[Openid-specs-ab] Mtg Notes: Re: Proposed agenda for 13-Nov-25 Connect WG call
chris phillips
cjphillips at gmail.com
Fri Nov 14 04:20:38 UTC 2025
@Michael Jones <michael_b_jones at hotmail.com>, I've done another review as
mentioned in the notes today and won't be opening issues.
The current OpenID Federation spec should be sufficient for offering good
continuity of trust during key rollover events.
Now it's up to implementations and conformance testing to ensure they do
the necessary things...
Chris.
___________________________________________________________________________________________
https://www.linkedin.com/in/chris-phillips-cidpro/
On Thu, Nov 13, 2025 at 12:04 PM chris phillips via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
>
> Attendees: Mike Jones, Brian Campbell, Aaron Parecki, Chris Phillips,
> Lukasz Jaromin, Joe DeCock, Filip Skokan, Andrew Barlow
>
>
> 10:10 call to order
>
> ## Takeaways from IETF 124 in Montreal last week
>
> BrianC: Update on RFC7523BIS
>
> -
>
> Not require explicit typing but use hints at typing
> -
>
> AuthZ grant, to be a bit more thoughtful on what’s recommended &
> required using baseline authorization grants
> -
>
> IETF 124 session was in alignment with last call imminently after
> bringing details
>
> Aaron:
>
> -
>
> SCIM session had 2 AI proposals which was interesting
> -
>
> People want to be able to provision/deprovision agents/AI entities
> just like regular users
>
> ## 10:20 OpenID Federation
> <https://openid.net/specs/openid-federation-1_0.html>
>
> MikeJ:
>
> -
>
> Focused work towards finishing 1.0 has been happening over the past
> weeks
> -
>
> PR’s to be addressed for 1.0 should all be in ASAP
> -
>
> Why: Proposed final about a week from today - at which point we’ll do
> working group last call
> -
>
> Drive for final due to significant dependencies on the spec by
> deployments
> -
>
> Recurring request to have the Federation spec be split apart into core
> and protocol-specific specs
> -
>
> Once 60-day review starts, will commence work to separate it into
> more focused parts
> -
>
> Intent is 1.1 no semantic changes, just editorial
> -
>
> Also want to understand what extensions people are using on top of a
> federation. (MikeJ)
>
>
>
> -
>
> Walk through on open items in OpenID Federation, given it’s driving to
> 1.0 final:
> -
>
> ChrisP: Dialogue with Chris P and Mike J on the notion around trust
> anchors only having a single key vs a set of keys and if the text supported
> that.
>
>
> -
>
> Mike said that all entities have JWK Sets that can contain multiple
> keys
> -
>
> Mike’s observations were that the spec allowed for this but to open
> issue if the text is not in alignment
> -
>
> Chris to review & if he feels necessary, open an issue and propose
> text if a trust ‘gap’ with rollover exists as the spec is written.
>
>
>
> -
>
> Lukasz: Highlighted https://github.com/openid/federation/issues/246
> will only be included in 1.0 if concrete proposed text changes are produced
> soon
> -
>
> Group discussed Trust anchor confusion item
> https://github.com/openid/federation/issues/100
> -
>
> Mike J commented how PR 282 addresses it
>
>
> ## 10:37: OpenID Connect Native SSO for Mobile Apps
> <https://openid.net/specs/openid-connect-native-sso-1_0.html> Vladimir
> responded on-list for updates
>
> -
>
> Dialogue on list has been happening thread: Re: [Openid-specs-ab] Next
> steps for the Native SSO for Mobile Apps specification ).
> -
>
> Authors/contributors not on the call
> -
>
> if you do have thoughts, reply on list
>
> ## 10:39 discussion on
> https://github.com/openid/connect-ephemeral-sub/pull/1
>
> -
>
> MikeJ confirmed with the mtg attendees the merge of the request as
> well as contributors.
>
> OpenID Connect PRs and issues
>
>
> https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam
>
>
> https://bitbucket.org/openid/connect/issues/2185/id-tokens-should-have-an-associated-media
>
> -
>
> Noted: Requiring this would be a breaking change to OpenID Connect
> Core 1.0.
> -
>
> Aaron recommended to flag it as a breaking change so it can be
> reviewed with others
>
>
> Filip - adding assertions doesn’t always bode well after things have been
> in flight.
>
>
> -
>
> Group dialogue on semantic versioning: does this item align (or not?)
> or will people expect a dot release for a breaking element.
> -
>
> Longer conversation on this is anticipated, no consensus on it during
> the call
>
> ##call ended 10:50
>
>
> Chris.
