<div dir="ltr">Finding things in the archives is not easy (for me anyway) but here's one historical account of my prior push-back on progressing Native SSO <a href="https://lists.openid.net/pipermail/openid-specs-ab/2022-September/009376.html">https://lists.openid.net/pipermail/openid-specs-ab/2022-September/009376.html</a> <br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Nov 18, 2024 at 5:53 PM Michael Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg1986804348631911579">
<div lang="EN-US" style="overflow-wrap: break-word;">
<div class="m_1986804348631911579WordSection1">
<p class="MsoNormal">Spec Call Notes 18-Nov-24<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">George Fletcher<u></u><u></u></p>
<p class="MsoNormal">Nat Sakimura<u></u><u></u></p>
<p class="MsoNormal">Mike Jones<u></u><u></u></p>
<p class="MsoNormal">Brian Campbell<u></u><u></u></p>
<p class="MsoNormal">David Waite<u></u><u></u></p>
<p class="MsoNormal">Tom Jones<u></u><u></u></p>
<p class="MsoNormal">Aaron Parecki<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Native SSO spec<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/pull-requests/742" target="_blank">
https://bitbucket.org/openid/connect/pull-requests/742</a><u></u><u></u></p>
<p class="MsoNormal"> Mike will review and merge if it looks OK<u></u><u></u></p>
<p class="MsoNormal"> There are 8 open issues for Native SSO - 3 to be closed by the PR above<u></u><u></u></p>
<p class="MsoNormal"> Brian questioned whether we should be taking this to final or not<u></u><u></u></p>
<p class="MsoNormal"> Given that it may not be the best practice for doing this<u></u><u></u></p>
<p class="MsoNormal"> He said that we could make it a blog post<u></u><u></u></p>
<p class="MsoNormal"> George asked if there is another best practice that we should document instead<u></u><u></u></p>
<p class="MsoNormal"> He observed that no one has proposed a better way<u></u><u></u></p>
<p class="MsoNormal"> Mike said that Okta has implemented, so we should involve them<u></u><u></u></p>
<p class="MsoNormal"> Yahoo has implemented it, Vladimir has implemented it<u></u><u></u></p>
<p class="MsoNormal"> George said that there's value in documenting these things<u></u><u></u></p>
<p class="MsoNormal"> He wanted the working group to weigh in to improve it, which they have<u></u><u></u></p>
<p class="MsoNormal"> Mike observed that we're also doing first-party app work in the OAuth WG<u></u><u></u></p>
<p class="MsoNormal"> (Aaron joined the call at this point)<u></u><u></u></p>
<p class="MsoNormal"> Mike asked about Okta implementing the Native SSO spec<u></u><u></u></p>
<p class="MsoNormal"> George said that Okta had extended it for a cross-device case in a prototype<u></u><u></u></p>
<p class="MsoNormal"> Aaron said that it's available as an API<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://developer.okta.com/docs/guides/configure-native-sso/main/" target="_blank">
https://developer.okta.com/docs/guides/configure-native-sso/main/</a><u></u><u></u></p>
<p class="MsoNormal"> Aaron said that Google has deployed a similar thing<u></u><u></u></p>
<p class="MsoNormal"> George said that he wrote this down so others could understand how to achieve what Google has<u></u><u></u></p>
<p class="MsoNormal"> Brian really dislikes the use of ID Tokens as hints and with different validation rules<u></u><u></u></p>
<p class="MsoNormal"> Brian said that that a sometimes problem with publishing specs is customers will see it and ask for it to be implemented<u></u><u></u></p>
<p class="MsoNormal"> We should be cognizant of that<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Mobile work<u></u><u></u></p>
<p class="MsoNormal"> George mused about whether we want to do any additional mobile-related work<u></u><u></u></p>
<p class="MsoNormal"> Mike asked what the MODRNA WG is doing now<u></u><u></u></p>
<p class="MsoNormal"> People on the call didn't know<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Bitbucket Issues<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam" target="_blank">
https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam</a><u></u><u></u></p>
<p class="MsoNormal"> No new issues<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Working Group GitHub Repositories<u></u><u></u></p>
<p class="MsoNormal"> We now have four working group GitHub repositories:<u></u><u></u></p>
<p class="MsoNormal"> 1. <a href="https://github.com/openid/federation" target="_blank">
https://github.com/openid/federation</a><u></u><u></u></p>
<p class="MsoNormal"> 2. <a href="https://github.com/openid/federation-extended-listing" target="_blank">
https://github.com/openid/federation-extended-listing</a><u></u><u></u></p>
<p class="MsoNormal"> No issues or PRs<u></u><u></u></p>
<p class="MsoNormal"> Implementations requested<u></u><u></u></p>
<p class="MsoNormal"> 3. <a href="https://github.com/openid/federation-wallet/" target="_blank">
https://github.com/openid/federation-wallet/</a><u></u><u></u></p>
<p class="MsoNormal"> 14 open issues<u></u><u></u></p>
<p class="MsoNormal"> Many of the early ones record things that were in pre-adopted versions of the spec<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/39" target="_blank">
https://github.com/openid/federation-wallet/issues/39</a> Authorized Credential within OpenID4VP metadata using Duckle<u></u><u></u></p>
<p class="MsoNormal"> Mike will review<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/40" target="_blank">
https://github.com/openid/federation-wallet/issues/40</a> Trust Marks examples<u></u><u></u></p>
<p class="MsoNormal"> The examples seem reasonable<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/41" target="_blank">
https://github.com/openid/federation-wallet/issues/41</a> Complex Trust Marks examples<u></u><u></u></p>
<p class="MsoNormal"> What's the motivation for these examples?<u></u><u></u></p>
<p class="MsoNormal"> <a href="https://github.com/openid/federation-wallet/issues/42" target="_blank">
https://github.com/openid/federation-wallet/issues/42</a> Trust Mark with Intended Usage
<u></u><u></u></p>
<p class="MsoNormal"> ditto<u></u><u></u></p>
<p class="MsoNormal"> 4. <a href="https://github.com/openid/rp-metadata-choices" target="_blank">
https://github.com/openid/rp-metadata-choices</a><u></u><u></u></p>
<p class="MsoNormal"> No issues or PRs<u></u><u></u></p>
<p class="MsoNormal"> Mike knows of work to do due to the discussion on the list after the spec was contributed<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> Nat pointed out that we need to update the repository page for the WG to list all the repositories<u></u><u></u></p>
<p class="MsoNormal"> Mike agreed to take the action to do that<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">OpenID4VP<u></u><u></u></p>
<p class="MsoNormal"> It's currently in the 45-day foundation-wide review as a proposed Implementer's Draft<u></u><u></u></p>
<p class="MsoNormal"> Tom asked about user consent with credential presentation<u></u><u></u></p>
<p class="MsoNormal"> Mike suggested that if he has objections to the spec that he put them in issues<u></u><u></u></p>
<p class="MsoNormal"> Then the objections are actionable<u></u><u></u></p>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div></blockquote></div>
<br>
<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i>