[Openid-specs-risc] notes from today's call

Atul Tulshibagwale atultulshi at google.com
Tue Jun 8 17:22:17 UTC 2021 

Hi all,
Here are the notes from today's short call. They are also available in
this shared
document
<https://docs.google.com/document/d/1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8/edit?usp=sharing>
.

Call on 6/8/2021

Attendees:

   -

   Atul Tulshibagwale (Google)
   -

   Matt Domsch (SailPoint)
   -

   Stan Bounev (VeriClouds)
   -

   Asad Ali (Thales)
   -

   Martin Gallo (SecureAuth)
   -

   Mike Kiser (SailPoint)


Agenda:

   -

   Review period has begun
   -

   RISC spec work
   -


Notes:

   -

   Implementation of the new event type was not clear
   -

   Feedback from Mike Jones:


Pending feedback (to CAEP and SSE):

   -

   Because I’m going to leave the currently published drafts available as
   -00 for the historical record, please add 01 draft identifiers to the ones
   we’re about to publish.  Specifically, please edit the titles to change
   “OpenID Shared Signals and Events Framework Specification 1.0” to “OpenID
   Shared Signals and Events Framework Specification 1.0 - draft 01” and
   “OpenID Continuous Access Evaluation Profile 1.0” to “OpenID Continuous
   Access Evaluation Profile 1.0 - draft 01”.
   -

   Please remove the version identifiers from the bitbucket repository.
   Specifically, please do git renames of the *-00.html files to *.html.  (The
   repository versions should always be the current versions.)
   -

   Please change the specification dates from May 22, 2021 to June 8, 2021
   (or whatever date you do the actual edits).
   -

   Please change the draft identifier openid-caep-spec-1_0 to
   openid-caep-specification-1_0 so that it matches the names in the
   repository.
   -

   Please include the link
   https://openid.net/specs/openid-connect-discovery-1_0.html in the
   [OPENID-DISCOVERY] reference.
   -

   Please change “Level 1” to “Level 2” in the WebAuthn reference.


Feedback already incorporated (in CAEP and SSE):

   -

   The [CAEP] reference should be moved to a Non-Normative References
   section.
   -

   [DELIVERYPOLL] should reference RFC 8936 "Poll-Based Security Event
   Token (SET) Delivery Using HTTP", November 2020.
   -

   [DELIVERYPUSH] should reference RFC 8935 "Push-Based Security Event
   Token (SET) Delivery Using HTTP", November 2020.
   -

   [MGMTAPI] should be moved to the Non-Normative References section.
   -

   [OAUTH-DISCOVERY] should reference RFC 8414 "OAuth 2.0 Authorization
   Server Metadata", June 2018.
   -

   [OIDC-DISCOVERY] should be renamed to [OPENID-DISCOVERY].
   -

   [SUBIDS] should reference draft-ietf-secevent-subject-identifiers-08
   <https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers>
   -

   [USECASES] should be moved to the Non-Normative References section.



   -

   Change the copyright years to 2021.  (In
   https://openid.net/specs/openid-sse-framework-1_0.html, the year is
   currently 2020.  In
   https://openid.net/specs/openid-caep-specification-1_0.html, the year is
   currently 2017!)
   -

   Include publication dates.  This is missing in both drafts.  Compare
   this to https://openid.net/specs/fapi-2_0-baseline-00.html (which I
   believe was generated from MarkDown), where there’s a “Published:” date and
   to https://openid.net/specs/openid-connect-federation-1_0.html (which
   was generated from XML), where the date is in the header material.  The
   publication dates included should be the day that you make the edits in
   June this year.
   -

   Include draft numbers.  This is also missing in both drafts.  Compare
   this to https://openid.net/specs/fapi-2_0-baseline-00.html where the
   draft number (in this case -00) is included in the draft identifier and to
   https://openid.net/specs/openid-connect-federation-1_0.html), where the
   draft number (draft 16) is included in the draft title.  Either method is
   acceptable.  I need this to know what draft suffix to use for the permanent
   posting of the draft.  For instance, the current Federation draft will
   always be available at
   https://openid.net/specs/openid-connect-federation-1_0-16.html - even
   though the content of
   https://openid.net/specs/openid-connect-federation-1_0.html will
   change.  FYI, I’ve also posted your current drafts as -00 but I can change
   that if that’s incorrect.  I assume you’ve had multiple internal drafts
   that just weren’t posted at openid.net/specs/ and so the current actual
   draft numbers of these will some positive integer, reflecting the current
   review draft numbers in the working group.









Atul Tulshibagwale

Software Engineer,

Google Workspace

atultulshi at google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210608/15a416ca/attachment-0001.html>

More information about the Openid-specs-risc mailing list