[Openid-specs-ab] Meeting notes July 31st, 2025

Marcus Almgren marcus.almgren at oidf.org
Thu Jul 31 14:56:12 UTC 2025 

OpenID AB/C WG Call (Atlantic)
2025-07-31

Attendees:

Michael Jones
Andy Barlow
Frederik Krogsdal Jacobsen
Joe DeCock
Filip Skokan
Marcus Almgren
George Fletcher
Guilherme Niero
Tom Jones

(1) IETF Madrid:

Filip:
- Updates to specifications underpinning private kew jwt and which therefore affects OIDC. An errata most likely coming up.
- There is a proposal on the table, https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis/pull/15, regarding single value aud and dropping typ requirements.
- FAPI1 probably does not want to change.
- Updates to IANA registry, https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis/pull/17

George:
- There was a presentation about app2app by Yaron, which is sort of like native SSO but not really. https://datatracker.ietf.org/doc/draft-zehavi-oauth-app2app-browserless/

(2) Connect issues:

Filip:
- Issue https://bitbucket.org/openid/connect/issues/2180/discovery-10-clarification-on-additional with companion PR https://bitbucket.org/openid/connect/pull-requests/750
- Issue https://bitbucket.org/openid/connect/issues/2181/core-10-clarification-on-omitted-id-token with companion PR https://bitbucket.org/openid/connect/pull-requests/751

Group:
- Discussion of omitting vs JSON null, as well as MUSTs and SHOULDs
- Conformance tests are brought up, and Fredrik mentions https://oidf.slack.com/archives/C03D091Q665/p1752593620884959.
- There are strong reasons to not put MUSTs in erratas.

Mike:
- Issue https://bitbucket.org/openid/connect/issues/2179/fedcm-binding-of-oidc on FedCM binding for OIDC. It would be a new spec, and willing authors are most likely needed.
- George chips in that it seems that FedCM could be implemented without OIDC, and that if browser vendors push FedCM that it could mean that SSO is done without OIDC to a larger extent. Mike encourages George to write some of these things in the issue.

(3) Other:
- Mike mentions https://github.com/yaronf/draft-sheffer-oauth-rfc8725bis/ about JWT best current practices.
- Native SSO is in Implementer's Draft, https://openid.bitbucket.io/connect/openid-connect-native-sso-1_0.html.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250731/3b21ebd7/attachment.htm>

More information about the Openid-specs-ab mailing list