[Openid-specs-authzen] notes from meeting on Aug 28

gerry gebel ggebel at gmail.com
Thu Aug 28 20:11:52 UTC 2025 

Attendees

   - David Brossard
   - Jeff Lombardo
   - Alex Babeanu
   - Roland Baum
   - Tom Jones
   - Michiel Trimpe
   - Wei
   - David Hyland
   - Julio Auto De Medeiros
   - Vatsal Gupta
   - Travis Farrell
   - George Fletcher

<#Agenda>Agenda

   - Review open issues (much progress last week, but 11 remain)
   - Review pull requests (3 new updates)

<#Notes>Notes

Issues

   - 358: Whether metadata should be mandatory or optional. GF - could
   start with optional, if it is provided - must be provided in a certain
   context. This is not yet defined in the spec and we should do that.
      - JF: suggest that first line of Sec 11 change from 'can' to 'could'
      - GF: enhance 11.2 to be correct in how you find the config and make
      sure the .well-known references are correct. GF will make the
appropriate PR
      - DB: agree w Omri's comment "Making the URLs in the HTTPS binding
      RECOMMENDED"
      - Summary: 1) Make the 'regular' URLs as recommended and 2)
      make the metadata/discovery endpoint is recommended as well
      - Note: 2 typos in 11.1.1
   - 359: GF will make the update now that we have decided on what to do
   with 358
   - 339:

Pull requests

   - 360: approved
   - 362: making sure the information model is consistent.
      - need to change all acmecorp.com to example.com
      - update wording for JSON schema and LD that these are possible
      extensions
      - includes the 4-tuple changes from issue 339
      - MT will make above noted changes before PR is merged

Gartner interop

   - Reviewing slack thread:
   https://oidf.slack.com/archives/C0630873JGK/p1755899307096089?thread_ts=1754588095.990599&cid=C0630873JGK
      - The wording caused a bit of confusion with the reference to group
      membership, it should be about claims or scopes (which could be a group)
      - The scenarios to build on are
         -
            1. Should the token be issued? (an Evaluation API request)
         -
            2. Scope/claim list can be determined via Search API
         -
            3. Scope/claim list can be determined via Evaluations API
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250828/1d321357/attachment.htm>

More information about the Openid-specs-authzen mailing list