[openid-specs-rande] today's meeting notes

Mischa Salle msalle at nikhef.nl
Tue Mar 12 10:30:58 UTC 2019 

On Mon, Mar 11, 2019 at 05:59:56PM +0100, Davide Vaghetti wrote:
> Hi,
> 
> here are the meeting notes of today's call:
> 
>  https://github.com/daserzw/oidc-edu-wg/blob/master/meeting_notes.md

Hi all,

a few small remarks (apologies for yesterday, I was multitasking a bit
too much, trying to fix a very annoying bug):

- probably good to include links to each least the two AARC docs about
  groups and capabilities G002 and G027, but probably also the new I047
  which was one I was thinking about yesterday but couldn't remember the
  number. The PDP probably doesn't have a place yet, the old google doc is
  https://docs.google.com/document/d/18Me5b63R7GKb_1gDfYH02l2sXr3mCIg_suPRw86Ye7I/edit#

- The proper link for the whitepaper is probably (currently) the PDF
  attached to
    https://wiki.refeds.org/display/CON/Consultation%3A+SAML2+and+OIDC+Mappings

- I think we should keep open for now whether or not we want to register
  claims. Let's first come up with the specification, then see if it's
  close enough to an RFC (which is the stumbling block for getting them
  in the register).

- related to the different scopes vs. claims discussions going on
  currently:
    - scitokens uses very much the scopes approach, see e.g.
      https://scitokens.org/technical_docs/Claims
      and uses a scope-per-claim to prevent the lack of support for the
      optional 'claims request'
    - Hans Zandbelt (I asked him at TIIME about support for the 'claims'
      request) is of the opinion that it's better to have the OP decide
      which claims to release for which protected endpoint/client
      combinatios than to have the client request which claims it wants.
      I don't think we can always do this, but it is an interesting
      point, in particular in AARC BPA context, where we have an
      omniscient proxy. We might be able to prevent a lot of tricky
      situations...

- +1 indeed for the authority for claims discussion on A/B connect.

- The main reason people want to have 'self-contained' tokens instead of
  using a userinfo or introspection endpoint is performance.

Cheers,
Mischa


-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190312/1fef9f66/attachment.asc>

More information about the openid-specs-rande mailing list