[Openid-specs-risc] Call notes

Tue May 2 23:53:31 UTC 2023

Hi all,
Here are the notes from today's call. They are also stored here
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view>:

-- 

<https://sgnl.ai>

Atul Tulshibagwale

CTO

<https://linkedin.com/in/tulshi> <https://twitter.com/zirotrust>
<atul at sgnl.ai>

WG Meeting: 2023-05-02
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Agenda>Agenda

   - Meeting frequency - weekly post Identiverse? (atul)
   - Async communication (smiel)
   - Combine add and remove subject endpoints:
   https://github.com/openid/sharedsignals/issues/39
   - Complex Subject with incomplete info:
   https://github.com/openid/sharedsignals/issues/32
   - Move subject out of events:
   https://github.com/openid/sharedsignals/issues/52
   - ComplexSubject format claim:
   https://github.com/openid/sharedsignals/issues/53
   - PUT/PATCH behavior for “events_delivered”:
   https://github.com/openid/sharedsignals/issues/55

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Attendees>Attendees

   - Stan Bounev (VeriClouds)
   - Atul Tulshibagwale (SGNL)
   - Nancy Cam Winget (Cisco)
   - Philip Hunt (Independent Identity)
   - Mike Kiser (SailPoint)
   - Asad Ali (Thales)
   - Jen Schreiber (Workday)
   - Eric Karlinsky (Okta)
   - Tim Cappalli (Microsoft)
   - Shayne Miel (Cisco)

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Notes>Notes
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Meeting-Frequency>Meeting
Frequency

   - Weekly frequency agreeable to Shayne, Asad, Tim, Eric, Phil, Mike

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Async-Communication>Async
Communication

   - Consider using async communication more - GitHub, Slack, Email
   - Agreed to - Atul, Tim, Phil,

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Combine-add-and-remove-subject-endpoints>Combine
add and remove subject endpoints

   - Keep one endpoint for all subject operations, and use HTTP methods
   like PATCH, DELETE on the endpoint
   - (Phil) Does DELETE allow payload?
   - Adding URL parameters is leaky due to logging
   - A combined endpoint with a payload that provides a command and the
   subject description may be another approach
   - Is adding subjects / removing subjects even scalable

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Complex-Subject-with-incomplete-info>Complex
Subject with incomplete info

   - What happens when an event has some claims and not others in the
   subject identifiers
   - Missing claims in subject should act like wildcards
   - If a Receiver has subscribed to a “user” and “session” combination,
   and the Transmitter has an event that has “user” information but not
   “session” information, should that event be sent to the Recevier?
      - Atul (yes), Phil (yes)
   - If a Receiver has subscribed to only a “user”, and the Transmitter has
   an event that has “user” information and “session” information, should that
   event be sent to the Recevier?
      - Atul (yes)
   - Missing fields are wildcards in both directions

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Move-subject-out-of-events>Move
subject out of events

   - Since the SecEvents standardizes subject identifiers, should they be
   at the high level
   - (Atul) But interpretation is dependent on event type
   - Discussion is inconclusive so far
   -

<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Action-Items>Action Items
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230502/a3859d28/attachment-0001.html>