[Openid-specs-ab] Spec Call Notes 10-Oct-19

Mike Jones Michael.Jones at microsoft.com
Thu Oct 10 15:39:22 UTC 2019


Spec Call Notes 10-Oct-19

Mike Jones
Joseph Heenan
Rich Levinson
Brian Campbell
Nat Sakimura
John Bradley
Torsten Lodderstedt

Calendar
              This call isn't in the OpenID Foundation calendar anymore
              Nat fixed this during the call

App2App
              Joseph described his App2App application
              See https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html
              It doesn't change the protocol at all
              The app claims the authorization endpoint
              It improves completion rates, using biometrics instead of things users remember
              This is different from George's NativeSSO spec, which shares a keychain within a company's apps
                           This works across applications from different companies
              Brian said that it would be inappropriate to specify an app to back end protocol
                           We shouldn't impose restrictions on how login occurs
                           But advice on how to accomplish the pattern would be useful
              John said that there could be security issues
              John said that you could do this with WebAuthn
                           There's a fair amount of overlap
                           You can do it in native applications too
                           For instance, there's an Android API

OAuth JAR
              John will do an update and then contact the area director

OpenID Connect for Identity Proofing
              We're in the middle of the 45-day review period
              https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/
              Torsten plans to add a Japanese verification method in a new revision

              Torsten believes that we could get broader participation by having an Identity Verification working group
              He also might want to make the specification more modular

Federation
              The Federation spec was discussed at IIW among Connect and R&E people
              Roland Hedberg explained a change to the use of .well-known to make it more parallel to Discovery
              Mike has promised Roland a review of the changes
              After we publish the next draft, it's probably time for a second Implementer's Draft

Sign In with Apple
              Don posted the follow-up letter thanking Apple for correcting their implementation
              https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1116 Returning end user claims in id token
                           Closing since the question was answered in the comments
              #1115 how should the OP behave when a claim is requested but not understood
                           Assigned to Mike
              #1114 Several doubts about value in individual claim requests (5.5.1)
                           Assigned to Mike
              #1113 IANA discrepancy with error code "account_selection_required"
                           Mike will make sure that it is registered in the Errata draft updates
              #1112 Register openid to the well-known URI scheme IANA registry
                           Nat to edit the issue to remove the well-known URI reference and add RFC 7595
                           We will do this, since there is increasing interested in the self-issued OP functionality from the self-sovereign identity crowd
                           Nat or Mike should probably be the person to make the registration request
              #1110 [Identity Assurance] Giving null and/or empty strings special meanings might bring about difficulties in implementations
                           This is substantive.  We should address it after the Implementer's Draft is approved.
                           Also see #1109, which is on the same topic

SURFnet OpenID Connect Proxy Certification Issues
              We ran out of time to continue discussing this

Next Call
              The next call is Monday, October 14 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191010/232b0a14/attachment.html>


More information about the Openid-specs-ab mailing list