[Openid-specs-ab] Spec Call Notes 4-Nov-21
Mike Jones
Michael.Jones at microsoft.com
Thu Nov 4 15:09:54 UTC 2021
Spec Call Notes 4-Nov-21
Mike Jones
Kristina Yasuda
David Waite
George Fletcher
Domingos Creado
Tom Jones
Adam Lemmon
Bjorn Hjelm
Giuseppe De Marco
Edmund Jay
Open Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #57: Further specify how to use encrypted id_token_hint values
DW to revise to align with Section 3.1.2.1 of OpenID Connect Core
Kristina and DW had a conversation about id_token_hint use cases
Kristina asked if we had a way to contact the same SIOP as before
DW thought that we didn't
Mike suggested that Kristina file an issue about how we can re-contact a SIOP previously used
But if encrypted, at least a different SIOP couldn't use the ID Token
George said that they have a use case using encrypted use cases for mobile apps
It gives them confidence to skip the username login page
id_token_hint is used in CIBA
Domingos: It can be used for step-up authorization
George: It can be used for account recovery
George described that his RPs need to support multiple authentication methods
Third-party OPs, FIDO, password, and now SIOP
PR #63 - Require Sender Constrained Tokens
Filed by Edmund about Claims Aggregation draft
Mike questioned whether this is realistic today
PR #59 - fixes #1225 - clarifies discovery metadata for IA
No updates since last call
PR #60 - fixes #1311 - Require refresh tokens
No updates since last call
PR #53: Relying Party Metadata Resolution
Giuseppe asked about using OpenID Connect Federation to establish trust among SIOP participants
Introductions
Domingos works at Authlete
In identity industry the last 10 years
Working on FAPI in Brazil
Giuseppe works on digital initiatives for Italian Government
Interested in SIOP
Bjorn at Verizon
Participates in Connect WG and co-chairs MODRNA WG
Tom asked Bjorn about ZenKey
He said that there are different universal links for each Telco
Bjorn said that ZenKey is a common front door for the Mobile Network Operators' identity services
George said that user experience isn't a NASCAR experience
Bjorn said that there's a ZenKey webinar today, Nov 4th at 2pm Eastern Time (11am Pacific)
https://consumerbankersdcassoc.wliinc28.com//events/Building-Security-Trust-As-Mobile-Banking-Adoption-Soars-3812/details<https://consumerbankersdcassoc.wliinc28.com/events/Building-Security-Trust-As-Mobile-Banking-Adoption-Soars-3812/details>
Open Spec Approval Votes
Vote to Approve Third Implementer's Draft of OpenID Connect Federation Specification
https://openid.net/foundation/members/polls/256
Vote to Approve Third Implementer's Draft of OpenID Connect for Identity Assurance Specification
https://openid.net/foundation/members/polls/251
Please participate in both!
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
We didn't get to open issues on this call
Next Call
SIOP Special call Thursday, November 4, 8am Pacific Time
https://global.gotomeeting.com/join/191527645
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20211104/99cd74fe/attachment.html>
More information about the Openid-specs-ab
mailing list