[Openid-specs-ab] Spec Call Notes 22-Aug-22
Mike Jones
Michael.Jones at microsoft.com
Tue Aug 23 00:07:08 UTC 2022
Spec Call Notes 22-Aug-22
Mike Jones
Nat Sakimura
Jeremie Miller
Kristina Yasuda
Tobias Looker
Dima Postnikov
Karthik Sivasamy
Tobias Looker
Naveen CM
Edmund Jay
Giuseppe De Marco
David Waite (DW)
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1605: Back-Channel Logout Request: Specify how to handle timed out requests / offline RPs
Nat asked what the SecEvents specs are doing in error cases like this
Mike said this could parallel the SecEvents push spec
He'll add a comment to the issue to that effect
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #289: Described differences between Automatic and Explicit Registration
This is intended to address #1588 [Federation] Rename "Automatic Registration"
Reviews have been requested
Tobias asked whether signed requests are needed when using Automatic Registration
He wants to keep things simple, particular for public clients
Mike asked Tobias to file an issue on that topic
Issues
#1600: OP Metadata Basic Information
Changed component to Credential Issuance
#1602: Signed request - what is the audience?
We opened the issue
"aud" is a SHOULD in signed requests
More reviews and thoughts are requested
GAIN
Dima said there was nothing new to report about on GAIN
At this point we switched to discussing OpenID4VC PRs and issues
Pull Requests
PR #269: multiple credentials in the initiate issuance request (Issue #1569)
Kristina asked people whether people want a space-separated syntax
Tobias wants credential type values to also be expressible as scopes
He thinks we should change the parameter to credential_types
Kristina will update the PR
Issues
#1577: Cryptographic proof of possession nonce management
Tobias suggested paralleling DPoP - including "jti", etc.
Tobias asked whether DPoP has a separate nonce endpoint or whether the first request just fails
Mike said that in DPoP, the nonce comes back from the initial failed request
Kristina agreed with keeping things parallel to DPoP
We discussed problems with "jti" in distributed implementations but that it should probably be included
Tobias to create a PR
#1585: Anatomy of a credential request
Tobias stated that key attestation would be useful
Kristina asked whether to include the key as a header parameter
Tobias stated that that would make the key part of the proof of possession
Using the "jwk" header parameter could be a simplification
Tobias said that the attestation can't be in the proof of possession
Jeremie supports renaming "proof" to "credential_binding"
Kristina will write a PR
Merging PRs
Kristina informed us she'll be merging some PRs tomorrow
They all have three or more approvals and no objections and a week will have passed
Mike agreed that that's reasonable criteria to proceed
Next Call
The next call will be on Thursday, August 25, 2022 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220823/d2970f8f/attachment.html>
More information about the Openid-specs-ab
mailing list