[Openid-specs-ab] Spec Call Notes 24-May-21

Mike Jones Michael.Jones at microsoft.com
Tue May 25 16:04:14 UTC 2021


Spec Call Notes 24-May-21

Mike Jones
Tom Jones
Brian Campbell
Vittorio Bertocci
Edmund Jay
Nat Sakimura
Tim Cappalli
John Bradley
Kristina Yasuda
Pamela Dingle
Jeremie Miller
Anthony Nadalin
Dmitri Zagidulin
Tobias Looker
David Waite

Federation
              The new draft https://openid.net/specs/openid-connect-federation-1_0-15.html was published last week
              Kristina reviewed the spec last week
              It's on John's list for this week
              Following the reviews, it's our intent to start the Implementer's Draft adoption process
              There will also be additional security considerations text published later this week
              Mike asked Tobias to also review the sections he's interested in

Federation and Browsers Workshop, 25-26 May 2021
https://github.com/WICG/WebID/blob/main/meetings/2021/25-26_May_2021.md

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1237: vp vs. jwt_vp or vp_jwt?
                           Waiting for feedback from David Chadwick
              #1238: Requesting Verifiable Presentation
                           Now assigned to Torsten
              #1232: What is the scope of a signature?
                           Tom will close
              #1227: Core 5.5 - Claims parameter requirements
                           This would extend Core and Discovery, which are final.  It could be done in extensions.
                           The "claims" parameter is not MTI
                           There is a "claims_parameter_supported" Discovery result.  If you support this, you should support its parameters.
              #1228: Discovery 3 - New metadata item for claims request
                           There is a "claims_parameter_supported" Discovery result.  If you support this, you should support its parameters.
              #1214: Certification: remove requirement for RP to support unsigned jwt
                           Mike will close, per Joseph's suggestion
              #1009: Contradictory statements about ID Token azp Claim
                           Mike will address as part of the errata process
              #1206: How to support LD-Proofs in Verifiable Presentations
                           This is being addressed in OpenID Connect for Verifiable Presentations
                           We agreed to close this issue on that basis
              #1205: Indicating support for VCs (SIOP)
                           This should be done by the new draft
              #1211: Registration in SIOP is better described as "negotiation"
                           Tobias reminded us of the relationship with OpenID Connect Federation Automatic Registration
                           Kristina will close
              #1198: Registration in SIOP
                           Probably dependent upon architectural model discussions
                           (We should probably schedule some working group sessions just for these architectural discussions)
                           DW volunteered to help with these discussions
              #1175: Create a documentation for Self-Issued Identifiers
              https://bitbucket.org/openid/connect/src/master/SIOP/draft-jones-self_issued_identifier.md does this
                           Tom will investigate and possibly close
              #1187: id_token_hint and non-repudiation
                           You can use it as a hint but not as proof of prior login without being asymmetrically signed
              #1186: when to use invalid_request_object error
                           Mike proposes to ask if there's additional data from the certification team
              #1186: Mention of POST requests and SameSite cookie attributes (RP Initiated Logout)
                           Mike asked for comments from people involved in the Browser Interactions conversations
                           DW added some data about what browsers are currently doing
                           Vittorio agreed with DW's comments

Next Call
              The next regular Connect call will be on Monday, May 31st at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210525/e4b39038/attachment-0001.html>


More information about the Openid-specs-ab mailing list