[Openid-specs-ab] Spec Call Notes 11-Apr-19
Mike Jones
Michael.Jones at microsoft.com
Thu Apr 11 19:53:21 UTC 2019
Spec Call Notes 11-Apr-19
Mike Jones
Nat Sakimura
George Fletcher
Brian Campbell
John Bradley
Rich Levinson
Bjorn Hjelm
Torsten Lodderstedt
Tom Jones
OAuth JAR
Nat asked for feedback on the OAuth JAR spec from John
John is working on addressing feedback received during the OAuth Security Workshop
It's already gone through the IESG telechat already so the authors are looking to minimize the changes made
authentication_failed Error Code Draft
No comments were received during the adoption comment period, so the draft is adopted
The working group requested to change the name to unmet_authentication_requirements on the 1-Apr-19 call
Torsten will update the error code name and we'll publish a working group draft
This addresses issue https://bitbucket.org/openid/connect/issues/1029/authentication_failed-error-response
OpenID Connect for Identity Proofing
A working group draft was published at https://openid.net/specs/openid-connect-4-identity-assurance.html
Torsten has received some private feedback
More working group feedback is solicited
Bjorn and Daniel Fett will propose a session at IIW about the draft
Mike agreed to help facilitate the session
OpenID Certification
Roland Hedberg continues refining the initial logout certification tests
Filip Skokan has been super-helpful in doing early tests of the tests
Hans has also helped get them ready for people to run
They are deployed at https://new-op.certification.openid.net:60000/ and https://new-rp.certification.openid.net:8080/
Expect an announcement requesting that people test the tests shortly
Third Party-Initiated Login tests have been available to test since February
Thus far, we're not aware that they have been tested
We observed on the call that IdP-initiated login is much more common in the SAML world than the Connect world
Mike will send a reminder to the working group of the availability of the tests
FAPI certification launched on April 1st
See the completed FAPI certifications at https://openid.net/certification/#FAPI_OPs
The Connect certification pricing will go up on June 1st
See https://openid.net/2019/02/21/openid-certification-program-expansion-and-fee-update/
Those considering new certifications will get a price break by doing so in April or May
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1067 Add Privacy Considerations
Torsten will do this
#1068 Follow ISO Rules
This is a tracking issue. We will review the document in this regard in the future.
#1069 Identity Assurance Section 5.1 on reason for request
This had been heavily discussed in the comment and on list
Mike had made the point that it's always up to the two parties what information to exchange
We shouldn't start mandating specific information now
Tom said that maybe we could reference legal agreements in machine-processable fashion
George said that that would be a whole different standardization effort
George said that in some cases, the OP already knows that there is consent
Torsten said that the OP always needs to understand the legal basis for sharing information with the RP
Tom said that there are different legal jurisdictions
George said that legal information can be exchanged offline and need not be part of the protocol
George reminded us that we already have a prompt=consent parameter
We commented in the issue that a concrete proposal is needed
Next Call
Monday, April 15 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190411/b9c3d8b9/attachment.html>
More information about the Openid-specs-ab
mailing list