[Openid-specs-ab] OpenID AB/Connect Call Note (2019-08-29)

Nat Sakimura sakimura at gmail.com
Thu Aug 29 14:47:34 UTC 2019 

OpenID AB/Connect Call Note (2019-08-29)

Date: 2019-08-29 15:00 UTC

Location: GoToMeeting https://www3.gotomeeting.com/join/695548174

Agenda

   - 1.   Roll Call
   <https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-roll-call>
   - 2.   Adoption of the agenda
   <https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-adoption-of-the-agenda>
   - 3.   Reciprocal OAuth (George)
   <https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-reciprocal-oauth-george>
   - 4.   Native SSO and related use-cases (George)
   <https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-native-sso-and-related-use-cases-george>
   - 5.   AOB
   <https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-aob>

The meeting was called to order at 15:08 UTC.
1.   Roll Call
<https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-id1>

   - Present: Nat, George, Brian
   - Regret:

2.   Adoption of the agenda
<https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-id2>

   - Since draft agenda was not sent out, the following topics were dealt
   with.

3.   Reciprocal OAuth (George)
<https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-id3>

Reciprocal OAuth is going to the last call soon. We should do careful read
and give feedback.
4.   Native SSO and related use-cases (George)
<https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-id4>

The situation around the browser etc. has changed a lot since we did
AppAuth pattern, e.g., samesite=lax and ITP2. It seems to be a good time to
re-collect the use-cases and evaluate what breaks. George has started a
slide deck to be used at the OpenID Workshop before IIW. It is still just
an outline but he will share it with people who wants to fill in.

Some of the use cases that were discussed in the calls include:

   - Hybrid-App (Native App + Server side): Whether to start the flow from
   the Native App or Server Side.
   - Minimum privilege Access Token v.s. Wider-scope but sender constrained
   AT through Dynamic Client Registration.
   - Form Post and samesite=lax
   - App to App token passing within the same developer.
   - App to App token passing among the apps from different developers.

5.   AOB
<https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2019-08-29_Atlantic#rst-header-id5>

The call closed at 15:38 UTC

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190829/216d412d/attachment.html>

More information about the Openid-specs-ab mailing list