[Openid-specs-ab] 2024-02-08 Connect working group call notes
Tom Jones
thomasclinganjones at gmail.com
Thu Feb 8 23:11:29 UTC 2024
Mike - the reason to go to oidc 1.1 is that we expect RSA to be
deprecated this year - and oidc requires it.
..tom
On Thu, Feb 8, 2024 at 7:47 AM Joseph Heenan via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Attendees:
>
> Joseph Heenan
> Michael Jones
> George Fletcher
> Bjorn Hjelm
> Brian Campbell
> David Waite
> Filip Skokan
> Pamela Dingle
>
>
> Only 3.5 weeks left to make submissions for IETF
>
> *Native SSO*
>
>
> https://bitbucket.org/openid/connect/issues/2101/native-app-sso-no-prescriptive-restriction -
> George to raise a PR
>
>
>
> https://lists.openid.net/pipermail/openid-specs-ab/2024-February/010226.html -
> George will respond on the list
>
> *Federation*
>
> https://bitbucket.org/openid/connect/pull-requests/695 - Conflicts
> resolved, Mike plans to merge.
>
> Mike & others spoke with Stefan Santesson about the federation issues he
> had raised, which seemed to come down to potentially not trusting RPs to do
> key management. A productive discussion was had and Mike plans to close
> many of the issues.
>
>
>
> *POST at authorization endpoint*
>
> Joseph noted there was further discussion on
> https://gitlab.com/openid/conformance-suite/-/issues/1293 that should be
> happening within the Connect working group instead.
>
> Mike asked Joseph to open an issue in the connect tracker, which Joseph
> did:
> https://bitbucket.org/openid/connect/issues/2115/post-to-authorization-endpoint
>
> Brian noted that Ping does accept POST on the Authorization Endpoint.
>
> There was general discussion about adding conformance tests vs
> discouraging this is the spec, and noted that FHIR spec requires the
> authorization server support this as per Aaron’s original message, that if
> we were encourage people to implement POST it’d be better to push them
> towards PAR.
>
> An errata can’t make a normative change to the current requirement in
> OpenID Connect to support POST at Authorization Endpoint.
>
> Mike said a 1.1 for this would be overkill. Pam asked if there’s anything
> else that would go into 1.1. Filip suggesting returning access tokens from
> the Authorization Endpoint could also be removed. Mike said he wouldn’t
> want to start 1.1 while the ISO PAS submission was ongoing, which may take
> 9 months.
>
> George suggested adding a conformance test that only issues a warning if
> it fails, and also creating a new conformance profile that requires it be
> supported as per FHIR.
>
> Joseph asked if FHIR intend to use our certification tests. No one knew.
> Mike J suggested it would be worth discussing again on a call where Aaron
> was present.
>
>
> *Moving to github*
>
> Pam asked if everything is moving to GitHub. MikeJ said it’s been handled
> on a case by case basis, and e.g. the Federation authors would like to move
> to GitHub once they have some existing issues & PRs closed (as the
> PRs/issues do not transfer over well).
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240208/4ad55028/attachment.html>
More information about the Openid-specs-ab
mailing list