[Openid-specs-ab] Spec Call Notes 6-Oct-22

Mike Jones Michael.Jones at microsoft.com
Thu Oct 6 18:26:48 UTC 2022 

Spec Call Notes 6-Oct-22

Mike Jones
Fabian Hoffmann (yes.com)
Brian Campbell
Joseph Heenan
Giuseppe De Marco
Torsten Lodderstedt
John Bradley
Bjorn Hjelm

Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1654: Entity Statement Hosting
                           We will delete the misleading sentence
              #1655: trust_anchor_id in entity statement?
                           Torsten thought that it was strange for an Entity statement to contain this
              #1660: Section 10.2 Explicit Registration lacks formal parameter definition
                           Torsten asked why an entity statement is returned from explicit registration
                           He would rather that we use a normal client registration response
                           We clearly need to normatively define explicit registration and its parameters
              #1657: Section 4.1. Wording
                           We agreed with the proposed addition
              #1661: language around server metadata is quite involved
                           Joseph suggested that we also explicitly refer to the registry.
                           We could be clearer about the distinction between Connect federations and OAuth 2 federations and why we even talk about the latter.
              #1656: Move 3.2. Trust Chain before Entity Statements
                           The editors will review 3.1 and 3.2 for readability and approachability.  Possibly more cross-references would help.
              #1658: Clarification on OP metadata (Section 4.3)
                           Torsten suggests this to enable existing RPs to not have to change
                           This possibility came up in the technical GAIN discussions
                           Once RPs know the issuer URL, they could use the standard .well-known/openid-configuration mechanism
              #1659: trust_chain parameter not mentioned in PAR/automatic and explicit client registration requests
                           This is also related to there not being a normative definition of explicit registration
                           The registration mechanisms share a common set of parameters
              #1662: id_token signature validation
                           We need to discuss whether it was an intentional change from Connect to always validate the ID Token.
                           We also need to be clear that flows other than the Code flow can be used.

Pull Requests
              https://bitbucket.org/openid/connect/pull-requests/
              We ran out of time to discuss pull requests

Next Call
              The next call is at 4pm Pacific Time on Monday, October 10, 2022

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221006/ceee8cd8/attachment-0001.html>

More information about the Openid-specs-ab mailing list