Wiki
Clone wikiconnect / Connect_Meeting_Notes_2023-09-18_Pacific
OpenID AB/Connect WG Meeting Notes (2023-09-18)
- Date & Time: 2023-09-18 23:00 UTC
- Location: https://zoom.us/j/97622169761?pwd=ek5kZUg3QnI1cCt6bTE3QzA3ZVlOQT09
- Self: https://bitbucket.org/openid/connect/wiki/Connect_Meeting_Notes_2023-09-11_Pacific
Agenda
1. Roll Call
Attendees: Mike, Nat, Sunil, Andril, Dima, Tom, Edmund, Naveen CM
2. Events
2.1. OpenID Foundation Workshop
OIDF planning workshop prior to IIW on Oct 9 at Cisco in Mountain View, California. Need to register 1 week before the workshop.
Link: https://openid.net/registration-workshop-october-9-2023/
3. Liaisons
3.1. eKYC&IDA WG
The WG is in the process of separating verified claims section. It is related to OIDC RP metadata discussion. The relevant PR is https://bitbucket.org/openid/ekyc-ida/pull-requests/171. Please read and provide comments.
4. Federation
4.1. PRs
- https://bitbucket.org/openid/connect/pull-requests/607
- Language cleanups. Merged.
- https://bitbucket.org/openid/connect/pull-requests/616
- Adding diagrams. Merged.
- Nat asked if we could use SVG diagrams instead of ASCII.
4.2. Issues
#2059Aligning trust_framework, verifier attestation, other signer/issuer/verifier related attributes- JAdAS support is being requested.
#2062Inconsistency between spec and provided examples- Giusppe's comment seems to be reasonable. Opened.
#2063Consumers may ignore the metadata and policies of Entity Types they are not interested in- Agreed to be MAY ignore. A PR to be created.
5. Errata
5.2. Issues
5.2.1. #2035 - Native clients and dynamic registration
In the case of native applications, the port number is not known until it is run. This makes it impossible to register manually. RFC 8252 makes an exception to the local loopback address for the exact match that the port should be ignored.
The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request.
Clients SHOULD NOT assume that the device supports a particular version of the Internet Protocol. It is RECOMMENDED that clients attempt to bind to the loopback interface using both IPv4 and IPv6 and use whichever is available. (Source) https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
Tom asked how it could be secure. Sunil pointed out that PKCE takes care of the problem.
The call adjourned at 23:52 UTC.
Updated