[Openid-specs-ab] OpenID Connect - 2024-03-07 Call Notes

Thu Mar 7 19:08:11 UTC 2024

# OpenID Connect 2024-03-07

## Agenda

- IETF 119
- PRs and Issues

## Attendees

- Mike Jones
- George Fletcher
- Tom Jones
- Tim Cappalli
- Filip Skokan
- Bjorn Hjelm

## Notes

### IETF 119

{Mike} IETF in a few weeks. Anyone going?

{George} I'll be there

{Mike} fully specified algos draft in JOSE, issue with 25519 and ?
question around ECDH key agreement: reason: ephemeral key passed as a param
which has an algo
welcome anyone to weigh in on the email thread before IETF
any other specs to pay attention to?

{Joseph} goal to get agreement on the client attestation spec

{Mike} Tobias posted new drafts of status list

{George}
transaction tokens: bunch of updates to align with token exchange, added
some capabilities for pathing(?)
first party apps: few tweaks, will ask for WG adoption and take temp of room
identity chaining: some updates, removed "don't use requested token type".
what does it do? allows you to cross authorization trust domains. similar
to native SSO spec, provide a more structured way for things that everyone
is already doing
new name: Cross-Domain Authorization or something similar
draft: <https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/
>

(later in meeting)
{Tom} Sounds like "Token Translation" in ADFS. Is there something different
here?

{George} Native SSO provides a way to give a device instance a token
(device secret) that allows you to transfer auth state between native apps
on the same device. No cookie equivalent across native apps.

{Tom} Worried about user experience if it looks differently across devices

{George} Don't know if that's true as the apps need to be written by the
same company

{Tom} Won't help with wallets that want to share the same request

{George} Could use Joseph's work on app to app

### PRs & Issues

#### Connect: PR 702

<https://bitbucket.org/openid/connect/pull-requests/702>

{Mike} plenty of reviews and approvals. Good to merge?

No other feedback. Merged.

#### Federation: Issue 2120

<
https://bitbucket.org/openid/connect/issues/2120/federation-editorial-make-distinction
>

{Mike} Backstory: in federation spec, terms `subordinate` and `superior`
entry are used, referring to stuff above or below you in a trust heirarchy
Problem is sometimes you're referring to the thing immediately below you
and other times anything below you.
spec not currently precise about what is meant
Please review the 4 proposed definitions

#### Federation: Issue 2127

<
https://bitbucket.org/openid/connect/issues/2127/federation-editorial-improve-51-entity
>

{Mike} doesn't change the meaning of the spec, just a clarification.
reviews requested.

#### Other

<https://openid.net/specs/openid-connect-native-sso-1_0-ID1.html>

{George} added metadata for native SSO supported, could publish 06 or 07.
will ask the list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240307/40b191c1/attachment.html>