[Openid-specs-ab] Mtg Notes: Re: Proposed agenda for 10-Jul-25 Connect WG call
chris phillips
cjphillips at gmail.com
Thu Jul 10 18:17:32 UTC 2025
Notes from today's meeting call..
Attendees: Mike J, Andy Barlow, Lukasz Jaromin, Brian Campbell, Chris
Phillips
Notes in line, call to order 10:05
---------- Forwarded message ---------
From: Michael Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Date: Thu, Jul 10, 2025 at 2:00 AM
Subject: [Openid-specs-ab] Proposed agenda for 10-Jul-25 Connect WG call
To: openid-specs-ab at lists.openid.net <openid-specs-ab at lists.openid.net>
Cc: Michael Jones <michael_b_jones at hotmail.com>
I propose this agenda for the OpenID Connect working group call to be held
at https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09.
1.
Introductions
2.
Code of Conduct
<https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Code-of-Conduct-Policy_Final_2025-06-12.pdf>,
Antitrust Policy <https://www.openid.net/antitrust>, and IPR Agreement
<https://openid.net/wg/connect/> reminders
3.
Events
1.
IETF 123 in Madrid, July 19-25, 2025
-
https://www.ietf.org/meeting/123/
10:09 - Dialogue about OAuth and AI topics.. Agenda at IETF does not have
any thing on the topics but no official elements on the topic.
Brian C: IETF has web bot auth bof: DRAFT Charter: Web Bot Auth WG
<https://docs.google.com/document/d/1cNksLq-nd1_ALHhGYTEG_g3RaNGeWrDMHXLORwV0dY8/edit?tab=t.0#heading=h.te2o0wma1yzc>
charter proposal for Web bot auth bof
ChrisP: there appears to be a lot of activity on Authentication /
Authorization ‘solutions’ but not a lot of standards body work, attendees
are commenting that they too are seeing ill defined gaps, some
straightforward which are being acted on (core OAuth2.1 mechanisms) but the
larger topics are not as MCP is not homed in a standards body, no IPR
protections observed.
-
CP/AndyB: see OIDF AI community group:
https://openid.net/cg/artificial-intelligence-identity-management-community-group/
4.
Links to Active Specifications
<https://openid.net/wg/connect/specifications/> and Repositories
1.
OpenID Connect Core incorporating errata 3
<https://openid.net/specs/openid-connect-core-1_0-36.html> (repository
<https://bitbucket.org/openid/connect/>)
2.
OpenID Connect Claims Aggregation
<https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
(repository <https://bitbucket.org/openid/connect/>)
3.
OpenID Connect Native SSO for Mobile Apps
<https://openid.net/specs/openid-connect-native-sso-1_0.html> (
repository <https://bitbucket.org/openid/connect>)
4.
OpenID Federation
<https://openid.net/specs/openid-federation-1_0.html> (repository
<https://github.com/openid/federation>)
5.
OpenID Federation Extended Subordinate Listing
<https://openid.net/specs/openid-federation-extended-listing-1_0.html>
(repository <https://github.com/openid/federation-extended-listing>)
6.
OpenID Federation Wallet Architectures
<https://openid.net/specs/openid-federation-wallet-1_0.html> (
repository <https://github.com/openid/federation-wallet>)
7.
OpenID Connect Relying Party Metadata Choices
<https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
(repository <https://github.com/openid/rp-metadata-choices>)
10:27 Became an Implementer’s Draft and announced - congrats!
Also,
https://openid.net/specs/openid-4-verifiable-presentations-1_0-final.html
just became final. This work was incubated in the Connect WG and then
moved to the DCP WG. Congratulations to all involved!
8.
OpenID Provider Commands
<https://openid.net/specs/openid-provider-commands-1_0.html> (repository
<https://github.com/openid/openid-provider-commands>)
9.
OpenID Connect Enterprise Extensions
<https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
(repository <https://github.com/openid/connect-enterprise-extensions>)
10.
OpenID Connect Ephemeral Subject Identifier
<https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
(repository <https://github.com/openid/connect-ephemeral-sub/>)
5.
OpenID Connect Relying Party Metadata Choices
<https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
1.
Now an Implementer’s Draft
-
https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-ID1.html
6.
OpenID Connect Claims Aggregation
<https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
1.
Reviews wanted
7.
OpenID Connect Ephemeral Subject Identifier
<https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
1.
-01 will include rationale, as provided by Nat during adoption
8.
OpenID Connect Native SSO for Mobile Apps
<https://openid.net/specs/openid-connect-native-sso-1_0.html>
1.
Responses needed to George’s message “[Openid-specs-ab] Updating the
Native SSO for Mobile Apps specification”
10:30 GeorgeF: still awaiting feedback on the spec.
Action to list: review and comment on request with subject line:
-
[Openid-specs-ab] Working Last Call for Proposed Implementer's Draft of
Native SSO for Mobile Apps
Observation: Do we want changes to the draft or put in place the IPR on it
first?
9.
OpenID Connect Enterprise Extensions
<https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
1.
Next steps to integrate with OP Commands, IPSIE specs
10.
OpenID Provider Commands
<https://openid.net/specs/openid-provider-commands-1_0.html>
1.
