[Openid-specs-ab] A/B Connect Call Notes 18/08/2025

Michael Fraser michael.fraser at raidiam.com
Wed Aug 20 01:11:39 UTC 2025 

Attendance
                - Mike Jones
                - Andrii Deinega
                - Michael Fraser
                - Brian Campbell
                - Ralph Bragg
                - Nick Watson
                - Dima Postnikov


- Continuation of discussion started on the 14/08/2025 meeting
                - See "Discussion of new proposed spec OpenID Connect Key Binding" at https://lists.openid.net/pipermail/openid-specs-ab/2025-August/010901.html
                - Ralph Bragg commented that ID Tokens really shouldn't be used out of their original intended scope
                - Call attendees voiced agreement

- Issues:
                - https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam
                                - https://bitbucket.org/openid/connect/issues/2182
                                                - Mike Jones asked Andrii to raise a PR to address this
                                - https://bitbucket.org/openid/connect/issues/2183
                                                - Mike Jones commented that adding size constraints after the fact tends to be a moot exercise as implementations tend to ignore it
                                                - Mike Jones to investigate precedent for how prior issues akin to this one were handled

                - https://github.com/openid/rp-metadata-choices/pull/7
                                - closed
                                - was triggered by discussion on https://github.com/openid/federation/pull/232
                                - Mike Jones to make federation PR to address this
                - https://github.com/openid/federation/pull/240
                                - too early to merge but reviews invited
                - https://github.com/openid/federation/pull/239
                                - verified with 3 checks against implementations
                                - merged on the call
                - https://github.com/openid/federation/pull/238
                                - reviewed and merged on the call
                - https://github.com/openid/federation/issues/241
                                - proposes splitting the entity statement claims better by their relevance to entity configurations and subordinate statements
                                - thoughts requested
                                - Mike Jones to take on the issue and suggested a structure for the rework
                - https://github.com/openid/federation/issues/237
                                - Mike Jones suggested adding a note to clarify the resulting order of a merge of sets isn't specified
                - https://github.com/openid/federation/issues/127
                                - Not addressed with pull request 238
                                - Mike Jones to update his existing PR

- Andrii asked if there is an appetite to extend openid connect core to include a quota on the number of active sessions
                - usecase would be to restrict number of sessions for a given user
                - an example is an RP would be able to indicate to an OP that they want only a single session
                - Mike Jones commented it isn't one for core, but a new spec could be created and guided Andrii to contribute an issue on core to start the discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250820/0446eeca/attachment-0001.htm>

More information about the Openid-specs-ab mailing list