2024-08-28 ICM Minutes
Community Attendees:
@Jesús Peña García-Oliva @Axel Nennker @diego.gonzalezmartinez @Pierre Close @Eric Murray @Rafal Artych @Toyeeb Rehman @Jan Friman @Elisabeth Mueller @Ravi Shekhar @Chris Howell @Ola Ajibola @Pierre Close @Ravi Shekhar
Community Attendees:
Pedro Ballesteros, Samy Bouchlaghem, Nabil El Fadel
LF Staff:
Agenda
Antitrust Policy
Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189
W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195
Proposal to Mandate Use of Signed Authentication Requests for CIBA #194
ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
After the r0.2.0 public release, should we close this issue? Or should we keep it open until the meta-release is complete everywhere?
Your topic here
Minutes
Topics
Review the APIs which are targeting "stable" maturity in the Fall24 meta-release #189
The WG discussed the reviews conducted on APIs that are stable and intended for the next release.
It is confirmed that the necessary reviews have been completed and should be sufficient to meet Release Management/TSC requirements. We think all reviews are done as requested.
The WG agreed to await feedback from Release Management and Tanya’s input before closing this topic.
Added a comment asking Release Management whether ICM can close this.
W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken #195
Some broken links to the W3C Data Privacy Vocabulary have been identified, and a pull request has been created to fix them. Fix W3C DPV broken links in ICM doc #196
The question is whether the change should go in the Fall24 meta-release or not. The WG discussed whether to merge the correction into the main branch and potentially update the r0.2.0 public release.
@Axel Nennker suggested consulting with @Herbert Damker and Release Management before finalizing the decision.
Added a comment/question, again, to Release Management on their opinion.
Proposal to Mandate Use of Signed Authentication Requests for CIBA #194
@Jesús Peña García-Oliva Jesus Peña explains the points he raised in the issue comments.
@Eric Murrayproposed making signed requests mandatory. Since he understands that this removes one more option from all the options that API vendors still need to support.
@Axel Nennker states that telcos MUST support signed CIBA requests. @Chris Howell points out that this is not correct.
And, it turns out that Axel's recollection is not correct. Please see https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#registration
backchannel_authentication_request_signing_alg_values_supported
: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for signed authentication requests, which are described in Section 7.1.1. If omitted, signed authentication requests are not supported by the OP.
So, we have to clarify #194 in the CAMARA profile. It is no good, if some authorization servers reject signed requests while others, maybe, mandate requests being signed.
@Elisabeth Mueller is strongly against a MUST for clients. Instead CAMARA should RECOMMEND signed requests. But Elisabeth comment, was before we learned that Axel was wrong.
The WG agreed to continue the discussion offline, with a focus on gathering more information and feedback. Please comment in the issue.
Clarity on the use of login_hint #191
@Axel Nennker explained the issue and verbally repeated his comments. Axel added a comment asking @Shilpa Padgaonkar whether this issue can be closed.
ICM 0.3.0 - preparing the scope for meta-release Spring25 #193
@Jesús Peña García-Oliva presented the issue. ICM is going to collect issues and PRs for Spring25 here.
@Jesús Peña García-Oliva wonders if we should close this issue after the r0.2.0 public release? Or should we keep it open until the meta-release is complete everywhere? Even now, considering the fix needed to fix #195.
@Axel Nennker asked the group for their opinion.
The WG decides to close the issue. Activities for next release will be tracked in #193
No further issues were added to the agenda. @Axel Nennker asked participants to review our issue list and comment on issue they want to work on.
@Jesús Peña García-Oliva suggested issues he thinks are candidates for being closed. We are taking this offline.
@Axel Nennker thanked everybody for their contributions.
Next meeting 2040-09-04