>
>
> ___________________________________________________________________________________________
>
> https://www.linkedin.com/in/chris-phillips-cidpro/
>
>
> On Wed, Nov 12, 2025 at 10:24 PM Michael Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> I propose this agenda for tomorrow’s OpenID Connect working group call,
>> which will be held at
>> https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09.
>>
>>
>>
>> 1. Introductions
>> 2. Code of Conduct
>> <https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Code-of-Conduct-Policy_Final_2025-06-12.pdf>,
>> Antitrust Policy <https://www.openid.net/antitrust>, and IPR Agreement
>> <https://openid.net/wg/connect/> reminders
>>
>>
>>
>> All, please both review the code of conduct and interact with one another
>> accordingly. These clauses seem pertinent to some of the recent
>> discussions:
>>
>>
>>
>> - Constructive Feedback: Feedback should be provided in a
>> constructive, timely and respectful manner, focusing on the ideas or
>> proposals under discussion and should actively avoid unrelated matters or
>> personal attacks.
>> - Professional Tone: All communication, whether verbal or written,
>> should maintain a professional and respectful tone. Refrain from disruptive
>> behavior, including shouting, personal attacks or insults, sarcasm, or
>> inflammatory or otherwise inappropriate language.
>>
>>
>>
>> 3. Events
>> 1. IETF 124 in Montreal last week
>> - Any takeaways you’d like to share?
>> 4. Links to Active Specifications
>> <https://openid.net/wg/connect/specifications/> and Repositories
>> 1. OpenID Connect Core incorporating errata 3
>> <https://openid.net/specs/openid-connect-core-1_0-36.html> (
>> repository <https://bitbucket.org/openid/connect/>)
>> 2. OpenID Connect Claims Aggregation
>> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
>> (repository <https://bitbucket.org/openid/connect/>)
>> 3. OpenID Connect Native SSO for Mobile Apps
>> <https://openid.net/specs/openid-connect-native-sso-1_0.html> (
>> repository <https://bitbucket.org/openid/connect>)
>> 4. OpenID Federation
>> <https://openid.net/specs/openid-federation-1_0.html> (repository
>> <https://github.com/openid/federation>)
>> 5. OpenID Federation Extended Subordinate Listing
>> <https://openid.net/specs/openid-federation-extended-listing-1_0.html>
>> (repository <https://github.com/openid/federation-extended-listing>
>> )
>> 6. OpenID Federation Wallet Architectures
>> <https://openid.net/specs/openid-federation-wallet-1_0.html> (
>> repository <https://github.com/openid/federation-wallet>)
>> 7. OpenID Connect Relying Party Metadata Choices
>> <https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
>> (repository <https://github.com/openid/rp-metadata-choices>)
>> 8. OpenID Provider Commands
>> <https://openid.net/specs/openid-provider-commands-1_0.html> (
>> repository <https://github.com/openid/openid-provider-commands>)
>> 9. OpenID Connect Enterprise Extensions
>> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
>> (repository
>> <https://github.com/openid/connect-enterprise-extensions>)
>> 10. OpenID Connect Ephemeral Subject Identifier
>> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
>> (repository <https://github.com/openid/connect-ephemeral-sub/>)
>> 11. OpenID Connect Key Binding
>> <https://openid.net/specs/openid-connect-key-binding-1_0.html> (
>> repository <https://github.com/openid/connect-key-binding>)
>> 5. OpenID Federation
>> <https://openid.net/specs/openid-federation-1_0.html>
>> 1. https://github.com/openid/federation/pull/282
>> - Discuss whether to define trust_chain claim for use in
>> Explicit Registration requests
>> 2. Discuss steps to finish 1.0 spec
>> 3. PRs and issues at https://github.com/openid/federation/pulls
>> and https://github.com/openid/federation/issues
>> 6. OpenID Connect Native SSO for Mobile Apps
>> <https://openid.net/specs/openid-connect-native-sso-1_0.html>
>> 1. Vladimir responded on-list asking for updates
>> 7. OpenID Connect PRs and issues
>> 1. https://bitbucket.org/openid/connect/
>> 8. OpenID Connect Ephemeral Subject Identifier
>> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
>> 1. Review https://github.com/openid/connect-ephemeral-sub/pull/1
>> 9. OpenID Connect Claims Aggregation
>> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
>> 1. Reviews requested
>> 10. OpenID Connect Key Binding
>> <https://openid.net/specs/openid-connect-key-binding-1_0.html>
>> 1. Working group spec published
>> 11. OpenID Connect Enterprise Extensions
>> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
>> 1. Issues & PRs
>> 12. OpenID Provider Commands
>> <https://openid.net/specs/openid-provider-commands-1_0.html>
>> 1. Issues & PRs
>> 13. AOB
>>
>>
>>
>> -- Mike
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251113/4e0579fe/attachment-0001.htm>
More information about the Openid-specs-ab
mailing list