[Openid-specs-ab] Proposed agenda for 16-Oct-25 Connect WG call
Aaron Parecki
aaron at parecki.com
Thu Oct 16 15:01:21 UTC 2025
Minutes from the call:
Code of conduct reminder
Upcoming events:
* IETF publication deadline is Monday Oct 20
* Oct 20 OpenID Workshop at Cisco
* IIW next week
* DCP meetings Monday and Friday
OpenID Mobile SSO
Have not hit quorum, only at 18%, quorum is 20%. Voting period will be
extended.
OpenID Federation
* Sweden has some cases where they are retrofitting Federation onto
existing infrastructure
* OAuth working group adopted Client ID Metadata Document this week
*
https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/
* Expected to be some new Federation extensions
https://github.com/openid/federation/issues
https://github.com/openid/federation/issues/269
* Frederik: you changed a SHOULD to a MUST, was that intentional?
* Lukasz: The MUST is about the second sentence.
* Frederik: ok I misunderstood
* Mike: You assigned to yourself, are you going to create a PR?
* Frederik: yes
https://github.com/openid/federation/issues/270
* Mike: are you proposing to call the accreditation authority an entity?
* Lukasz: no, the change I am proposing is to say that it's about the trust
mark issuer. The trust mark issuer entity should be well known.
* Mike: you don't necessarily have an entity in the federation representing
the accreditation authority
* Lukasz: not having accreditation authority language in this section would
be better
* Tom: Kantara creates trust marks, but they are not part of any
federation. the trust mark doesn't represent Kantara at all. Kantara can
issue a trust mark for NIST-80063-4. The issuer of the trust mark doesn't
relate to the federation or even the authority.
* Lukasz: I didn't add accreditation authority language. what I'm saying is
it would be better to stick only to the technical terms like trust mark
issuer, and not include accreditation authority.
* Mike: Lukasz do you have the discussion you need to make progress?
* Lukasz: This was meant to be an editorial change. There's another issue
271 that speaks more to this discussion
https://github.com/openid/federation/issues/271
* Lukasz: there is a need to indicate that for certain federations it's a
MUST. 7.3 says "SHOULD NOT"
* Mike: Profiles can always tighten requirements. For example, OpenID
Connect says if there are multiple keys in the jwks, then the ID token MUST
include a key ID. In Federation we require key ID tightening the
requirement. So by analogy, a profile can require a validator knows the
trust anchor before validating, we don't need spec language for that.
* Frederik: I think Lukasz has a point, if it's not clear why this is a
SHOULD and not a MUST
* Mike: In some places we say why
* Frederik: If we can say why relatively concisely it will help people
later.
* Mike: Please add that to the issue
* Chris: Lukasz what you're talking about is often discussed in the R&E
space. Edugain has 70 different countries and has delegated out of band of
the protocol called Research and Scholarship. As an IdP, if you see that
trust mark you are allowed to send attributes. The challenge is, did the UK
when they issued that trust mark do the same due diligence as Canada, etc.
The operations of the federation are not codified over the wire. this
federation has the list of all members and how they operate
https://technical.edugain.org/status
* Lukasz: it's still worth defining some rules for ecosystems to be able to
define how strict they are
* Chris: The way Edugain governs its operations, you need to be voted in,
therefore you have permission to be part of the federations. You behave as
if everyone is equal.
* Tom: is the University of Phoenix part of edugain? The answer depends on
what country you are in. The reality isn't what the spec says.
* Frederik: There was some discussion on the list about what is an RP, such
as when an RP has more than one component, and what are the rules around
that. Might be interesting to pick up at IIW. Since there is some confusion
about this, maybe we can write some best practice advice around it.
On Thu, Oct 16, 2025 at 6:58 AM Michael Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> I propose this agenda for the OpenID Connect working group call today,
> which will be held at
> https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09.
>
>
>
> 1. Introductions
> 2. Code of Conduct
> <https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Code-of-Conduct-Policy_Final_2025-06-12.pdf>,
> Antitrust Policy <https://www.openid.net/antitrust>, and IPR Agreement
> <https://openid.net/wg/connect/> reminders
>
>
>
> All, please both review the code of conduct and interact with one another
> accordingly. These clauses seem pertinent to some of the recent
> discussions:
>
>
>
> - Constructive Feedback: Feedback should be provided in a
> constructive, timely and respectful manner, focusing on the ideas or
> proposals under discussion and should actively avoid unrelated matters or
> personal attacks.
> - Professional Tone: All communication, whether verbal or written,
> should maintain a professional and respectful tone. Refrain from disruptive
> behavior, including shouting, personal attacks or insults, sarcasm, or
> inflammatory or otherwise inappropriate language.
