<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 29-Apr-24<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Aaron Parecki<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Dima Postnikov<o:p></o:p></p>
<p class="MsoNormal">Victor Lu<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal">Tom Jones<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Possible Federation Listing Endpoint Enhancements<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe wrote up a listing endpoint that returns more than Entity Identifiers<o:p></o:p></p>
<p class="MsoNormal"> See issue #2109<o:p></o:p></p>
<p class="MsoNormal"> Dima requested pagination<o:p></o:p></p>
<p class="MsoNormal"> No strong preference how it's implemented<o:p></o:p></p>
<p class="MsoNormal"> Have over a thousand entities in a flat structure<o:p></o:p></p>
<p class="MsoNormal"> Mike said that there's a pagination option in SCIM that we could look at<o:p></o:p></p>
<p class="MsoNormal"> Mike asked whether a change indicator is needed<o:p></o:p></p>
<p class="MsoNormal"> Dima said that normally not<o:p></o:p></p>
<p class="MsoNormal"> Dima said this use case comes from Raidiam (Ralph Bragg, Chris Michael)<o:p></o:p></p>
<p class="MsoNormal"> Dima requested more filtering options<o:p></o:p></p>
<p class="MsoNormal"> Give me things that have changed in last 24 hours<o:p></o:p></p>
<p class="MsoNormal"> Possibly also query by status (active, deactivated, suspended, historical, etc.)<o:p></o:p></p>
<p class="MsoNormal"> Dima said that Open Banking ecosystems have status for participants<o:p></o:p></p>
<p class="MsoNormal"> Some statuses limit ability to interact<o:p></o:p></p>
<p class="MsoNormal"> Mike pointed out that we don't currently have a concept of status, although it could be added<o:p></o:p></p>
<p class="MsoNormal"> Dima would like a bulk download feature<o:p></o:p></p>
<p class="MsoNormal"> An OP Could periodically ask for the set of changed Subordinate Statements from a Trust Anchor<o:p></o:p></p>
<p class="MsoNormal"> Open Banking/Open Data registries tend to have this kind of functionality<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OAuth Spec Last Calls<o:p></o:p></p>
<p class="MsoNormal"> Rifaat plans to start WGLC on Browser-Based Apps<o:p></o:p></p>
<p class="MsoNormal"> After that, he plans to start a second WGLC for Resource Metadata<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">FedCM<o:p></o:p></p>
<p class="MsoNormal"> Nat talked with Sam Goto about FedCM at IIW<o:p></o:p></p>
<p class="MsoNormal"> They discussed the possibility of a FedCM binding to OpenID Connect<o:p></o:p></p>
<p class="MsoNormal"> Aaron reported similar discussions at OSW<o:p></o:p></p>
<p class="MsoNormal"> Aaron said that FedCM currently doesn't care what the token is that's returned<o:p></o:p></p>
<p class="MsoNormal"> In a Connect profile, the token would be an ID Token<o:p></o:p></p>
<p class="MsoNormal"> Aaron is now actively tracking FedCM<o:p></o:p></p>
<p class="MsoNormal"> It's shipping in Chrome under a feature flag<o:p></o:p></p>
<p class="MsoNormal"> Google plans to turn it on for Google login<o:p></o:p></p>
<p class="MsoNormal"> It would be good to keep things as aligned with Connect as possible<o:p></o:p></p>
<p class="MsoNormal"> Tom reported that FedCM is being specified in Blink - a development environment for Chromium<o:p></o:p></p>
<p class="MsoNormal"> Tom described an IdP selection feature<o:p></o:p></p>
<p class="MsoNormal"> But it's a finite list<o:p></o:p></p>
<p class="MsoNormal"> Aaron is tracking this<o:p></o:p></p>
<p class="MsoNormal"> Aaron says that IdPs can register with the browser, and only those would be shown<o:p></o:p></p>
<p class="MsoNormal"> Victor pointed us to a use case document<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://docs.google.com/document/u/0/d/1GvQrIQ8DSFzT7SbUd3ptDnF8QFZR23t5-NdNO8z4w7c/mobilebasic">
https://docs.google.com/document/u/0/d/1GvQrIQ8DSFzT7SbUd3ptDnF8QFZR23t5-NdNO8z4w7c/mobilebasic</a><o:p></o:p></p>
<p class="MsoNormal"> There is an OAuth interim meeting about FedCM and OAuth on May 7th<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://datatracker.ietf.org/meeting/interim-2024-oauth-02/session/oauth">
https://datatracker.ietf.org/meeting/interim-2024-oauth-02/session/oauth</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Certification Tests for Federation<o:p></o:p></p>
<p class="MsoNormal"> Mike described two kinds of tests<o:p></o:p></p>
<p class="MsoNormal"> Those that can be run on deployed federations<o:p></o:p></p>
<p class="MsoNormal"> These can test properties of what's deployed<o:p></o:p></p>
<p class="MsoNormal"> Those that test software using synthetic deployments<o:p></o:p></p>
<p class="MsoNormal"> These can include negative tests, such as bad signatures and other misconfigurations<o:p></o:p></p>
<p class="MsoNormal"> Dima wants to have both kinds<o:p></o:p></p>
<p class="MsoNormal"> Dima wants to test that the APIs return the right payloads in the right formats<o:p></o:p></p>
<p class="MsoNormal"> He want to test that added Entities are recognized and removed Entities are not<o:p></o:p></p>
<p class="MsoNormal"> Trust changes are recognized within a particular interval proscribed by the ecosystem<o:p></o:p></p>
<p class="MsoNormal"> Dima can share the use cases and scenarios they have<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Issues and Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> Please review the recent issues and pull requests about Federation listing options<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call is Thursday, May 2 at 7am Pacific Time<o:p></o:p></p>
</div>
</body>
</html>