[Openid-specs-ab] Spec Call Notes 5-Dec-19

Mike Jones Michael.Jones at microsoft.com
Thu Dec 5 18:58:10 UTC 2019


Spec Call Notes 5-Dec-19

Mike Jones
Tom Jones
Marcos Sanz
Filip Skokan
John Bradley
George Fletcher
Brian Campbell
Bjorn Hjelm

Identity Assurance Specification
              This was approved as an Implementer's Draft
              A new Identity Assurance Working Group has been approved
              The Connect Working Group will cease work on it
              Issues on the spec will be copied to the new working group when it forms
              Tony and Torsten proposing use of the spec for electronic driver's licenses at ISO
              There's Doodle poll for scheduling the first working group meeting
                            https://doodle.com/poll/fkx5rb6gidnmpvwh

Logout Specifications and Certification
              OP logout tests are available at https://openid.net/certification/logout-op-testing/
              RP logout tests are being tested by the certification team and planned for release later this month
              (FAPI RP tests also launched this week)
              The logout testing is exposing ambiguities in the specs, which we will clean up before making them final

Federation
              The Second Implementer's Draft was approved
              There will be a Federation hackathon at the Internet2 Conference next week
              This is a great time to review the spec
              Tom Jones asked about defining sector-specific metadata
                           Federation metadata is extensible like Discovery metadata is
                           Mike asked Tom to send his definitions to the mailing list for feedback when they're ready

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1133 Clarify that logout notifications to RPs are idempotent
                           Added a comment about Back-Channel Logout specifics
              #1134 Clarify that OPs must send a logout notification to the RP that requested RP-Initiated Logout
                           George wants us to suggest that the RP should clear its logged in state before sending the request
              #1125 *_hash algorithm for EdDSA ID Tokens?
                           We decided to use SHAKE256(x, 114) for Ed448
                           We could also say this in errata
              #1127 Are duplicate "kid"s in jwks permitted under OpenID Connect
                           We agreed that we should enforce "kid" uniqueness in the certification suite
              #1101 Clarify expected OP behaviour upon unsupported prompt parameter value
                           Mike espoused ignoring new values not understood, like for OAuth and JWTs
                           George said that the problem is that there's no way for the RP to know whether the value was acted upon

Next Call
              The next call is Thursday, Dec 5 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191205/5dc7fd6f/attachment.html>


More information about the Openid-specs-ab mailing list