[Openid-specs-ab] Spec Call Notes 24-Jan-22

Tue Jan 25 22:29:31 UTC 2022

Spec Call Notes 24-Jan-22

Mike Jones
Giuseppe De Marco
Vittorio Bertocci
Nat Sakimura
David Waite
Giuseppe De Marco
Kristina Yasuda
Edmund Jay
Tom Jones

Federation Spec
              Roland merged PR #108 creating separate endpoints for operations
Federation Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Federation
              #1413: Evaluate Entity Statement releases metadata and not entity statements
                           Giuseppe wants to instead return entity statements with trust marks
                           Trust marks can be used to immediately exclude an entity from a federation
              #1414: Federation api endpoints with OpenAPI Schema version 3
                           The issue asks "Would you like to have an appendix with a OAS3 schema describing these endpoints?"
                           Mike asked that an example or two be added to the issue
              #1368: [federation_api] fetch entity statement - issuer paramenter is really required?
                           Giuseppe said that the issuer could be implicit
                           Mike said that, in general, we try to have information be explicitly passed
              #1366: Support for "immediate" exclusion of an entity from a federation
                           PR #104 addresses this issue
Federation PRs
              https://bitbucket.org/openid/connect/pull-requests/
              PR #114: feat: Added Metadata and Trust Marks in "1.2. Terminology"
                           Adds terminology
              PR #112: fix: XML2RFC processing fixed
                           Fixes syntax error
              PR #111: Evaluate Entity Statement for any subject
                           Defer until Roland reviews it

              The next European-friendly call time is on Thursday
                           We will try to have Roland and John come

Editorial Comments on SIOP
              PR #115: [SIOP v2] reflecting editorial comments received during pre-implementer's draft review period
                           Addresses editorial issues filed
                           Adds definitions
                           Makes no normative changes
                           Reviews are requested
                           We'd like to merge this before the official voting period starts on February 1st
              We're not going to merge any normative changes until the review period ends
              We're not aware of any editorial OIDC4VP issues

OAuth JKT URI Spec
              The call for adoption is currently open through Thursday.  See:
                           [OAUTH-WG] Call for adoption - JWK Thumbprint URI

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1395 usage of id_token_hint in OIDC.Core
                           We discussed possibly clarifying the use of the id_token_hint for reauthenticating
                           Vittorio isn't comfortable with reauthenticating
                           Vittorio says that he's ... Kubernetes
                           Mike said we intentionally don't say what the OP must and must not do when receiving an id_token_hint
                           Vittorio said that he's comfortable using the id_token_hint to provide information
                                         He's not comfortable using it as a credential
                           Brian said that if we had sender-constrained ID Tokens with Token Binding, the threat model would be different
                           Vittorio would be OK not making a clarification

Next Call
              The next Connect call will be Thursday January 27, 2022 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220125/483f5466/attachment.html>