[Openid-specs-ab] Spec Call Notes 20-Oct-22
Mike Jones
Michael.Jones at microsoft.com
Thu Oct 20 15:44:58 UTC 2022
Spec Call Notes 20-Oct-22
Mike Jones
Filip Skokan
David Chadwick
Brian Campbell
David Waite
Bjorn Hjelm
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
330: feat: [Federation] error types list
Filip noted that while some of the recommended errors are generic, some such as invalid_client are more specific
Mike didn't see that as being a problem
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
#1681: [Federation] FAPI prohibits RS256
Brian said that perfect forward secrecy is unrelated to signing
He's fine with ecosystems deciding what signing algorithms to use
FAPI requires ES256 or PS256
Filip said that he's seeing people also want to use ES384 and PS384
David Chadwick is in favor of requiring support for both ES256 and RS256
#1664: Expiration of Logout Tokens for Back-Channel Logout: exp claim not mentioned in spec
Noted that the example doesn't include "exp"
We could put this one on hold until such time as we revise the spec
#1678: provide guidance when the values in IIR does not match with the values in the Issuer metadata.
Added Credential Issuance category
Next Call
The next call is the SIOP Special Topic call immediately following this one
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221020/fc1e01ff/attachment.html>
More information about the Openid-specs-ab
mailing list