[Openid-specs-risc] Notes from todays' call

Atul Tulshibagwale atultulshi at google.com
Tue Mar 16 18:05:19 UTC 2021 

Hi all,
Here are the notes from today's call. As always, they are available here
<https://docs.google.com/document/d/1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8/edit#>
.
Call on 3/16/2021

Attendees:

   -

   Atul Tulshibagwale (Google)
   -

   Stan Bounev (VeriClouds)
   -

   Tim Cappalli (Microsoft)
   -

   Annabelle (AWS)
   -

   Matt (SailPoint)
   -

   Nick Dawson (Tesla)
   -

   Hazel (UK Foreign Office)
   -

   Salah Machani (RSA)


Agenda:

   -

   Resync should mean the currently relevant events in the time period.
   Clarify in spec
   -

   We need clearer use cases of where this will be useful
   -

   What is the use-case or scenario where a querying mechanism or a retry
   in the push mechanism won’t solve the problem.
   -

   Atul to work on a use-case
   -

   Atul to incorporate PR feedback and merge PR into the caep-draft-01
   branch
   -

   Tim’s PR review
   -

      Event timestamp should always be less than the “iat” claim. Although
      the event timestamp is in ms, whereas “iat” is in seconds.
      -

      Receiver must reject events that have an event timestamp in the future
      -
      -

   Data Models open source code from SailPoint
   https://github.com/sailpoint-oss/openid-sse-model
   -

   All - Please provide complex subject taxonomy use cases
   -

   Compromised credential event:
   -

      3 use-cases - a) credential found on the dark web, b) Transmitter
      considers cred compromised based on their heuristic and c) ?
      -

      In (b), what is the criteria for sending the event? Do we address
      this in the spec?
      -

      What are the use-cases when an IdP will send a credential compromised
      event rather than a session revoked event?
      -

      In a compromised event, the SP can go into an investigation to find
      the cause.
      -

      Stan to provide a use-case.






Atul Tulshibagwale

Software Engineer,

Google Workspace

atultulshi at google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210316/7387c476/attachment-0001.html>

More information about the Openid-specs-risc mailing list