[OpenID-specs-EAP] EAP call notes 2-Mar-17

[Mike Jones]

EAP call notes 2-Mar-17

John Bradley
Mike Jones
Brian Campbell

Agenda
              IETF Token Binding Status
              Connect Token Binding
              PoP-related Information
              EAP ACR Values Status
              Next Call

IETF Token Binding Status
              The Token Binding Specs are in WGLC
              There doesn't appear to be an appetite for breaking changes at this point
              It doesn't appear that there will be changes affecting specs using Token Binding

Connect Token Binding
              Brian has a full end-to-end OpenID Connect Token Binding flow working
              It all works and validates what's in the draft thus far
              Brian still believes that the advice about detecting downgrades is problematic
              The OAuth spec also references the RS Metadata, which is no longer a going concern
              John will talk with Ian McGuiness at Google about what it will take to include Token Binding in AppAuth
              Mike will try to get interop testing with Microsoft to occur

PoP-related Information
              UK banking authorities are asking about mutual TLS
              SecureKey in Canada has a profile that may include mutual TLS
              This enterprise-to-enterprise server-to-server
                           Payment APIs
              Can we provide guidance that provides a path to Token Binding?

EAP ACR Values Status
              There's nothing new to report since the last call

Next Call
              Our next call is Thursday, Mar 16, 2017 at 8am Pacific
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20170302/3449608a/attachment.html>