<div dir="ltr"><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">For those in attendance, please review and provide and updates, corrections, additions!</blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><br></div><div><br></div><div>Attendance:</div></blockquote></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Mike Jones</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Vladmir Dzhuvinov</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Joe DeCock</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Samuel Rinnetmaki</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Roland Hedberg</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Lukasz Jaromin</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Marcus Almgren</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Brock Allen</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Oliver Terbu</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Michael Fraser</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Joseph Heenan</div></blockquote></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>Steffen Allner</div></blockquote></div></blockquote><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>George Fletcher</div></blockquote></div></blockquote><div><div><br></div><div><br></div><div><ol start="1" type="1" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Welcoming new attendees and introductions<u></u><u></u></li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Attendees each introduced themselves and what they are working on</li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://www.openid.net/antitrust__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZonoouQyA$" target="_blank">Antitrust Policy</a> and <a href="https://urldefense.com/v3/__https://openid.net/wg/connect/__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZosBFZLS4$" target="_blank">IPR Agreement</a> reminders<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Upcoming Events<u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">FIDO Plenary, Feb 4-6, Melbourne, Australia<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://oauth.secworkshop.events/osw2025__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZookdSbaE$" target="_blank">OAuth Security Workshop</a>, Feb 26-28, Reykjavik, Iceland<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://www.ietf.org/meeting/122/__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZovKUIUDI$" target="_blank">IETF 122</a>, Mar 15-21, Bangkok, Thailand<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">OpenID Workshop and <a href="https://urldefense.com/v3/__https://internetidentityworkshop.com/__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoRhc4l54$" target="_blank">IIW</a>, Apr 7-10, Mountain View, California<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/foundation/members/polls/346__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZohn9KJMc$" target="_blank">Vote to Approve Proposed Third Implementer’s Draft of OpenID4VP</a><u></u><u></u></li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Encourage all members to visit the URL and vote</li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Call Schedule<u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Next call Thursday, Jan 2, 2025 (Atlantic)<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Then Monday, Jan 6, 2025 (Pacific)<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Overview of <a href="https://urldefense.com/v3/__https://openid.net/wg/connect/specifications/__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZo1-JFGKw$" target="_blank">Active Specifications</a><u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-connect-native-sso-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoawICBA0$" target="_blank">OpenID Connect Native SSO for Mobile Apps</a> (<a href="https://urldefense.com/v3/__https://bitbucket.org/openid/connect__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoUbgqC70$" target="_blank">repository</a>)<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-federation-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoZgaMcgY$" target="_blank">OpenID Federation</a> (<a href="https://urldefense.com/v3/__https://github.com/openid/federation__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZolDcJk_0$" target="_blank">repository</a>)<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-federation-extended-listing-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoZ0EqHTY$" target="_blank">OpenID Federation Extended Subordinate Listing</a> (<a href="https://urldefense.com/v3/__https://github.com/openid/federation-extended-listing__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoYBvKm7I$" target="_blank">repository</a>)<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-federation-wallet-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZowEXUYVs$" target="_blank">OpenID Federation Wallet Architectures</a> (<a href="https://urldefense.com/v3/__https://github.com/openid/federation-wallet__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZokngVuz0$" target="_blank">repository</a>)<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-connect-rp-metadata-choices-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZo_fU3DSY$" target="_blank">OpenID Connect Relying Party Metadata Choices</a> (<a href="https://urldefense.com/v3/__https://github.com/openid/rp-metadata-choices__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZocgTzcCI$" target="_blank">repository</a>)<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Federation Certification<u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Report by Mike on status and plans for certification for OpenID Federation<u></u><u></u></li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Marcus and the certification team wrote an initial set of certification tests. Data structure validation for entity statements</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">For those who have working deployments, URL of test nodes and trust anchor information. Useful for testing the tests and well as ensuring the code is working as the tests expect</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">[Marcus] the tests are started but not complete. Focusing on metadata validation.