<div dir="ltr">Hi all,<br><div>Here are the call notes for today's call. They are also stored <a href="https://hackmd.io/@oidf-wg-sse/wg-meeting-20230627">here</a>.</div><div><br></div><div>Atul</div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="142"><col width="482"></colgroup><tbody><tr style="height:0pt"><td style="vertical-align:middle;padding:-9.432pt -9.432pt -9.432pt -9.432pt;overflow:hidden"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><a href="https://sgnl.ai" target="_blank"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:137px;height:68px"><img src="https://lh3.googleusercontent.com/aO7jB_JqOxA0tVDXsAotNQnsfEkxEORgtkVnVFrmkR7O8j3B4lbbRsGFuprzQhfDmri2YH8_dnjPiZnGMZxIcT9xRcdY6rYm-xGophLkgvl_v8istAefyh4qkSVINQtPfcmq5BZiKbfFHmursSUHyll1jEWBTd--nw26MIMKd86Br32rGZkvJwnEED_nzQ" width="137" height="68" style="margin-left:0px;margin-top:0px"></span></span></a></p></td><td style="vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden"><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Atul Tulshibagwale</span></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">CTO </span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://linkedin.com/in/tulshi" target="_blank"><img src="https://lh6.googleusercontent.com/ezm4lDcLtajK4RMqqHALoRgXyaC4HRlw0wWsR2Jvms0V9Wrxr3x5G66zsUrYpRXyeJ3RwLS3GdKUwO0Ui5mXPodSkUx8Xsarf_vj6WlJ05Y1qJoMFTlCZnEgtHvlJ7_7Dr7zWNjkvf3nMW9u1P5ye76SeHgz2QqGQ_rm-sjqYOS-vH1UZL7Yiewi4UO3Qw" width="20" height="27" style="margin-left:0px;margin-top:0px"></a> </span></span><span style="font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://twitter.com/zirotrust" target="_blank"><img src="https://lh6.googleusercontent.com/HAnAvykj318aQf5zTUZkjIJDtwelDecFi5d-idBrpUDBj7aKTdup5Mfia6UIbXTAP46zg7gigNnroQ9he3j81Sf9qCRRSS-w_nZ3oSXJnYLbPlCXgt6IqoifgHXETuJSRvFIZRIdn_aAbtp8ilKFyIVuTXjVe6cNAfXc5KZNwJeYinwfZZxVvHHaR5uIdQ" width="20" height="27" style="margin-left:0px;margin-top:0px"></a> </span></span><a href="mailto:atul@sgnl.ai" target="_blank"><img src="https://lh3.googleusercontent.com/63PpVJLMybZyfD61JVu0TVH_KkP_IhneeBpDNvbd1KeSFJn6KZzWCgp4hFbrTrIxfksYyM-_wOjNKbjEhSQ2khRXVI3XKcwABLNLI_bFjkN0_NgVoijs_nIRcVJKeQm0s0MRdtkUkCOp5Omyv1faqcNiQxGEUyAvmE9HkeeQCeHa-LxleK0oHSAyQrDY6g" width="21" height="21" style="background-color:transparent;color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;margin-left:0px;margin-top:0px"></a></font></p></td></tr></tbody></table><br></div><div dir="ltr" style="margin-left:0pt" align="left"><div class="gmail-title-tags-preview" style="box-sizing:border-box;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px;margin-top:0px"><h1 class="gmail-font-bold gmail-text-19 gmail-leading-120 gmail-!mt-0 gmail-text-zinc-800" id="gmail-WG-Meeting-2022-06-27" style="box-sizing:border-box;margin:24px 0px 16px;font-family:inherit;line-height:1.25;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)">WG Meeting: 2022-06-27</h1><div class="gmail-flex gmail-flex-wrap gmail-gap-1 gmail-mb-4" style="box-sizing:border-box;margin-bottom:16px;display:flex"></div></div><h1 class="gmail-part" id="gmail-WG-Meeting-2022-" style="box-sizing:border-box;margin:24px 0px 16px;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#WG-Meeting-2022-" title="WG-Meeting-2022-" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">WG Meeting: 2022-</span></h1><h2 class="gmail-part" id="gmail-Agenda" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Agenda" title="Agenda" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Agenda</span></h2><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Pull requests</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Standardized scopes</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Subject Identifiers</span></li></ul><h2 class="gmail-part" id="gmail-Attendees" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Attendees" title="Attendees" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Attendees</span></h2><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Atul Tulshibagwale (SGNL)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Shayne Miel (Cisco)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Eric Karlinsky (Okta)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Topher Marie (Strata)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Steve Venema (ForgeRock)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Apoorva Deshpande (Okta)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Phil Hunt (Independent ID)</span></li></ul><h3 class="gmail-part" id="gmail-Guests" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Guests" title="Guests" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Guests</span></h3><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Muneera (Apple)</span></li></ul><h2 class="gmail-part" id="gmail-Notes" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Notes" title="Notes" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Notes</span></h2><h3 class="gmail-part" id="gmail-Pull-Requests" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Pull-Requests" title="Pull-Requests" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Pull Requests</span></h3><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Most pull requests are merged. A few waiting on a pending review</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Building HTML. Look at: </span><put url here></put></li></ul><h3 class="gmail-part" id="gmail-Standardized-Scopes" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Standardized-Scopes" title="Standardized-Scopes" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Standardized Scopes</span></h3><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">[Eric] How does a Receiver know which scopes to request in order to setup a stream</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Can extend that to other functionalities, e.g. Poll a Stream</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Eric] Can we have an attribute in the well-known endpoint, which is an array of scopes that are supported. It could be two separate attributes. This could solve it.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">How does a Receiver know which of the scopes are absolutely needed versus not needed.