[Openid-specs-ab] Spec Call Notes 13-May-24

Michael Jones michael_b_jones at hotmail.com
Tue May 14 00:34:49 UTC 2024 

Spec Call Notes 13-May-24

Mike Jones
Sam Goto
Aaron Parecki
Tom Jones
Dima Postnikov

IdP Discovery Discussion
                We had a free-ranging discussion of IdP discovery problems and solutions
                                Also called Home Realm Discovery
                                Motivated in part by problems that FedCM is trying to solve
                Both closed sets are open sets of IdPs are used in different contexts
                                NASCAR screens are closed
                                E-mail is an open space
                                Federations are logically closed but may have thousands of participants
                Different kinds of ecosystems have different properties
                                Open Banking systems are closed
                                Research & Academic Federations are distinct from those
                                SAAS apps are more open, accepting a large set of corporate identities
                                You may have identities from one ecosystem that can't be used in another
                We discussed how blog commenting was the use case for OpenID 2.0
                                Which was an open system
                                Having claimed identifiers authenticated you and differentiated you from comment spam
                                Bloggers knew they had URLs and were willing to type them
                Whereas NASCAR screens have better conversion rates than any UX where you have to type
                We talked about the need for incentives for ecosystem participants
                                Particularly for RPs
                Tom asked about user identifiers and picking IdPs
                Aaron said that FedCM can help make things better by only showing identities that you have
                                As opposed to showing all the IdPs that it is possible to use
                                Research & Education sites have ornate IdP pickers among thousands of sites
                Mike said that one IdP discovery problem is people not remembering which IdP they used at an RP
                Aaron remarked on the prevalence of e-mail as an account recovery path
                Sam asked about the role of single-user OPs, such as self-issued.info
                                And about the cases where an e-mail domain is the same as the IdP's domain

Pull Requests
                https://bitbucket.org/openid/connect/pull-requests/
                PR #736: [Federation] listing endpoint parameters updated_since and updated_before
                                Dima: In open banking, etc. regulator controls who is in and out
                                                Closed ecosystems
                                Mike: Filtering on updated times requires superiors to track changes in subordinates
                                Mike: What kinds of updates are you interested in knowing about?
                                                Dima: Added, key and metadata changes, disabled/deactivated
                PR #731: [Federation] the new federation_subordinate_events_endpoint
                                Mike asked Dima to also look at this for ConnectID's use cases

Next Call
                The next call is Thursday, May 16 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240514/1c9c46d9/attachment-0001.html>

More information about the Openid-specs-ab mailing list