[Openid-specs-ab] Spec Call Notes 25-Aug-22
Mike Jones
Michael.Jones at microsoft.com
Thu Sep 8 23:32:38 UTC 2022
Spec Call Notes 25-Aug-22
Mike Jones
David Chadwick
Brian Campbell
Rifaat Shekh-Yusef
George Fletcher
WGLC for Unmet Authentication Requirements specification
Completed today
No comments received
Mike will start the review for Final status
Vote for Proposed Final OpenID Connect Logout Specifications is underway
Please participate at https://openid.net/foundation/members/polls/276
The vote closes on Monday
You can join at https://openid.net/foundation/members/registration if you're not already a member
Pull Requests
https://bitbucket.org/openid/connect/pull-requests/
PR #301: Described when signed request requirement could be relaxed
Related to https://bitbucket.org/openid/connect/issues/1606/relax-behaviour-around-automatic-client
Please review
PR #255: Determining if one party may be able to trust a second party.
Related to https://bitbucket.org/openid/connect/issues/1551/
David Chadwick said that this PR also generalizes functionality, like the previous one
David has made some clarifications in the PR
He's waiting for terminology feedback from those requesting it
PR #243: Ordering claims in OP Metadata (Issue #1593)
Kristina requested changes
David asked whether the ordering is related to the format or the display
George asked why ordering matters in the protocol
David said that some customers have asked for ordering
He said that there's a requirement from the issuer to display them in the same order as shown in the paper document
George said that he's still struggling with that
prompt=create Specification
George updated us on the status
Needs a full read - possibly adding acknowledgements
Ready for working group last call
Native SSO for Mobile Apps Specification
George updated us on the status
He said that Okta is using it in an unanticipated way
We should discuss how they're using it
George will reach out to Aaron and Vittorio
Ready to go to Implementer's Draft
We agreed to give people two weeks to review - then we'll start the Implementer's Draft review
JARM (FAPI WG Specification)
In review for Final status
https://openid.net/2022/08/27/public-review-period-for-proposed-final-jwt-secured-authorization-response-mode-for-oauth-2-0-jarm-specification/
Pull Requests
PR #299: Add Error Codes
Reviews requested
Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
https://bitbucket.org/openid/connect/issues/1632/issuer-metadata-clarification-needed
Mike said that letting the different servers have their own metadata is the most straightforward path
Brian said that there is a legitimate question about the lifetime of the things we've signed and keys
Different things likely need to be signed with keys with different properties
Brian said that registering a new "use" value would not be the right thing to do
David agreed that there should be two metadata files - each pointing to their own keys
George agreed
David asked which one to pass to the wallet to kick things off
He'll add that context to the issue
Next Call
The next call is the SIOP Special Topic call immediately following this one
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220908/7bc1373c/attachment.html>
More information about the Openid-specs-ab
mailing list