[Openid-specs-ab] Spec Call Notes 30-Jul-20
Mike Jones
Michael.Jones at microsoft.com
Thu Jul 30 16:38:12 UTC 2020
Spec Call Notes 30-Jul-20
Nat Sakimura
Tim Cappalli
Brian Campbell
Bjorn Hjelm
Mike Jones
Tom Jones
John Bradley
Filip Skokan
OAuth JAR
Nat published -26, addressing comments by Ben Kaduk
Nat will reach out to Ben after IETF finishes
Adopting RP-Initiated Logout Spec
Mike called for adoption of the RP-Initiated Logout spec
https://openid.net/specs/openid-connect-rpinitiated-1_0.html
It consists entirely of content extracted from the Session Management spec
Those on the call were in favor of adoption
Unless objections are heard within two weeks, it will be adopted
Aggregated Claims Draft
It is intended to make aggregated and distributed claims interoperable
Nat mailed it to the working group
http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20200720/007857.html
It was discussed during the second SIOP meetup
Nat called for it to be adopted
Those on the call were in favor of adoption
Unless objections are heard within two weeks, it will be adopted
Certification
Nat and Edmund have submissions ready for Basic and Implicit OP
They filed https://gitlab.com/openid/conformance-suite/-/issues/792
Nat will add that the Python suite passed when nonce not returned from the authorization endpoint
Related to https://bitbucket.org/openid/connect/issues/1052/make-clear-that-nonce-is-always-required
We got a full set of OP submissions from Filip
Filip discovered that the RP Config and RP Dynamic profiles aren't yet in the Java suite
SIOP Meeting Follow-up
We agreed to follow up on the laundry list and break it into individual issues
We agreed dedicate the Pacific call to mostly discuss SIOP issues
We can also discuss this at times on the Atlantic call
Logout and Session Issues
At https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Logout
and https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Session
#1003 - Document possible impacts of disabling third-party cookies on front-channel logout
Mike will propose warning text in the Implementation Consideration sections
#1017 - Session management: RP-init logout: Proposal for optional ui_locales parameter
Mike will ask in the issue whether the OP already knows the locale info
#1056 - Use of id_token in RP-Initiated Logout as the id_token_hint
Should we allow POST to the logout endpoint?
Filip said that Connect requires POST support to the authorization endpoint
But it's a MAY in OAuth
#1022 - Session Management OP Frame message origin assertion
Filip to review the issue and propose specific changes
#1047 - session_state - upon authentication failure?
Filip to review the issue and propose specific changes
Key Recovery
We discussed Tom and Tobias' key recovery proposals
John described possible use of WebAuthn for this
We also touched on Tom's persistent ID proposal
Nat said that this is potentially related to the MODRNA Account Porting specification
We will work on open tickets related to these
A draft may be created and submitted to the WG
John and Kim Cameron discussed encrypting bootstrap info into the DID document
and then using WebAuthn to decrypt the info in a wallet after the user has authenticated via WebAuthn
John: You could also include the WebAuthn credentialID in the did document as well
Only the person with the authenticator would be able to decrypt the key info
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
(No additional open issues were discussed)
Next Call
The next working group call is Monday, August 3 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200730/8e172bf0/attachment.html>
More information about the Openid-specs-ab
mailing list