<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 31-Jan-22<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Vittorio Bertocci<o:p></o:p></p>
<p class="MsoNormal">Tony Nadalin<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">David Waite<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Outstanding Implementer's Draft Approval Votes<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://openid.net/foundation/members/polls/261">
https://openid.net/foundation/members/polls/261</a> - prompt=create<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://openid.net/foundation/members/polls/266">
https://openid.net/foundation/members/polls/266</a> - SIOPv2 and OIDC4VP<o:p></o:p></p>
<p class="MsoNormal"> Please participate!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Updated SIOPv2 and OIDC4VP drafts were published addressing editorial issues<o:p></o:p></p>
<p class="MsoNormal"> See the note at the end of <a href="https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/">
https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">These in-person and hybrid 2022 identity events are upcoming:<o:p></o:p></p>
<p class="MsoNormal"> IETF 113 in Vienna, March 19-25<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://www.ietf.org/how/meetings/113/">
https://www.ietf.org/how/meetings/113/</a><o:p></o:p></p>
<p class="MsoNormal"> OpenID Workshop and IIW in Mountain View, April 25-28<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://internetidentityworkshop.com/">
https://internetidentityworkshop.com/</a><o:p></o:p></p>
<p class="MsoNormal"> OAuth Security Workshop in Trondheim, Norway, May 4-6<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://oauth.secworkshop.events/">
https://oauth.secworkshop.events/</a><o:p></o:p></p>
<p class="MsoNormal"> European Identity and Cloud Conference (EIC) in Berlin, May 10-13<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://www.kuppingercole.com/events/eic2022">
https://www.kuppingercole.com/events/eic2022</a><o:p></o:p></p>
<p class="MsoNormal"> Submissions are open until February 28th<o:p></o:p></p>
<p class="MsoNormal"> FIDO Plenary in Munich, May 24-26<o:p></o:p></p>
<p class="MsoNormal"> RSA Conference in San Francisco, June 6-9<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://www.rsaconference.com/usa">
https://www.rsaconference.com/usa</a><o:p></o:p></p>
<p class="MsoNormal"> Identiverse in Denver, June 21-24<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://identiverse.com/">
https://identiverse.com/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open PRs<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #119: adds security consideration for confidentiality response (same-device)<o:p></o:p></p>
<p class="MsoNormal"> Nat asked that a corresponding issue be filed<o:p></o:p></p>
<p class="MsoNormal"> Nat agreed to review it<o:p></o:p></p>
<p class="MsoNormal"> Edmund has PRs #59, #60, #63, and #74<o:p></o:p></p>
<p class="MsoNormal"> PR #60: fixes #1311 - Require refresh tokens<o:p></o:p></p>
<p class="MsoNormal"> Edmund updated this per working group feedback<o:p></o:p></p>
<p class="MsoNormal"> After re-review, this is probably ready to merge<o:p></o:p></p>
<p class="MsoNormal"> PR #63: fixes #1284 - Require Sender Constrained Tokens<o:p></o:p></p>
<p class="MsoNormal"> Edmund updated this per working group feedback<o:p></o:p></p>
<p class="MsoNormal"> After re-review, this is probably ready to merge<o:p></o:p></p>
<p class="MsoNormal"> PR #59: fixes #1225 - clarifies discovery metadata for IA<o:p></o:p></p>
<p class="MsoNormal"> This hasn't been updated recently<o:p></o:p></p>
<p class="MsoNormal"> Edmund asked whether we want to have an array of arrays of claim sets<o:p></o:p></p>
<p class="MsoNormal"> Mike asked whether having a flat array of the union of possible claims would be adequate<o:p></o:p></p>
<p class="MsoNormal"> Nat suggested that a separate issue be filed<o:p></o:p></p>
<p class="MsoNormal"> Edmund agreed to do this<o:p></o:p></p>
<p class="MsoNormal"> PR #74: adds parameter for requesting credential type format - #1276<o:p></o:p></p>
<p class="MsoNormal"> Kristina and Torsten had suggested reusing mechanisms being defined in other Connect specs<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open">
https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal"> #1415: re-using ID Token as a source of third party attested user-claims<o:p></o:p></p>
<p class="MsoNormal"> Noone seemed to think that this is a good idea<o:p></o:p></p>
<p class="MsoNormal"> As Nat said on the call, this violates the audience validation<o:p></o:p></p>
<p class="MsoNormal"> Unless perhaps if there were multiple audiences<o:p></o:p></p>
<p class="MsoNormal"> Vittorio said that asking for an access token with the correct audience would be preferable<o:p></o:p></p>
<p class="MsoNormal"> He said that such an access token might be a lot like an ID Token but would have differences<o:p></o:p></p>
<p class="MsoNormal"> The issue asks for no specification changes<o:p></o:p></p>
<p class="MsoNormal"> Given there is no support for the idea, we proposed to close the issue on that basis in a week<o:p></o:p></p>
<p class="MsoNormal"> #1411: specify how ekyc-ida syntax can be used with Verifiable Credentials<o:p></o:p></p>
<p class="MsoNormal"> The next step seems to be to create a concrete proposal<o:p></o:p></p>
<p class="MsoNormal"> #1402: Cross device flow w/ and w/o authorization_endpoint<o:p></o:p></p>
<p class="MsoNormal"> People are asked to review<o:p></o:p></p>
<p class="MsoNormal"> #1401: Advanced cross device flow for SIOP<o:p></o:p></p>
<p class="MsoNormal"> Torsten agreed to create a PR<o:p></o:p></p>
<p class="MsoNormal"> #1400: Issuer Handling in SIOP<o:p></o:p></p>
<p class="MsoNormal"> Torsten proposes indicating that the token is self-issued by having "iss" be equal to "sub"<o:p></o:p></p>
<p class="MsoNormal"> This is similar to what is done in self-signed certificates<o:p></o:p></p>
<p class="MsoNormal"> Vittorio asked whether we want to rule out scenarios for which the values would be different<o:p></o:p></p>
<p class="MsoNormal"> In the chat, he wrote "it sounds like forcing those two values to be the same would constrain the range of possible scenarios, hence it would be interesting if we could list some of the combinations
that would no longer be possible and have one-liners explaining why they aren't interesting"<o:p></o:p></p>
<p class="MsoNormal"> John said that Stephane Durand raised similar issues in the comments<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next Connect call will be the SIOP Special Topic call on Thursday, February 3rd, 2022 at 7am Pacific Time<o:p></o:p></p>
</div>
</body>
</html>