[Openid-specs-ab] Spec Call Notes 11-Apr-19

Nat Sakimura sakimura at gmail.com
Fri Apr 12 02:35:14 UTC 2019


Re: OAuth JAR

Apparently, that discussion was not in the FAPI F2F but separate and
it was not recorded.

I will send a separate mail on this topic.

On Fri, Apr 12, 2019 at 4:53 AM Mike Jones via Openid-specs-ab
<openid-specs-ab at lists.openid.net> wrote:
>
> Spec Call Notes 11-Apr-19
>
>
>
> Mike Jones
>
> Nat Sakimura
>
> George Fletcher
>
> Brian Campbell
>
> John Bradley
>
> Rich Levinson
>
> Bjorn Hjelm
>
> Torsten Lodderstedt
>
> Tom Jones
>
>
>
> OAuth JAR
>
>               Nat asked for feedback on the OAuth JAR spec from John
>
>               John is working on addressing feedback received during the OAuth Security Workshop
>
>               It's already gone through the IESG telechat already so the authors are looking to minimize the changes made
>
>
>
> authentication_failed Error Code Draft
>
>               No comments were received during the adoption comment period, so the draft is adopted
>
>               The working group requested to change the name to unmet_authentication_requirements on the 1-Apr-19 call
>
>               Torsten will update the error code name and we'll publish a working group draft
>
>               This addresses issue https://bitbucket.org/openid/connect/issues/1029/authentication_failed-error-response
>
>
>
> OpenID Connect for Identity Proofing
>
>               A working group draft was published at https://openid.net/specs/openid-connect-4-identity-assurance.html
>
>               Torsten has received some private feedback
>
>                            More working group feedback is solicited
>
>               Bjorn and Daniel Fett will propose a session at IIW about the draft
>
>                            Mike agreed to help facilitate the session
>
>
>
> OpenID Certification
>
>               Roland Hedberg continues refining the initial logout certification tests
>
>                            Filip Skokan has been super-helpful in doing early tests of the tests
>
>                            Hans has also helped get them ready for people to run
>
>                            They are deployed at https://new-op.certification.openid.net:60000/ and https://new-rp.certification.openid.net:8080/
>
>
>
>                            Expect an announcement requesting that people test the tests shortly
>
>               Third Party-Initiated Login tests have been available to test since February
>
>                            Thus far, we're not aware that they have been tested
>
>                            We observed on the call that IdP-initiated login is much more common in the SAML world than the Connect world
>
>                            Mike will send a reminder to the working group of the availability of the tests
>
>               FAPI certification launched on April 1st
>
>                            See the completed FAPI certifications at https://openid.net/certification/#FAPI_OPs
>
>               The Connect certification pricing will go up on June 1st
>
>                            See https://openid.net/2019/02/21/openid-certification-program-expansion-and-fee-update/
>
>                            Those considering new certifications will get a price break by doing so in April or May
>
>
>
> Open Issues
>
>               https://bitbucket.org/openid/connect/issues?status=new&status=open
>
>               #1067 Add Privacy Considerations
>
>                            Torsten will do this
>
>               #1068 Follow ISO Rules
>
>                            This is a tracking issue.  We will review the document in this regard in the future.
>
>               #1069 Identity Assurance Section 5.1 on reason for request
>
>                            This had been heavily discussed in the comment and on list
>
>                            Mike had made the point that it's always up to the two parties what information to exchange
>
>                                          We shouldn't start mandating specific information now
>
>                            Tom said that maybe we could reference legal agreements in machine-processable fashion
>
>                                          George said that that would be a whole different standardization effort
>
>                            George said that in some cases, the OP already knows that there is consent
>
>                            Torsten said that the OP always needs to understand the legal basis for sharing information with the RP
>
>                            Tom said that there are different legal jurisdictions
>
>                            George said that legal information can be exchanged offline and need not be part of the protocol
>
>                            George reminded us that we already have a prompt=consent parameter
>
>                            We commented in the issue that a concrete proposal is needed
>
>
>
> Next Call
>
>               Monday, April 15 at 4pm Pacific Time
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en


More information about the Openid-specs-ab mailing list