[Openid-specs-ab] Spec Call Notes 9-May-19
Davide Vaghetti
davide.vaghetti at garr.it
Thu May 30 04:59:40 UTC 2019
Hi,
on the point below:
> Transient Subject Identifier Type
>
> At IIW, Davide Vaghetti talked about the need for a
> transient subject_type value, similar to that in SAML
>
> Mike and John encouraged him to write a specification for it
... this is what I've come up with:
https://gist.github.com/daserzw/813023b4e1c04d09beb732ef00d7c9e9
Cheers,
Davide
On 09/05/19 17:19, Mike Jones via Openid-specs-ab wrote:
> Spec Call Notes 9-May-19
>
>
>
> Mike Jones
>
> Roland Hedberg
>
> Brian Campbell
>
> Torsten Lodderstedt
>
> Bjorn Hjelm
>
> George Fletcher
>
> Tom Jones
>
>
>
> OpenID Certification
>
> Roland created certification tests for Session,
> Front-Channel, and Back-Channel, which are now being tested
>
> Filip Skokan provided a lot of early feedback on the OP tests
>
> We now need instructions for testing so others can do so
>
> It seems that there will need to be some
> browser-specific instructions in some cases
>
> There are RP logout tests also but they haven't been
> tested yet by others than Roland
>
>
>
> Authentication Failed Error Code Draft
>
> This is issue #1029
>
> The error code is now unmet_authentication_requirements
>
> Torsten submitted and Mike will publish the working group
> draft
>
>
>
> OpenID Connect for Identity Proofing
>
> Another new draft was published at
> https://openid.net/specs/openid-connect-4-identity-assurance.html
>
> Torsten led a discussion at IIW
>
> A lot of good feedback was received, including on
> requirements for other jurisdictions
>
> It was pointed out that some proofs will require multiple
> documents
>
> Torsten is working on updated syntax for that
>
> See issue #1082: Support for multiple proof
> sources
>
> Reviews are solicited
>
> We agreed that Torsten should present this during EIC
>
>
>
> EIC Next Week
>
> Roland, Torsten, Bjorn, George, and Mike will be at EIC
> next week
>
>
>
> Distinguishing first and third party cookies
>
> George let us know that there's a spec that adds the
> same-site qualifier to cookies
>
>
> https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
>
> Values are none, strict, and lax
>
> Also see
> https://web.dev/samesite-cookies-explained/
>
> and
> https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
>
> Google is adding support for this to Chrome
>
> George asked whether this might affect iframe and
> postMessage communication
>
> And whether this might affect Session Management
>
>
>
> Open Issues
>
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open
>
> #1083: policy_uri, tos_uri, logo_uri missing in IANA JWT
> claims registry
>
> Brian asked whether Nat really meant the JWT
> Claims registry or the AS Metadata registry
>
> #1081: Need for a persistence user identifier - a PUID
>
> We discussed that change of keys is a change
> of identity for self-issued
>
> We discussed the ability to add a "did" claim
> to the ID Token when it is useful
>
> We discussed that the "sub" value must not
> change at key roll-over time
>
>
>
> Transient Subject Identifier Type
>
> At IIW, Davide Vaghetti talked about the need for a
> transient subject_type value, similar to that in SAML
>
> Mike and John encouraged him to write a specification for it
>
>
>
> Next Call
>
> The May 13th call is cancelled due EIC
>
> The next call is Thursday, May 23 at 7am Pacific Time
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190530/9acc0e48/attachment.p7s>
More information about the Openid-specs-ab
mailing list