<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 9-Mar-23<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">David Chadwick<o:p></o:p></p>
<p class="MsoNormal">Takahiko Kawasaki<o:p></o:p></p>
<p class="MsoNormal">Joseph Heenan<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">Giuseppe De Marco<o:p></o:p></p>
<p class="MsoNormal">Judith Kahrer<o:p></o:p></p>
<p class="MsoNormal">Kristina Yasuda<o:p></o:p></p>
<p class="MsoNormal">Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">IETF Meeting in Yokohama<o:p></o:p></p>
<p class="MsoNormal"> The draft submission cutoff is Monday, March 13th<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Federation<o:p></o:p></p>
<p class="MsoNormal"> Joseph described interest in OpenID Connect Federation from Brazil<o:p></o:p></p>
<p class="MsoNormal"> They have separate directories for Open Banking and Open Insurance<o:p></o:p></p>
<p class="MsoNormal"> They are considering Federation to enable interoperation<o:p></o:p></p>
<p class="MsoNormal"> They wanted to understand how close to final it is<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Federation PRs<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/457">
https://bitbucket.org/openid/connect/pull-requests/457</a> feat: [Federation] Listing endpoint - added the parameter trust_mark_id<o:p></o:p></p>
<p class="MsoNormal"> Fairly mature<o:p></o:p></p>
<p class="MsoNormal"> Needs review<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/459">
https://bitbucket.org/openid/connect/pull-requests/459</a> OpenID Connect Federation 1.0: New equals and set_equals policy operators (iss #1819)<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe said that this can be achieved with subset_of and superset_of<o:p></o:p></p>
<p class="MsoNormal"> He questioned whether this is necessary<o:p></o:p></p>
<p class="MsoNormal"> We need additional reviews<o:p></o:p></p>
<p class="MsoNormal"> Taka agreed to review<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/458">
https://bitbucket.org/openid/connect/pull-requests/458</a> fix: [Federation] metadata policies with essential claims<o:p></o:p></p>
<p class="MsoNormal"> This is explanatory, correcting ambiguities<o:p></o:p></p>
<p class="MsoNormal"> Adds an explanatory table<o:p></o:p></p>
<p class="MsoNormal"> It also corrects a regression from a previous PR<o:p></o:p></p>
<p class="MsoNormal"> This needs an approval from Vladimir<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/477">
https://bitbucket.org/openid/connect/pull-requests/477</a> <o:p></o:p></p>
<p class="MsoNormal"> Corrects an inconsistency<o:p></o:p></p>
<p class="MsoNormal"> Needs review<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID4VP<o:p></o:p></p>
<p class="MsoNormal"> Kristina reported on the use of OpenID4VP by the ISO Mobile Driver's License spec<o:p></o:p></p>
<p class="MsoNormal"> ISO wants to go to ballot for publication<o:p></o:p></p>
<p class="MsoNormal"> To do that, they need to reference a stable standard<o:p></o:p></p>
<p class="MsoNormal"> For this, we would need a second Implementer's Draft<o:p></o:p></p>
<p class="MsoNormal"> For instance, we've changed the spec to be based on OAuth rather than Connect since ID1<o:p></o:p></p>
<p class="MsoNormal"> There are two breaking changes we're proposing before the second Implementer's Draft<o:p></o:p></p>
<p class="MsoNormal"> ClientID Schema<o:p></o:p></p>
<p class="MsoNormal"> response_mode=direct_post with the cross-device flow<o:p></o:p></p>
<p class="MsoNormal"> ISO is mandating encryption of the authorization response<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Mike proposed creating a snapshot for a second Implementer's draft<o:p></o:p></p>
<p class="MsoNormal"> No one objected<o:p></o:p></p>
<p class="MsoNormal"> David advocated some additional edits about establishing trust<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID4VP PRs<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/427">
https://bitbucket.org/openid/connect/pull-requests/427</a> OID4VP: client id format<o:p></o:p></p>
<p class="MsoNormal"> David is hoping that this will address issue #1551 - Administrative Trust in the RP<o:p></o:p></p>
<p class="MsoNormal"> He also wants PRs for X.509 and Train to be added<o:p></o:p></p>
<p class="MsoNormal"> PRs #455 and #440<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that the X.509 and Train PRs were separated because their functionality wasn't previously in the spec<o:p></o:p></p>
<p class="MsoNormal"> Torsten said the existing PR already adds a needed and effective mechanism<o:p></o:p></p>
<p class="MsoNormal"> It reduces complexity<o:p></o:p></p>
<p class="MsoNormal"> Torsten said that there isn't sufficient feedback on X.509 yet<o:p></o:p></p>
<p class="MsoNormal"> He said that the same is true for Train<o:p></o:p></p>
<p class="MsoNormal"> Torsten asked for David's help with that one<o:p></o:p></p>
<p class="MsoNormal"> Mike made a consensus call to merge it and merged<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/478">
https://bitbucket.org/openid/connect/pull-requests/478</a> Fixed JARM JWE only encryption language<o:p></o:p></p>
<p class="MsoNormal"> There are use cases where it's desirable to only encrypt a response<o:p></o:p></p>
<p class="MsoNormal"> We discussed that, if not signed, some claims such as "iss" aren't needed<o:p></o:p></p>
<p class="MsoNormal"> This is transport encryption<o:p></o:p></p>
<p class="MsoNormal"> We agreed to merge once a syntax error is corrected<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/474">
https://bitbucket.org/openid/connect/pull-requests/474</a> Extended direct_post to support redirect back to the verifier<o:p></o:p></p>
<p class="MsoNormal"> We started to discuss this but decided to defer to the SIOP segment<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call will be Monday, March 13th at 3pm Pacific Time<o:p></o:p></p>
</div>
</body>
</html>