<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:91240275;
mso-list-template-ids:1613550598;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:262496402;
mso-list-template-ids:14291566;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:447437554;
mso-list-template-ids:-1601637118;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:802961661;
mso-list-template-ids:597696016;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1098914976;
mso-list-template-ids:-973282826;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:1474716472;
mso-list-template-ids:818467418;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6
{mso-list-id:1561482840;
mso-list-template-ids:-1959239728;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7
{mso-list-id:2082213956;
mso-list-template-ids:1292952024;}
@list l7:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l7:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Thanks to Karthik for taking notes yesterday!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Karthik Sivasamy <karthik.sivasamy@mattr.global>
<br>
<b>Sent:</b> Monday, August 29, 2022 5:59 PM<br>
<b>To:</b> Mike Jones <Michael.Jones@microsoft.com><br>
<b>Subject:</b> OpenID Connect A/B Call Meeting Notes - 30th August 2022<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Mike,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As promised, Please find below the meeting notes that I recorded during our OIDC A/B Call today (30<sup>th</sup> August 2022 New Zealand Time).<o:p></o:p></p>
<p class="MsoNormal">Hopefully this helps.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Karthik<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="mso-fareast-language:EN-GB">Date: 30th August 30, 2022 (New Zealand Standard Time)<o:p></o:p></span></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0in"><b>Attendees:</b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Mike Jones
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Vittorio<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Nat<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Karthik
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Dima<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Tobias<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Guiseppe De Marco<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">Tom Jones<o:p></o:p></li><li class="MsoNormal" style="mso-list:l5 level1 lfo1;vertical-align:middle">John Bradley<o:p></o:p></li></ul>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<o:p></o:p></p>
<p style="margin:0in"> <o:p></o:p></p>
<p style="margin:0in"><b>PR - 286</b> (<a href="https://bitbucket.org/openid/connect/pull-requests/286">https://bitbucket.org/openid/connect/pull-requests/286</a>)<o:p></o:p></p>
<p style="margin:0in"> <o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l6 level1 lfo2;vertical-align:middle">Tobias -
<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">This pattern can lead to double up to get the same information
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l6 level1 lfo2;vertical-align:middle">Mike<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">If you are in multi-party federation, this is the way of RP saying I want to be part of the federation request<o:p></o:p></li><li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">In the Italian federation, they found this pattern useful architecturally<o:p></o:p></li><li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">3 approval received so far for the PR<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l6 level1 lfo2;vertical-align:middle">Tobias - Concern
<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">There could be inconsistency
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">Mike - willing to hold this open if Tobias wants to actively review the PR<o:p></o:p></li><li class="MsoNormal" style="mso-list:l6 level2 lfo2;vertical-align:middle">Tobias thinks there is general utility for automatic registration wider than the federation scenarios - so there is a benefit in seeing with that lens<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l6 level1 lfo2;vertical-align:middle">Giuseppe:<o:p></o:p></li></ul>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in">
<span lang="EN-GB">unfortunately I can't speak because too late in italy and I'm sacrified in a little house in the mountains and everybody sleep right now.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in">
<o:p></o:p></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in">
<o:p></o:p></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in">
<span lang="EN-GB">well, thank you mike for the explanation. The hinted trust chain pushes a signal that an already cached EC by a OP is changed, and the RP let the OP knows this to get its EC be updated to the OP (hopefully, it's an hint)<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<span lang="EN-GB"> <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo3;vertical-align:middle"><span lang="EN-GB">Tobias is less concerned if it is signal or hint<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo3;vertical-align:middle"><b><span lang="EN-GB">Action</span></b><span lang="EN-GB"> - Mike requested Tobias to review by Thursday<o:p></o:p></span></li></ul>
<p style="margin:0in"><span lang="EN-GB"> <o:p></o:p></span></p>
