[Openid-specs-ab] SIOP Special Topic Call Notes 27-Oct-22

Joseph Heenan joseph at authlete.com
Thu Oct 27 15:13:32 UTC 2022 

SIOP Special Topic Call Notes 27-Oct-22
 
Joseph Heenan
Oliver Terbu
Mike Jones
David Chadwick
Petteri Stenius
Kristina Yasuda
Brian Campbell
George Fletcher
Torsten Lodderstedt
Gail Hodges
Dmitri Zagidulin






Pull Requests

https://bitbucket.org/openid/connect/pull-requests/240 - Add "type" to OP Metadata 

Only outstanding feedback is from Tobias, but Kristina said he’s okay with it merged as is (there may still be further revisions in the future).

Agreed to merge.


https://bitbucket.org/openid/connect/pull-requests/299 - Add Error Codes

Consensus to merge.



https://bitbucket.org/openid/connect/pull-requests/325

To be merged, but there is a further conversation to be had about how client_id is obtained, in particular in ‘open’ scenarios and/or the pre-authorised code flow.

Conversation will continue under https://bitbucket.org/openid/connect/issues/1679/oid4vci-missing-client-id



https://bitbucket.org/openid/connect/pull-requests/285 <https://bitbucket.org/openid/connect/pull-requests/285>

Kristina’s comments still need to be address & merge conflicts resolved. Consensus to merge this once these are resolved, and a new draft will be published one this (and the above MRs) are merged.


https://bitbucket.org/openid/connect/pull-requests/345 <https://bitbucket.org/openid/connect/pull-requests/345>

Kristina asks if at least one person could review.

https://bitbucket.org/openid/connect/pull-requests/327 <https://bitbucket.org/openid/connect/pull-requests/327>

Feedback re: using a parameter other than ‘response_mode’ was reviewed, but given the way we’re using it matches the definition in https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html <https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html> editors decided to stick with response_mode.




https://bitbucket.org/openid/connect/issues/1607/new-well-known-for-issuing <https://bitbucket.org/openid/connect/issues/1607/new-well-known-for-issuing> / https://bitbucket.org/openid/connect/issues/1632/should-rs-have-a-separate-metadata-file <https://bitbucket.org/openid/connect/issues/1632/should-rs-have-a-separate-metadata-file>

Q1: Would new metadata file that contains the current data make sense?

Torsten said that he thinks a new file makes sense, in the same way we have specific endpoints for oauth-authorization-server vs openid-configuration.
Joseph had concerns that we don’t really have those as two specific endpoints, but needed to re-read the server metadata RFC.

Q2: Should the new metadata file actually contain all the data, or just the credential issuance endpoint?

We didn’t get to this question.



https://bitbucket.org/openid/connect/pull-requests/255 <https://bitbucket.org/openid/connect/pull-requests/255>

Mike & anyone else requested to reread.









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221027/e7e52365/attachment.html>

More information about the Openid-specs-ab mailing list