<div dir="ltr">Hi all,<br><div>Here are the notes from today's call. They are also stored <a href="https://hackmd.io/@oidf-wg-sse/wg-meeting-20230822">here</a>.</div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="142"><col width="482"></colgroup><tbody><tr style="height:0pt"><td style="vertical-align:middle;padding:-9.432pt -9.432pt -9.432pt -9.432pt;overflow:hidden"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><a href="https://sgnl.ai" target="_blank"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:137px;height:68px"><img src="https://lh3.googleusercontent.com/aO7jB_JqOxA0tVDXsAotNQnsfEkxEORgtkVnVFrmkR7O8j3B4lbbRsGFuprzQhfDmri2YH8_dnjPiZnGMZxIcT9xRcdY6rYm-xGophLkgvl_v8istAefyh4qkSVINQtPfcmq5BZiKbfFHmursSUHyll1jEWBTd--nw26MIMKd86Br32rGZkvJwnEED_nzQ" width="137" height="68" style="margin-left:0px;margin-top:0px"></span></span></a></p></td><td style="vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden"><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Atul Tulshibagwale</span></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Work Sans",sans-serif;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">CTO </span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:"Work Sans",sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://linkedin.com/in/tulshi" target="_blank"><img src="https://lh6.googleusercontent.com/ezm4lDcLtajK4RMqqHALoRgXyaC4HRlw0wWsR2Jvms0V9Wrxr3x5G66zsUrYpRXyeJ3RwLS3GdKUwO0Ui5mXPodSkUx8Xsarf_vj6WlJ05Y1qJoMFTlCZnEgtHvlJ7_7Dr7zWNjkvf3nMW9u1P5ye76SeHgz2QqGQ_rm-sjqYOS-vH1UZL7Yiewi4UO3Qw" width="20" height="27" style="margin-left:0px;margin-top:0px"></a> </span></span><span style="font-family:"Work Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:20px;height:27px"><a href="https://twitter.com/zirotrust" target="_blank"><img src="https://lh6.googleusercontent.com/HAnAvykj318aQf5zTUZkjIJDtwelDecFi5d-idBrpUDBj7aKTdup5Mfia6UIbXTAP46zg7gigNnroQ9he3j81Sf9qCRRSS-w_nZ3oSXJnYLbPlCXgt6IqoifgHXETuJSRvFIZRIdn_aAbtp8ilKFyIVuTXjVe6cNAfXc5KZNwJeYinwfZZxVvHHaR5uIdQ" width="20" height="27" style="margin-left:0px;margin-top:0px"></a> </span></span><a href="mailto:atul@sgnl.ai" target="_blank"><img src="https://lh3.googleusercontent.com/63PpVJLMybZyfD61JVu0TVH_KkP_IhneeBpDNvbd1KeSFJn6KZzWCgp4hFbrTrIxfksYyM-_wOjNKbjEhSQ2khRXVI3XKcwABLNLI_bFjkN0_NgVoijs_nIRcVJKeQm0s0MRdtkUkCOp5Omyv1faqcNiQxGEUyAvmE9HkeeQCeHa-LxleK0oHSAyQrDY6g" width="21" height="21" style="background-color:transparent;color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;margin-left:0px;margin-top:0px"></a></font></p></td></tr></tbody></table><div class="gmail-row gmail-ui-content" style="box-sizing:border-box;margin-right:0px;margin-left:0px;height:833px;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"><div class="gmail-relative gmail-h-full gmail-ui-view-area" style="box-sizing:border-box;height:833px;padding-left:15px;padding-right:15px"><div class="gmail-ui-infobar gmail-container-fluid gmail-unselectable gmail-hidden-print gmail-comment-enabled" style="box-sizing:border-box;padding-right:15px;padding-left:15px;max-width:760px;color:rgb(119,119,119)"><div class="gmail-ui-comment-app" id="gmail-hackmd-app" style="box-sizing:border-box;width:45px"><div id="gmail-comment-app" style="box-sizing:border-box"><div class="gmail-comments-scroller" style="box-sizing:border-box"><div class="gmail-comments-containers" style="box-sizing:border-box"></div></div></div></div></div><div id="gmail-doc" class="gmail-markdown-body gmail-container-fluid gmail-comment-enabled" style="box-sizing:border-box;padding:40px 15px;margin-right:auto;margin-left:auto;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:16px;line-height:1.5;max-width:758px;overflow:visible"><h1 class="gmail-part gmail-in-view" id="gmail-WG-Meeting-2023-08-22" style="box-sizing:border-box;margin:0px 0px 16px;font-family:inherit;line-height:1.25;color:inherit;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#WG-Meeting-2023-08-22" title="WG-Meeting-2023-08-22" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">WG Meeting: 2023-08-22</span></h1><h2 class="gmail-part gmail-in-view" id="gmail-Agenda" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Agenda" title="Agenda" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Agenda</span></h2><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">supported_scopes / OAuth server discovery discussion</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(smiel) Why do we have a </span><code style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13.6px;padding:0.2em 0px;background-color:rgba(0,0,0,0.04);border-radius:3px;margin:0px;color:inherit">format</code><span style="box-sizing:border-box"> field in the Stream Configuration? </span><a href="https://github.com/openid/sharedsignals/pull/87#discussion_r1276951345" target="_blank" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none"><span style="box-sizing:border-box">PR 87 discussion</span></a></li></ul><h2 class="gmail-part gmail-in-view" id="gmail-Attendees" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Attendees" title="Attendees" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Attendees</span></h2><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Atul Tulshibagwale (SGNL)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Shayne Miel (Cisco)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Mike Kiser (SailPoint)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Phil Hunt (Independent ID)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Eric Karlinsky (Okta)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Steve