<p style="margin:0in"><b><span lang="EN-GB">PR - 289</span></b><span lang="EN-GB"> (<a href="https://bitbucket.org/openid/connect/pull-requests/289"><span lang="EN-US">https://bitbucket.org/openid/connect/pull-requests/289</span></a>)<o:p></o:p></span></p>
<p style="margin:0in"><span lang="EN-GB"> <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l3 level1 lfo4;vertical-align:middle"><span lang="EN-GB">Describing the differences between automatic and explicit registration<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l3 level1 lfo4;vertical-align:middle"><span lang="EN-GB">Kristina requested for Tobias to review - Mike to see whether he can add Tobias as an approver<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l3 level1 lfo4;vertical-align:middle"><span lang="EN-GB">Tobias - Comparison should not be just with dynamic registration, but also with pre-registration client via out-of-band process<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l3 level1 lfo4;vertical-align:middle"><b><span lang="EN-GB">ACTION -</span></b><span lang="EN-GB"> Tobias to review this PR
<o:p></o:p></span></li></ul>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<span lang="EN-GB"> <o:p></o:p></span></p>
<p style="margin:0in"><span lang="EN-GB"> <o:p></o:p></span></p>
<p style="margin:0in"><b><span lang="EN-GB">Issue 1606 - </span></b><span lang="EN-GB"><a href="https://bitbucket.org/openid/connect/issues/1606/relax-behaviour-around-automatic-client"><span lang="EN-US">https://bitbucket.org/openid/connect/issues/1606/relax-behaviour-around-automatic-client</span></a><o:p></o:p></span></p>
<p style="margin:0in"> <o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level1 lfo5;vertical-align:middle">Mike - This issue took half the time on federation call on Friday<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level2 lfo5;vertical-align:middle">Giuseppe was in the favor of relaxation. Mike asked John to look at It and John looked at the issue in the call<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level2 lfo5;vertical-align:middle">There is a Distinction in the use-cases - What we want from federation vs general<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">For Federation - John pointed out - the entire ecosystem needs to establish trust between participants. This is due to legal reasons (not just for protocol messaging)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">E.g. Edugain - code of conduct and trust across the ecosystem<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l7 level4 lfo5;vertical-align:middle">If you have a client that you can't clearly identify , then there is a inherent risk<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level4 lfo5;vertical-align:middle">For federation use-cases we want to keep it as is - but we could add a note for other use cases, you could forego the requirement of signed request<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level2 lfo5;vertical-align:middle">Tobias - If redirect URI used by the client is http based and OP trusts the redirect URI<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">We do have a trust on redirect URI and somehow we can identify the client using that
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">Signed request object is one way to identify the client
<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l7 level4 lfo5;vertical-align:middle">Automatic registration can be done without signed request object
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level4 lfo5;vertical-align:middle">We could separate out both
<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">If we are going to reference federation spec for other use-cases, we want a more clear direction in the spec than a note in the specification<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">We want implementers to understand the differences and implication<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">We are talking about a new way of registering client
<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level2 lfo5;vertical-align:middle">Mike to think about this scenario seriously<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">Wants more than automatic registration<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">Tobias - Why do we need entity statement. Client may reference their metadata in the published URI ( that may also include entity statement )<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">John Bradley did a version of this ten years ago without a traction in OAuth working Group
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle"><b>ACTION</b> - Mike to think about the language in which it was written and whether we can rewrite in a approachable language<o:p></o:p></li><li class="MsoNormal" style="mso-list:l7 level3 lfo5;vertical-align:middle">Tobias - I am not suggesting any normative changes to the Federation spec<o:p></o:p></li></ul>
</ul>
</ul>
<p style="margin:0in"> <o:p></o:p></p>
<p style="margin:0in"><b>Mike</b> - Nat filed a number of issues. Let us look at it
<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo6;vertical-align:middle">Kristina - mainly editorial<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo6;vertical-align:middle">Nat - started reviewing the document and mostly editorial stuff. E.g. consistent capitalization, etc..
