[Openid-specs-risc] Notes from the call on 3/9/2021
Atul Tulshibagwale
atultulshi at google.com
Tue Mar 9 19:04:47 UTC 2021
Hi all,
Here are the notes from today's meeting. They are also available in this
shared doc
<https://docs.google.com/document/d/1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8/edit>
:
Attendees:
-
Atul Tulshibagwale (Google)
-
Tim Cappalli (Microsoft)
-
Nick Dawson (Tesla)
-
Asad Ali (Thales)
-
William Salusky (Verizon Media)
-
Matt Domsch (SailPoint)
-
Annabelle Backman (AWS)
-
Stan Bounev (VeriClouds)
Agenda:
-
Credential change event (Stan)
-
Review feedback on Atul’s PR (Atul)
-
Review feedback on Tim’s PR (Tim)
-
Resync request (Atul)
Notes:
-
RISC “credential change required” is a historical event rather than a
“command”, and that was by design
-
Please respond to Stan’s email regarding any concerns about the
“credential compromised” event.
-
PR review: We can try to arrive at a common understanding of what the
terms “user”, “device”, “session”, etc. mean.
-
We should come up with examples of what we mean by these terms and add
that to the use-cases doc. Everyone should respond to an email thread that
Annabelle starts to arrive at these examples
-
Claims within a complex subject should be extensible
-
The “subject identifier” spec will specify the identifier formats, and
not the scoping
-
Use “subject type” for the subjects in the SSE profile. Atul to clarify
language about the claim name being defined in the event type spec.
-
“Existing subject types” should be from the IANA registry, not the
SUBIDS spec (Atul to make this change)
-
Atul to broaden the definition of Subject Principals
-
Change the word “claim” used in the SSE profile (Annabelle to do post PR
merge)
Atul Tulshibagwale
Software Engineer,
Google Workspace
atultulshi at google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210309/86c31928/attachment.html>
More information about the Openid-specs-risc
mailing list