Wiki
Clone wikiconnect / Connect_Meeting_Notes_2020-12-14_Pacific
OpenID AB/Connect WG Meeting Notes (2020-12-14)
- Date & Time: 2020-12-14 23:00 UTC
- Location: https://global.gotomeeting.com/join/181372694
Agenda
The meeting was called to order at 23:05 UTC.
1. Roll Call
- Attending:
- Regrets:
- Guest:
3. SIOP
3.1. Scope of Initial SIOP Work (Mike)
Brought about by Contributed SIOP v2 draft
Following were agreed to be non-controversial.
- Ability to have keys by value or reference
- Rotate keys for the same subject
4. RP-initiated Login Features (Mike)
External Organizations ===============================-
5. AOB
The meeting was adjourned at 24:02 UTC
6. Chat Log
Kristina yasuda to Everyone 4. Credential Issuance support - Issuing credentials from OpenID Connect flows. 5. Credential Presentation support - Presenting credentials in OpenID Connect flows.
8:30Me to Everyone It is in https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md
8:53Tim Cappalli (Microsoft) to Everyone +1
8:53Tim Cappalli (Microsoft) to Everyone "SIOP" has become overloaded
8:54Tom Jones to Everyone yeah - if you spell it out it doesn't have that problem
8:56Me to Everyone 1. Enabling portable subject identifiers between providers - Define how to use techniques such as asymmetric cryptography and higher level technologies like Decentralized Identifiers to create subject identifiers that are not intrinsically bound to a particular OP and hence can be ported between providers. 2. Solving for provider discovery and registration - Evaluating solutions to problems like the nascar problem, how does an RP come to have a relationship with an OP or understand its capabilities along with what role the user plays in this selection/discovery process. 3. RP - OP co-location on the same device - Dealing with the unique requirements that are brought about when the OP the RP is communicating with is on the same device (e.g in the form of a PWA or Native App), rather than a traditional Authorization server. 4. Credential Issuance support - Issuing credentials from OpenID Connect flows. 5. Credential Presentation support - Presenting credentials in OpenID Connect flows.
8:56Tobias Looker to Everyone 1. Enabling portable subject identifiers between providers - Define how to use techniques such as asymmetric cryptography and higher level technologies like Decentralized Identifiers to create subject identifiers that are not intrinsically bound to a particular OP and hence can be ported between providers. 2. Solving for provider discovery and registration - Evaluating solutions to problems like the nascar problem, how does an RP come to have a relationship with an OP or understand its capabilities along with what role the user plays in this selection/discovery process. 3. RP - OP co-location on the same device - Dealing with the unique requirements that are brought about when the OP the RP is communicating with is on the same device (e.g in the form of a PWA or Native App), rather than a traditional Authorization server.
8:56Kristina yasuda to Everyone 1. Enabling portable subject identifiers between providers
8:58Tom Jones to Everyone
i said at the last meeting that i did not like #3
8:59Kristina yasuda to Everyone just wanted to make sure: on the previous topic, did we agree that "key rotation needs to be in scope, but how you recover keys is not"?
8:59Anthony Nadalin to Everyone correct
8:59Tom Jones to Everyone
#1 could be combined with recovery where a new key was required
9:00Tom Jones to Everyone key rotation may have some protocol impacts that need to be in-scope
9:00Kristina yasuda to Everyone yes
9:02Tom Jones to Everyone i will crate a use case
Updated