1.1.   Attending

1. Nat Sakimura 1. John Bradley 1. Mike Jones 1. Tobias Looker 1. Tom Jones 1. Kristina Yasuda 1. James Manger 1. Edmund Jay

1.2.   Introductions

James Manger (re)introduced himself He's at Telstra Labs in Melbourne, Australia They've been doing OpenID Connect for quite a while He wonders how self-issued identities can be used with fraud prevention

2.1.   DIF (Kristina)

Kristina believes that OIDF should receive a signed liaison agreement from DIF soon Some DIF participants will attend this Pacific-friendly call versus some will attend the Europe-friendly call

For instance, Oliver Terbu and Markus Sabadello attended the previous call

3.1.   IIW

IIW Registration is open October 20-22, 2020 https://internetidentityworkshop.com/

3.2.   OpenID Virtual Workshop

October 28, 2020 at 9am PT/12pm ET/4pm UTC

3.3.   FDX Workshop

Nat is speaking at a workshop on FAPI September 21/22

4.1.   Existing SIOP deployments

Nat said that the RECRUIT company in Japan has a deployment with tens of millions of users

4.2.   Aggregated Claims Draft (Nat)

Sources are now in our bitbucket repository, as well as HTML https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/ Mike will post the working group draft to openid.net/specs/

4.3.   SIOP Laundry List (Tobias)

Tobias created a document with a set of straw polls

https://hackmd.io/j2RD1m5QSZKotXoRfhUQQQ?view

A. Either (1) have sub always be a URI or (2) allow either JWK Thumbprint or URI Mike said that it's not a breaking change if we continue to allow JWK Thumbprints John said that he hates content sniffing Nat and Kristina will talk with people behind the RECRUIT deployment to learn its status James pointed out that if you change the issuer, you can change the sub without it being a breaking change.

John said that we want to still support signing without a dereference Nat said we could use a new URL like https://self-issued.me/v2/ Then we could have the "sub" always be a URI

Tobias said that the parties need to communicate which kinds of URIs they support John said that we're also essentially talking about different response types Tobias said that you may also be asking for aggregated claims John suggested we do RP discovery rather than jam everything into the request

Mike noted that OpenID Connect Federation uses RP discovery Tobias wants RPs to be able to operate without hosting a URL (Nat called time before we got through the straw polls)

4.4.   Adoption of Tom's document (Tom)

Tom would like to have his document adopted by the working group https://github.com/KantaraInitiative/DistributedAssurance/blob/master/OpenID%20Self%20Issued%20Identifier.md

Mike reminded people that to be adopted, the contents of the document needs to be sent to the mailing list Not just a reference Tom plans to do that

4.5.   SIOP Calls (Nat)

Nat asked whether we want to have weekly calls

John asked if he meant both calls or just the Pacific call

Nat was proposing making the Pacific call weekly and leaving a bi-weekly Atlantic call (This was the original call schedule years ago) We would need two weeks' notice

Nat will notify the list

4.6.   Certification

We decommissioned the old certification suite today Now only the new Java-based suite is running See the updated instructions at https://openid.net/certification/instructions/

4.7.   logout_hint Proposal

Issue #1182 - Add logout_hint parameter to RP-Initiated Logout request https://bitbucket.org/openid/connect/issues/1182/add-logout_hint-parameter-to-rp-initiated (We ran out of time before discussing this. Please comment on the issue.)

5.1.   Next Call

The next working group call is Thursday, September 10 at 7 AM Pacific Time