[Openid-specs-ab] Spec Call Notes 15-Aug-22

Mike Jones Michael.Jones at microsoft.com
Tue Aug 16 04:48:49 UTC 2022 

Spec Call Notes 15-Aug-22

Mike Jones
Karthik Sivasamy
Tobias Looker
Naveen CM
John Bradley
Vittorio Bertocci
David Waite (DW)
Edmund Jay
Jeremie Miller
Dima Postnikov
Adam Bradley

Introductions
              Naveen introduced himself.  He is in the login team at Yahoo.
                           He's taken over some of what George Fletcher used to do.
              Adam Bradley from MasterCard introduced himself.  He is bringing himself up to speed on several initiatives.
                           He will be at Identity Week Asia in Singapore in a few weeks.
              Dima reintroduced himself.  He is also active in FAPI and Gain.

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #275: Clarified that RP-Initiated Logout is idempotent
                           This is intended to fix #1549
                           John said that it's the user that's logged out
                                         Vittorio agreed with John
                           Mike will do an update to the PR
              PR #273: chore: [Federation] Metadata Policy - explanatory text for applying one_of
                           This is largely good.  Mike will suggest a wording simplification.
                           More reviews needed
              PR #272: Enabled OP metadata claims also for AS
                           More reviews needed
              PR #74: adds parameter for requesting credential type format - #1276
                           Edmund suggested that we close this one
                           He will write others later

Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1588 [Federation] Rename "Automatic Registration"
                           Tobias thinks that the term registration has limitations but recognizes its legacy use
                           Mike said that the term has been in use for years and it would cause confusion to change it
                           Tobias asked whether providers are normatively required to perform registration actions on first use
                                         Mike said that one of the delicate balances of standards is requiring behaviors - not implementations
                           John said that providers will normally keep state, so it is registration
                           Tobias recognizes that changing the term could cause confusion
                           Mike described how we use the terms "discovery" and "registration" in OAuth and OpenID Connect
                                         Discovery is used for ASs/OPs
                                         Registration is used for Clients/RPs
                                         Therefore, phrases such as "Client Discovery" are likely to cause cognitive dissonance and confusion
                           We will close this in a week unless a compelling reason is identified to keep it open
              #1582: [GAIN PoC] SAML2 Metadata
                           This will be closed on 19-Aug-22 unless a compelling reason is identified to keep it open
              #1546: query over updating certification tests to allow unsigned id_tokens
                           Assigned to Joseph Heenan, to be closed after closing the corresponding Certification issue

Next Call
              The next call will be on Monday, August 22, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220816/a1e4e718/attachment.html>

More information about the Openid-specs-ab mailing list