</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">for certification purposes ... not certifying a complete federation. certifying a single entity in a federation</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">need to address superiors and subordinates</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">in testing the Italian production endpoints... returns a list of over 2000 entities... walks the list and validate subordinates and entities</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">test suite is not designed to handle list of this size</li></ol></ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Lukasz] should the test suite be tested with different size federations</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Marcus] the issue is how to test very large result sets</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[George] the problem is more about the scale of the federation and the amount of work that is required to do all the validations</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Marcus] the test suite doesn't have control over the size of the federation that is requesting certification</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Joseph] want to test the production federations and not QA or test versions</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Samuel] are we talking of certification of software or the deployed federation (data content)</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Mike] agrees with Samuel's question(s) - it's impossible to test software without it being deployed -- always testing a deployment.</span></font></li><ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">regarding the question of size: the list endpoint is returning a list of the URLs of the subordinates</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">Is a list of 2000 an issue for testing a single node?</span></font></li></ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Marcus] testing a single node is not an issue</span></font></li><ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">however with the Italian federation 100's of the URLs can not be fetched</span></font></li></ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Mike] recommends sending the entities that failed to the Italian federations</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Roland] there has been a request to get paginated results from the list endpoint. Walk the list in buckets of 20 or 30 URLs</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Mike] the federated extended listing endpoint allows for pagination</span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Mike] agreement in principle between federation editors and Marcus is to write tests for automated registration</span></font></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Any deployments you’d like to have tested?<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Federation Policy Operators<u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Report from Vladimir about formal analysis of policy operators<u></u><u></u></li><ol><li style="margin:0in;font-family:Aptos,sans-serif"><span style="font-size:11pt">[Vladimir] The sec researchers from Uni Stuttgart who </span>where<span style="font-size:11pt"> contracted by the OIDF to analyse the Federation spec did an excellent job and discovered important spec issues which were addressed or are going to be addressed soon. I understood their model has a limitation that prevents it from analysing a part of the Federation spec -- the metadata policy language. Because of that, thanks to Jonas Primbs, who's a regular presenter at the OSW, we received a contact at Uni Tuebingen and the researchers Etienne Zink, Prof. Klaus Ostermann and Prof. Michael Menth who agreed to investigate and report to us how the correctness of the policy language can be formally analysed and proven. The objective is to come up with a framework (expressed as a Prolog tool) to enable us to check the correctness of the policy language as well as enable the evaluation of future custom operators.</span><p style="font-family:Arial,Helvetica,sans-serif">Once we have this framework / tool or least the a preliminary indication that the policy language is correct, we'll be able to fully respond to PRs 129, 111, 112 and 11.</p></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Issues and PRs</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/129__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZo6-JJT1c$" target="_blank" style="font-size:11pt">https://github.com/openid/federation/issues/129</a><span style="font-size:11pt"> Clarify where combination rules apply</span></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/pull/111__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoHYVDs-w$" target="_blank" style="font-size:11pt">https://github.com/openid/federation/pull/111</a><span style="font-size:11pt"> Combining “add” and “superset”</span></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/pull/112__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZobPAkdl4$" target="_blank" style="font-size:11pt">https://github.com/openid/federation/pull/112</a><span style="font-size:11pt"> Combining non-conflicting values</span></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/11__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZonCq78uQ$" target="_blank" style="font-size:11pt">https://github.com/openid/federation/issues/11</a><span style="font-size:11pt"> Notes on metadata policy operators</span></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/35__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoiBgcY8w$" target="_blank" style="font-size:11pt">https://github.com/openid/federation/issues/35</a><span style="font-size:11pt"> Metadata policy on JSON object values</span></li></ol></ol></ol><ol