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo6;vertical-align:middle">New Grant Type discussion (pre-authorized code flow)<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo6;vertical-align:middle">Kristina
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l0 level3 lfo6;vertical-align:middle">Client can take the pre-authorised code to the token endpoint which can't be satisfied with any existing grant type<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level3 lfo6;vertical-align:middle">So we created a new grant type - that is the rational<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level3 lfo6;vertical-align:middle">NAT - to look closely into the spec<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level4 lfo6;vertical-align:middle">Can be a nightmare from security point of view<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo6;vertical-align:middle">Vittorio
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l0 level3 lfo6;vertical-align:middle">That sounds like a regression and agreeing with Nat's views (Custom pre-authorization code flow in general )<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo6;vertical-align:middle">Nat - the fact that it talks straight to token endpoint is concerning from security point of view<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo6;vertical-align:middle">TL - There are multiple ways we can secure pre-authorized code flow (client authentication)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo6;vertical-align:middle"><b>ACTION</b> - Nat and Vittorio to relook at this<o:p></o:p></li></ul>
</ul>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<o:p></o:p></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<o:p></o:p></p>
<p style="margin:0in"><b>PR - 293 </b><a href="https://bitbucket.org/openid/connect/pull-requests/293Kristina%20-%20Discussing%20/">https://bitbucket.org/openid/connect/pull-requests/293Kristina - Discussing /</a>
<br>
(Decoupling proof and key attestation)<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo7;vertical-align:middle">Three big changes<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Separated attestation from the binding method<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Replace Proof with binding_method (happy to reword)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Defined attestation
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">Guiseppe reviewed - x5c claim required<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo7;vertical-align:middle">John Bradley<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Google has 2 attestation formats<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">Android key store attestation only says something about the key<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Tobias - Android safety net uses android key attestation
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">They are for different purposes but has relationship at a low level<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Google has said that they will be changing it.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Has suspicion that RP is going to have hard time with 32 different formats & methods
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">RP with WebAuthn has hard time with attestationformats
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">TL - What constitutes an attestation format ?<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle"><span lang="EN-GB">what constitutes an attestation format: data representation (jwt, cwt)? Is X.509 too broad?<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">Is x509 format or android safety net or JWT or cwt<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">Android key store and attestation uses its own exotic format
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">John<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">You can sign a JWT and CBOR and include that in the certificate
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">There is some sort of root key needed to be validated to provide attestation - the actual attestation is not a x509 certificate<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Say you are using a YubiKey - RP will ask for compact attestation where the key has x509 certificate (batch key)<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">Essentially as JWT is created signed by the secret key
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">Certificate for that key is signed by the Public key and goes to RP<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">RP can look at the key and find the root for that certificate
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">The thing that signed the public key is being attested when walking back<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Tobias - there are also attestation formats that is a chain of x509
<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">In Android key store - attestation format was x509<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level5 lfo7;vertical-align:middle">What is the attestation format - is it going to mirror cwt or jwt or lower level detail?<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Tobias - Key attestation in android is x509
<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">John - The bottom line is RPs are not equipped to deal with the complexity to verify the attestation mechanism<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">TL - big question is - Where do we draw the boundary on attestation formats vs options that exists with attestation formats (is x509 too broad)?<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">John - Create an object that has a byte strings (similar to webauthn)
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">TL - Less ideal but probably a reality.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">John - things are going to change constantly (google relooking attestation formats).<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">essentially make an IANA registry for the format and leave it to RP.
<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">John - whether the issuer is going to trust the key attestation or wallet provider ?<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Kristina -
<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">Considering there is no standard way to put the attestation information, how do we approach?<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level3 lfo7;vertical-align:middle">John - Create an attestation container that has:<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="square">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Format id - jwt (android safetynet), tpm , andorid key store,
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Type - android safetynet<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level4 lfo7;vertical-align:middle">Byte string - having raw attestation
<o:p></o:p></li></ul>
</ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle"><b>ACTION</b> - Kristina to update the PR with this information
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level2 lfo7;vertical-align:middle">Guiseppe -
<span lang="EN-GB">considering that the Provider may be able to add additional information, more than the app attestation API does ... for instance a wallet unique ID (different from the provider/backend client_id)<o:p></o:p></span></li></ul>
</ul>
<p style="margin:0in"> <o:p></o:p></p>
<p style="margin:0in"> <o:p></o:p></p>
<p style="margin:0in"><b>Kristina - requesting John's opinion on single credential endpoint vs batch credential issuance
</b><o:p></o:p></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:27.0pt">
<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l4 level1 lfo8;vertical-align:middle">Kristina - we also had separate endpoint called deferred credential endpoint:<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l4 level2 lfo8;vertical-align:middle">There is an implementation feedback questioning the value of this endpoint<o:p></o:p></li><li class="MsoNormal" style="mso-list:l4 level2 lfo8;vertical-align:middle">Editors thinking to repurpose simple and batch endpoints to include deferred credential scenarios<o:p></o:p></li><li class="MsoNormal" style="mso-list:l4 level2 lfo8;vertical-align:middle">John - on the phase of it polling can be complicated due to DDoS<o:p></o:p></li></ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l4 level3 lfo8;vertical-align:middle">E.g CIBA
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l4 level3 lfo8;vertical-align:middle">This sounds like the problems we looked at CIBA
<o:p></o:p></li><li class="MsoNormal" style="mso-list:l4 level3 lfo8;vertical-align:middle">In FAPI, we have scenarios where we start the transaction and it can't be completed which required similar approach - but this will open a can of worms
<o:p></o:p></li></ul>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l4 level2 lfo8;vertical-align:middle">Introducing delayed mechanisms will push people to ask more features similar to this which can get quite complex to achieve.<o:p></o:p></li></ul>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>