[Openid-specs-ab] Spec Call Notes 19-May-22

Mike Jones Michael.Jones at microsoft.com
Thu May 19 18:47:10 UTC 2022 

Spec Call Notes 19-May-22

Mike Jones
Giuseppe De Marco
Vittorio Bertocci
Monty Wiseman
Takahiko Kawasaki
Rifaat Shekh-Yusef
Nat Sakimura

Logout PRs and Issues
              https://bitbucket.org/openid/connect/pull-requests/
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Logout
              #1491: Do we want to communicate details of why a back-channel logout failed?
                           PR #177 filed to address this issue
              PR #177: Added optional 'error' and 'error_description' values to error responses
                           Nat suggested that we ask Tom what security vulnerability he perceives
                           Filip said that if there's only one error code, there's no point in doing this
                           He suggested that we say that this is for implementers
                           Giuseppe said that the ability to provide error_description values can improve the user experience
                                         It's an accessibility feature

Federation PRs and Issues
              https://bitbucket.org/openid/connect/pull-requests/
              https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Federation
              PR #172: fix: [Federation] removed trust_mark claim from federation entity metadata
                           Per Giuseppe, Roland confirmed that it was an error to have it here
                           We agreed to merge this
              PR #171: feat: [Federation] added trust_chain in resolve endpoint and removed is_leaf in list endpoint
                           This removes is_leaf and the audience
                           It removes "aud" since this endpoint is not protected by client authentication
                           We agreed to merge this
              PR #166: feat: [Federation] jwks claim in OP metadata
                           Roland and Mike have agreed that having this makes sense
                           Giuseppe and the Italian deployers want the responses to be self-contained
                           He noted that Dynamic Client Registration has both "jwks" and "jwks_uri"
                           We agreed to merge
              PR #174: fix: [Federation] OP metadata - removed the claim jwks
                           This is contradictory to #166
                           We agreed to decline this one
              #1498: [Federation][Metadata] Redefinition of signed_jwks_uri
                           Giuseppe said that this can be closed
                           He realizes that JWK Sets can be updated at any time
                           We agreed to close this
              #1485: [Resolve Entity Endpoint] dynamic propagation of metadata renewal
                           The resolve endpoint is a public endpoint
                           The issue proposes that resolution must not trigger additional metadata discovery
                                         That the data must be retrieved from the cache
                           Roland had said in a comment that this would overly constrain implementations
                           Giuseppe agreed to close this with a comment
              #1446: [Federation][list endpoint] Listing by type
                           This will be closed by PR #171
              PR #160: Defined request_authentication_signing_alg_values_supported
                           We agreed to merge this one
              PR #165: request_authentication_methods_supported
                           This appears to be clarifications - not normative changes
                           Giuseppe agreed to review this, as did Mike
                           We will merge this after two positive reviews
              #1479: [Federation][OP Metadata] jwks claim
                           Will be fixed by PR #166
              #1493: [Federation] Devise mechanism for policy metadata to enforce entity type(s) of subordinates
                           Waiting for a write-up by Vladimir
              #1497: [Federation] trust_marks claim shouldn't be defined in the federation entity metadata
                           Will be fixed by PR #172
              #1489: [Federation][Resolve entity endpoint] feat: trust_chain claim as OPTIONAL
                           Will be fixed by PR #171
              #1477: request_authentication_methods_supported inconsistently defined
                           Will be fixed by PR #165
              #1494: [Federation][resolve entity endpoint] proof of the jwks collected from jwks_uri or signed_jwks_uri
                           Will be closed when we add the "jwks" claim to the metadata in PR #166
              #1432: Why does resolver sign entity statement?
                           Requires spec updates to provide more background information
                           Giuseppe said that this is related to another issue
              #1456: scopes metadata parameter needs to be defined
                           We should add this clarification to the spec
              #1445: Add section on use of Resolvers
                           Requires spec updates to provide more background information

Next Call
              The next call will be on Monday, May 23, 2022 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220519/5a5af3f1/attachment.html>

More information about the Openid-specs-ab mailing list