Venema (ForgeRock)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Victor Lu (Guest /)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Yair Sarig (VMWare)</span></li></ul><h2 class="gmail-part gmail-in-view" id="gmail-Notes" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Notes" title="Notes" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Notes</span></h2><h3 class="gmail-part gmail-in-view" id="gmail-Supported-Scopes-issue" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;font-size:1.25em"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Supported-Scopes-issue" title="Supported-Scopes-issue" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Supported Scopes issue</span></h3><ul class="gmail-part gmail-in-view" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Adding “supported_scopes” causes SSF to require OAuth</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">This is not considered to be reasonable for SSF</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">IdPs may defined different authentication / authorization mechanisms for SSF</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Adding any authorization specific information in SSF, it may not be scalable for other mechanisms</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">OAuth discovery can be used instead for finding scopes and authorization servers</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Server can respond with the “WWW-Authenticate” response to unauthenticated requests</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Some implementations require tokens for authorization of Poll or Push endpoints. Those implementations already require OAuth. If an admin updates one or more streams, does the admin require different tokens?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Does the draft specify anything about stream with the bearer token?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) With the updated draft (multiple streams), the endpoint is in the URL and not related to the token.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) In 8935/8936 (Poll/Push) drafts, there is no information in the token</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">You could specify the endpoint per stream</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) that would be required if we did that, do we need to add anything in the spec</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) We’re practically in an OAuth world, so it may not be a bad idea to have some simplification in the spec</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) This is not the only mechanism, there will be others, so we should have decoupling</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) Should we remove all authorization related information from the SSF spec?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Some implementations use a bearer token incorrectly (without the “Bearer” prefix in the header)</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Yair) I recommend we decouple the authorization from the SSF spec</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) Do we need to …</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) My PR proposes that the Transmitter Configuration Metadata can specify the authorization schemes</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Yair) If someone has subscribed to a service, they should know how to authorize their requests</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Some of this work has been done in the SCIM working group</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) We should follow a model similar to SCIM in SSF, unless we want to simplify the spec by requiring one pattern, but that might be a tradeoff. Systems that receive events may be highly varied (including IoT), so flexibility is good</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil, Apoorva) We should perhaps soften the “Should” in Section 8 to “May”. Apoorva’s PR removes this section.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) We should have some discussion on authorization in the Security Considerations section. Event delivery, administration, configuration updates, status, etc.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Yair) We should mention the desired security properties of endpoints</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) Why should the spec bother with this?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Hypothetical example: client can auth to say, Google, using 3 ways, mTLS, signed event or bearer token</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) WG made the decision to not have signed SETs, this also ties back to the security. “jwks_uri” was REQUIRED, and now it says OPTIONAL</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) That may be a mistake, because SCIM requires it. Events are stored for historical use, and knowing that those events are legitimate.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) From my perspective, interoperability is important, and this is fundamental to it. Should we have different profiles? E.g. a bearer token profile?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) We won’t have to have these profiles immediately, but we can do this as a part of the interoperability work ahead.</span></li></ul><h3 class="gmail-part" id="gmail-format-PR" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;font-size:1.25em"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#format-PR" title="format-PR" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">format PR</span></h3><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">(Shayne) Do we want the format field in the stream configuration?