[Openid-specs-ab] AB/Connect Spec Call Notes 2024-02-05
Nat Sakimura
nat at sakimura.org
Tue Feb 6 01:00:38 UTC 2024
=================================================
OpenID AB/Connect WG Meeting Notes (2024-02-05)
=================================================
* Date & Time: 2024-02-05 23:00 UTC
* Location:
https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09
* Self:
https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2024-02-05_Pacific
1. Roll Call
============
Attendees: Aaron, Mark Verstege, Edmund Jay, David Waite, Nat Sakimura, Tom
Jones, Dima Postnikov
Regrets: Mike Jones
2. Events
===========
2.1. OAuth Security Workshop 2024
------------------------------------------------------
Submissions are open.
Deadline: 11th February for early submissions.
https://oauth.secworkshop.events/osw2024
The next deadline is March 10 for submissions.
2.2. OpenID Foundation Workshop
------------------------------------------------------
April 15 @ Google. Details to be published this week.
3. Liaisons
==========
N/A
4. PRs
==========
Merged following PRs *
https://bitbucket.org/openid/connect/pull-requests/692 *
https://bitbucket.org/openid/connect/pull-requests/693 *
https://bitbucket.org/openid/connect/pull-requests/694
The following conflicts
https://bitbucket.org/openid/connect/pull-requests/695
5. Issues
==========
Opened the following issues:
https://bitbucket.org/openid/connect/issues/2108/track-national-identity-schems-that-uses
https://bitbucket.org/openid/connect/issues/2111/federation-location-and-scope-of
https://bitbucket.org/openid/connect/issues/2112/syntax-error-in-trust-mark-request-example
https://bitbucket.org/openid/connect/issues/2113/specify-private_key_jwt-as-the-default
https://bitbucket.org/openid/connect/issues/2114/client-authentication-and-the-federation
https://bitbucket.org/openid/connect/issues/2110/federation-multiple-entity_type-at-the
https://bitbucket.org/openid/connect/issues/2078/federation-specify-the-applicable-json
Questions regarding the AS requirement on POST came up.
https://gitlab.com/openid/conformance-suite/-/issues/1293
In 3.1.2.1 of OIDC Core, it says:
Authorization Servers MUST support the use of the HTTP GET and POST methods
defined in RFC 7231 [RFC7231] at the Authorization Endpoint.
However, the current test suite does not test the support of POST. It was
suggested that it should be added. Now that 3rd party cookie restriction is
kicking in, the POST is becoming obsolete. It was suggested that perhaps we
should remove the requirement. Tom will add an issue on this. Separately,
Aaron will create an issue to align to OAuth 2.1.
The call adjourned at 23:52 UTC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240206/fb21ff4b/attachment.html>
More information about the Openid-specs-ab
mailing list