[Openid-specs-ab] Spec Call Notes 4-Jan-21
Mike Jones
Michael.Jones at microsoft.com
Tue Jan 5 00:03:38 UTC 2021
Spec Call Notes 4-Jan-21
Mike Jones
Nat Sakimura
Tony Nadalin
Adam Lemmon
Kim Cameron
Vittorio Bertocci
Edmund Jay
Tim Cappalli
Kristina Yasuda
Tom Jones
External Organizations
IETF
OAuth JAR
Mike owes a reply on an OAuth JAR thread
OAuth 2.1
Vittorio reported that OAuth 2.1 adds a number of MUSTs not in the original specs
Vittorio suggested adding language saying that the Form Post Response Mode is still OK
SecEvent Subject Identifiers
Dick Hardt had expressed some concerns
Tim said that discussions remain ongoing
Tim: There may not be a shared identifier between systems
Browser Features
Vittorio and George Fletcher are working on a document describing use of browser features by identity protocols
This came out of discussions at https://datatracker.ietf.org/meeting/interim-2020-oauth-12/session/oauth
It will be an informational specification
They will share a link to the GitHub repository shortly
W3C
Tony reported that WebAuthn Level 2 entered proposed Candidate Recommendation (CR) phase
WebAuthn Level 2 may be done in March 2021
Level 2 added an Apple attestation, some management features, enterprise attestation, and does some clean-up
There is interest in doing a Level 3
Level 3 may include backup/recovery work
WebID and IsLoggedIn
Tim is following these
Tim has scheduled a meeting to talk about these on Wednesday
DIF
DIF is having a virtual F2F on January 19th
https://www.eventbrite.com/e/dif-face-to-face-virtual-2-tickets-131061150429
There will be 15 minutes on the liaison relationship and the SIOP coordination
Special Topic Call Status
A biweekly Browser Interactions special topic status call is being scheduled
Kristina sent out a poll about call times
10pm UTC seems to be the best time
Results from special calls will be reported back to the main Connect calls
Issues
https://bitbucket.org/openid/connect/issues
#1196: SIOP Credential Wallet as a PWA
Kim discussed this issue
He said that eliminating friction at the beginning of the process is critical
He said that PWAs can run disconnected and then update when connect
The PWA subsystem ensures the integrity of the code
PWAs may not have access to secure key stores on platforms
They use the WebCrypto key store
How to do discussion for PWAs is still under discussion
Discussion will continue in the ticket
OpenID Connect Federation Status
Mike e-mailed a report on the third OpenID Connect Federation interop
We will be updating the specification as a result of things learned during the interop
Next Call
The next call is on Monday, January 11th, 2021 at 3pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210105/e4537257/attachment.html>
More information about the Openid-specs-ab
mailing list