[Openid-specs-ab] Spec Call Notes 20-Jul-20
Mike Jones
Michael.Jones at microsoft.com
Tue Jul 21 00:27:34 UTC 2020
Spec Call Notes 20-Jul-20
Mike Jones
Nat Sakimura
Tony Nadalin
John Bradley
Bjorn Hjelm
Edmund Jay
Tom Jones
Events
OAuth Security Workshop
Starts tomorrow. OIDF workshop on Tuesday.
Participants should have received e-mail
OAuth Security Workshop: Important Information
https://barcamptools.eu/oauth-security-workshop-2020/events
Second SIOP Virtual Meetup in a Pacific-friendly timeslot
Next week at this time: 4-6pm Pacific Time on Monday, July 27th
https://www.eventbrite.co.uk/e/siop-virtual-meetup-2-tickets-113754506792
Speaking slots are still open
SIOP Issues
The claims aggregation draft is relevant
Tony said that need to figure out what should go into the base and what's a profile
For instance, he doesn't think that DID or Verifiable Credentials content should go into the base
Tom wants key rollover
John said that sometimes you want to change keys for reasons of recovery
Algorithm agility is another reason for rollover
Tom listed the multiple devices use cases
John reminisced about the use of XRDS in OpenID 2.0
Join points out that with aggregated claims, different claims sets can be signed by different entities
John asked whether people want to have multiple self-issued providers
Also see issue #1180 - SIOP Laundry List
OAuth JAR
Nat created a PR addressing Ben Kaduk's requested clarifications
https://bitbucket.org/Nat/oauth-jwsreq/pull-requests/9
Mike has approved it
OIDC Aggregated Claims Draft
See the attachment in Nat's message:
[Openid-specs-ab] Claims Aggregation Draft
Defines more on how to use them than the Core draft does
Defines a separate claims endpoint
Closely related to eKYC-IDA needs
Also a need to constrain the claims set for minimal disclosure purposes
Nat would like this to become a working group document after review
People are encouraged to review it before the SIOP meeting next week
Logout Specs
Mike is splitting the RP-Initiated Logout functionality into its own draft
Per the previous working group decision
It's all existing content
Nat points out that we'll need to formally adopt this
Mike is getting updated contact information from contributors
Mike will both update to current affiliations and list old ones in errata
Certification
We now have OP submission instructions
Referenced from https://openid.net/certification/migration/
No one has used them yet
Edmund Jay plans to try to use them soon
We've had a few others testing and filing bugs
WG Status Page
Mike updated our working group status page
https://openid.net/wg/connect/status/
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1178 & #1179 & #1168 - Federation issues
We assigned these to Roland
#1175 - Create documentation for Self-Issued Identifiers
Tom agreed to write a spec-like document with ideas
#1168 - Federation: How should an OP signal to the RP that its registration has expired?
People are requested to review this one
Next Call
Second SIOP Virtual Meetup is Monday, July 27th at 4-6pm Pacific Time
The next working group call is Thursday, July 30 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200721/26c3675d/attachment.html>
More information about the Openid-specs-ab
mailing list