[Openid-specs-ab] Spec Call Notes 31-Aug-20

Mike Jones Michael.Jones at microsoft.com
Tue Sep 1 01:28:28 UTC 2020

The Claims aggregation draft is now listed at https://openid.net/connect/ and https://openid.net/wg/connect/status/.

                                                       -- Mike

From: Mike Jones
Sent: Monday, August 31, 2020 5:15 PM
To: openid-specs-ab at lists.openid.net
Subject: Spec Call Notes 31-Aug-20

Spec Call Notes 31-Aug-20

Nat Sakimura
John Bradley
Mike Jones
Tobias Looker
Tom Jones
Kristina Yasuda
James Manger
Edmund Jay

External Organizations
              Kristina believes that OIDF should receive a signed liaison agreement from DIF soon
              Some DIF participants will attend this Pacific-friendly call versus some will attend the Europe-friendly call
                           For instance, Oliver Terbu and Markus Sabadello attended the previous call

              IIW Registration is open
                           October 20-22, 2020 https://internetidentityworkshop.com/
              OpenID Virtual Workshop
                           October 28, 2020 at 9am PT/12pm ET/4pm UTC
              FDX Workshop
                           Nat is speaking at a workshop on FAPI September 21/22

              Mike summarized some of the discussions from the last call
              Existing SIOP deployments
                           Nat said that the RECUIT company in Japan has a deployment with tens of millions of users

Aggregated Claims Draft
              Sources are now in our bitbucket repository, as well as HTML
                           Mike will post the working group draft to openid.net/specs/

SIOP Laundry List
              Tobias created a document with a set of straw polls
              A.  Either (1) have sub always be a URI or (2) allow either JWK Thumbprint or URI
                           Mike said that it's not a breaking change if we continue to allow JWK Thumbprints
                           John said that he hates content sniffing
                           Nat and Kristina will talk with people behind the RECRUIT deployment to learn its status
                           James pointed out that if you change the issuer, you can change the sub without it being a breaking change
                           John said that we want to still support signing without a dereference
                           Nat said we could use a new URL like https://self-issued.me/v2/
                                         Then we could have the "sub" always be a URI
                           Tobias said that the parties need to communicate which kinds of URIs they support
                           John said that we're also essentially talking about different response types
                           Tobias said that you may also be asking for aggregated claims
                           John suggested we do RP discovery rather than jam everything into the request
                                         Mike noted that OpenID Connect Federation uses RP discovery
                                         Tobias wants RPs to be able to operate without hosting a URL
              (Nat called time before we got through the straw polls)

Adoption of Tom's document
              Tom would like to have his document adopted by the working group
              Mike reminded people that to be adopted, the contents of document needs to be sent to the mailing list
                           Not just a reference
              Tom plans to do that

              James Manger (re)introduced himself
              He's at Telstra Labs in Melbourne, Australia
              They've been doing OpenID Connect for quite a while
              He wonders how self-issued identities can be used with fraud prevention

Next Calls
              Nat asked whether we want to have weekly calls
                           John asked if he meant both calls or just the Pacific call
              Nat was proposing making the Pacific call weekly and leaving a bi-weekly Atlantic call
                           (This was the original call schedule years ago)
              We would need two weeks' notice
              Nat will notify the list

              We decommissioned the old certification suite today
              Now only the new Java-based suite is running
              See the updated instructions at https://openid.net/certification/instructions/

logout_hint Proposal
              Issue #1182 - Add logout_hint parameter to RP-Initiated Logout request
              (We ran out of time before discussing this. Please comment in the issue.)

Open Issues
              (We ran out of time so no additional open issues were discussed)

Next Call
              The next working group call is Thursday, September 10 at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200901/1924f6ad/attachment-0001.html>

More information about the Openid-specs-ab mailing list