start="9" type="1" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Newer Federation Issues<u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/167__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoKgYAVic$" target="_blank">https://github.com/openid/federation/issues/167</a> Privacy Considerations<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/166__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZo2j0W1jQ$" target="_blank">https://github.com/openid/federation/issues/166</a> Trust Mark Validation<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/165__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoGHcxbdI$" target="_blank">https://github.com/openid/federation/issues/165</a> Use of Duplicate Trust Mark IDs<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/147__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoQPlWKeU$" target="_blank">https://github.com/openid/federation/issues/147</a> Client Authentication and Automatic Registration<u></u><u></u></li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation/issues/100__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoWaXW058$" target="_blank">https://github.com/openid/federation/issues/100</a> Federation Integrity issue</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><span style="font-size:11pt">For context, see Vladimir’s post </span><a href="https://urldefense.com/v3/__https://connect2id.com/blog/how-to-link-an-app-protocol-to-an-openid-federation-trust-layer__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZorwF0ra8$" target="_blank" style="font-size:11pt">https://connect2id.com/blog/how-to-link-an-app-protocol-to-an-openid-federation-trust-layer</a></li></ol></ol></ol><ol start="10" type="1" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Publishing next version of <a href="https://urldefense.com/v3/__https://openid.net/specs/openid-federation-extended-listing-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoZ0EqHTY$" target="_blank">OpenID Federation Extended Subordinate Listing</a><u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif"><a href="https://urldefense.com/v3/__https://github.com/openid/federation-extended-listing/pull/7__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZotjg44Ns$" target="_blank">https://github.com/openid/federation-extended-listing/pull/7</a> Editorial updates<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Next steps for <a href="https://urldefense.com/v3/__https://openid.net/specs/openid-federation-wallet-1_0.html__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZowEXUYVs$" target="_blank">OpenID Federation Wallet Architectures</a><u></u><u></u></li><ol start="1" type="a" style="margin-bottom:0in;margin-top:0in"><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">What issues at <a href="https://urldefense.com/v3/__https://github.com/openid/federation-wallet/issues__;!!FrPt2g6CO4Wadw!JmZyTpib-gLgKfbYtzgovkuoT5bcCf2MG3IBrEzWDFC1k2OKXdwVgA7cTFHbRx2APaBR5loHiqAJ6MVIZfavS-8AdeZcnQZoA4MKkqw$" target="_blank">https://github.com/openid/federation-wallet/issues</a> to tackle next?<u></u><u></u></li></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Assuming we still have time, anything else!</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Issue #100 ?? - See item 9.e</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Federation integrity: <Valdimir insert link please:)></li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">[Marcus] security researchers validating 4 security properties. 3 ok, the 4th "Federation Integrity" didn't </li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">trust anchor mixup - </li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Do we need to prove this security property in a federation? Researchers feel this is blocking them.</li></ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">[Vladimir] desire to provide OpenID Federations to prove the "federation integrity" if the federation desire it</span></font></li><ol><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">provide two trust chains <i missed the rest of this></span></font></li><li style="margin-left:15px"><font face="Aptos, sans-serif"><span style="font-size:14.6667px">What changes are required to support this will require more work</span></font></li></ol></ol></ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Conformance tests for federations</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Performance of very large result sets</li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Native SSO for Mobile Apps</li><ol><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Publish a draft that works the way it does now. George to clean up the current draft. </li><li style="margin:0in;font-size:11pt;font-family:Aptos,sans-serif">Wait for the new year to look at removing dependance on the id_token in the spec</li></ol></ol></ol></div></div><div><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="font-family:Optimist,"Helvetica Neue",Helvetica,Arial,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:500px;min-width:500px;display:contents"><p style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><br><br><span style="line-height:1.4">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" height="7" style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px"><span style="line-height:1.4"> <a href="mailto:kimberly.east@capitalone.com" target="_blank">kimberly.east@capitalone.com</a></span></span></p></div></div></div><input name="virtru-metadata" type="hidden" value="{"email-policy":{"disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"expandedWatermarking":false,"expires":true,"sms":false,"expirationNum":87840,"expirationUnit":"minutes","isManaged":false,"persistentProtection":false,"expirationDate":"2025-02-19T16:58:57.916Z"},"attachments":{},"compose-id":"8","compose-window":{"secure":false}}"></div>

<HR><table border="0" cellspacing="0" cellpadding="0" width="100%" height="30"><BR>
<tr><BR>
<font color="#404040">The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</font></td><BR>
</tr><BR>
</table><BR>