...
Attendees (Please add or remove yourself)
| Companies | Attendees |
|---|---|
| Deutsche Telekom AG | Herbert Damker, Axel Nennker, Shilpa Padgaonkar |
| Ericsson | Elisabeth Mueller, Jan Friman |
| Gapask | Rajesh Murthy |
| GSMA | Mark Cornall, Toyeeb Rehman, Tom van Pelt |
| KDDI | Tetsuya Chiba |
| KPN | Huub Appelboom |
| Nokia | Tanja De Groot, Gaurav Agarwal |
| OIDF | Bjorn Hjelm (OIDF), Joseph Heenan |
| Shabodi | Kevin Howe-Patterson |
| Simptel | Izahir Clemencia |
| Singtel | Foo Ming Hui |
| Spry Fox Networks | Ramesh Shanmugasundaram, Parichaya Shrivastava |
| T-Mobile PL | Dawid Wroblewski, Artych, Rafał |
| T-Mobile US | Karabulut, Murat |
| Telefónica | Jesús Peña García-Oliva, Diego Gonzalez Martínez, Guido García, Juan Fabio García, Pedro Ballesteros, David Vallejo, Juan Antonio Hernando, Diego Yonadi |
| Vodafone | Sönke Peters, Sachin Kumar |
| Vodacom | Surajj Jaggernath |
...
Axel said that we are having good discussions and comments on #121. There is good progress. Some topics should be tackled in their own issues referencing #121. Our work should concentrat concentrate on one profile and TEF agreed that the most support seems to be for the DT proposal. Guido García agreed to concentrate our efforts on one PR and suggested to close #113 but Axel suggested to maybe put it in Draft-mode.
Guido Garcia's proposed focusing now on a v0.2.0 profile version including existing agreements and required clarifications on top of them. And complete this in PR #121 using DT's PR as a reference. TEF PR could be closed (or put in draft for the record). And then non previously discussed topics (like us DPoP, etc...) or mid-term solutions pending to be agreed (basically the purpose one) to be discussed in dedicated issues and considered for a next OIDC profile version (v0.3.0). TEF said that discussions like the purpose one can take a long time (like it happens in the past for for v0.1.0 agreement) and it does not make sense to block current PR until all these discussions are finished.
The group agreed that topics in #121 that lead to longer discussion should be discussed in their own issue. Axel mentioned that Shilpa Former user (Deleted) already created some issues. TEF mentioned the new ideas regarding login_hint and aud clarifications as potential new issues. New topic should move to new issues. TEF: purpose is a non-trivial issue. Also: pairwise identifiers and new ideas on login_hint Move forward with the DT profile. Merge into a 0.2 version, and tackle open issues in the 0.3 version.
TEF proposed to use the label 0.2 on issues that we seem likely to make it into the 0.2 version of the profile. TEF said that that purpose, offline access and pairwise identifiers should be removed from #121 to make it easier to agree on the profile and close the PR. The Then tackle these open issues in the next version. Shilpa Shilpa said that she wants a DT internal discussion first. Axel said that he thinks that offline access can make it into the current version because Jesús seems to be OK with the proposed text when authorization code flow is concerned and "only" CIBA-related text for offline access is missing.Proposal from TEF create a 0.3 version of the profile and work on integrating 0.3 issues into that. No reaction to that proposal. (Axel thought that this might lead to merge conflicts if we do this too soon, but discussion moved on to other topics)
Conclusion: move long discussions into their own issues, mark those issues with 0.2 if they go in this version, mark them as 0.3 if they go into the next version. DT internal discussion on removing the purpose, offline access and pairwise identifiers.
...
Discussion about offline-access and Refresh Token PR
Axel provided text for Offline-access for authorization code flow that Jesús said matches the GSMA text, but the CIBA related text for offline-access is TBD. On the one hand, Jesús Peña García-Oliva said that he supports (and Telefónica) that the final text we end up agreeing on regarding offline access definitely needs to be included in the CAMARA OIDC profile. But specifically regarding the refresh_token/offline_access flows included in CAMARA-API-access-and-user-consent.md in that PR, the working group should make a decision if we want to merge them eventually or if the PR should be closed considering only the offline access section of the profile. The original request was to move the information from GSMA to CAMARA.
On the other hand, regarding the proposed offline access text for the OIDC profile in the PR, Jesús Peña García-Oliva said that he is fine with this text, except for the rules copied from the OIDC standard. In the case of CAMARA, authorization code is not the only flow to support. For example, offline_access must also be allowed for the CIBA flow. And he also mentioned that there was no requirement on the prompt value or application type to use the offline_access scope to request a refresh token to cover Opengateway off-net scenarios to access CAMARA service APIs.
Then Axel Nennker clarified that the proposed text was only for Auth code flow, which Jesús Peña García-Oliva hadn't noticed before.
Axel asked for some days to provide CIBA-related text.
...