<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Spec call notes 7-Jul-16<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Justin Richer<o:p></o:p></p>
<p class="MsoNormal">Nov Matake<o:p></o:p></p>
<p class="MsoNormal">Phil Hunt<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Prateek Mishra<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda<o:p></o:p></p>
<p class="MsoNormal"> SCIM Draft<o:p></o:p></p>
<p class="MsoNormal"> Open Issues<o:p></o:p></p>
<p class="MsoNormal"> Federation section in new version of NIST SP 800-63<o:p></o:p></p>
<p class="MsoNormal"> Preparing for IETF 96 Berlin<o:p></o:p></p>
<p class="MsoNormal"> Next meetings<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">SCIM Draft<o:p></o:p></p>
<p class="MsoNormal"> Phil described the use case and motivation<o:p></o:p></p>
<p class="MsoNormal"> Prateek said that many business applications are converting to OpenID Connect<o:p></o:p></p>
<p class="MsoNormal"> Post authentication, applications want to access business data via SCIM<o:p></o:p></p>
<p class="MsoNormal"> Prateek had asked about spec mechanics on the list<o:p></o:p></p>
<p class="MsoNormal"> The integration with OpenID Connect for directory enabled applications seems obvious<o:p></o:p></p>
<p class="MsoNormal"> Phil had talked with Chuck Mortimore about SCIM identifiers versus OpenID Connect identifiers<o:p></o:p></p>
<p class="MsoNormal"> People shouldn't assume that the identifiers are the same, particularly for legacy systems<o:p></o:p></p>
<p class="MsoNormal"> The spec uses two methods the /me path and the scim_id and scim_location claims<o:p></o:p></p>
<p class="MsoNormal"> An open question is whether applications would access both the UserInfo Endpoint and the SCIM endpoint<o:p></o:p></p>
<p class="MsoNormal"> A question was asked on the list about scopes<o:p></o:p></p>
<p class="MsoNormal"> Phil thought that scopes work might want to happen in the IETF SCIM working group<o:p></o:p></p>
<p class="MsoNormal"> Then it would not be Connect specific<o:p></o:p></p>
<p class="MsoNormal"> Having a standard will let developers do this in a consistent way<o:p></o:p></p>
<p class="MsoNormal"> Mike asked who on the call has reviewed the spec<o:p></o:p></p>
<p class="MsoNormal"> Justin has skimmed it<o:p></o:p></p>
<p class="MsoNormal"> Nov has looked through it<o:p></o:p></p>
<p class="MsoNormal"> Nov described a use case in Japan in which the OpenID Provider is a SCIM client provisioning profile data to the RP<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> The document has been proposed for adoption<o:p></o:p></p>
<p class="MsoNormal"> We will give people a week to review the document and provide comments on adoption<o:p></o:p></p>
<p class="MsoNormal"> Mike said that adopting the document indicates interest in the area and having a starting point for the work<o:p></o:p></p>
<p class="MsoNormal"> It's normal for the specification to evolve after adoption<o:p></o:p></p>
<p class="MsoNormal"> Prateek said that having a formal document will help it get attention<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal"> Open issues are at https://bitbucket.org/openid/connect/issues?status=new&status=open<o:p></o:p></p>
<p class="MsoNormal"> Issue #994 on the definition of country within the address claim<o:p></o:p></p>
<p class="MsoNormal"> The issue asked whether it's an ISO two letter code<o:p></o:p></p>
<p class="MsoNormal"> Mike said that this is part of a postal address, so may be written out, such as "Deutschland"<o:p></o:p></p>
<p class="MsoNormal"> Phil asked if we know how implementers are typically using this<o:p></o:p></p>
<p class="MsoNormal"> We don't have much data<o:p></o:p></p>
<p class="MsoNormal"> This is actually presently coming up at Microsoft, where there's a desire for an ISO country code claim<o:p></o:p></p>
<p class="MsoNormal"> Mike will gather data and report back<o:p></o:p></p>
<p class="MsoNormal"> Issue #995 Editorial Issue: description of policy_uri in DynReg<o:p></o:p></p>
<p class="MsoNormal"> Mike will fix this syntactic nit as part of the errata edits<o:p></o:p></p>
<p class="MsoNormal"> Issue #993 How to treat a zero max_age request parameter?<o:p></o:p></p>
<p class="MsoNormal"> This is effectively prompt=login<o:p></o:p></p>
<p class="MsoNormal"> We can add a comment to this effect as part of the errata process<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Federation section in new version of NIST SP 800-63<o:p></o:p></p>
<p class="MsoNormal"> Justin asks that people review this<o:p></o:p></p>
<p class="MsoNormal"> See https://github.com/usnistgov/800-63-3/issues<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Preparing for IETF 96 Berlin<o:p></o:p></p>
<p class="MsoNormal"> Token Binding of access tokens is one important topic<o:p></o:p></p>
<p class="MsoNormal"> The current Token Binding drafts don't provide a way to provide the referred token binding<o:p></o:p></p>
<p class="MsoNormal"> The OAuth Mix-Up Mitigation is another important topic to participate in<o:p></o:p></p>
<p class="MsoNormal"> The OAuth JWS Request draft will progress<o:p></o:p></p>
<p class="MsoNormal"> People should get any last comments in on it ASAP<o:p></o:p></p>
<p class="MsoNormal"> Hannes produced some comments that John is applying to the present draft<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Calls<o:p></o:p></p>
<p class="MsoNormal"> Our next call is Monday, July 11th at 3pm Pacific Time<o:p></o:p></p>
<p class="MsoNormal"> We are tentatively cancelling the 7am call on Thursday, July 21st, since it's during IETF<o:p></o:p></p>
<p class="MsoNormal"> See the calendar at http://openid.net/wg/connect/ to see the call times in your local time<o:p></o:p></p>
</div>
</body>
</html>