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">There should be some indication of which scopes can do what</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] I had a proposal:</span></li></ul><pre class="gmail-part gmail-in-view" style="box-sizing:border-box;overflow:auto;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13.6px;padding:16px;margin-top:0px;margin-bottom:16px;line-height:1.45;color:rgb(51,51,51);word-break:break-all;background-color:rgb(247,247,247);border-radius:3px;letter-spacing:0.35px;border:inherit"><code class="gmail-json gmail-hljs" style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13.6px;padding:0px;background:transparent;border-radius:3px;display:inline;overflow:visible;margin:0px;word-break:normal;border:0px;line-height:inherit;color:inherit">   <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">{</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"issuer"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com">https://tr.example.com</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"jwks_uri"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/jwks.json">https://tr.example.com/jwks.json</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"delivery_methods_supported"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">[</span>
       <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">{</span> <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"method"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"urn:ietf:rfc:8935"</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">}</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
       <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">{</span>
         <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"method"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"urn:ietf:rfc:8936"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
         <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"scopes_supported"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">[</span><span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"poll_stream"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"read"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">]</span>
       <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">}</span>
     <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">]</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"configuration_endpoint"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">{</span>
       <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"url"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/ssf/mgmt/stream">https://tr.example.com/ssf/mgmt/stream</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
       <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"scopes_supported"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">[</span><span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"create_stream"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">]</span>
     <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">}</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"status_endpoint"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/ssf/mgmt/status">https://tr.example.com/ssf/mgmt/status</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"add_subject_endpoint"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/ssf/mgmt/subject:add">https://tr.example.com/ssf/mgmt/subject:add</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"remove_subject_endpoint"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/ssf/mgmt/subject:remove">https://tr.example.com/ssf/mgmt/subject:remove</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"verification_endpoint"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span>
       <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"<a href="https://tr.example.com/ssf/mgmt/verification">https://tr.example.com/ssf/mgmt/verification</a>"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span>
     <span class="gmail-token gmail-property" style="box-sizing:border-box;color:rgb(153,0,85)">"critical_subject_members"</span><span class="gmail-token gmail-operator" style="box-sizing:border-box;color:rgb(154,110,58);background:rgba(255,255,255,0.5)">:</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">[</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"tenant"</span><span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">,</span> <span class="gmail-token gmail-string" style="box-sizing:border-box;color:rgb(102,153,0)">"user"</span> <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">]</span>
   <span class="gmail-token gmail-punctuation" style="box-sizing:border-box;color:rgb(153,153,153)">}</span>
</code></pre><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">[Eric] For any of this, we need authentication</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Eric] We should require the metadata to have scopes if an endpoint requires authentication</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] I’d expect there to be an OAuth server to issue the token with the scopes. And what is the nature of the client? Is it another SSF server? Is it a command line tool?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] If you’re building a command line tool, you need to specify both endpoints, but the spec defines only one endpoint</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] The spec assumes it is always one server talking to another token</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Just putting scopes doesn’t define where the AuthZ server is</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Shayne] Access token doesn’t contain the stream ID</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] Interop will be a pain point if we don’t have standardized scopes</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve, Atul] We could recommend a set of scopes and still allow other scopes to be used</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Eric] What is the namespace these scopes are in? Are they globally unique? How do we avoid conflicts with existing scopes?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] Can we define a SSF namespace?