<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Spec Call Notes 18-Nov-24<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">George Fletcher<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Brian Campbell<o:p></o:p></p>
<p class="MsoNormal">David Waite<o:p></o:p></p>
<p class="MsoNormal">Tom Jones<o:p></o:p></p>
<p class="MsoNormal">Aaron Parecki<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Native SSO spec<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/742">
https://bitbucket.org/openid/connect/pull-requests/742</a><o:p></o:p></p>
<p class="MsoNormal"> Mike will review and merge if it looks OK<o:p></o:p></p>
<p class="MsoNormal"> There are 8 open issues for Native SSO - 3 to be closed by the PR above<o:p></o:p></p>
<p class="MsoNormal"> Brian questioned whether we should be taking this to final or not<o:p></o:p></p>
<p class="MsoNormal"> Given that it may not be the best practice for doing this<o:p></o:p></p>
<p class="MsoNormal"> He said that we could make it a blog post<o:p></o:p></p>
<p class="MsoNormal"> George asked if there is another best practice that we should document instead<o:p></o:p></p>
<p class="MsoNormal"> He observed that no one has proposed a better way<o:p></o:p></p>
<p class="MsoNormal"> Mike said that Okta has implemented, so we should involve them<o:p></o:p></p>
<p class="MsoNormal"> Yahoo has implemented it, Vladimir has implemented it<o:p></o:p></p>
<p class="MsoNormal"> George said that there's value in documenting these things<o:p></o:p></p>
<p class="MsoNormal"> He wanted the working group to weigh in to improve it, which they have<o:p></o:p></p>
<p class="MsoNormal"> Mike observed that we're also doing first-party app work in the OAuth WG<o:p></o:p></p>
<p class="MsoNormal"> (Aaron joined the call at this point)<o:p></o:p></p>
<p class="MsoNormal"> Mike asked about Okta implementing the Native SSO spec<o:p></o:p></p>
<p class="MsoNormal"> George said that Okta had extended it for a cross-device case in a prototype<o:p></o:p></p>
<p class="MsoNormal"> Aaron said that it's available as an API<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://developer.okta.com/docs/guides/configure-native-sso/main/">
https://developer.okta.com/docs/guides/configure-native-sso/main/</a><o:p></o:p></p>
<p class="MsoNormal"> Aaron said that Google has deployed a similar thing<o:p></o:p></p>
<p class="MsoNormal"> George said that he wrote this down so others could understand how to achieve what Google has<o:p></o:p></p>
<p class="MsoNormal"> Brian really dislikes the use of ID Tokens as hints and with different validation rules<o:p></o:p></p>
<p class="MsoNormal"> Brian said that that a sometimes problem with publishing specs is customers will see it and ask for it to be implemented<o:p></o:p></p>
<p class="MsoNormal"> We should be cognizant of that<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mobile work<o:p></o:p></p>
<p class="MsoNormal"> George mused about whether we want to do any additional mobile-related work<o:p></o:p></p>
<p class="MsoNormal"> Mike asked what the MODRNA WG is doing now<o:p></o:p></p>
<p class="MsoNormal"> People on the call didn't know<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bitbucket Issues<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam">
https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam</a><o:p></o:p></p>
<p class="MsoNormal"> No new issues<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Working Group GitHub Repositories<o:p></o:p></p>
<p class="MsoNormal"> We now have four working group GitHub repositories:<o:p></o:p></p>
<p class="MsoNormal"> 1. <a href="https://github.com/openid/federation">
https://github.com/openid/federation</a><o:p></o:p></p>
<p class="MsoNormal"> 2. <a href="https://github.com/openid/federation-extended-listing">
https://github.com/openid/federation-extended-listing</a><o:p></o:p></p>
<p class="MsoNormal"> No issues or PRs<o:p></o:p></p>
<p class="MsoNormal"> Implementations requested<o:p></o:p></p>
<p class="MsoNormal"> 3. <a href="https://github.com/openid/federation-wallet/">
https://github.com/openid/federation-wallet/</a><o:p></o:p></p>
<p class="MsoNormal"> 14 open issues<o:p></o:p></p>
<p class="MsoNormal"> Many of the early ones record things that were in pre-adopted versions of the spec<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/39">
https://github.com/openid/federation-wallet/issues/39</a> Authorized Credential within OpenID4VP metadata using Duckle<o:p></o:p></p>
<p class="MsoNormal"> Mike will review<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/40">
https://github.com/openid/federation-wallet/issues/40</a> Trust Marks examples<o:p></o:p></p>
<p class="MsoNormal"> The examples seem reasonable<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/41">
https://github.com/openid/federation-wallet/issues/41</a> Complex Trust Marks examples<o:p></o:p></p>
<p class="MsoNormal"> What's the motivation for these examples?<o:p></o:p></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/42">
https://github.com/openid/federation-wallet/issues/42</a> Trust Mark with Intended Usage
<o:p></o:p></p>
<p class="MsoNormal"> ditto<o:p></o:p></p>
<p class="MsoNormal"> 4. <a href="https://github.com/openid/rp-metadata-choices">
https://github.com/openid/rp-metadata-choices</a><o:p></o:p></p>
<p class="MsoNormal"> No issues or PRs<o:p></o:p></p>
<p class="MsoNormal"> Mike knows of work to do due to the discussion on the list after the spec was contributed<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Nat pointed out that we need to update the repository page for the WG to list all the repositories<o:p></o:p></p>
<p class="MsoNormal"> Mike agreed to take the action to do that<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID4VP<o:p></o:p></p>
<p class="MsoNormal"> It's currently in the 45-day foundation-wide review as a proposed Implementer's Draft<o:p></o:p></p>
<p class="MsoNormal"> Tom asked about user consent with credential presentation<o:p></o:p></p>
<p class="MsoNormal"> Mike suggested that if he has objections to the spec that he put them in issues<o:p></o:p></p>
<p class="MsoNormal"> Then the objections are actionable<o:p></o:p></p>
</div>
</body>
</html>