[Openid-specs-ab] Spec Call Notes 14-Mar-19

Mike Jones Michael.Jones at microsoft.com
Thu Mar 14 18:55:23 UTC 2019

Spec Call Notes 14-Mar-19

Mike Jones
Brian Campbell
George Fletcher
Tom Jones
Torsten Lodderstedt
Bjorn Hjelm
Nat Sakimura
Rich Levinson
Filip Skokan

Native SSO Draft
              George has gotten feedback from Torsten and Edmund and Filip on the Native SSO Draft
              Nat checked it into GitHub and sent a note to the working group about it
              After George incorporates feedback, Mike will publish a working group draft

prompt=create Draft
              George also received some feedback on that draft
              There hasn't yet been a decision whether to make this a working group document or not

OpenID Connect for Identity Proofing (draft mechanics)
              Torsten migrated his draft from PDF to Markdown and checked it into our bitbucket repository
                           Build with "mmark -2 main.md > ./openid-connect-4-identity-assurance.xml" and then xml2rfc
              Torsten published the html to https://openid.net/wordpress-content/uploads/2019/03/openid-connect-4-identity-assurance-00.html

Document Source Control
              We had a discussion on specification source control and archiving
              Torsten's source uses multiple .md files
                           Mike and Torsten discussed the need to have a consistent archival copy of sources for all working group drafts
                           Having a consistent snapshot is harder when there's more than one source file
              For now, Torsten will produce a .zip file with all sources and outputs and then Mike will publish the working group document
                           We will continue discussing this in Stuttgart and Prague

              Bjorn pointed out that some of the institutional knowledge of how OpenID specs are published needs to be documented
                           This will help all working group chairs and editors
                           Mike agreed to work on this
              For instance:
                           A permanent archive of sources and outputs for working group specifications is needed
                           The archive is independent of the source control system that editors may use - as these come and go
                           Specifications for foundation-wide review are always published at openid.net/specs/.
                                         Some working groups also publish all major revisions there

OpenID Connect for Identity Proofing (content)
              Tom started a discussion about meeting legal requirements for identity proofing
              Torsten had responded to this on the list
              There are many legal jurisdictions around the world with different requirements
                           We want to create specifications that can be applied worldwide
              None of us on the call are lawyers, so we're not qualified to make legal judgements
              Torsten stated that he created a representation of identity assurance data
              Torsten stated that it's up to implementers to comply with applicable laws
              Tom suggested that we add a privacy considerations section to the document
              George: We're not requiring that particular information be exchanged
                           Mike: We're defining syntax - not policy
                           Mike: In this sense, the document is neutral, just like OpenID Connect is
                           Nat: It's up to implementing entities to ensure that they're in compliance - not us
              Nat: There are other kinds of legal basis than consent, but sometimes consent applies
              George: We are not trying to define business processes or legal processes in the specification
              Nat: Implementing entities must identify their applicable legal requirements and comply with them
                           Mike: This is true of all identity specifications - not just this one

Next Call
              Monday, March 18 at 4pm Pacific Time
                           However this may be problematic for people travelling to the OAuth Security Workshop in Prague
                           We should discuss whether to have this call on the mailing list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190314/4f44a44a/attachment-0001.html>

More information about the Openid-specs-ab mailing list