Agenda

Antitrust Policy

• Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189

• W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195

  • Fixed by Fix W3C DPV broken links in ICM doc #196

• Proposal to Mandate Use of Signed Authentication Requests for CIBA #194

• Clarity on the use of login_hint #191
• ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
• Create ICM Release Plan #146
  • After the r0.2.0 public release, should we close this issue? Or should we keep it open until the meta-release is complete everywhere?
• Your topic here

Minutes

Topic 1

Topics 

Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189

• The WG discussed the reviews conducted on APIs that are stable and intended for the next release.
• It is confirmed that the necessary reviews have been completed and should be sufficient to meet Release Management/TSC requirements. We think all reviews are done as requested.
• The WG agreed to await feedback from Release Management and Tanya’s input before closing this topic.
• Added a comment asking Release Management whether ICM can close this.

W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195

• Some broken links to the W3C Data Privacy Vocabulary have been identified, and a pull request has been created to fix them. Fix W3C DPV broken links in ICM doc #196
• The question is whether the change should go in the Fall24 meta-release or not. The WG discussed whether to merge the correction into the main branch and potentially update the r0.2.0 public release.
• Axel Nennker suggested consulting with Herbert Damker and Release Management before finalizing the decision.
• Added a comment/question, again, to Release Management on their opinion.

Proposal to Mandate Use of Signed Authentication Requests for CIBA #194

• Jesús Peña García-Oliva Jesus Peña explains the points he raised in the issue comments.
• Eric Murrayproposed making signed requests mandatory. Since he understands that this removes one more option from all the options that API vendors still need to support.
• Axel Nennker states that telcos MUST support signed CIBA requests. Chris Howell points out that this is not correct.

And, it turns out that Axel's recollection is not correct. Please see https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#registration

backchannel_authentication_request_signing_alg_values_supported: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for signed authentication requests, which are described in Section 7.1.1. If omitted, signed authentication requests are not supported by the OP.

So, we have to clarify #194 in the CAMARA profile. It is no good, if some authorization servers reject signed requests while others, maybe, mandate requests being signed.

• elisabeth.mueller@ericsson.com is strongly against a MUST for clients. Instead CAMARA should RECOMMEND signed requests. But Elisabeth comment, was before we learned that Axel was wrong.
• The WG agreed to continue the discussion offline, with a focus on gathering more information and feedback. Please comment in the issue.

Clarity on the use of login_hint #191

• Axel Nennker explained the issue and verbally repeated his comments. Axel added a comment asking Shilpa Padgaonkar whether this issue can be closed.

ICM 0.3.0 - preparing the scope for meta-release Spring25 #193

• Jesús Peña García-Oliva presented the issue. ICM is going to collect issues and PRs for Spring25 here.

Create ICM Release Plan #146

• Jesús Peña García-Oliva wonders if we should close this issue after the r0.2.0 public release? Or should we keep it open until the meta-release is complete everywhere? Even now, considering the fix needed to fix #195.
• Axel Nennker asked the group for their opinion. 
• The WG decides to close the issue. Activities for next release will be tracked in #193

No further issues were added to the agenda. Axel Nennker asked participants to review our issue list and comment on issue they want to work on.

Jesús Peña García-Oliva suggested issues he thinks are candidates for being closed. We are taking this offline.

Axel Nennker thanked everybody for their contributions.

Next meeting 2040-09-04