[Openid-specs-ab] Minutes from 2025-09-25 Connect WG call
Frederik Krogsdal Jacobsen
frederik.krogsdal at criipto.com
Thu Sep 25 14:57:46 UTC 2025
- Participants: Mike Jones, Andrii Deinega, Filip Skokan, Andy Barlow,
Frederik Krogsdal Jacobsen, George Fletcher, Eye PR (did not speak)
- Events
- Reminder that the IETF submission deadline is Monday, October 20
- Registration for IIW is open:
https://www.eventbrite.com/e/internet-identity-workshop-iiwxli-41-2025b-tickets-1393125719529
- Registration for OpenID Workshop preceding IIW is open:
https://www.eventbrite.co.uk/e/oidf-workshop-prior-to-iiw-mon-20-oct-2025-cisco-san-jose-ca-tickets-1680526974419
- Registration for FIDO Authenticate is open:
https://fidoalliance.org/event/authenticate-2025/
- Native SSO for Mobile Apps
- Vote to approve Implementer’s Draft will start in one week:
https://openid.net/notice-of-vote-to-approve-proposed-second-implementers-draft-of-openid-connect-native-sso-for-mobile-apps/
- Question: has there been any work on removing ID tokens from the
spec?
- George: No, there hasn’t been much WG interest in helping do
this. It would be a great help if people with implementations
share their
experiences.
- Mike: Connect Core already sends the ID token back to the
issuer, so is there an issue?
- George: It’s possible not to use the ID token, but on the other
hand, some implementations already exist in production using
the ID token.
- Mike: George, write to the list again and ask if anyone is
really interested in making this change. Since there are also
uses of ID
tokens as precedent, is there really a problem that needs to
be addressed?
- Relying Party Metadata Choices
- -02 has been published.
- The only change is to use token_endpoint_auth_methods_supported for
all endpoints to align with PAR.
- Given that Federation normatively references this draft, it should
be taken to final at the same time as Federation. If you have any major
changes to propose, do so now.
- Connect issues and PRs
- There are no open PRs.
- Open issues:
- 2182 will be closed since the corresponding PR has been merged.
- 2184:
- Requests new functionality that RPs can use at OPs to set
quotas for users.
- Mike: should be done as a new spec, if at all.
- 2183:
- Requests size limit for Session State in Session Management
spec.
- Mike: I will try to find some old notes regarding why size
limits were not originally included.
- Filip: There is nothing in the spec which (implicitly or
explicitly) limits the size of the state. In working with
other specs, the
decision has been made not to add size limits because
these should usually
evolve over time.
- 1125:
- Mike: I will assign this to Filip, who can do it at his
leisure.
- Federation
- Pull requests:
- 253
- Fixes issue 245.
- 254
- Might fix issue 252, or at least part of it.
- Issues
- 246: Mike has asked the author (Michael Fraser) to create a PR
for this.
- Connect Key Binding
- Call for Adoption is on the list
- Informal count: 5 in favor, 1 opposed, 1 neutral
- Call for Adoption closes in 4 days
- AppAuth libraries and contributed software
- There is no defined procedure for doing anything with software
repositories. Changes e.g. to maintainers can just be made as WG
decisions.
- There does not seem to be great appetite in actively maintaining
the AppAuth libraries in the call. Frederik will investigate
whether there
is more maintenance appetite in other places.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250925/4eca80cf/attachment-0001.htm>
More information about the Openid-specs-ab
mailing list