...
elisabeth.mueller@ericsson.com proposed that TEF proposes some text regarding existing implementations. Jesús Peña García-Oliva takes the AP to propose a disclaimer text in PR #121
Discussion on "openid" missing in scope
TEF agrees that the openid scope is listed as required in the standard, but it does not specify a behavior in case it is not sent. In CAMARA profile, a behavior is being established (returning invalid_request) that TEF believes it could impact on implementations where OAuth2 and OIDC solutions coexist.
Discussion on issue "Clarify role and usage of id token #136"
elisabeth.mueller@ericsson.com
Jesús Peña García-Oliva refers to his comment in this issue as TEF position on the matter.
Discussion on issue "Clarification needed for login_hint, login_hint_token and id_token_hint #133"
Jesús Peña García-Oliva commented on the issue: So the current PR content is already fine. We may be able to close this issue then.
Jesús clarifies that TEF is happy to close the issue as long as the WG agrees to document only the login_hint option in PR #121 context, which is what there was consensus for. And as long as the existing text in the OIDC profile is clear and consistent.
After discussing it, it is proposed to rephrase the text in PR #121 to make it clearer. Jesús Peña García-Oliva takes the AP to do it.
Discussion on "Proposal to define a strict value for aud claim in the private_key_jwt #127"
...
Propose to only allow a single value for aud claim and the aud claim value has to be the endpoint of the API invocation.
TEF propose to be is aligned with CIBA and FAPI standards as commented in the issue.
Discussion on "Camara OIDC profile #121"
...