[Openid-specs-ab] OpenID Connect Call Minutes - 7/18

David Waite david at alkaline-solutions.com
Fri Jul 29 21:25:42 UTC 2022 

# OpenID Connect A/B Group
## Pacific Meeting July 18th

## Attendance

## Agenda

* Events
* Pull Requests
* Issues
* Notices

## Events

### IETF Meeting Next Week

Monday is a full day - OAuth WG in morning, BOF for JWP is after lunch. Unfortunate conflict between OAuth and CFRG. Tobias Looker is planning to discuss [BBS][BBS] at the CFRG meeting.

Vittorio will be speaking to [OAuth 2.0 Step-Up][Step-Up], reusing OIDC affordances where possible. Worry is that there is little discussion, various parties already seem to be adopting it. May have some deployments out there before discussion points are raised by people.

Three side meetings scheduled for OAuth as well.

[BBS]: https://datatracker.ietf.org/doc/draft-looker-cfrg-bbs-signatures/ "BBS Signatures"

[Step-Up]: https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-challenge/ "OAuth 2.0 Step-up Authentication Challenge Protocol"

### Other Events

[BGIN Block #6][BGIN] on July 26th, Nat is participating

[BGIN]: https://www.blockchain.uzh.ch/events/blockchain-governance-initiative-network-bgin-block-6/ "BGIN Block #6"

## Non-SIOP Pull Requests

[#74 (Claims Aggregation): adds parameter for requesting credential type format]( https://bitbucket.org/openid/connect/pull-requests/74 ) 

Does not currently need external review

[#208 (Federation): Text on the use of the claim metadata as part of a policy statement]( https://bitbucket.org/openid/connect/pull-requests/208 )

Notion is that there are two ways to define metadata - metadata statements and metadata policy statements. Trying to make the decision to use one or the other unambiguous. Waiting on feedback from Vladimir

[#245 (Federation): chore: request_authentication_signing_alg_values_supported clarification on AR/PAR]( https://bitbucket.org/openid/connect/pull-requests/245)

Clarification on use of private_key_jwt and request_object properties.

## Notices

Notice that there are efforts to have new SIOP implementers’ drafts, including the second versions of SIOP and presentation and the first for issuance.

### OAuth Extensions in the Connect WG

In the face of some discussions on other OpenID Foundation specs (like CIBA) perhaps better belonging under IETF, does it make sense that specs based on OAuth (like issuance) belong in IETF as well.

There are other efforts within the OpenID Foundation (such as FAPI) which also are not strictly dependencies of Connect

Finally there is history of work defined in OpenID Connect for authentication uses migrating to OAuth, possibly in some limited-in-scope form.

## Issues

[#1531 (Federation): trust_marks_issuers claim available for all entities]( https://bitbucket.org/openid/connect/issues/1531/federation-trust_marks_issuers-claim )

Wants trust mark issuers for things other than trust roots, which is a broadening of trust marks to support other kinds of marks, potentially involving external issuers. Effort will be taken to better document and discuss the need to make sure this is the proper approach.

More information about the Openid-specs-ab mailing list