[Openid-specs-ab] WG Meeting notes 25th April 2025

Andy Barlow 0xandybarlow at gmail.com
Thu Apr 24 23:31:00 UTC 2025 

Hi all, please find my notes from todays WG call, I hope I didn't miss
anything important - please correct if I have missed anything you wanted
recording!
Andy

Attendees:
Michael Jones, George Fletcher, Aaron Parecki, Marcus Almgren, Andy Barlow,
John Melati, Filip Skokan, Edmund, Chris Filips, Brian Campbell (briefly)

------------------------------

1. Introductions & Housekeeping

   -

   Call opened with participant introductions.
   -

   Catch-up on recent events.
   -

   Dietary requirements reminders were noted.
   -

   Agenda review

Announcement:

   -

   Mike shared that the OAuth 2.0 Protected Resource Metadata spec (
   https://datatracker.ietf.org/doc/rfc9728/) has been published.
   -

   Congratulations to Aaron on publishing his first specification — with
   much more to come!

------------------------------

2. OpenID Connect Claims Aggregation

   -

   The spec was highlighted in an issue as being currently dormant (last
   update in 2021).
   -

   An objection to the dormant classification from Nat was noted, and Nat's
   proposed changes were merged.
   -

   Action: Michael Jones will contact the authors to confirm readiness of
   draft publication.

Further notes from a later second pass discussion:

   -

   Mike suggested running the draft through OpenID’s spec tooling:
   -

      Publishing Tooling Guide
      <https://openid.net/wg/resources/publishing-specifications/>
      -

      Tooling GitHub Repo
      <https://github.com/openid/publication/blob/main/README.md>
      -

   Aaron spoke about how the tool performs checks on PRs before merging.
   -

   Edmund asked if possible to add the tooling to CI.
   -

      Mike suggested consulting Mark H.
      -

      Action request: Edmunds use of the tooling is a good opportunity to
      provide feedback on the tooling.
      -

   Edmund noted a new PR simplifies the aggregation draft (reverting some
   VC language, simplifying, reusing userinfo/claims parameters, adding
   verification text).
   -

   Mike provided some context on the previous removal of VC text.


------------------------------

3. OpenID Connect Relying Party Metadata Choices

   -

   Discussion focused on GitHub PR #6
   <https://github.com/openid/rp-metadata-choices/pull/6>.
   -

   PR introduces implementation considerations.
   -

   Filip requested some changes in the PR, which led to discussion
   regarding normative language and the location of the guidance within the
   text.
   -

   George (via chat): Suggested keeping non-conflicting content, even if
   redundant.
   -

   Filip: asked for more prescriptive (normative) guidance.
   -

   Mike: Proposed accepting Filip’s changes and continuing discussion
   within the WG.


------------------------------

4. Federation Wallet Architectures

   -

   An editorial pass PR is still open.
   -

   Action: Efforts will be made to move the PR forward.


------------------------------

5. OpenID FederationIssue #202 – Issuer Identifier Normalization

   -

   From Michael Fraser: should an issuer of google.com and google.com/ be
   treated the same?
   -

   Mike clarifies that yes, they should resolve to the same well-known
   endpoint.
   -

   Mention of possible need for normalization (e.g., lowercasing).
   -

   Filip: Raised issues with normalization when URLs include paths (such as
   google.com/a-path/ and spoke about two common implementation approaches:
   1.

      Strict equality check (===).
      2.

      Normalize then compare.


Issue #194 – Trust Mark ID Field Clarification

   -

   John noted difficulties modeling the trust_mark_id field as it doesn’t
   always behave like a URL.
   -

   Mike: Acknowledged it’s not always a traditional URL (in terms of being
   treated like an issuer (e.g., can represent a class etc) and acknowledges
   the confusion this could create currently.
   -

   Action: Mike to clarify the interpretation of trust mark in the issue
   thread and will attempt to get consensus but notes that spec is nearing
   final.


Issue #192 – Test Update

   -

   Marcus: Will update the relevant test (noted that the test was an early
   revision).
   -

   Mike: Will comment on the described edge case.


Issue #193 – Entity Declaration Behavior

   -

   Mike: Entities should be declared even when metadata is inherited.
   -

   Chris: Asked about interoperability in cases with multiple entity types
   — how to resolve those dynamically?
   -

   Mike: Resolution is dynamic. Clients should only implement types they
   understand.
   -

   Action: Mike to follow up with implementers in Sweden for additional
   clarity and has made a note to do so.


------------------------------

6. Native SSO Spec Status

   -

   George: No real updates to share with WG.
   -

   Action: Will talk to Mark H. about migrating the spec from Bitbucket to
   GitHub to support better collaboration.
   -

   Mike agreed that GitHub is more collaborative.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250425/674d6a4c/attachment-0001.htm>

More information about the Openid-specs-ab mailing list