[Openid-specs-ab] Spec Call Notes 16-Jun-22
Mike Jones
Michael.Jones at microsoft.com
Thu Jun 16 16:53:29 UTC 2022
Spec Call Notes 16-Jun-22
Mike Jones
Giuseppe De Marco
Filip Skokan
Rifaat Shekh-Yusef
Brian Campbell
Bjorn Hjelm
David Chadwick
David Waite (DW)
Tom Jones
Federation Developments
Roland and Giuseppe presented in Rome on Friday on the Italian OpenID Connect Federations to many Italian federation operators
They presented to the TNC conference on Tuesday
Spec refinements continue based on feedback - particularly feedback from implementers
Among others, from Taka and Vladimir
We are adding additional security considerations
There are 13 open issues at present
The Italian authorities plan to have their first trust anchor up by the end of July
They need the spec to be very stable by September
Attribute authorities are rolling out, based on OAuth Token Exchange
The Italian cabinet is closely following the rollout
A second Italian federation will roll out between December and March
Their legacy SAML deployments will also work for years
IETF 114 is Upcoming
Rifaat reported on IETF OAuth plans
There are two OAuth sessions and two side meetings scheduled
There will be OAuth 2.1 and browser-based applications presentations
There will be a discussion of step-up authentication
Someone from GitHub will be talking to us about token theft
Rifaat will talk about the Multi-Subject JWT draft
Kristina will be talking about Selective Disclosure JWTs
Brian might be talking about DPoP
Brian is looking at Rifaat's shepherd review comments
Perhaps Daniel will be talking about the Security BCP
COSE
Two calls for working group adoption are open
[COSE] Call for adoption of draft-looker-cose-cwt-claims-in-headers-00
[COSE] Call for adoption of draft-looker-cose-bls-key-representations-00
Both specs are led by Tobias Looker, with Mike assisting
JSON Web Proofs (JWPs) BoF Request
A BoF has been tentatively approved for IETF 114
https://datatracker.ietf.org/doc/bofreq-miller-json-web-proofs/
The JWP specs were incubated in DIF Applied Cryptography WG
The W3C VC WG V2 also wants this standardized
The BoF requests reforming the JOSE WG
Filip suggests including new algorithm registrations in the JOSE re-charter
Mike suggested that Filip create a PR for the charter
Post-Quantum Cryptography
Tom Jones asked about post-quantum cryptography work
Orie Steele and Mike Prorock have a draft that proposes registering algorithm identifiers
for the NIST proposed post-quantum algorithms
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1524: Is it OpenID Connect Core when Authorization Request is sent to the OP without using redirects via a user agent?
Tom asked us to talk about this issue
David Chadwick said that 18013-5 extends the Core spec
We agreed to defer discussion of this until the SIOP call so more people knowledgeable of the ISO work can participate
#1530: Core - c_hash and at_hash parameters
Filip will add a comment explaining the context of these parameters
#1511: Determining if an RP is a member of a trust federation
Mike assigned this issue to the Federation category
Giuseppe volunteered to review this
David Chadwick stated that administrative trust is different than cryptographic trust
Giuseppe stated that the Trust Anchor is the representation of the Federation Authority
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
(We ran out of time to discuss pull requests)
Next Call
The next call will be on Monday, June 20, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220616/05517a38/attachment.html>
More information about the Openid-specs-ab
mailing list