[Openid-specs-ab] Spec Call Notes 28-Mar-19

Mike Jones Michael.Jones at microsoft.com
Thu Mar 28 15:53:31 UTC 2019 

Spec Call Notes 28-Mar-19

Mike Jones
Nat Sakimura
Bjorn Hjelm
Filip Skokan
George Fletcher
Tom Jones
Rich Levinson

OAuth DPoP spec created
              OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer
                             https://tools.ietf.org/html/draft-fett-oauth-dpop-00
              People interested in proof of possession are encouraged to review it

authentication_failed Error Code Draft
              Torsten asked the working group to consider adoption
              See https://bitbucket.org/openid/connect/pull-requests/3/1029-authentication-failed-error-response/diff
                             The         issue is https://bitbucket.org/openid/connect/issues/1029/authentication_failed-error-response
              George had previously suggested changing the error code to unable_to_meet_authentication_requirements
                             Or it could be unmet_authentication_requirements, which is shorter

              On the call, we decided to adopt the draft, changing the name to unmet_authentication_requirements
              People will have a week to comment on the adoption decision before adoption occurs

OpenID Connect for Identity Proofing
              A working group draft was published at https://openid.net/specs/openid-connect-4-identity-assurance.html
              This is major new work
              People are encouraged to submit reviews soon

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1069: Identity Assurance Section 5.1 on reason for request
                             We discussed the Connect principle that it's up to RPs what to request and OPs what to provide
                             There are no required request parameters or response parameters about user data
              A group of us went through open issues at IETF at Torsten's request
                             Torsten, John, Filip, Daniel Fett, Aaron Parecki, and Mike Jones
                             Comments were added to several recent issues
                             Some were also assigned to Mike

Native SSO Draft
              George is still working on incorporating feedback

prompt=create Draft
              George is still also working on this

OpenID Certification
              Roland has created initial logout certification tests
                             Mike is asking Roland for documentation on how to run them
              The Form Post Response Mode profile is changing from pilot to production status
              On April 1st we will start offering FAPI certification
              The current Connect certification pricing will remain in effect until June 1st

Next Call
              Monday, April 1 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190328/f6dd799e/attachment.html>

More information about the Openid-specs-ab mailing list