[Openid-specs-ab] Spec Call Notes 10-Oct-19

Mike Jones Michael.Jones at microsoft.com
Mon Oct 14 20:14:45 UTC 2019 

Right now it's just a discussion topic that Joseph wanted to make us aware of.

From: George Fletcher <gffletch at aol.com>
Sent: Monday, October 14, 2019 12:51 PM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Mike Jones <Michael.Jones at microsoft.com>
Subject: Re: [Openid-specs-ab] Spec Call Notes 10-Oct-19

I missed this meeting due to the missing calendar entry. What are the next steps with app2app flow? Are we going to product a spec or "best practice" for this method?

Thanks,
George
On 10/10/19 11:39 AM, Mike Jones via Openid-specs-ab wrote:
Spec Call Notes 10-Oct-19
?
Mike Jones
Joseph Heenan
Rich Levinson
Brian Campbell
Nat Sakimura
John Bradley
Torsten Lodderstedt
?
Calendar
????????????? This call isn't in the OpenID Foundation calendar anymore
????????????? Nat fixed this during the call
?
App2App
????????????? Joseph described his App2App application
????????????? See https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjosephheenan.blogspot.com%2F2019%2F08%2Fimplementing-app-to-app-authorisation.html&data=02%7C01%7CMichael.Jones%40microsoft.com%7C0ac476f5b0d94c74c77608d750dfe6fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637066794904067203&sdata=DiPqupifayrHwXXJE4d5szOhTl6PRsS9CYqlADaHlWY%3D&reserved=0>
????????????? It doesn't change the protocol at all
????????????? The app claims the authorization endpoint
????????????? It improves completion rates, using biometrics instead of things users remember
????????????? This is different from George's NativeSSO spec, which shares a keychain within a company's apps
?????????????????????????? This works across applications from different companies
????????????? Brian said that it would be inappropriate to specify an app to back end protocol
?????????????????????????? We shouldn't impose restrictions on how login occurs
?????????????????????????? But advice on how to accomplish the pattern would be useful
????????????? John said that there could be security issues
????????????? John said that you could do this with WebAuthn
?????????????????????????? There's a fair amount of overlap
?????????????????????????? You can do it in native applications too
?????????????????????????? For instance, there's an Android API
?
OAuth JAR
????????????? John will do an update and then contact the area director
?
OpenID Connect for Identity Proofing
????????????? We're in the middle of the 45-day review period
????????????? https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2F2019%2F09%2F19%2Fpublic-review-period-for-openid-connect-for-identity-assurance-specification-started%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7C0ac476f5b0d94c74c77608d750dfe6fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637066794904077197&sdata=CM24GwIdQ6YI5GTbs3QC%2B%2Fjt05S9UK7kaR%2BzHsxNRRE%3D&reserved=0>
????????????? Torsten plans to add a Japanese verification method in a new revision
?
????????????? Torsten believes that we could get broader participation by having an Identity Verification working group
????????????? He also might want to make the specification more modular
?
Federation
????????????? The Federation spec was discussed at IIW among Connect and R&E people
????????????? Roland Hedberg explained a change to the use of .well-known to make it more parallel to Discovery
????????????? Mike has promised Roland a review of the changes
????????????? After we publish the next draft, it's probably time for a second Implementer's Draft
?
Sign In with Apple
????????????? Don posted the follow-up letter thanking Apple for correcting their implementation
????????????? https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2F2019%2F09%2F30%2Fapple-successfully-implements-openid-connect-with-sign-in-with-apple%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7C0ac476f5b0d94c74c77608d750dfe6fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637066794904077197&sdata=1eOTtPgLNT8ebrFUyh2PH4f4nJKE9UW0e9zONw5hlKg%3D&reserved=0>
?
Open Issues
????????????? https://bitbucket.org/openid/connect/issues?status=new&status=open<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen&data=02%7C01%7CMichael.Jones%40microsoft.com%7C0ac476f5b0d94c74c77608d750dfe6fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637066794904087186&sdata=ydhE3Pu6a31MU7OJIzpep7bWsBPQUcAreCzfAFg0vhY%3D&reserved=0>
????????????? #1116 Returning end user claims in id token
?????????????????????????? Closing since the question was answered in the comments
????????????? #1115 how should the OP behave when a claim is requested but not understood
?????????????????????????? Assigned to Mike
????????????? #1114 Several doubts about value in individual claim requests (5.5.1)
?????????????????????????? Assigned to Mike
????????????? #1113 IANA discrepancy with error code "account_selection_required"
?????????????????????????? Mike will make sure that it is registered in the Errata draft updates
????????????? #1112 Register openid to the well-known URI scheme IANA registry
?????????????????????????? Nat to edit the issue to remove the well-known URI reference and add RFC 7595
?????????????????????????? We will do this, since there is increasing interested in the self-issued OP functionality from the self-sovereign identity crowd
?????????????????????????? Nat or Mike should probably be the person to make the registration request
????????????? #1110 [Identity Assurance] Giving null and/or empty strings special meanings might bring about difficulties in implementations
?????????????????????????? This is substantive.? We should address it after the Implementer's Draft is approved.
?????????????????????????? Also see #1109, which is on the same topic
?
SURFnet OpenID Connect Proxy Certification Issues
????????????? We ran out of time to continue discussing this
?
Next Call
????????????? The next call is Monday, October 14 at 4pm Pacific Time



_______________________________________________

Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=02%7C01%7CMichael.Jones%40microsoft.com%7C0ac476f5b0d94c74c77608d750dfe6fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637066794904097189&sdata=e1InRfVGbfh5NF8JDGP2NsIq5gxXa%2BYudhJMuYCCeY8%3D&reserved=0>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191014/cdc8e3ce/attachment.html>

More information about the Openid-specs-ab mailing list