<div dir="auto">I was only there to make sure that the bridge gets opened and dropped off before the call was formally started so I should be removed from the attendance list. <div dir="auto"><br></div><div dir="auto">Nat Sakimura </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">2023年3月10日(金) 7:26 Mike Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="m_-7127959369031794835WordSection1">
<p class="MsoNormal">Spec Call Notes 9-Mar-23<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Nat Sakimura<u></u><u></u></p>
<p class="MsoNormal">Mike Jones<u></u><u></u></p>
<p class="MsoNormal">David Chadwick<u></u><u></u></p>
<p class="MsoNormal">Takahiko Kawasaki<u></u><u></u></p>
<p class="MsoNormal">Joseph Heenan<u></u><u></u></p>
<p class="MsoNormal">Bjorn Hjelm<u></u><u></u></p>
<p class="MsoNormal">Giuseppe De Marco<u></u><u></u></p>
<p class="MsoNormal">Judith Kahrer<u></u><u></u></p>
<p class="MsoNormal">Kristina Yasuda<u></u><u></u></p>
<p class="MsoNormal">Torsten Lodderstedt<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">IETF Meeting in Yokohama<u></u><u></u></p>
<p class="MsoNormal"> The draft submission cutoff is Monday, March 13th<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Federation<u></u><u></u></p>
<p class="MsoNormal"> Joseph described interest in OpenID Connect Federation from Brazil<u></u><u></u></p>
<p class="MsoNormal"> They have separate directories for Open Banking and Open Insurance<u></u><u></u></p>
<p class="MsoNormal"> They are considering Federation to enable interoperation<u></u><u></u></p>
<p class="MsoNormal"> They wanted to understand how close to final it is<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Federation PRs<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/457" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/457</a> feat: [Federation] Listing endpoint - added the parameter trust_mark_id<u></u><u></u></p>
<p class="MsoNormal"> Fairly mature<u></u><u></u></p>
<p class="MsoNormal"> Needs review<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/459" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/459</a> OpenID Connect Federation 1.0: New equals and set_equals policy operators (iss #1819)<u></u><u></u></p>
<p class="MsoNormal"> Giuseppe said that this can be achieved with subset_of and superset_of<u></u><u></u></p>
<p class="MsoNormal"> He questioned whether this is necessary<u></u><u></u></p>
<p class="MsoNormal"> We need additional reviews<u></u><u></u></p>
<p class="MsoNormal"> Taka agreed to review<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/458" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/458</a> fix: [Federation] metadata policies with essential claims<u></u><u></u></p>
<p class="MsoNormal"> This is explanatory, correcting ambiguities<u></u><u></u></p>
<p class="MsoNormal"> Adds an explanatory table<u></u><u></u></p>
<p class="MsoNormal"> It also corrects a regression from a previous PR<u></u><u></u></p>
<p class="MsoNormal"> This needs an approval from Vladimir<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/477" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/477</a> <u></u><u></u></p>
<p class="MsoNormal"> Corrects an inconsistency<u></u><u></u></p>
<p class="MsoNormal"> Needs review<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">OpenID4VP<u></u><u></u></p>
<p class="MsoNormal"> Kristina reported on the use of OpenID4VP by the ISO Mobile Driver's License spec<u></u><u></u></p>
<p class="MsoNormal"> ISO wants to go to ballot for publication<u></u><u></u></p>
<p class="MsoNormal"> To do that, they need to reference a stable standard<u></u><u></u></p>
<p class="MsoNormal"> For this, we would need a second Implementer's Draft<u></u><u></u></p>
<p class="MsoNormal"> For instance, we've changed the spec to be based on OAuth rather than Connect since ID1<u></u><u></u></p>
<p class="MsoNormal"> There are two breaking changes we're proposing before the second Implementer's Draft<u></u><u></u></p>
<p class="MsoNormal"> ClientID Schema<u></u><u></u></p>
<p class="MsoNormal"> response_mode=direct_post with the cross-device flow<u></u><u></u></p>
<p class="MsoNormal"> ISO is mandating encryption of the authorization response<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> Mike proposed creating a snapshot for a second Implementer's draft<u></u><u></u></p>
<p class="MsoNormal"> No one objected<u></u><u></u></p>
<p class="MsoNormal"> David advocated some additional edits about establishing trust<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">OpenID4VP PRs<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/427" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/427</a> OID4VP: client id format<u></u><u></u></p>
<p class="MsoNormal"> David is hoping that this will address issue #1551 - Administrative Trust in the RP<u></u><u></u></p>
<p class="MsoNormal"> He also wants PRs for X.509 and Train to be added<u></u><u></u></p>
<p class="MsoNormal"> PRs #455 and #440<u></u><u></u></p>
<p class="MsoNormal"> Torsten said that the X.509 and Train PRs were separated because their functionality wasn't previously in the spec<u></u><u></u></p>
<p class="MsoNormal"> Torsten said the existing PR already adds a needed and effective mechanism<u></u><u></u></p>
<p class="MsoNormal"> It reduces complexity<u></u><u></u></p>
<p class="MsoNormal"> Torsten said that there isn't sufficient feedback on X.509 yet<u></u><u></u></p>
<p class="MsoNormal"> He said that the same is true for Train<u></u><u></u></p>
<p class="MsoNormal"> Torsten asked for David's help with that one<u></u><u></u></p>
<p class="MsoNormal"> Mike made a consensus call to merge it and merged<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/478" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/478</a> Fixed JARM JWE only encryption language<u></u><u></u></p>
<p class="MsoNormal"> There are use cases where it's desirable to only encrypt a response<u></u><u></u></p>
<p class="MsoNormal"> We discussed that, if not signed, some claims such as "iss" aren't needed<u></u><u></u></p>
<p class="MsoNormal"> This is transport encryption<u></u><u></u></p>
<p class="MsoNormal"> We agreed to merge once a syntax error is corrected<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/474" target="_blank" rel="noreferrer">
https://bitbucket.org/openid/connect/pull-requests/474</a> Extended direct_post to support redirect back to the verifier<u></u><u></u></p>
<p class="MsoNormal"> We started to discuss this but decided to defer to the SIOP segment<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Next Call<u></u><u></u></p>
<p class="MsoNormal"> The next call will be Monday, March 13th at 3pm Pacific Time<u></u><u></u></p>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" rel="noreferrer">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote></div>