[Openid-specs-ab] Spec call notes 2024-05-06

Mon May 6 23:44:22 UTC 2024

Spec call notes 2024-05-06

Michael Jones
Aaron Parecki
Diuseppe De Marco
Tom Jones
Dima Postnikov

## WGLC for OAuth for Browser-Based Apps at IETF

* Last call feedback requested a mention of response_mode=fragment
* Several OpenID parameters are registered in IANA OAuth Parameters registry
* Slightly less than 2 weeks left in last call, comments and feedback
welcome
* IETF Mailing list thread: [OAUTH-WG] WGLC for Browser-Based Apps

## OpenID Federation Conformance Tests

Mike sent an email "[Openid-specs-ab] Proposed initial Certification tests
for OpenID Federation" on Friday

It is the job of the WG to specify what the certification tests are to
include

Dima has allocated some funds to pay for writing certification tests

Mike proposed a set of conformance tests for OpenID Federation, trying to
start with test descriptions that are applicable to everyone, regardless of
what subset you are using. And that can be run without joining your nodes
to an artificial federation. More tests will come, but wanted to give the
certification team something to start building sooner than later.

Dima will review the document and provide feedback

Currently no tests that are specific to OPs/RPs/authorization servers, they
are all about the federation entity data structures.

Giuseppe - we agreed that the tests are useful, but will wait on
implementation for now. Would also like tests for trust marks.

Mike will find out where to track issues

## WGLC for Fully Specified Algorithms

Mike: JOSE WG has started WGLC for Fully Specified Algorithms spec
Email thread "[jose] WGLC for draft-ietf-jose-fully-specified-algorithms"

This solves a set of problems that OIDC/Federation/FAPI/OAuth/WebAuthn have
so there has been some support on list already. If you have an interest in
this, for example ED448 signatures, please read and contribute to the last
call.

Tom: is there anything different about JOSE algorithms?

Mike: There are two separate registries in IETF for algorithms

Tom will review

## Federation

The Federation editors believe they are within 2 weeks of being able to
publish a candidate implementer's draft

Will only include things in the implementer's draft that we believe are
already correct

OpenID Foundation is working with University of Stuttgart to do a security
review of the Federation spec, we need to give them a stable point to use
as the basis of their security analysis

Please look at outstanding issues and PRs, in particular issues tagged
"implementer's draft", the editors plan to address these before
implementer's draft

https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=%21spam&component=Federation&milestone=Implementer%27s%20Draft

ARF 1.4 - next step is to consolidate the proposal to harmonize how x509
and openid federation and ledger based can live together

Giuseppe: question about pagination
Dima: filtering would be more important than pagination
Mike: filtering on what basis?
Dima: capabilities and last updated date

Mike: we can proceed on that basis and get a proposal together

---
Aaron Parecki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240506/172c55e4/attachment.html>