<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 6-Oct-22<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Fabian Hoffmann (yes.com)<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">Giuseppe De Marco<o:p></o:p></p>
<p class="MsoNormal">Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open">
https://bitbucket.org/openid/connect/issues?status=new&status=open</a><o:p></o:p></p>
<p class="MsoNormal"> #1654: Entity Statement Hosting<o:p></o:p></p>
<p class="MsoNormal"> We will delete the misleading sentence<o:p></o:p></p>
<p class="MsoNormal"> #1655: trust_anchor_id in entity statement?<o:p></o:p></p>
<p class="MsoNormal"> Torsten thought that it was strange for an Entity statement to contain this<o:p></o:p></p>
<p class="MsoNormal"> #1660: Section 10.2 Explicit Registration lacks formal parameter definition<o:p></o:p></p>
<p class="MsoNormal"> Torsten asked why an entity statement is returned from explicit registration<o:p></o:p></p>
<p class="MsoNormal"> He would rather that we use a normal client registration response<o:p></o:p></p>
<p class="MsoNormal"> We clearly need to normatively define explicit registration and its parameters<o:p></o:p></p>
<p class="MsoNormal"> #1657: Section 4.1. Wording<o:p></o:p></p>
<p class="MsoNormal"> We agreed with the proposed addition<o:p></o:p></p>
<p class="MsoNormal"> #1661: language around server metadata is quite involved<o:p></o:p></p>
<p class="MsoNormal"> Joseph suggested that we also explicitly refer to the registry.<o:p></o:p></p>
<p class="MsoNormal"> We could be clearer about the distinction between Connect federations and OAuth 2 federations and why we even talk about the latter.<o:p></o:p></p>
<p class="MsoNormal"> #1656: Move 3.2. Trust Chain before Entity Statements<o:p></o:p></p>
<p class="MsoNormal"> The editors will review 3.1 and 3.2 for readability and approachability. Possibly more cross-references would help.<o:p></o:p></p>
<p class="MsoNormal"> #1658: Clarification on OP metadata (Section 4.3)<o:p></o:p></p>
<p class="MsoNormal"> Torsten suggests this to enable existing RPs to not have to change<o:p></o:p></p>
<p class="MsoNormal"> This possibility came up in the technical GAIN discussions<o:p></o:p></p>
<p class="MsoNormal"> Once RPs know the issuer URL, they could use the standard .well-known/openid-configuration mechanism<o:p></o:p></p>
<p class="MsoNormal"> #1659: trust_chain parameter not mentioned in PAR/automatic and explicit client registration requests<o:p></o:p></p>
<p class="MsoNormal"> This is also related to there not being a normative definition of explicit registration<o:p></o:p></p>
<p class="MsoNormal"> The registration mechanisms share a common set of parameters<o:p></o:p></p>
<p class="MsoNormal"> #1662: id_token signature validation<o:p></o:p></p>
<p class="MsoNormal"> We need to discuss whether it was an intentional change from Connect to always validate the ID Token.<o:p></o:p></p>
<p class="MsoNormal"> We also need to be clear that flows other than the Code flow can be used.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> We ran out of time to discuss pull requests<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call is at 4pm Pacific Time on Monday, October 10, 2022<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>