[openid-specs-rande] Fwd: R&Sv2 discussion / OIDC (from Mischa Salle)
Marcus Hardt
hardt at kit.edu
Mon Feb 15 08:01:28 UTC 2021
Hi There,
On 12. Feb 2021 18:28, Davide Vaghetti wrote:
> Hello Mischa,
>
> thanks a lot for forwarding this. Some comments below.
>
> On 12/02/21 10:47, Mischa Salle wrote:
> > ----- Forwarded message from Mischa Salle <msalle at nikhef.nl> -----
> >
> > Date: Thu, 11 Feb 2021 18:13:05 +0100
> > From: Mischa Salle <msalle at nikhef.nl>
> > To: appint at lists.geant.org
> > Subject: R&Sv2 discussion / OIDC
> > User-Agent: Mutt/1.10.1 (2018-07-13)
> >
> > Hi all,
> >
> > (partially copying my appint#general keybase message):
> >
> > for whoever is not aware, just to point out discussion on the new R&S
> > draft v2 [1], [2] which has also a section on OIDC, there has been some
> > discussion going on on rands at lists.refeds.org the last few days.
> >
> > I think it is crucial that more and in particular people with OIDC
> > experience give their feedback since the current draft differs from the
> > latest google doc with strawman for an OIDC R&S claims set [3], see
> > notes from of the last non-rande meetings [4].
>
> I've given just a quick look at the current discussion. What I found it
> really hard to understand is how the R&Sv2 EC could be used to "fix" all
> that's (supposedly) wrong in OIDC core --- read that the sub is not
> globally unique per se, but MUST be combined with the iss.
I think there is a certain frustration in the discussion, because
SAML-fans are very unpleased with the need to generate sub at iss. And there
are pitfalls, that might need to be addressed. (e.g. whether to
`lstrip('https://')` or if `urlencode(sub|iss)` make sense).
Discussing them in rande, and suggesting something coherent for R&Cv2 is
probably a good idea.
M.
> > It's of course still early days, but I think it would be good to give
> > our AARC/appint view on things and share our experiences, especially
> > given the dormant status of the rande WG.
> >
>
> You are very right on the dormant state of the rande WG, but that's not
> at all written in the stone and we can awake it if needed, and I'd say
> this is exactly the case.
>
> If there is enough people willing to participate to a call about the
> topic, please fill up the following doodle by Monday COB:
>
> https://doodle.com/poll/959nbrxxvpg6s6um
>
> Cheers and thanks again for the awakening :)
> Davide
>
>
> > Cheers,
> > Mischa
> >
> > [1] https://docs.google.com/document/d/1kZMdQ_T2vJJY25HZonoxIXk8Y7TCmgFyRoJ2wu4SCi8/edit#
> > [2] https://wiki.refeds.org/pages/viewpage.action?pageId=65896662
> > [3] https://docs.google.com/document/d/1FQcZEUsjRjVxR5X5uii_Ma9adFIe9ER3b4WE-wYo7hU/edit#
> > [4] https://github.com/daserzw/oidc-edu-wg/blob/master/meeting_notes.md#20200224
> >
> > ----- End forwarded message -----
> >
> >
>
> --
> Davide Vaghetti
> Consortium GARR
> Tel: +390502213158
> Mobile: +393357779542
> Skype: daserzw
>
> --
> openid-specs-rande mailing list
> openid-specs-rande at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-rande
--
Marcus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20210215/83820eec/attachment.p7s>
More information about the openid-specs-rande
mailing list