<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I missed this meeting due to the missing calendar entry. What are
the next steps with app2app flow? Are we going to product a spec or
"best practice" for this method?<br>
<br>
Thanks,<br>
George<br>
<br>
<div class="moz-cite-prefix">On 10/10/19 11:39 AM, Mike Jones via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR00MB0565DA7929DE8801771E863CF5940@BYAPR00MB0565.namprd00.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 10-Oct-19<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">Rich Levinson<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Calendar<o:p></o:p></p>
<p class="MsoNormal">????????????? This call isn't in the OpenID
Foundation calendar anymore<o:p></o:p></p>
<p class="MsoNormal">????????????? Nat fixed this during the
call<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">App2App<o:p></o:p></p>
<p class="MsoNormal">????????????? Joseph described his App2App
application<o:p></o:p></p>
<p class="MsoNormal">????????????? See
<a class="moz-txt-link-freetext" href="https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html">https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html</a><o:p></o:p></p>
<p class="MsoNormal">????????????? It doesn't change the
protocol at all<o:p></o:p></p>
<p class="MsoNormal">????????????? The app claims the
authorization endpoint<o:p></o:p></p>
<p class="MsoNormal">????????????? It improves completion rates,
using biometrics instead of things users remember<o:p></o:p></p>
<p class="MsoNormal">????????????? This is different from
George's NativeSSO spec, which shares a keychain within a
company's apps<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? This works
across applications from different companies<o:p></o:p></p>
<p class="MsoNormal">????????????? Brian said that it would be
inappropriate to specify an app to back end protocol<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? We shouldn't
impose restrictions on how login occurs<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? But advice on
how to accomplish the pattern would be useful<o:p></o:p></p>
<p class="MsoNormal">????????????? John said that there could be
security issues<o:p></o:p></p>
<p class="MsoNormal">????????????? John said that you could do
this with WebAuthn<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? There's a fair
amount of overlap<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? You can do it in
native applications too<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? For instance,
there's an Android API<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">OAuth JAR<o:p></o:p></p>
<p class="MsoNormal">????????????? John will do an update and
then contact the area director<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">OpenID Connect for Identity Proofing<o:p></o:p></p>
<p class="MsoNormal">????????????? We're in the middle of the
45-day review period<o:p></o:p></p>
<p class="MsoNormal">?????????????
<a class="moz-txt-link-freetext" href="https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/">https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/</a><o:p></o:p></p>
<p class="MsoNormal">????????????? Torsten plans to add a
Japanese verification method in a new revision<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">????????????? Torsten believes that we
could get broader participation by having an Identity
Verification working group<o:p></o:p></p>
<p class="MsoNormal">????????????? He also might want to make
the specification more modular<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Federation<o:p></o:p></p>
<p class="MsoNormal">????????????? The Federation spec was
discussed at IIW among Connect and R&E people<o:p></o:p></p>
<p class="MsoNormal">????????????? Roland Hedberg explained a
change to the use of .well-known to make it more parallel to
Discovery<o:p></o:p></p>
<p class="MsoNormal">????????????? Mike has promised Roland a
review of the changes<o:p></o:p></p>
<p class="MsoNormal">????????????? After we publish the next
draft, it's probably time for a second Implementer's Draft<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Sign In with Apple<o:p></o:p></p>
<p class="MsoNormal">????????????? Don posted the follow-up
letter thanking Apple for correcting their implementation<o:p></o:p></p>
<p class="MsoNormal">?????????????
<a class="moz-txt-link-freetext" href="https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/">https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal">?????????????
<a class="moz-txt-link-freetext" href="https://bitbucket.org/openid/connect/issues?status=new&status=open">https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal">????????????? #1116 Returning end user
claims in id token<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Closing since
the question was answered in the comments<o:p></o:p></p>
<p class="MsoNormal">????????????? #1115 how should the OP
behave when a claim is requested but not understood<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Assigned to Mike<o:p></o:p></p>
<p class="MsoNormal">????????????? #1114 Several doubts about
value in individual claim requests (5.5.1)<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Assigned to Mike<o:p></o:p></p>
<p class="MsoNormal">????????????? #1113 IANA discrepancy with
error code "account_selection_required"<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Mike will make
sure that it is registered in the Errata draft updates<o:p></o:p></p>
<p class="MsoNormal">????????????? #1112 Register openid to the
well-known URI scheme IANA registry<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Nat to edit the
issue to remove the well-known URI reference and add RFC 7595<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? We will do this,
since there is increasing interested in the self-issued OP
functionality from the self-sovereign identity crowd<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Nat or Mike
should probably be the person to make the registration request<o:p></o:p></p>
<p class="MsoNormal">????????????? #1110 [Identity Assurance]
Giving null and/or empty strings special meanings might bring
about difficulties in implementations<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? This is
substantive.? We should address it after the Implementer's
Draft is approved.<o:p></o:p></p>
<p class="MsoNormal">?????????????????????????? Also see #1109,
which is on the same topic<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">SURFnet OpenID Connect Proxy Certification
Issues<o:p></o:p></p>
<p class="MsoNormal">????????????? We ran out of time to
continue discussing this<o:p></o:p></p>
<p class="MsoNormal"><o:p>?</o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal">????????????? The next call is Monday,
October 14 at 4pm Pacific Time<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>