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) Adding the format in the stream configuration breaks the flexibility that a Transmitter can provide different event types with different subject formats</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) If you use the IETF sub_id format in SSF, then this is simple. Multiple events can be expressed differently. Transmitter and Receiver need to negotiate how specific events will be formatted</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) At scale, there is a challenge if each Receiver desires a different format for the subject.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) When a Receiver creates a stream, they specify the event_types and the format for the stream as a whole</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) sub_id is abstracted away from the event type now, it is a top-level claim now in the SET</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Operationally, we should be able to create a stream with different event types, for some class of events you may want certain sub_id formats. It might be too complex</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Apoorva) From an implementation point of view, one event could have two different sub formats. Does the Transmitter skip events that doesn’t match the format?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) If the Receiver and Transmitter don’t have agreement, the events may get ignored anyway.</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Atul) Should we skip having the “format” field in the stream configuration right now?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) Or we could go with a fallback model</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) Why would it be hard for the Receiver to not handle different event types. Why does the receiver need to know in advance</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) Implementing all formats may not be that hard</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) They may not have the data to handle this</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Yair) Receiver may have information about the events, but the same user may be identified in multiple ways, the Transmitter may have multiple ways of specifying the same event. How would the Transmitter know</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) The same subject even in the same format may be identified differently. The Transmitter and Receiver must have agreement in advance on how to identify the same user</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) Having the format field doesn’t really solve the agreement problem because of what Phil said right now</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) A common understanding of the subject is a requirement</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Atul) Is this is a good summary: “While it’s desirable to specify the format, there doesn’t seem to be a simple way to do this, so we should skip the format field from the stream configuration right now”?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) If we keep the format field, then we must specify what the Transmitter needs to send an event in an unsupported format</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) When the stream gets setup, the Receiver specifies the format, but the Transmitter specifies the format it supports. The Receiver can agree to the formats then they continue, else the Receiver ends the stream</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Atul) There could be a race condition that multiple events are sent before the Receiver ends the stream</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) We could make this a part of the discovery</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) So should the next implementer’s draft should remove the format field from the configuration?</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Phil) So it would be an out-of-band issue. This could become an interop problem</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Shayne) Any implmentation should support all formats in the SSF spec</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">(Steve) Can we add non-normative text that this is a current issue with the spec.</span></li></ul><h2 class="gmail-part" id="gmail-Action-Items" style="box-sizing:border-box;font-family:inherit;line-height:1.25;color:inherit;margin-top:24px;margin-bottom:16px;padding-bottom:0.3em;border-bottom:1px solid rgb(238,238,238)"><a class="gmail-anchor gmail-hidden-xs" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Action-Items" title="Action-Items" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none;float:left;padding-right:4px;line-height:1"><span class="gmail-octicon gmail-octicon-link" style="box-sizing:border-box;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:1;font-family:octicons;display:inline-block;color:rgb(0,0,0);vertical-align:middle"></span></a><span style="box-sizing:border-box">Action Items</span></h2><ul class="gmail-part" style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;padding-left:2em"><li class="gmail-" style="box-sizing:border-box"><span style="box-sizing:border-box">Phil to review spec and find out if the authorization is decoupled from OAuth - issue preferred, but email is OK</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Discuss SET signing issue in next call, anyone with background information please email the group</span></li><li class="gmail-" style="box-sizing:border-box;padding-top:0.25em"><span style="box-sizing:border-box">Shayne to update PR to remove the “format” field from the stream configuration.