[Openid-specs-ab] Spec Call Notes 1-Nov-21
Mike Jones
Michael.Jones at microsoft.com
Wed Nov 3 19:43:36 UTC 2021
Spec Call Notes 1-Nov-21
Mike Jones
John Bradley
David Waite
Andrew Hughes
Tom Jones
Tony Nadalin
Edmund Jay
Tim Cappalli
Jeremie Miller
Gail Hodges
Report on W3C Federated Identity Community Group
Tim reported on developments in the FICG
So far, very focused on use cases
Refeds university sign-in use case
New York Times sign-in use case
WebID became Federated Credential Management API
Currently in the WICG
Google has acknowledged that possibly changing redirects is a longer-term issue
FCM API session at fall TPAC 2021
https://watch.videodelivery.net/29bab61e04e8cabf1517e5885c9fe4cf
Browsers might intercept SAML and OpenID Connect requests and invoke its identity API
IsLoggedIn became Login Status API
John asked about the relationship between the FedCM proposal and Account Chooser
John asked whether the proposed chooser could also be used to select self-issued OPs
Tim reported that selecting self-issued OPs was out of scope because it wasn't related to a current privacy problem
Tim suggested that those interested in these use cases participate in the interest group
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #59 - fixes #1225 - clarifies discovery metadata for IA
Reorganizes metadata section for Claims Aggregation
PR #60 - fixes #1311 - Require refresh tokens
Resulted from comments by Torsten on Claims Aggregation
PR #55 - Point to RFC 7591 for Dynamic Client Registration metadata
Currently removes Connect Registration
Mike said that we should retain the Connect Registration reference as well
PR #56: Replace reference to the DID method syntax from the DID Registry to DID Core. Describe the syntax for forming this key, which appears to be specific to this spec
References the syntax definition in DID Core
PR #57: Further specify how to use encrypted id_token_hint values
Mike described decrypting and encrypting ID Tokens
DW said that this is described in Section 3.1.2.1 of OpenID Connect Core
DW will rework this PR to align with Core
PR #54: SIOP Invocation - text updates
Partially replaces PR #51 Resolvable entity identifiers
PR #53: Relying Party Metadata Resolution
Partially replaces PR #51 Resolvable entity identifiers
PR #50: Response as Push
Enables large responses by using the same pattern as PAR
Waiting for a SIOP call during which Torsten can participate
PR #45: additional security considerations
This is for OpenID Connect for Verifiable Presentations
Jeremie was in favor of merging this, and possibly iterating on more considerations separately
DW agreed, and will add a comment to that effect
PR #51: Resolvable entity identifiers
DW declined this PR in favor of the ones replacing it
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1350: Support for ID tokens in introspection endpoint
We proposed to close this because it proposes new OAuth functionality - not Connect functionality
#1351: Fix example in SIOP (remove for now?)
Mike advocated fixing it rather than removing it
DW said he would create a PR doing that
Next Call
Thursday, November 4, 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211103/5bd3b5d4/attachment.html>
More information about the Openid-specs-ab
mailing list