[Openid-specs-risc] Call notes

Atul Tulshibagwale atul at sgnl.ai
Tue Sep 2 18:29:57 UTC 2025 

Hi all,
Here are the notes from today's call. They are also stored here
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20250902>.

It's awesome to note that the final specifications for SSF, CAEP and RISC
are now published
<https://openid.net/three-shared-signals-final-specifications-approved/>!

Thanks to everyone for their hard work, contributions and discussions that
led up to this,
Atul

-- 

 Atul Tulshibagwale

 CTO

  <https://www.linkedin.com/in/tulshi/> <atul at sgnl.ai>
---
WG Meeting: 2025-09-02 <#Agenda>Agenda

   - Final specs published!
   - Comment in AIIM about CAEP

<#Attendees>Attendees

   - Atul Tulshibagwale (SGNL)
   - Mike Kiser (SailPoint)
   - John Marchesini (Jamf)
   - Shayne Miel (Cisco)
   - Stan Bounev (Blue Label)
   - Apoorva Deshpande (Okta)
   - Sean O'Dell (Disney)
   - George Fletcher (Practical Identity)
   - Gail Hodges (OIDF)
   - Thomas Darimont (OIDF)

<#Notes>Notes <#Final-specs-are-published>Final specs are published!

   - OpenID Shared Signals Framework:
   https://openid.net/specs/openid-sharedsignals-framework-1_0-final.html
   - OpenID CAEP: https://openid.net/specs/openid-caep-1_0-final.html
   - OpenID RISC: https://openid.net/specs/openid-risc-1_0-final.html

<#CAEP-Agentic-bindings>CAEP Agentic bindings:

   - Comment in AIIM
   <https://oidf.slack.com/archives/C091VMU2R3P/p1756400981992129>
   - (Sean) When you get to register on first use, you just need to issue
   agents an ID
   - (Mike) There's some place for "OBO" transactions. We'd like to know
   not only the agent, but who the work was done on behalf of
   - (George) Gets into whether it is working autonomously or OBO.
   - (George) Are we continuously authenticating the AI agent. Are we using
   the same mechanism? Is it the short-lived credential being used?
   - (Sean) Agreed, but reality is different
   - (George) What are the relevant events from an agentic AI perspective?
   How would you revoke an agentic AI session? What would cause the backend
   system to invalidate it? What is the potential harm by doing so?
   - (George) Should an agentic AI system (MCP client, server, etc.) be
   able to leverage CAEP/SSF? Yes.
   - (Atul) "token claims change" events could also be interesting.
   - (George) Transaction audit is also very important. Shared Signals is
   an interesting infrastructure to support auditing (every system must report
   what they did in this transaction). Using the async push model is really
   useful / interesting in concept.
   - (George) when we delegate, we don't expect to be asked for every
   little thing.
   - (Mike)
   - (George) There's some min-max optimal solution that reduces user
   friction, but provides user protection
   - (George) I read the "proof of intent"
   <https://github.com/giovannypietro/poi>, but I didn't get to the details
   part. I'm not sure that is there.
   - (Atul) proof of intent seems important, but hard.
   - (George) There's one approach of "figure out everything you want, and
   then ask", but I don't think that's viable.
   - (Atul) We could use adversarial networks to verify intent.
   - (George) Agents could be used to provide the consent.
   …
   - (Sean) People implementing agents don't understand OAuth at all.
   - (George) We might need to define new events for agents

<#Interop-testing--conformance>Interop testing / conformance

   - (Thomas) How do you expose the poll endpoint from the transmitter side?
   - (Shayne) You get it as a part of the stream configuration
   -

<#Action-Items>Action Items
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250902/9683626a/attachment.htm>

More information about the Openid-specs-risc mailing list