3.1.   OpenID Summit Tokyo 2024 (Nat)

https://www.openid.or.jp/summit/2024/en/

Friday, January 19, 2024, 10:00 - 18:00

Over 300 people attended with standing room only. Generally speaking, it was well received. For FAPI related topics, there was a speech by Nubank representative.

3.2.   OAuth Security Workshop 2024 (Daniel)

Submissions are open.

Deadline: 11th February for early submissions.

https://oauth.secworkshop.events/osw2024

Next deadline is March 10 for submissions

3.3.   EIC (Joseph)

The call for presentation closes on Jan 31.

4.1.   Brazil (Joseph)

Certification rolling in.

4.2.   Canada (Joseph)

An inquiry came in.

5.1.   PR 455 Renumber attackers, fix editorial stuff

• PR #455
• Added the mapping table of attacker numbers in security analysis to new attacker numbers
• Merged

5.2.   PR 454 add text around enforcement of one-time use of require_uri

• PR #454
• Removed text regarding anti-virus software
• Changed enforcement of one-time use to at the point of authentication
• George approved the suggested language.
• Joseph asked if this was enough to generate a warning in the certification.
• No pushback.

5.3.   PR 457 Various editorial fixes

• PR #457
• Accepted

5.4.   PR 458 attempt to clarify and improve mtls-everywhere interoperability

• PR #458
• Filip expects more feedback from ecosystems as this is a significant change.
• Language similar to current version but Conformance suite does not have tests yet so uncertainty remains on how new language will affect ecosystems
• Avoids problem by having clients sidestep the problem
• Filip created an issue for the Conformance suite
• Not aware of any ecosystems relying on current behavior
• Doesn’t affect UK, Need to check with Brazil (Ralph) and AU (Dima)

5.5.   PR 459 Fixes #645 - Author name of Normative reference ISODIR2 is wrong

• PR #459
• Accepted

5.6.   PR 460 Fixes #643 - Subclause 5.3 has a hanging paragraph

• PR #460
• Some subclauses with be renumbered
• ISO does not allow hanging paragraphs
• Accepted

5.7.   PR 461 Fixes #648 - The first paragraph of the Normative reference shall be as provided in ISODIR2

• PR #461
• Replaced with standard ISO text
• Accepted

5.8.   PR 462 Fixes #649 - ISO29100 and ISO29134 is not in the reference

• PR #462
• Accepted

5.9.   PR 463 Fixes #653 - Update abbreviated terms

• PR #463
• Some of the abbreviations like "AS" has been removed from the main text so it should also be removed from the abbreviations.
• Similarly, we should avoid "OP", “RS”.
• New issue will be created for removing those abbreviations

5.10.   PR 464 Issue 661 add GM ref

• PR #464
• Accepted

5.11.   PR 465 Addresses #647 - Following documents are not normatively required

• PR #465
• Accepted
• Need merge with other Daniel’s PR changing RAR to RFC

5.12.   PR 466 Addresses #672 - inconsistent capitalization

• PR #466
• We need to check "client" is always used in the sense of OAuth client and if that is the case, add it to the terms and definition.
• ISO only allows capitalization at the start of sentences and proper names.
• Capitalization of keywords does not translate well to languages without capitalization (e.g. Japanese)

5.13.   PR 467 fixes #636 - remove unnecessary normative references

• PR #467
• Accepted

6.1.   Issue 673 - Additional author(s) for FAPI2

• #673
• Callers agreed to add Joseph to the list of authors in FAPI2.