<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 8-Aug-24<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Davide Vaghetti<o:p></o:p></p>
<p class="MsoNormal">Giuseppe De Marco<o:p></o:p></p>
<p class="MsoNormal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Pamela Dingle<o:p></o:p></p>
<p class="MsoNormal">David Chadwick<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Introductions<o:p></o:p></p>
<p class="MsoNormal"> Davide is working on the OpenID Federation pilot for eduGAIN<o:p></o:p></p>
<p class="MsoNormal"> Bjorn was involved since 2014 formerly with Verizon. He just joined Yubico.<o:p></o:p></p>
<p class="MsoNormal"> David Chadwick is in a consultancy with a company helping them keep abreast of OpenID and Verifiable Credentials developments<o:p></o:p></p>
<p class="MsoNormal"> He's not presently doing an implementation<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Extended Subordinate Listing 1.0<o:p></o:p></p>
<p class="MsoNormal"> All respondents so far support adoption<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[Openid-specs-ab] Call for Working Group Adoption of OpenID Federation Wallet Architectures 1.0<o:p></o:p></p>
<p class="MsoNormal"> Several respondents support adoption<o:p></o:p></p>
<p class="MsoNormal"> Joseph replied requesting changes before adoption today<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe had discussed Joseph's points with Joseph privately<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe agreed in principle to move the protocol-specific metadata to the OpenID4VC specs<o:p></o:p></p>
<p class="MsoNormal"> He had previously filed OpenID4VC, etc. issues to achieve that but they are still pending<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe wrote down these metadata parameters in the spec to record them<o:p></o:p></p>
<p class="MsoNormal"> He has concrete implementation requirements<o:p></o:p></p>
<p class="MsoNormal"> Many of the issues are related to privacy and trust evaluation<o:p></o:p></p>
<p class="MsoNormal"> Including limiting what information can be requested by the End-User<o:p></o:p></p>
<p class="MsoNormal"> There are also related issues with SD-JWT-VC<o:p></o:p></p>
<p class="MsoNormal"> Which includes content about trust evaluation<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe agreed to reply to Joseph's e-mail highlighting issues that need to be addressed<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Metadata parameter value arrays for RP metadata<o:p></o:p></p>
<p class="MsoNormal"><a href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp">https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a><o:p></o:p></p>
<p class="MsoNormal"> Would be used with Automatic Registration<o:p></o:p></p>
<p class="MsoNormal"> Should we do this in a new spec or in the Federation spec?<o:p></o:p></p>
<p class="MsoNormal"> Mike is in favor of making it its own spec<o:p></o:p></p>
<p class="MsoNormal"> Pam asked about doing it in the IETF<o:p></o:p></p>
<p class="MsoNormal"> Mike responded that some of the parameters will be OpenID-specific<o:p></o:p></p>
<p class="MsoNormal"> We will register the applicable parameters in the IANA OAuth registry<o:p></o:p></p>
<p class="MsoNormal"> John thinks it should be its own spec<o:p></o:p></p>
<p class="MsoNormal"> Otherwise we're coupling the progress too tightly<o:p></o:p></p>
<p class="MsoNormal"> John wants the lists to be ordered preferences<o:p></o:p></p>
<p class="MsoNormal"> Mike agreed to write it up<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Do we want to be able to retrieve Entity Configurations with the Fetch Endpoint?<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation/issues/30">
https://github.com/openid/federation/issues/30</a><o:p></o:p></p>
<p class="MsoNormal"> Mike asked whether people have code that retrieves an Entity Configuration via the Fetch Endpoint<o:p></o:p></p>
<p class="MsoNormal"> Rather than .well-known/openid-federation<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe said that the Fetch Endpoint could be specialized to only retrieve Subordinate Statements<o:p></o:p></p>
<p class="MsoNormal"> He notes that the parameters in Entity Configurations and Subordinate statements are different<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe believes that the two kinds of results should not be mixed in the same endpoint<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe noted that in the Swedish implementation, they were asking about possibly not using .well-known<o:p></o:p></p>
<p class="MsoNormal"> But that didn't move forward<o:p></o:p></p>
<p class="MsoNormal"> Mike thinks that making Fetch single-purpose would be cleaner<o:p></o:p></p>
<p class="MsoNormal"> Giuseppe believes that no one is using Fetch to retrieve Entity Configurations<o:p></o:p></p>
<p class="MsoNormal"> The pull request should be updated to say that the purpose of Fetch is to retrieve Entity Configurations - not Entity Statements<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation/pull/31">
https://github.com/openid/federation/pull/31</a><o:p></o:p></p>
<p class="MsoNormal"> Mike will put the question to the list<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Davide reports that he's been contacted by InCommon about contacts with the OpenID Foundation<o:p></o:p></p>
<p class="MsoNormal"> Particularly about the Federation Wallet profile<o:p></o:p></p>
<p class="MsoNormal"> Nicole Roy, Leif Johansson are involved<o:p></o:p></p>
<p class="MsoNormal"> Davide pointed them to Giuseppe<o:p></o:p></p>
<p class="MsoNormal"> John had suggested that they do that in the context of CACTI<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://spaces.at.internet2.edu/display/CACTI/CACTI+-+Community+Architecture+Committee+for+Trust+and+Identity+Home">
https://spaces.at.internet2.edu/display/CACTI/CACTI+-+Community+Architecture+Committee+for+Trust+and+Identity+Home</a><o:p></o:p></p>
<p class="MsoNormal"> John said that CACTI is the new MACE<o:p></o:p></p>
<p class="MsoNormal"> CACTI provides guidance to identity and access management products<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call<o:p></o:p></p>
<p class="MsoNormal"> The next call is Monday, August 12th at 4pm US Pacific Time<o:p></o:p></p>
</div>
</body>
</html>