[Openid-specs-ab] 2024-02-08 Connect working group call notes
Tom Jones
thomasclinganjones at gmail.com
Thu Feb 8 23:15:41 UTC 2024
i guess i should have noted that I was the one to connect FHIR devs, one of
whom works for Microsoft. ..tom
On Thu, Feb 8, 2024 at 3:11 PM Tom Jones <thomasclinganjones at gmail.com>
wrote:
> Mike - the reason to go to oidc 1.1 is that we expect RSA to be
> deprecated this year - and oidc requires it.
>
> ..tom
>
>
> On Thu, Feb 8, 2024 at 7:47 AM Joseph Heenan via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> Attendees:
>>
>> Joseph Heenan
>> Michael Jones
>> George Fletcher
>> Bjorn Hjelm
>> Brian Campbell
>> David Waite
>> Filip Skokan
>> Pamela Dingle
>>
>>
>> Only 3.5 weeks left to make submissions for IETF
>>
>> *Native SSO*
>>
>>
>> https://bitbucket.org/openid/connect/issues/2101/native-app-sso-no-prescriptive-restriction -
>> George to raise a PR
>>
>>
>>
>> https://lists.openid.net/pipermail/openid-specs-ab/2024-February/010226.html -
>> George will respond on the list
>>
>> *Federation*
>>
>> https://bitbucket.org/openid/connect/pull-requests/695 - Conflicts
>> resolved, Mike plans to merge.
>>
>> Mike & others spoke with Stefan Santesson about the federation issues he
>> had raised, which seemed to come down to potentially not trusting RPs to do
>> key management. A productive discussion was had and Mike plans to close
>> many of the issues.
>>
>>
>>
>> *POST at authorization endpoint*
>>
>> Joseph noted there was further discussion on
>> https://gitlab.com/openid/conformance-suite/-/issues/1293 that should be
>> happening within the Connect working group instead.
>>
>> Mike asked Joseph to open an issue in the connect tracker, which Joseph
>> did:
>> https://bitbucket.org/openid/connect/issues/2115/post-to-authorization-endpoint
>>
>> Brian noted that Ping does accept POST on the Authorization Endpoint.
>>
>> There was general discussion about adding conformance tests vs
>> discouraging this is the spec, and noted that FHIR spec requires the
>> authorization server support this as per Aaron’s original message, that if
>> we were encourage people to implement POST it’d be better to push them
>> towards PAR.
>>
>> An errata can’t make a normative change to the current requirement in
>> OpenID Connect to support POST at Authorization Endpoint.
>>
>> Mike said a 1.1 for this would be overkill. Pam asked if there’s anything
>> else that would go into 1.1. Filip suggesting returning access tokens from
>> the Authorization Endpoint could also be removed. Mike said he wouldn’t
>> want to start 1.1 while the ISO PAS submission was ongoing, which may take
>> 9 months.
>>
>> George suggested adding a conformance test that only issues a warning if
>> it fails, and also creating a new conformance profile that requires it be
>> supported as per FHIR.
>>
>> Joseph asked if FHIR intend to use our certification tests. No one knew.
>> Mike J suggested it would be worth discussing again on a call where Aaron
>> was present.
>>
>>
>> *Moving to github*
>>
>> Pam asked if everything is moving to GitHub. MikeJ said it’s been handled
>> on a case by case basis, and e.g. the Federation authors would like to move
>> to GitHub once they have some existing issues & PRs closed (as the
>> PRs/issues do not transfer over well).
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240208/7575046e/attachment-0001.html>
More information about the Openid-specs-ab
mailing list