Community Attendees:
LF Staff:
Agenda
Antitrust Policy
Merged PRs
ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
Completing the Spring25 scope items should now be our highest priority. The WG is running out of time to meet the Release Management milestones and schedule:
Clarity on the use of login_hint #191 (No associated PR)
New sections with error scenarios #211
-> Add response codes for error scenarios #220
Add examples full CIBA flow for CIBA in CAMARA-ICM-examples.md #236
-> Update CAMARA-ICM-examples.md with CIBA examples #237
Spring25: Proposal to RECOMMEND the use of Signed Request Object for the /authorize endpoint to prevent abuse #205
-> recommend auth code flow using signed requests #226
Proposal for CAMARA mandated minimum acceptable JWT token lifetime #208
Question on Purpose definition, W3C Data Privacy Vocabulary (DPV) #222
Allow to use operator token for device authentication in OpenID Auth code flow #232
-> Add a section on operator token usage in authorization code flow #238
Minutes
We agreed to go over the issues and PR mentioned in #193.
Clarity on the use of login_hint
https://github.com/camaraproject/IdentityAndConsentManagement/issues/191
https://github.com/camaraproject/IdentityAndConsentManagement/pull/242
There were discussions about the WG consensus agreed upon in the last ICM meeting in December and whether this PR captures that consensus. We agreed on a new text and WG members were asked to review the PR again.
recommend auth code flow using signed requests
https://github.com/camaraproject/IdentityAndConsentManagement/pull/226
Next Meeting
The next working group call is tentatively scheduled for January 29, 2025, as the upcoming holiday season will delay regular meetings.