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Shayne] Do they need to be globally unique? The OpenID Connect scopes seem very simple like “profile” or “email”</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] You don’t need to register with IANA, you can just use a URN syntax like </span><code style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13.6px;padding:0.2em 0px;background-color:rgba(0,0,0,0.04);border-radius:3px;margin:0px;color:inherit">urn:openid:ssf:create_stream</code><span style="box-sizing:border-box"> or something like that</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Everyone on the call agrees that having a few standard scopes that are recommended, but allowing Transmitters to use different scopes will be a good addition to the spec</span></li></ul><h3 class="gmail-part gmail-in-view" id="gmail-Subject-Identifiers" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;font-size:1.25em;letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Subject-Identifiers" title="Subject-Identifiers" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Subject Identifiers</span></h3><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">[Atul] Should subjects be at the top level, or should they be inside events. Also, should we use “sub_id” as the SecEvents Subject Identifiers spec is now standardizing that.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] From a common processing / routing point of view, how can a router or processor avoid having to parse individual events. It should just be able to parse top-level items such as “aud” or “exp”</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] Streams may need to filter by subjects, if it is at the top-level, it will be better</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Shayne] Can we do both? Always put it at the top-level, but include it within the event when the event demands it</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Does putting “subject” as a required field in every “events” claim solve?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] This could be problematic if events are encrypted. The subject being available at the top-level can help route events even if the contents are encrypted</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] The point is to use a registered claim.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Apporva] If routing is the concern, wouldn’t it suffice to put the stream id in the JWT?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Shayne] The stream ID is specific to the Tx - Rx communication, so shouldn’t be in the JWT</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] My use case: Each SCIM server in a cluster is using a common router to push events. You may have multiple hops involved before the SCIM Receiver receives the event. You will need to re-sign the event at each hop if the stream ID is in the JWT.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Since the stream ID information is at the URL level, even before getting to the JWT, so it’s not a concern for routing</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] A single trigger may cause a SCIM and a RISC event (e.g. password changed), and if the formats are different, the routing logic for each type of event will need different processing</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Shayne] Existing events that have encrypted payloads don’t use SSF right now, extracting the </span><code style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13.6px;padding:0.2em 0px;background-color:rgba(0,0,0,0.04);border-radius:3px;margin:0px;color:inherit">sub_id</code><span style="box-sizing:border-box"> to the top-level may enable those events to use SSF</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] Struggling with a single subject. How would you decide which is the more important subject in a hypothetical “transfer” event.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] We need the concept of a primary subject, otherwise how would you do “add subject” and “remove subject”</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] We have “complex” in SSF, but the SubIds draft talks about “aliases”, can we reconcile those?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] I only realized this because we cannot deploy SET PUSH and POLL on a point-to-point basis. We have to have recovery points, and routing becomes important.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] We have the PUSH and POLL RFCs, does it make sense to have a different RFC for these complex store and forward cases?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] SSF defines registration (which is different for push vs poll)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Apoorva] Circling back to the encryption requirement. If we encrypt the event, and have a sub_id that is outside, won’t we be leaking PII? We would need to encrypt the subject in order to get this. (+1 from Shayne and Phil)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] We may want to keep the spec the same to avoid conflicting with existing implementations</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Phil] If SCIM and CAEP/RISC events differ a lot, then the processing infrastructure gets complex. Non-standard placement of subject will kill interop</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Steve] If you add a top-level claim then doesn’t the spec say you can ignore that claim.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">[Atul] Should we discuss the top-level sub_id with replication in events?</span></li></ul><h2 class="gmail-part gmail-in-view" id="gmail-Action-Items" style="box-sizing:border-box;font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";line-height:1.25;color:rgb(51,51,51);margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238);letter-spacing:0.35px"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/i9spoIOLRkGuco8JThJbSw?view#Action-Items" title="Action-Items" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Action Items</span></h2><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em;color:rgb(51,51,51);font-family:-apple-system,"system-ui","Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;letter-spacing:0.35px"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Atul to create an issue to describe the scopes requirement</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Shayne to double check if he has proposed the top-level sub_id in the GitHub issue.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Phil to investigate whether unknown claims are required to be understood</span></li></ul></div></span></div></div></div>