[Openid-specs-ab] Spec Call Notes 24-Oct-22
Kristina Yasuda
Kristina.Yasuda at microsoft.com
Tue Oct 25 07:39:48 UTC 2022
Response_mode=post PR has been updated with the new value direct_post and better description: https://bitbucket.org/openid/connect/pull-requests/327
We will discuss with the editors wrt defining a new parameter vs reusing response_mode.
Inspired by the discussion, also did an editorial PR clarifying concepts in OpenID4VP spec: https://bitbucket.org/openid/connect/pull-requests/327
Cheers,
Kristina
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Mike Jones via Openid-specs-ab
Sent: Tuesday, October 25, 2022 12:28 AM
To: openid-specs-ab at lists.openid.net
Cc: Mike Jones <Michael.Jones at microsoft.com>
Subject: [Openid-specs-ab] Spec Call Notes 24-Oct-22
Spec Call Notes 24-Oct-22
Mike Jones
Vittorio Bertocci
George Fletcher
Kristina Yasuda
Dima Postnikov
Tom Jones
David Waite (DW)
Errata Updates
Mike created 7 errata PRs
They have [Errata] at the beginning of the subject line
He plans to merge them in a week after they were created unless comments are received
He noted that in the past, he simply pushed errata updates to master
Because the working group had already decided how to address them
Given the WG's increasing use of PRs, he created PRs this time to enable people to comment before merging
Addressing the open errata issues is part of preparing for ISO PAS submission
See the open errata issues at
https://bitbucket.org/openid/connect/issues?status=new&status=open&milestone=Errata<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26milestone%3DErrata&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf3814bd398044e7861c308dab65a6b88%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638022796813293038%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LqNCHh5CZtjvOnmbW3b4l4W2uaUlSGfEEa1cSbYFxAU%3D&reserved=0>
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fpull-requests%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf3814bd398044e7861c308dab65a6b88%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638022796813293038%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cwEROrtI%2Bdbl6tnhnYGXKvdURLm9Mxp9sef4bt%2BqHlE%3D&reserved=0>
PR #335: chore: [Federation] disambiguations on the federation entity role
We need to address Roland's comments
PR #327: clarified the definition of response mode post - Issue #1626
Kristina requested that George review
We discussed the naming suggestions from the 13-Oct-22 SIOP special topic call
George is good with Joseph's name direct_post
This is different from other response modes because it can cross devices, rather than use a redirect
George said that direct_post is the only mode that makes sense cross-device
George said that direct_post with a cloud wallet is an interesting context
Vittorio asked whether there are any other response types or response modes that result in cross-device flows
He's not sure why we're trying to reuse an existing parameter rather than defining a new one
He said that using a client as an authorization server is confusing
Kristina said that it's well-defined for a native application to be able to do both
He doesn't see a security issue - he just finds it to be unnatural
Kristina said that these differences are why the introduction to OpenID4VP is long
The PR is an attempt to describe this better
Kristina said that developers have successfully built and deployed the specification
The form_post response mode is defined at https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html#FormPostResponseMode<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Foauth-v2-form-post-response-mode-1_0.html%23FormPostResponseMode&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf3814bd398044e7861c308dab65a6b88%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638022796813449288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=672av00AAkBJhRKpXkFvbQzvZnCGfWYkqBozQOoCRJw%3D&reserved=0>
The response_mode parameter is registered with IANA
The response mode values are not
George suggested adding more context about the roles that are being played by different parties
George agreed to make a comment on the PR
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%3Fstatus%3Dnew%26status%3Dopen&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cf3814bd398044e7861c308dab65a6b88%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638022796813449288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sTBJmEnBoI0J8OzAK2xUAjiglsxqA74C8tXjEJXNf1I%3D&reserved=0>
#1681: [Federation] FAPI prohibits RS256
Mike reported that the Federation editors agreed to the following resolution:
"Implementations SHOULD support signature verification with RS256 because OpenID Connect Core requires support for RS256;
Federations MAY also specify different mandatory-to-implement algorithms."
Next Call
The next call is the SIOP Special Topic on Thursday, October 27th at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221025/de6fcb40/attachment-0001.html>
More information about the Openid-specs-ab
mailing list