[Openid-specs-ipsie] Initial draft of OpenID Connect IPSIE SL1 Profile

[Aaron Parecki]

Hi all,

As promised on the last call, I've started a draft of the SL1 profile for
OpenID Connect. I've attached the HTML here to contribute it to the OIDF as
per the IPR process. However you'll probably find it easier to read in the
working copy on my GitHub:

https://drafts.aaronpk.com/ipsie-openid-sl1/draft-openid-ipsie-sl1-profile.html
https://github.com/aaronpk/ipsie-openid-sl1

It's written in the same format as FAPI, and shares many of the same
requirements. I also added the requirements that we've laid out for SL1 for
ID tokens. I thought this would be better than treating it as an
implementation guide that re-states all the OAuth/OpenID request/response
parameters. While that format is definitely more helpful for developers, it
does make it a lot longer and might be harder to parse for someone wanting
to quickly check their current implementation against the requirements. Let
me know what you think though.

The two main questions that came up for me as I was putting this together
are:

* Should PAR be required? (It's required in FAPI, but we might not have the
same needs)
* What claim should we use for the IdP to indicate the RP session lifetime?
(like SAML's SessionNotOnOrAfter)

I've captured these as issues on GitHub with the "SL1" label:

https://github.com/openid/ipsie/issues?q=state%3Aopen%20label%3Asl1%20

Thanks, and sorry to miss the call next week! I look forward to catching up
with the minutes after, as well as talking with whoever will be at IETF
Bangkok!

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ipsie/attachments/20250307/dbdacacf/attachment-0001.htm>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ipsie/attachments/20250307/dbdacacf/attachment-0001.html>