>
>
>
> 3. Events
> 1. The IETF submission deadline is Monday, October 20
> - https://www.ietf.org/meeting/124/ and
> https://datatracker.ietf.org/meeting/important-dates/#IETF124
> 2. OpenID Workshop before IIW, Monday, October 20
> -
> https://openid.net/registration-open-for-openid-foundation-hybrid-workshop-at-cisco-on-mon-20th-october-2025/
> 3. IIW, Tue-Thu, Oct 21-23
> - https://internetidentityworkshop.com/
> 4. DCP meeting, morning of Monday, October 20
> -
> https://www.eventbrite.co.uk/e/oidf-dcp-wg-mtg-prior-to-iiw-mon-20-oct-2025-cisco-san-jose-ca-tickets-1661413736209
> 5. DCP meeting, Friday, October 24
> - https://dcpwg_iiw_24oct25.eventbrite.co.uk/
> 4. Links to Active Specifications
> <https://openid.net/wg/connect/specifications/> and Repositories
> 1. OpenID Connect Core incorporating errata 3
> <https://openid.net/specs/openid-connect-core-1_0-36.html> (
> repository <https://bitbucket.org/openid/connect/>)
> 2. OpenID Connect Claims Aggregation
> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
> (repository <https://bitbucket.org/openid/connect/>)
> 3. OpenID Connect Native SSO for Mobile Apps
> <https://openid.net/specs/openid-connect-native-sso-1_0.html> (
> repository <https://bitbucket.org/openid/connect>)
> 4. OpenID Federation
> <https://openid.net/specs/openid-federation-1_0.html> (repository
> <https://github.com/openid/federation>)
> 5. OpenID Federation Extended Subordinate Listing
> <https://openid.net/specs/openid-federation-extended-listing-1_0.html>
> (repository <https://github.com/openid/federation-extended-listing>)
> 6. OpenID Federation Wallet Architectures
> <https://openid.net/specs/openid-federation-wallet-1_0.html> (
> repository <https://github.com/openid/federation-wallet>)
> 7. OpenID Connect Relying Party Metadata Choices
> <https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html>
> (repository <https://github.com/openid/rp-metadata-choices>)
> 8. OpenID Provider Commands
> <https://openid.net/specs/openid-provider-commands-1_0.html> (
> repository <https://github.com/openid/openid-provider-commands>)
> 9. OpenID Connect Enterprise Extensions
> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
> (repository
> <https://github.com/openid/connect-enterprise-extensions>)
> 10. OpenID Connect Ephemeral Subject Identifier
> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
> (repository <https://github.com/openid/connect-ephemeral-sub/>)
> 5. OpenID Connect Native SSO for Mobile Apps
> <https://openid.net/specs/openid-connect-native-sso-1_0.html>
> 1. Vote announcement at
> https://openid.net/notice-of-vote-to-approve-proposed-second-implementers-draft-of-openid-connect-native-sso-for-mobile-apps/
> 2. Please vote now at
> https://openid.net/foundation/members/polls/388
> 3. Discussion with George about next steps for the draft
> 6. OpenID Federation
> <https://openid.net/specs/openid-federation-1_0.html>
> 1. -44 has been published
> https://openid.net/specs/openid-federation-1_0-44.html
> 2. Includes extension points requested for Swedish government use
> cases
> 3. Announcement forthcoming.
> 4. For changes, see
> https://openid.net/specs/openid-federation-1_0-44.html#name-document-history
> 5. Discuss PRs and issues at
> https://github.com/openid/federation/pulls and
> https://github.com/openid/federation/issues
> 7. OpenID Connect Key Binding
> 1. Adopted last week based on revised contribution at
> https://lists.openid.net/pipermail/openid-specs-ab/2025-October/011023.html
> 2. Working draft in https://github.com/dickhardt/openid-key-binding
> 3. https://dickhardt.github.io/openid-key-binding/main.html
> 4. Next steps creation of repository at https://github.com/openid
> and publication of -00 draft at openid.net/specs/
> 8. OpenID Connect PRs and issues
> 1. https://bitbucket.org/openid/connect/
> 9. OpenID Connect Enterprise Extensions
> <https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
> 1. Issues & PRs
> 10. OpenID Provider Commands
> <https://openid.net/specs/openid-provider-commands-1_0.html>
> 1. Issues & PRs
> 11. OpenID Connect Ephemeral Subject Identifier
> <https://openid.net/specs/openid-connect-ephemeral-subject-identifier-1_0.html>
> 1. Time for -01 with rationale, as provided by Nat during adoption
> 12. OpenID Connect Claims Aggregation
> <https://openid.net/specs/openid-connect-claims-aggregation-1_0.html>
> 1. Reviews wanted
> 13. AOB
>
>
>
> -- Mike
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251016/dc23ebb6/attachment-0001.htm>
More information about the Openid-specs-ab
mailing list