[Openid-specs-ab] Spec Call Notes 12-Jan-23
Joseph Heenan
joseph at authlete.com
Thu Jan 12 17:12:03 UTC 2023
Attendees:
Joseph Heenan
Brian Campbell
John Bradley
Giuseppe De Marco
Takahiko Kawasaki
Mike Jones
George Fletcher
Kristina
David Chadwick
Pedro Felix
Federation
https://bitbucket.org/openid/connect/pull-requests/405 - Text about the meaning of having a metadata claim in an Entity Statement.
Agreed to merge
https://bitbucket.org/openid/connect/pull-requests/375 - Trust Mark endpoint - non normative example
Agreed to merge
https://bitbucket.org/openid/connect/pull-requests/369 - examples of metadata_policy - something compatible with both OAuth2 and OIDC metadata
Agreed to merge
https://bitbucket.org/openid/connect/pull-requests/380 - editorials on Federation Keys and usage of the term Entity
Agreed to merge
https://bitbucket.org/openid/connect/pull-requests/414 - Entity Type is a defined term
Agreed to merge.
https://bitbucket.org/openid/connect/pull-requests/407 - Fixes a draft 26 edit in the request_object usage section
Agreed to merge.
https://bitbucket.org/openid/connect/pull-requests/406 - The 'essential' policy operator can be used in conjunction with one_of, subset_of, superset_of to make their presence optional (iss #1753)
Agreed to merge
All outstanding Federation PRs are now dealt with.
https://bitbucket.org/openid/connect/issues/1757/historical-keys-should-show-validaty
Quite a bit of discussion on the issue. Giuseppe proposes to prepare a PR where there is a “revoked” claim that contains a JSON object.
VCI / VP
Kristina merged various editorial PRs:
merging PR #395, editorial. Approvals from both editors.
merging PR #402 - purely editorial. Approvals from both editors.
merged PR #398 - purely editorial. Approvals from both editors.
merged PR #394, purely editorial. Approvals from both editors.
https://bitbucket.org/openid/connect/issues/1777/vc-issuance-is-vulnerable-to-unknown-key
Quite a bit of discussion as to how/whether the suggestion helps.
John: is the problem that the TLS connection isn’t considered secure? If so adding more things that can be read doesn’t seem to help.
George: What is the attacker/threat model?
John: Should find out Richard’s assumed attacker model before we move to solutions.
Kristina will document today’s discussion in issue.
https://bitbucket.org/openid/connect/issues/1621/agree-on-direction-61-tls-requirements
Agreed not to say anything very specific about TLS versions that would quickly get out of date. Could refer to BCP195 / https://datatracker.ietf.org/doc/rfc9325/
Brian thinks he’s written some text about using https scheme before and will try to find it to share.
https://bitbucket.org/openid/connect/issues/1374/credential-issuance-oauth-20-token
Kristina suggests this should be handled in a separate spec, not in the VP spec, and suggests closing the issue. No one objected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230112/f8958f9e/attachment.html>
More information about the Openid-specs-ab
mailing list