Community Attendees:
Jesús Peña García-Oliva Axel Nennker diego.gonzalezmartinez Pierre Close Eric Murray Rafal Artych Toyeeb Rehman Nabil El Fadel
Community Attendees:
Jan Friman elisabeth.mueller@ericsson.com Ravi Shekhar Chris Howell Ola Ajibola Pierre Close Ravi Shekhar
Community Attendees:
Pedro Ballesteros, Samy Bouchlaghem, Nabil El Fadel
LF Staff:
Agenda
Antitrust Policy
Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189
- W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195
Proposal to Mandate Use of Signed Authentication Requests for CIBA #194
- Clarity on the use of login_hint #191
- ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
- Create ICM Release Plan #146
- After the r0.2.0 public release, should we close this issue? Or should we keep it open until the meta-release is complete everywhere?
- Your topic here
Minutes
Topic 1Topics
- Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189
Added a comment asking Releasemanagement whether ICM can close this.
We think all reviews are done as requested - W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195
We fix the links. Question is whether the change should go in the Fall-Release or not.
Added a comment/question, again, to Releasemanagement on their opinion. - Proposal to Mandate Use of Signed Authentication Requests for CIBA #194
Axel Nennker states that telcos MUST support signed CIBA requests. Somebody points out that this is not correct.
And Axel's recollection is not correct. Please see https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#registration- backchannel_authentication_request_signing_alg_values_supported: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for signed authentication requests, which are described in Section 7.1.1. If omitted, signed authentication requests are not supported by the OP.
So, if we have to clarify this in the Camara profile. If some authorization servers reject signed requests while others, maybe, mandate requests being signed.
- backchannel_authentication_request_signing_alg_values_supported: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for signed authentication requests, which are described in Section 7.1.1. If omitted, signed authentication requests are not supported by the OP.
elisabeth.mueller@ericsson.com is strongly against a MUST for clients. Instead Camara should RECOMMEND signed requests.
- Comments
Next meeting 2040-09-04