[Openid-specs-ab] [External Sender] Spec Call Notes 25-Aug-22

Thu Aug 25 16:56:33 UTC 2022

This is the one, George: https://global.gotomeeting.com/join/181372694

Both OIDF and DIF calendars and email invites have been updated...

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of George Fletcher via Openid-specs-ab
Sent: Thursday, August 25, 2022 8:33 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: George Fletcher <george.fletcher at capitalone.com>
Subject: Re: [Openid-specs-ab] [External Sender] Spec Call Notes 25-Aug-22

What goto meeting id was used for this call? I tried joining both the one in the invite for today as well as the one for monday and no one was on.

On Thu, Aug 25, 2022 at 11:30 AM Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Spec Call Notes 25-Aug-22

Mike Jones
Giuseppe De Marco
Torsten Lodderstedt
Brian Campbell
Petteri Stenius
Mark Haine
Brian Clickenbeard
Kristina Yasuda

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F__%3B!!FrPt2g6CO4Wadw!MMnOpMwEIWfRkC7ZRooNNZT7ZCgiZarVMRFe2U0tawnFjRnwR4Ti1oY-GX37qZjSlcAwBUcTr_qzmYeQu2VPBdRASDK0P_O2UsW6Wf8%24&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C3f692434818a46c5961c08da86af2ce2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637970384211946770%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=gAI%2F8ZPTYa6qv5UbdCydRsmh%2FpmtKDJCv875AlIADNo%3D&reserved=0>
              #284: More on security considerations when using the resolve endpoint.
                           Roland approved Torsten's comments
                           Merging
              #288: chore: [Federation] terms and EC refactoring
                           Removed "aud" from fetch endpoint, plus wording cleanups
                           Will merge
              #289: Described differences between Automatic and Explicit Registration
                           Mike will apply Vladimir's wording change
                           Mike will ask Kristina to review
              #290: Specified how to handle failed Back-Channel Logout requests
                           4 Approvals - Merged
              #286: feat: [Federation] trust_chain parameter in Authorization Request
                           Giuseppe asked if we should add this to Explicit Registration
                           Torsten said that this should be made available wherever it can be used
                           Giuseppe will add that to the PR

Unmet Authentication Requirements Draft
              We will hold WGLC, then Final Review
              The step-up authentication work in OAuth references this draft

JARM
              Mike will start the Final review

Issues
              #1445: Add section on use of Resolvers
                           Closed by PR #284
              #1606: Relax behaviour around automatic client registration to permit other usecases
                           Mike will request reviews from John and Roland
                           Torsten said this would be like Federation for public clients
                                         He said that we have heretofore required authenticating the clients
                           Brian Clickenbeard said that, from a security perspective, the assertion should be signed in production
                                         He said that while developing, unsigned assertions would be OK
                           Kristina commented that signature alone does not equal authentication, which she thinks was I think Tobias' point

Next Call
              The next call is the SIOP Special Topic call immediately following this one
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!MMnOpMwEIWfRkC7ZRooNNZT7ZCgiZarVMRFe2U0tawnFjRnwR4Ti1oY-GX37qZjSlcAwBUcTr_qzmYeQu2VPBdRASDK0P_O2Oh1VQ4w$<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab__%3B!!FrPt2g6CO4Wadw!MMnOpMwEIWfRkC7ZRooNNZT7ZCgiZarVMRFe2U0tawnFjRnwR4Ti1oY-GX37qZjSlcAwBUcTr_qzmYeQu2VPBdRASDK0P_O2Oh1VQ4w%24&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C3f692434818a46c5961c08da86af2ce2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637970384211946770%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=KosfAtNfjFN3hQOYU%2BPL9PMtglqjVdEIiP1YWjvWFdo%3D&reserved=0>
________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220825/bb95e624/attachment.html>