[Openid-specs-ab] Spec Call Notes 10-Oct-19
Mike Jones
Michael.Jones at microsoft.com
Thu Oct 10 15:39:22 UTC 2019
Spec Call Notes 10-Oct-19
Mike Jones
Joseph Heenan
Rich Levinson
Brian Campbell
Nat Sakimura
John Bradley
Torsten Lodderstedt
Calendar
This call isn't in the OpenID Foundation calendar anymore
Nat fixed this during the call
App2App
Joseph described his App2App application
See https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html
It doesn't change the protocol at all
The app claims the authorization endpoint
It improves completion rates, using biometrics instead of things users remember
This is different from George's NativeSSO spec, which shares a keychain within a company's apps
This works across applications from different companies
Brian said that it would be inappropriate to specify an app to back end protocol
We shouldn't impose restrictions on how login occurs
But advice on how to accomplish the pattern would be useful
John said that there could be security issues
John said that you could do this with WebAuthn
There's a fair amount of overlap
You can do it in native applications too
For instance, there's an Android API
OAuth JAR
John will do an update and then contact the area director
OpenID Connect for Identity Proofing
We're in the middle of the 45-day review period
https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/
Torsten plans to add a Japanese verification method in a new revision
Torsten believes that we could get broader participation by having an Identity Verification working group
He also might want to make the specification more modular
Federation
The Federation spec was discussed at IIW among Connect and R&E people
Roland Hedberg explained a change to the use of .well-known to make it more parallel to Discovery
Mike has promised Roland a review of the changes
After we publish the next draft, it's probably time for a second Implementer's Draft
Sign In with Apple
Don posted the follow-up letter thanking Apple for correcting their implementation
https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1116 Returning end user claims in id token
Closing since the question was answered in the comments
#1115 how should the OP behave when a claim is requested but not understood
Assigned to Mike
#1114 Several doubts about value in individual claim requests (5.5.1)
Assigned to Mike
#1113 IANA discrepancy with error code "account_selection_required"
Mike will make sure that it is registered in the Errata draft updates
#1112 Register openid to the well-known URI scheme IANA registry
Nat to edit the issue to remove the well-known URI reference and add RFC 7595
We will do this, since there is increasing interested in the self-issued OP functionality from the self-sovereign identity crowd
Nat or Mike should probably be the person to make the registration request
#1110 [Identity Assurance] Giving null and/or empty strings special meanings might bring about difficulties in implementations
This is substantive. We should address it after the Implementer's Draft is approved.
Also see #1109, which is on the same topic
SURFnet OpenID Connect Proxy Certification Issues
We ran out of time to continue discussing this
Next Call
The next call is Monday, October 14 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191010/232b0a14/attachment.html>
More information about the Openid-specs-ab
mailing list