[Openid-specs-ab] Spec Call Notes 13-Dec-21
Mike Jones
Michael.Jones at microsoft.com
Tue Dec 14 05:32:37 UTC 2021
Spec Call Notes 13-Dec-21
Mike Jones
Nat Sakimura
Kristina Yasuda
Tom Jones
Vittorio Bertocci
Edmund Jay
John Bradley
Proposed Implementer's Drafts
Several PRs implementing review comments have been created and some merged
Mike, Edmund, David Chadwick, and DW have reviewed one or both specs
Issue #1372 by DW has 35 comments
Kristina has created PRs for David's and DW's comments
She continues processing the comments received via e-mail
The review comments have resulted in substantial improvements. Thanks all!
Editor's drafts of both specs have been published for both specs recently
OpenID Connect for Verifiable Credential Issuance
An editor's draft of -02 has been published
https://openid.bitbucket.io/connect/openid-connect-4-verifiable-credential-issuance-1_0.html
Mike will look into it being published as WG draft
Errata Status
The errata 2 edits are about 80% done
Possible PAS submission to ITU and/or ISO is a reason to finish them soon
Mike plans to try to finish them during the next month
Logout Status
We still need to logout_hint to RP-Initiated Logout
Mike said that we should take these to final status soon after that
In part, to have a stable description of how the current mechanisms work
Vittorio questioned whether we should do this or not, given present browser realities
Mike wants to document how these have worked for years
We agreed that if there are new logout mechanisms, they should be in new specs
We'll take this discussion to the list
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #89: David Chadwick comments sent by email
Kristina to merge after resolving conflicts
PR #90: addressing DW's comments in Issue 1372
Kristina still updating
PR #57: Further specify how to use encrypted id_token_hint values
Still an ongoing discussion
PR #50: Response-as-Push
Jeremie may close this and do it as an IETF spec instead
Mike agrees with this plan
All the other PRs are for the Claims Aggregation spec, and were discussed with their issues below
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1311: Require refresh tokens
We didn't find a compelling case to make this required when it's normally optional
Edmund will add a note to PR #60 saying that some profiles and Trust Frameworks could require it
#1284: Section 3 - Require Sender Constrained Tokens
There wasn't consensus to require this here
If anything, once DPoP is a standard, we could create a Connect 1.1 including it
PR #63 was intended to do this, so it will be closed with no action
#1276: Section 2.2. - Missing parameter to determine the credential type.
PR #74 was intended to do this
Edmund said that this was waiting for the Credential Issuance draft
Edmund will compare this request to what's in the Credential Issuance draft now
Next Call
The next call is on Thursday, December 16th at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211214/dc4d31e7/attachment.html>
More information about the Openid-specs-ab
mailing list