[Openid-specs-risc] Call notes

Atul Tulshibagwale atul at sgnl.ai
Tue Jul 25 18:26:22 UTC 2023 

Hi all,
Here are the notes for the call today, they are also stored here
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20230725>

-- 

<https://sgnl.ai>

Atul Tulshibagwale

CTO

<https://linkedin.com/in/tulshi> <https://twitter.com/zirotrust>
<atul at sgnl.ai>
WG Meeting: 2022-07-25
<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Agenda>Agenda

   - Simple & Complex Subject Identifiers
   <https://github.com/openid/sharedsignals/issues/85>
   - endpoint_url <-> url
   <https://github.com/openid/sharedsignals/issues/79>
   - Include format in a config example
   <https://github.com/openid/sharedsignals/issues/54>

<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Attendees>Attendees

   - Shayne Miel (Cisco)
   - Eric Karlinsky (Okta)
   - Atul Tulshibagwale (SGNL)
   - Steve Venema (ForgeRock)
   - Apoorva Deshpande (Okta)

<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Notes>Notes
<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Simple-and-Complex-Subject-Identifiers>Simple
and Complex Subject Identifiers

   - [Steve] Why are we inventing something new when the SecEvents SubIds
   draft is becoming an RFC already and has the “aliases” option
   - [Shayne] Aliases isn’t formatted correctly to hold information such as
   “user”, or “device”, or other
   - [Steve] I was thinking of “device” or “user” as extensions of SubIds
   - [Steve] we would define additional formats in the SubIds, such as
   “device”, “user”, etc.
   - [Atul] The “identifiers” is an array, which would allow duplicates of
   “user” and “device”
   - [Shayne] Benefit of using “complex”, is that you can have a “user”
   element, and it can have any format. Not so in the aliases way of doing
   things.
   - [Steve] Example came from framework spec. Main attraction is that
   subject types are well defined and registered. But you lose the semantics
   of “user” and “device” if you are just using aliases with simple subjects
   - [Shayne] Is it so bad to lose those semantics? The risk is clashes -
   i.e. a user and device being misidentified for each other. But how likely
   is that?
   - [Shayne] Feeling like maybe we don’t need Complex Subjects at all
   - [Steve] Feeling like Complex Subjects are as good as we’ve got
   - [Both] Let’s continue debate next week

<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Endpoint-URL-lt-gt-URL>Endpoint
URL <-> URL

   - [Atul] What is the sensitivity to breaking the implementer’s draft?
   - [Eric] Reviewing the thread to understand impact. Need to defer to
   Apoorva

<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Include-Format-in-Config-Example>Include
Format in Config Example

   - [Shayne] I can create a new PR for this

<https://hackmd.io/KJCbLSjETvq5xYjnoxURpA?view#Action-Items>Action Items

   - Shayne to create PR to resolve #54
   <https://github.com/openid/sharedsignals/issues/54>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230725/7e335c9f/attachment-0001.html>

More information about the Openid-specs-risc mailing list