</span></li></ul><div dir="ltr" class="gmail-resize-sensor gmail-in-view" style="box-sizing:border-box;overflow:hidden;max-width:100%;margin-bottom:0px"><div class="gmail-resize-sensor-expand" style="box-sizing:border-box;overflow:hidden;max-width:100%"><div style="box-sizing:border-box;width:768px;height:3535px"></div></div><div class="gmail-resize-sensor-shrink" style="box-sizing:border-box;overflow:hidden;max-width:100%"><div style="box-sizing:border-box;width:1516px;height:7050.75px"></div></div></div></div><div id="gmail-ui-toc-affix" class="gmail-ui-affix-toc gmail-ui-toc-dropdown gmail-unselectable gmail-hidden-print gmail-scrollspy-body gmail-affix" style="box-sizing:border-box;margin-top:20px;margin-bottom:20px;padding-left:10px;padding-right:10px;max-width:15vw;width:412.5px;max-height:70vh;overflow:auto;text-align:inherit"><div class="gmail-toc" style="box-sizing:border-box;overflow:auto"><ul class="gmail-nav" style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;padding-left:0px;list-style:none"><li style="box-sizing:border-box;display:block"><a href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#WG-Meeting-2023-08-22" title="WG Meeting: 2023-08-22" style="box-sizing:border-box;background-color:transparent;color:rgb(118,118,118);text-decoration-line:none;overflow:hidden;text-overflow:ellipsis;white-space:pre;display:block;padding:4px 20px;font-size:13px">WG Meeting: 2023-08-22</a><ul class="gmail-nav" style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;padding-left:0px;list-style:none;padding-bottom:10px"><li style="box-sizing:border-box;display:block"><a href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Agenda" title="Agenda" style="box-sizing:border-box;background-color:transparent;color:rgb(118,118,118);text-decoration-line:none;overflow:hidden;text-overflow:ellipsis;white-space:pre;display:block;padding:1px 20px 1px 30px;font-size:12px">Agenda</a></li><li style="box-sizing:border-box;display:block"><a href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Attendees" title="Attendees" style="box-sizing:border-box;background-color:transparent;color:rgb(118,118,118);text-decoration-line:none;overflow:hidden;text-overflow:ellipsis;white-space:pre;display:block;padding:1px 20px 1px 30px;font-size:12px">Attendees</a></li><li style="box-sizing:border-box;display:block"><a href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Notes" title="Notes" style="box-sizing:border-box;background-color:transparent;color:rgb(118,118,118);text-decoration-line:none;overflow:hidden;text-overflow:ellipsis;white-space:pre;display:block;padding:1px 20px 1px 30px;font-size:12px">Notes</a></li><li style="box-sizing:border-box;display:block"><a href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#Action-Items" title="Action Items" style="box-sizing:border-box;background-color:transparent;color:rgb(118,118,118);text-decoration-line:none;overflow:hidden;text-overflow:ellipsis;white-space:pre;display:block;padding:1px 20px 1px 30px;font-size:12px">Action Items</a></li></ul></li></ul></div><div class="gmail-toc-menu" style="box-sizing:border-box"><a class="expand-toggle" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#" style="box-sizing:border-box;background-color:transparent;color:rgb(153,153,153);text-decoration-line:none;display:block;padding:4px 10px;margin-top:10px;margin-left:10px;font-size:12px;overflow:hidden;text-overflow:ellipsis;white-space:pre">Expand all</a><a class="gmail-back-to-top" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#" style="box-sizing:border-box;background-color:transparent;color:rgb(153,153,153);text-decoration-line:none;display:block;padding:4px 10px;margin-top:0px;margin-left:10px;font-size:12px;overflow:hidden;text-overflow:ellipsis;white-space:pre">Back to top</a><a class="gmail-go-to-bottom" href="https://hackmd.io/5ViZLYjBQTKmn3zw-gJM6Q?view#" style="box-sizing:border-box;background-color:transparent;color:rgb(153,153,153);text-decoration-line:none;display:block;padding:4px 10px;margin-top:0px;margin-left:10px;font-size:12px;overflow:hidden;text-overflow:ellipsis;white-space:pre">Go to bottom</a></div></div></div></div><div class="gmail-publish-limiter" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><span style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px;width:auto;padding:0px;white-space:pre">Select a repo</span><div style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"><div class="gmail-grecaptcha-badge" style="box-sizing:border-box;width:256px;height:60px;border-radius:2px;overflow:hidden"><div class="gmail-grecaptcha-logo" style="box-sizing:border-box"></div><div class="gmail-grecaptcha-error" style="box-sizing:border-box"></div></div></div><div class="gmail-ReactModalPortal" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><div class="gmail-ReactModalPortal" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><div class="gmail-ReactModalPortal" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><div class="gmail-ReactModalPortal" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><div class="gmail-ReactModalPortal" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Source Sans Pro",Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.35px"></div><br class="gmail-Apple-interchange-newline"></div></span></div></div></div>