Updates?
11.
OpenID Federation <https://openid.net/specs/openid-federation-1_0.html>
1.
https://github.com/openid/federation/pull/232
10:33 Mike J: Automatic registration and client authentication occur at
different points of time. OP can only observe the authentication mechanisms
used and cannot require a specific one. The pull request is about
recommending that the same client authentication method be in subsequent
interactions.
-
Observation from a security researcher (TimW) that there is no metadata
for this and there’s an assumption that the other auth endpoints are the
same.. Discussion from the fed call that it be added.
https://github.com/openid/federation/issues/147#issuecomment-3034477543
-
Observation: features would be added and for discussion here:
CP: inquiry on this being a non breaking change and is additive? (ie if not
observed, other elements function whether or not it exists)
MikeJ: Correct, this would not be a breaking change to add it. Metadata
values that are not understood MUST be ignored. That’s our overall
extensibility model.
GeorgeF: is this consistent across the federation and across all endpoints?
LukaszJ: observation about the last comments that RPs should use the same
authentication method? What’s the sentiment?
MikeJ: more in https://github.com/openid/federation/issues/147
If there are multiple authentication mechanisms any can be used, right?
Not quite the same point but manually or dynamic registration but the
server returned value should be used forevermore. Existing Authorization
Services will likely have single settings for this internal to the AS.
The pull request is more about recommendations for the client to use to
potentially improve interoperability with ASs that may be coded to expect
the same client authentication method every time.
More to be elaborated in the github repo.
Call ended 10:50
___________________________________________________________________________________________
chris at chrisphillips.ca | https://www.linkedin.com/in/chris-phillips-cidpro/
On Thu, Jul 10, 2025 at 2:00 AM Michael Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> I propose this agenda for the OpenID Connect working group call to be held
> at https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09.
>
>
>
> 1. Introductions
> 2. Code of Conduct
> <https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Code-of-Conduct-Policy_Final_2025-06-12.pdf>,
> Antitrust Policy <https://www.openid.net/antitrust>, and IPR Agreement
> <https://openid.net/wg/connect/> reminders
> 3. Events
> 1. IETF 123 in Madrid, July 19-25, 2025
> - https://www.ietf.org/meeting/123/
> 4. Links to Active Specifications
> <https://openid.net/wg/connect/specifications/> and Repositories
> 1. OpenID Connect Core incorporating errata 3
> <https://openid.net/specs/openid-connect-core-1_0-36.html> (
> repository <https://bitbucket.org/openid/connect/>)
> 2. OpenID Connect Claims Aggregation
> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
> (repository <https://bitbucket.org/openid/connect/>)
> 3. OpenID Connect Native SSO for Mobile Apps
> <https://openid.net/specs/openid-connect-native-sso-1_0.html> (
> repository <https://bitbucket.org/openid/connect>)
> 4. OpenID Federation
> <https://openid.net/specs/openid-federation-1_0.html> (repository
> <https://github.com/openid/federation>)
> 5. OpenID Federation Extended Subordinate Listing
> <https://openid.net/specs/openid-federation-extended-listing-1_0.html>
> (repository <https://github.com/openid/federation-extended-listing>)
> 6. OpenID Federation Wallet Architectures
> <https://openid.net/specs/openid-federation-wallet-1_0.html> (
> repository <https://github.com/openid/federation-wallet>)
> 7. OpenID Connect Relying Party Metadata Choices
> <https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
> (repository <https://github.com/openid/rp-metadata-choices>)
> 8. OpenID Provider Commands
> <https://openid.net/specs/openid-provider-commands-1_0.html> (
> repository <https://github.com/openid/openid-provider-commands>)
> 9. OpenID Connect Enterprise Extensions
> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
> (repository
> <https://github.com/openid/connect-enterprise-extensions>)
> 10. OpenID Connect Ephemeral Subject Identifier
> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
> (repository <https://github.com/openid/connect-ephemeral-sub/>)
> 5. OpenID Connect Relying Party Metadata Choices
> <https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
> 1. Now an Implementer’s Draft
> -
> https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-ID1.html
> 6. OpenID Connect Claims Aggregation
> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
> 1. Reviews wanted
> 7. OpenID Connect Ephemeral Subject Identifier
> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
> 1. -01 will include rationale, as provided by Nat during adoption
> 8. OpenID Connect Native SSO for Mobile Apps
> <https://openid.net/specs/openid-connect-native-sso-1_0.html>
> 1. Responses needed to George’s message “[Openid-specs-ab] Updating
> the Native SSO for Mobile Apps specification”
> 9. OpenID Connect Enterprise Extensions
> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
> 1. Next steps to integrate with OP Commands, IPSIE specs
> 10. OpenID Provider Commands
> <https://openid.net/specs/openid-provider-commands-1_0.html>
> 1. Updates?
> 11. OpenID Federation
> <https://openid.net/specs/openid-federation-1_0.html>
> 1. https://github.com/openid/federation/pull/232
> 2. Other discussion topics?
> 12. AOB
>
>
>
> -- Mike
>
>
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250710/b59bac6d/attachment-0001.htm>
More information about the Openid-specs-ab
mailing list