[Openid-specs-ab] Spec Call Notes 3-Nov-22

Mike Jones Michael.Jones at microsoft.com
Thu Nov 3 19:46:18 UTC 2022 

Spec Call Notes 3-Nov-22

Mike Jones
Brian Campbell
Joseph Heenan
George Fletcher
Giuseppe de Marco
Bjorn Hjelm
David Chadwick
Rifaat Shekh-Yussef

IETF

Native SSO
              PR #313 was merged
              George to publish an updated draft

CORS and OAuth
              PR #338 was merged during the last call, enhancing our CORS descriptions
              In the discussion of issue #980, it was suggested that CORS language be added to the OAuth Security BCP

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              PR #348: feat: [Federation] Listing endpoint entity_type url parameter
                           There's a separate question of whether we should define the term "metadata type identifier"
                           Merged
              PR #350: fix: [Federation] trust_chain http method in authz request
                           We agreed to also suggest the use of request_uri as a possible option

Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1712: federation_entity metadata
                           Suggests making organization_name required
                           Because organization_name isn't necessary for the protocol to function, Mike suggests making this RECOMMENDED
              #1702: [Federation] removal of trust_mark_issuer metadata type
                           This would move federation_status_endpoint up a level in the structure and remove the trust_mark_issuer identifier
              #1659: trust_chain parameter not mentioned in PAR/automatic and explicit client registration requests
                           Giuseppe thinks that #1660 already covers this
                           We'll leave this open until we've addressed all of Torsten's registration comments
              #1708: Federation operations errors
                           George cautioned against providing too much information about the parties in the errors
                           George suggested the HTTP 504 Gateway Timeout error for connection timeout
                           Joseph said that we would need an error code because the party receiving the timeout isn't the party receiving the error
                           George distinguished between errors made by the caller and other errors
                           We requested that specific error proposals be added to the issue

Next Call
              We may cancel the Monday call due to the IETF meeting in London
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221103/a168a592/attachment-0001.html>

More information about the Openid-specs-ab mailing list