[Openid-specs-ab] Spec Call Notes 13-Dec-21

Tue Dec 14 05:32:37 UTC 2021

Spec Call Notes 13-Dec-21

Mike Jones
Nat Sakimura
Kristina Yasuda
Tom Jones
Vittorio Bertocci
Edmund Jay
John Bradley

Proposed Implementer's Drafts
              Several PRs implementing review comments have been created and some merged
              Mike, Edmund, David Chadwick, and DW have reviewed one or both specs
              Issue #1372 by DW has 35 comments
              Kristina has created PRs for David's and DW's comments
                           She continues processing the comments received via e-mail
              The review comments have resulted in substantial improvements.  Thanks all!
              Editor's drafts of both specs have been published for both specs recently

OpenID Connect for Verifiable Credential Issuance
              An editor's draft of -02 has been published
                            https://openid.bitbucket.io/connect/openid-connect-4-verifiable-credential-issuance-1_0.html
              Mike will look into it being published as WG draft

Errata Status
              The errata 2 edits are about 80% done
              Possible PAS submission to ITU and/or ISO is a reason to finish them soon
              Mike plans to try to finish them during the next month

Logout Status
              We still need to logout_hint to RP-Initiated Logout
              Mike said that we should take these to final status soon after that
                           In part, to have a stable description of how the current mechanisms work
                           Vittorio questioned whether we should do this or not, given present browser realities
                           Mike wants to document how these have worked for years
                           We agreed that if there are new logout mechanisms, they should be in new specs
                           We'll take this discussion to the list

Open Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #89: David Chadwick comments sent by email
                           Kristina to merge after resolving conflicts
              PR #90: addressing DW's comments in Issue 1372
                           Kristina still updating
              PR #57: Further specify how to use encrypted id_token_hint values
                           Still an ongoing discussion
              PR #50: Response-as-Push
                           Jeremie may close this and do it as an IETF spec instead
                           Mike agrees with this plan
              All the other PRs are for the Claims Aggregation spec, and were discussed with their issues below

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1311: Require refresh tokens
                           We didn't find a compelling case to make this required when it's normally optional
                           Edmund will add a note to PR #60 saying that some profiles and Trust Frameworks could require it
              #1284: Section 3 - Require Sender Constrained Tokens
                           There wasn't consensus to require this here
                           If anything, once DPoP is a standard, we could create a Connect 1.1 including it
                           PR #63 was intended to do this, so it will be closed with no action
              #1276: Section 2.2. - Missing parameter to determine the credential type.
                           PR #74 was intended to do this
                           Edmund said that this was waiting for the Credential Issuance draft
                                         Edmund will compare this request to what's in the Credential Issuance draft now

Next Call
              The next call is on Thursday, December 16th at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211214/dc4d31e7/attachment.html>