<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 13-May-24<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Sam Goto<o:p></o:p></p>
<p class="MsoNormal">Aaron Parecki<o:p></o:p></p>
<p class="MsoNormal">Tom Jones<o:p></o:p></p>
<p class="MsoNormal">Dima Postnikov<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">IdP Discovery Discussion<o:p></o:p></p>
<p class="MsoNormal"> We had a free-ranging discussion of IdP discovery problems and solutions<o:p></o:p></p>
<p class="MsoNormal"> Also called Home Realm Discovery<o:p></o:p></p>
<p class="MsoNormal"> Motivated in part by problems that FedCM is trying to solve<o:p></o:p></p>
<p class="MsoNormal"> Both closed sets are open sets of IdPs are used in different contexts<o:p></o:p></p>
<p class="MsoNormal"> NASCAR screens are closed<o:p></o:p></p>
<p class="MsoNormal"> E-mail is an open space<o:p></o:p></p>
<p class="MsoNormal"> Federations are logically closed but may have thousands of participants<o:p></o:p></p>
<p class="MsoNormal"> Different kinds of ecosystems have different properties<o:p></o:p></p>
<p class="MsoNormal"> Open Banking systems are closed<o:p></o:p></p>
<p class="MsoNormal"> Research & Academic Federations are distinct from those<o:p></o:p></p>
<p class="MsoNormal"> SAAS apps are more open, accepting a large set of corporate identities<o:p></o:p></p>
<p class="MsoNormal"> You may have identities from one ecosystem that can't be used in another<o:p></o:p></p>
<p class="MsoNormal"> We discussed how blog commenting was the use case for OpenID 2.0<o:p></o:p></p>
<p class="MsoNormal"> Which was an open system<o:p></o:p></p>
<p class="MsoNormal"> Having claimed identifiers authenticated you and differentiated you from comment spam<o:p></o:p></p>
<p class="MsoNormal"> Bloggers knew they had URLs and were willing to type them<o:p></o:p></p>
<p class="MsoNormal"> Whereas NASCAR screens have better conversion rates than any UX where you have to type<o:p></o:p></p>
<p class="MsoNormal"> We talked about the need for incentives for ecosystem participants<o:p></o:p></p>
<p class="MsoNormal"> Particularly for RPs<o:p></o:p></p>
<p class="MsoNormal"> Tom asked about user identifiers and picking IdPs<o:p></o:p></p>
<p class="MsoNormal"> Aaron said that FedCM can help make things better by only showing identities that you have<o:p></o:p></p>
<p class="MsoNormal"> As opposed to showing all the IdPs that it is possible to use<o:p></o:p></p>
<p class="MsoNormal"> Research & Education sites have ornate IdP pickers among thousands of sites<o:p></o:p></p>
<p class="MsoNormal"> Mike said that one IdP discovery problem is people not remembering which IdP they used at an RP<o:p></o:p></p>
<p class="MsoNormal"> Aaron remarked on the prevalence of e-mail as an account recovery path<o:p></o:p></p>
<p class="MsoNormal"> Sam asked about the role of single-user OPs, such as self-issued.info<o:p></o:p></p>
<p class="MsoNormal"> And about the cases where an e-mail domain is the same as the IdP's domain<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Pull Requests<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/">
https://bitbucket.org/openid/connect/pull-requests/</a><o:p></o:p></p>
<p class="MsoNormal"> PR #736: [Federation] listing endpoint parameters updated_since and updated_before<o:p></o:p></p>
<p class="MsoNormal"> Dima: In open banking, etc. regulator controls who is in and out<o:p></o:p></p>
<p class="MsoNormal"> Closed ecosystems<o:p></o:p></p>
<p class="MsoNormal"> Mike: Filtering on updated times requires superiors to track changes in subordinates<o:p></o:p></p>
<p class="MsoNormal"> Mike: What kinds of updates are you interested in knowing about?<o:p></o:p></p>
<p class="MsoNormal"> Dima: Added, key and metadata changes, disabled/deactivated<o:p></o:p></p>
<p class="MsoNormal"> PR #731: [Federation] the new federation_subordinate_events_endpoint<o:p></o:p></p>
<p class="MsoNormal"> Mike asked Dima to also look at this for ConnectID's use cases<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call is Thursday, May 16 at 7am Pacific Time<o:p></o:p></p>
</div>
</body>
</html>