers, such as the Washington Post, participating in the conversation
Brian reports that Brave is participating
They have implemented ephemeral buckets, where state is cleared quickly
Brian said browsers are moving towards partitioned state
Nat said that if link decoration (query parameters) are deprecated, it could mess up Open Banking implementations
Certification
The certification suite has been updated to use the final FAPI 1.0 specs
Brazil Open Banking - ~40 banks going live in July
They're using FAPI 1.0 and later also FAPI CIBA
There's directed funding to create a Brazil variant of the FAPI tests
There's an ongoing trickle of Connect certifications
We raised the prices a few months ago to come closer to covering our costs
We are also working on an open source fee waiver program
Federation
A new draft has been published at https://openid.net/specs/openid-connect-federation-1_0-15.html
Kristina reviewed the spec last week
Torsten will review it
Brian will try to review it, as will Tom
Mike asked John to review it
Following the reviews, it's our intent to start the Implementer's Draft adoption process
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1237: vp vs. jwt_vp or vp_jwt?
We proposed to close this since it's being addressed in the new Verifiable Presentations draft
#1238: Requesting Verifiable Presentation
We proposed to close this since it's being addressed in the new draft
#1229: Adoption of the "OpenID Connect for W3C Verifiable Credential Objects"
Nat created the VerifiablePresentation issue tracker feature
Nat filed a number of Claims Aggregation issues
These are mostly intended to improve the clarity of exposition
#1232: What is the scope of a signature?
Tom asked about what it means to sign a JWT when there's a claim that's also signed
George said that the signed data is intended to be sent and is integrity protected
Generally, having a signed claim doesn't mean that it's been verified
But Mike said that "email_verified" means that "email" has been verified
John pointed out that the "iss" and "sub" are verified
Nat said that OpenID Connect for Identity Assurance defines some verification methods
Nat said that the veracity of some fields may be governed by Trust Frameworks
It's recommended that people review these related issues (which we ran out of time to discuss):
#1227: Core 5.5 - Claims parameter requirements
#1228: Discovery 3 - New metadata item for claims request
Next Call
The next regular Connect call will be on Monday, May 24 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210520/9fd796df/attachment.html>
More information about the Openid-specs-ab
mailing list