<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">WG members, reminder of WG meeting tomorrow at 11am ET.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="https://zoom.us/j/94531370713?pwd=eFVLOTZOVHFRUU1rSmZjdStyVm5zZz09">https://zoom.us/j/94531370713?pwd=eFVLOTZOVHFRUU1rSmZjdStyVm5zZz09</a>; Meeting ID: 945 3137 0713; Passcode: 160334<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If after WG discussion there is no objection to PR#41, we’ll plan to merge it and initiate Working Group Review of the iGov OAuth 2.0 profile.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you!<o:p></o:p></p>
<p class="MsoNormal">Tom and Kelley, editors<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">From:</span></b><span style="font-family:"Calibri",sans-serif"> Openid-specs-igov <openid-specs-igov-bounces@lists.openid.net>
<b>On Behalf Of </b>Tom Clancy via Openid-specs-igov<br>
<b>Sent:</b> Tuesday, December 17, 2024 11:47 AM<br>
<b>To:</b> iGov List (openid-specs-igov) <openid-specs-igov@lists.openid.net><br>
<b>Subject:</b> [EXT] [Openid-specs-igov] iGov status: Dec 10 WG actions and final PR for iGov OAuth 2.0 profile<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">WG members: The iGov call on Tuesday December 10 was very productive.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">1. PR#40 was merged and the “small-fixes” branch is now PR#41.
<a href="https://bitbucket.org/openid/igov/pull-requests/41">openid / igov / Pull Request #41: Final PR for OAuth 2.0 before WG review — Bitbucket</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">2. Excellent WG discussion led by John Bradley on cipher suites in general and on profile support for implementers that need to address PQ safe requirements. Your attention is invited to the permissive language for leveraging adopted PQ
safe solutions prior to their inclusion in BCP195.<o:p></o:p></p>
<p class="MsoNormal">The permissive language is added in this commit: <a href="https://bitbucket.org/openid/igov/commits/524f33e1e5a54339f486ee56364a80a157e3724b">
openid / igov / Commit 524f33e1e5a5 — Bitbucket</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">3. On Slack, Giuseppe called attention to additional considerations that surround PR#41 requirements to leverage the same PKI certificates within http and oauth apps that use mTLS for sender constraining tokens. Issue #55
<a href="https://bitbucket.org/openid/igov/issues/55/igov-oauth-potential-risk-of-using-same">
openid / igov / issues / #55 - [iGov-OAuth] Potential risk of using same certificate for http and OAuth sender-constraint — Bitbucket</a> is against PR#41.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Following merge of PR#41, the editors will call for Working Group review.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thank you!<o:p></o:p></p>
<p class="MsoNormal">Tom and Kelley, editors<o:p></o:p></p>
</div>
</body>
</html>