[Openid-specs-ab] [External Sender] Spec Call Notes 25-Aug-22
George Fletcher
george.fletcher at capitalone.com
Thu Aug 25 15:33:06 UTC 2022
What goto meeting id was used for this call? I tried joining both the one
in the invite for today as well as the one for monday and no one was on.
On Thu, Aug 25, 2022 at 11:30 AM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Spec Call Notes 25-Aug-22
>
>
>
> Mike Jones
>
> Giuseppe De Marco
>
> Torsten Lodderstedt
>
> Brian Campbell
>
> Petteri Stenius
>
> Mark Haine
>
> Brian Clickenbeard
>
> Kristina Yasuda
>
>
>
> Pull Requests
>
> https://bitbucket.org/openid/connect/pull-requests/
> <https://urldefense.com/v3/__https://bitbucket.org/openid/connect/pull-requests/__;!!FrPt2g6CO4Wadw!MMnOpMwEIWfRkC7ZRooNNZT7ZCgiZarVMRFe2U0tawnFjRnwR4Ti1oY-GX37qZjSlcAwBUcTr_qzmYeQu2VPBdRASDK0P_O2UsW6Wf8$>
>
> #284: More on security considerations when using the resolve
> endpoint.
>
> Roland approved Torsten's comments
>
> Merging
>
> #288: chore: [Federation] terms and EC refactoring
>
> Removed "aud" from fetch endpoint, plus wording
> cleanups
>
> Will merge
>
> #289: Described differences between Automatic and Explicit
> Registration
>
> Mike will apply Vladimir's wording change
>
> Mike will ask Kristina to review
>
> #290: Specified how to handle failed Back-Channel Logout
> requests
>
> 4 Approvals - Merged
>
> #286: feat: [Federation] trust_chain parameter in
> Authorization Request
>
> Giuseppe asked if we should add this to
> Explicit Registration
>
> Torsten said that this should be made available
> wherever it can be used
>
> Giuseppe will add that to the PR
>
>
>
> Unmet Authentication Requirements Draft
>
> We will hold WGLC, then Final Review
>
> The step-up authentication work in OAuth references this
> draft
>
>
>
> JARM
>
> Mike will start the Final review
>
>
>
> Issues
>
> #1445: Add section on use of Resolvers
>
> Closed by PR #284
>
> #1606: Relax behaviour around automatic client registration
> to permit other usecases
>
> Mike will request reviews from John and Roland
>
> Torsten said this would be like Federation for
> public clients
>
> He said that we have heretofore
> required authenticating the clients
>
> Brian Clickenbeard said that, from a security
> perspective, the assertion should be signed in production
>
> He said that while developing,
> unsigned assertions would be OK
>
> Kristina commented that signature alone does
> not equal authentication, which she thinks was I think Tobias' point
>
>
>
> Next Call
>
> The next call is the SIOP Special Topic call immediately
> following this one
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
>
> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!MMnOpMwEIWfRkC7ZRooNNZT7ZCgiZarVMRFe2U0tawnFjRnwR4Ti1oY-GX37qZjSlcAwBUcTr_qzmYeQu2VPBdRASDK0P_O2Oh1VQ4w$
>
>
______________________________________________________________________
The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220825/9c546f8c/attachment.html>
More information about the Openid-specs-ab
mailing list