Community Attendees:
LF Staff:
Agenda
Antitrust Policy
Merged PRs
ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
Completing the Spring25 scope items should now be our highest priority. The WG is running out of time to meet the Release Management milestones and schedule:
Clarity on the use of login_hint #191 (No associated PR)
New sections with error scenarios #211
-> Add response codes for error scenarios #220
Add examples full CIBA flow for CIBA in CAMARA-ICM-examples.md #236
-> Update CAMARA-ICM-examples.md with CIBA examples #237
Spring25: Proposal to RECOMMEND the use of Signed Request Object for the /authorize endpoint to prevent abuse #205
-> recommend auth code flow using signed requests #226
Proposal for CAMARA mandated minimum acceptable JWT token lifetime #208
Question on Purpose definition, W3C Data Privacy Vocabulary (DPV) #222
Allow to use operator token for device authentication in OpenID Auth code flow #232
-> Add a section on operator token usage in authorization code flow #238
Minutes
We agreed to go over the issues and PR mentioned in #193.
Clarity on the use of login_hint
https://github.com/camaraproject/IdentityAndConsentManagement/issues/191
https://github.com/camaraproject/IdentityAndConsentManagement/pull/242
There were discussions about the WG consensus agreed upon in the last ICM meeting in December and whether this PR captures that consensus. We agreed on a new text and WG members were asked to review the PR again.
Eric Murray noted that past approvals of the PR were not automatically voided when the PR was updated and asked whether that is a misconfiguration of the repository. It seems reasonable that approvals should become void when a PR is changed.
recommend auth code flow using signed requests
https://github.com/camaraproject/IdentityAndConsentManagement/pull/226
Next Meeting
The next working group call is tentatively scheduled for January 29, 2025, as the upcoming holiday season will delay regular meetings.