[Openid-specs-risc] Notes from today's call

Tue Aug 17 17:28:29 UTC 2021

Hi all,
Here are the notes from today's call, also in this doc
<https://docs.google.com/document/d/1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8/edit#>

Call on 8/17/2021

Attendees:

   -

   Atul Tulshibagwale (Google)
   -

   Asad Ali (Thales)
   -

   Martin Gallo (SecureAuth)
   -

   Nancy Cam Winget (Cisco)

Agenda:

   -

   Voting status
   -

   RISC cred compromise event - discovery timestamp - is it incorporated
   -

   Use-cases between CAEP and RISC: What happens when you get the same
   event between CAEP and RISC like “session revoked”
   -

   How do we create new event types?

Notes:

   -

   Include RISC in the list of docs to be voted on
   -

   Interpretation of common events should be based on their description in
   the respective spec
   -

   Subtle differences between RISC and CAEP re: session-revoked. Is it that
   RISC specifies that “all sessions related to the subject have been
   revoked”. CAEP is more specific to one session - this difference does not
   exist anymore because the subject identifier can define a single session in
   both specs
   -

   There are overlaps between RISC and CAEP
   -

   The subject identifiers draft in IETF is not yet an RFC:
   https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/
   -

   Spec needs to be iterated to add event types
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210817/f92416c0/attachment-0001.html>