[Openid-specs-ab] Spec Call Notes 29-Apr-24
Michael Jones
michael_b_jones at hotmail.com
Tue Apr 30 00:31:24 UTC 2024
Spec Call Notes 29-Apr-24
Mike Jones
Aaron Parecki
Nat Sakimura
Dima Postnikov
Victor Lu
Edmund Jay
Tom Jones
Possible Federation Listing Endpoint Enhancements
Giuseppe wrote up a listing endpoint that returns more than Entity Identifiers
See issue #2109
Dima requested pagination
No strong preference how it's implemented
Have over a thousand entities in a flat structure
Mike said that there's a pagination option in SCIM that we could look at
Mike asked whether a change indicator is needed
Dima said that normally not
Dima said this use case comes from Raidiam (Ralph Bragg, Chris Michael)
Dima requested more filtering options
Give me things that have changed in last 24 hours
Possibly also query by status (active, deactivated, suspended, historical, etc.)
Dima said that Open Banking ecosystems have status for participants
Some statuses limit ability to interact
Mike pointed out that we don't currently have a concept of status, although it could be added
Dima would like a bulk download feature
An OP Could periodically ask for the set of changed Subordinate Statements from a Trust Anchor
Open Banking/Open Data registries tend to have this kind of functionality
OAuth Spec Last Calls
Rifaat plans to start WGLC on Browser-Based Apps
After that, he plans to start a second WGLC for Resource Metadata
FedCM
Nat talked with Sam Goto about FedCM at IIW
They discussed the possibility of a FedCM binding to OpenID Connect
Aaron reported similar discussions at OSW
Aaron said that FedCM currently doesn't care what the token is that's returned
In a Connect profile, the token would be an ID Token
Aaron is now actively tracking FedCM
It's shipping in Chrome under a feature flag
Google plans to turn it on for Google login
It would be good to keep things as aligned with Connect as possible
Tom reported that FedCM is being specified in Blink - a development environment for Chromium
Tom described an IdP selection feature
But it's a finite list
Aaron is tracking this
Aaron says that IdPs can register with the browser, and only those would be shown
Victor pointed us to a use case document
https://docs.google.com/document/u/0/d/1GvQrIQ8DSFzT7SbUd3ptDnF8QFZR23t5-NdNO8z4w7c/mobilebasic
There is an OAuth interim meeting about FedCM and OAuth on May 7th
https://datatracker.ietf.org/meeting/interim-2024-oauth-02/session/oauth
Certification Tests for Federation
Mike described two kinds of tests
Those that can be run on deployed federations
These can test properties of what's deployed
Those that test software using synthetic deployments
These can include negative tests, such as bad signatures and other misconfigurations
Dima wants to have both kinds
Dima wants to test that the APIs return the right payloads in the right formats
He want to test that added Entities are recognized and removed Entities are not
Trust changes are recognized within a particular interval proscribed by the ecosystem
Dima can share the use cases and scenarios they have
Issues and Pull Requests
Please review the recent issues and pull requests about Federation listing options
Next Call
The next call is Thursday, May 2 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240430/7de905df/attachment-0001.html>
More information about the Openid-specs-ab
mailing list