[Openid-specs-ab] Spec Call Notes 10-Oct-19

George Fletcher gffletch at aol.com
Mon Oct 14 19:51:22 UTC 2019 

I missed this meeting due to the missing calendar entry. What are the 
next steps with app2app flow? Are we going to product a spec or "best 
practice" for this method?

Thanks,
George

On 10/10/19 11:39 AM, Mike Jones via Openid-specs-ab wrote:
>
> Spec Call Notes 10-Oct-19
>
> Mike Jones
>
> Joseph Heenan
>
> Rich Levinson
>
> Brian Campbell
>
> Nat Sakimura
>
> John Bradley
>
> Torsten Lodderstedt
>
> Calendar
>
> ????????????? This call isn't in the OpenID Foundation calendar anymore
>
> ????????????? Nat fixed this during the call
>
> App2App
>
> ????????????? Joseph described his App2App application
>
> ????????????? See 
> https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html
>
> ????????????? It doesn't change the protocol at all
>
> ????????????? The app claims the authorization endpoint
>
> ????????????? It improves completion rates, using biometrics instead 
> of things users remember
>
> ????????????? This is different from George's NativeSSO spec, which 
> shares a keychain within a company's apps
>
> ?????????????????????????? This works across applications from 
> different companies
>
> ????????????? Brian said that it would be inappropriate to specify an 
> app to back end protocol
>
> ?????????????????????????? We shouldn't impose restrictions on how 
> login occurs
>
> ?????????????????????????? But advice on how to accomplish the pattern 
> would be useful
>
> ????????????? John said that there could be security issues
>
> ????????????? John said that you could do this with WebAuthn
>
> ?????????????????????????? There's a fair amount of overlap
>
> ?????????????????????????? You can do it in native applications too
>
> ?????????????????????????? For instance, there's an Android API
>
> OAuth JAR
>
> ????????????? John will do an update and then contact the area director
>
> OpenID Connect for Identity Proofing
>
> ????????????? We're in the middle of the 45-day review period
>
> https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/
>
> ????????????? Torsten plans to add a Japanese verification method in a 
> new revision
>
> ????????????? Torsten believes that we could get broader participation 
> by having an Identity Verification working group
>
> ????????????? He also might want to make the specification more modular
>
> Federation
>
> ????????????? The Federation spec was discussed at IIW among Connect 
> and R&E people
>
> ????????????? Roland Hedberg explained a change to the use of 
> .well-known to make it more parallel to Discovery
>
> ????????????? Mike has promised Roland a review of the changes
>
> ????????????? After we publish the next draft, it's probably time for 
> a second Implementer's Draft
>
> Sign In with Apple
>
> ????????????? Don posted the follow-up letter thanking Apple for 
> correcting their implementation
>
> https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/
>
> Open Issues
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open
>
> ????????????? #1116 Returning end user claims in id token
>
> ?????????????????????????? Closing since the question was answered in 
> the comments
>
> ????????????? #1115 how should the OP behave when a claim is requested 
> but not understood
>
> ?????????????????????????? Assigned to Mike
>
> ????????????? #1114 Several doubts about value in individual claim 
> requests (5.5.1)
>
> ?????????????????????????? Assigned to Mike
>
> ????????????? #1113 IANA discrepancy with error code 
> "account_selection_required"
>
> ?????????????????????????? Mike will make sure that it is registered 
> in the Errata draft updates
>
> ????????????? #1112 Register openid to the well-known URI scheme IANA 
> registry
>
> ?????????????????????????? Nat to edit the issue to remove the 
> well-known URI reference and add RFC 7595
>
> ?????????????????????????? We will do this, since there is increasing 
> interested in the self-issued OP functionality from the self-sovereign 
> identity crowd
>
> ?????????????????????????? Nat or Mike should probably be the person 
> to make the registration request
>
> ????????????? #1110 [Identity Assurance] Giving null and/or empty 
> strings special meanings might bring about difficulties in implementations
>
> ?????????????????????????? This is substantive.? We should address it 
> after the Implementer's Draft is approved.
>
> ?????????????????????????? Also see #1109, which is on the same topic
>
> SURFnet OpenID Connect Proxy Certification Issues
>
> ????????????? We ran out of time to continue discussing this
>
> Next Call
>
> ????????????? The next call is Monday, October 14 at 4pm Pacific Time
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191014/ff41cdfb/attachment.html>

More information about the Openid-specs-ab mailing list