<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="margin-left:15px;box-sizing:border-box"><span style="box-sizing:border-box">Do SSF JWTs need to be signed? Current understanding is that they don’t need to be signed if sent on an integrity protected transport like TLS</span></li></ul></blockquote><div>The SSF architecture seems to treat the SET (JWT) generator as separate from the Transmitter function. Do real implementations approximate this division or are the SET generator and transmitter functions typically combined? In any case, I imagine that a stream consumer would be much more interested in validating the <i>source</i> of the SET than the confidentiality or integrity specifics of the transmitter/receiver transport.</div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-Steve</div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 7, 2023 at 10:58 PM Atul Tulshibagwale via Openid-specs-risc <<a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div>Sorry for leaving the call early. Here are the notes from today's call. They are also stored <a href="https://hackmd.io/@oidf-wg-sse/wg-meeting-20230308" target="_blank">here</a>.</div><div><br></div><div>Atul</div><div><br></div><span>-- </span><br><div dir="ltr"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="142"><col width="482"></colgroup><tbody><tr style="height:0pt"><td style="vertical-align:middle;overflow:hidden"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><a href="https://sgnl.ai" target="_blank"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:137px;height:68px"><img src="https://lh3.googleusercontent.com/aO7jB_JqOxA0tVDXsAotNQnsfEkxEORgtkVnVFrmkR7O8j3B4lbbRsGFuprzQhfDmri2YH8_dnjPiZnGMZxIcT9xRcdY6rYm-xGophLkgvl_v8istAefyh4qkSVINQtPfcmq5BZiKbfFHmursSUHyll1jEWBTd--nw26MIMKd86Br32rGZkvJwnEED_nzQ" width="137" height="68" style="margin-left: 0px; margin-top: 0px;"></span></span></a></p></td><td style="vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Atul Tulshibagwale</span></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">CTO </span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://linkedin.com/in/tulshi" target="_blank"><img src="https://lh6.googleusercontent.com/ezm4lDcLtajK4RMqqHALoRgXyaC4HRlw0wWsR2Jvms0V9Wrxr3x5G66zsUrYpRXyeJ3RwLS3GdKUwO0Ui5mXPodSkUx8Xsarf_vj6WlJ05Y1qJoMFTlCZnEgtHvlJ7_7Dr7zWNjkvf3nMW9u1P5ye76SeHgz2QqGQ_rm-sjqYOS-vH1UZL7Yiewi4UO3Qw" width="20" height="27" style="margin-left: 0px; margin-top: 0px;"></a> </span></span><span style="font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://twitter.com/zirotrust" target="_blank"><img src="https://lh6.googleusercontent.com/HAnAvykj318aQf5zTUZkjIJDtwelDecFi5d-idBrpUDBj7aKTdup5Mfia6UIbXTAP46zg7gigNnroQ9he3j81Sf9qCRRSS-w_nZ3oSXJnYLbPlCXgt6IqoifgHXETuJSRvFIZRIdn_aAbtp8ilKFyIVuTXjVe6cNAfXc5KZNwJeYinwfZZxVvHHaR5uIdQ" width="20" height="27" style="margin-left: 0px; margin-top: 0px;"></a> </span></span><a href="mailto:atul@sgnl.ai" target="_blank"><img src="https://lh3.googleusercontent.com/63PpVJLMybZyfD61JVu0TVH_KkP_IhneeBpDNvbd1KeSFJn6KZzWCgp4hFbrTrIxfksYyM-_wOjNKbjEhSQ2khRXVI3XKcwABLNLI_bFjkN0_NgVoijs_nIRcVJKeQm0s0MRdtkUkCOp5Omyv1faqcNiQxGEUyAvmE9HkeeQCeHa-LxleK0oHSAyQrDY6g" width="21" height="21" style="background-color: transparent; color: rgb(0, 0, 0); font-family: Arial; white-space: pre-wrap; margin-left: 0px; margin-top: 0px;"></a></font></p></td></tr></tbody></table><br></div><div dir="ltr" style="margin-left:0pt" align="left">---</div><div dir="ltr" style="margin-left:0pt" align="left"><h2 id="m_3747240506673312536gmail-Agenda" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><span style="box-sizing:border-box">Agenda</span></h2><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="box-sizing:border-box"><span style="box-sizing:border-box">[Atul] Review </span><a href="https://github.com/openid/sharedsignals/issues" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none" target="_blank"><span style="box-sizing:border-box">open issues</span></a></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Discuss making jwks_uri optional (</span><a href="https://github.com/openid/sharedsignals/issues/44" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none" target="_blank"><span style="box-sizing:border-box">Open Issue #44</span></a><span style="box-sizing:border-box">)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Create stream issues (</span><a href="https://github.com/openid/sharedsignals/issues/45" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none" target="_blank"><span style="box-sizing:border-box">#45</span></a><span style="box-sizing:border-box"> and </span><a href="https://github.com/openid/sharedsignals/issues/46" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none" target="_blank"><span style="box-sizing:border-box">#46</span></a><span style="box-sizing:border-box">)</span></li></ul><h2 id="m_3747240506673312536gmail-Attendees" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#Attendees" title="Attendees" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Attendees</span></h2><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="box-sizing:border-box"><span style="box-sizing:border-box">Atul Tulshibagwale (SGNL)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Debora Comparin (Thales)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Eric Karlinsky (Okta)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Greg Brown (Axiad)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Peter Travers (Beyond Identity)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Shayne Miel (Cisco)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Topher Marie (Strata)</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Tim Cappalli (Microsoft)</span></li></ul><h2 id="m_3747240506673312536gmail-Notes" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#Notes" title="Notes" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Notes</span></h2><h3 id="m_3747240506673312536gmail-JWKS-URI-44" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#JWKS-URI-44" title="JWKS-URI-44" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">JWKS URI (#44)</span></h3><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="box-sizing:border-box"><span style="box-sizing:border-box">Do SSF JWTs need to be signed? Current understanding is that they don’t need to be signed if sent on an integrity protected transport like TLS</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Can we make the jwks_uri field in the Transmitter Configuration Metadata optional? Yes, [Eric], no objections</span></li></ul><h3 id="m_3747240506673312536gmail-Create-Stream-Issues-45" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#Create-Stream-Issues-45" title="Create-Stream-Issues-45" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Create Stream Issues (#45)</span></h3><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="box-sizing:border-box"><span style="box-sizing:border-box">Discovering “events_supported” before creating a stream:</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Requirement seems real, we can alter the response to pull “events_supported” out of each stream’s configuration</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">We could add a separate endpoint to get the events supported</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Separate endpoint is the preferred option in the call (Shayne, Tim and Peter). The endpoint couldbe called “get events supported”</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">We should not remove the “events_supported” field from the existing response to “get stream configuration” because the events supported may be different per stream</span></li><li style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">We should not have a “stream id” parameter to the new endpoint to “get supported events”</span></li></ul><h3 id="m_3747240506673312536gmail-Create-Stream-Issue-46" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#Create-Stream-Issue-46" title="Create-Stream-Issue-46" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Create Stream Issue (#46)</span></h3><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li style="box-sizing:border-box"><span style="box-sizing:border-box">Continue discussion next time</span></li></ul><h2 id="m_3747240506673312536gmail-Action-Items" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a href="https://hackmd.io/xJwP1JHKQs6YLhVDEtdLKQ?view#Action-Items" title="Action-Items" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1" target="_blank"><span style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Action Items</span></h2></div></span></div></div></div>
_______________________________________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-risc" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-risc</a><br>
</blockquote></div>