Skip to content

WG_Meeting 2021 12 14

Atul Tulshibagwale edited this page Mar 9, 2022 · 1 revision

Agenda

Pre 1.0 Philosophy RISC PR feedback

Attendees

  • Tim Cappalli (Microsoft Identity)
  • Atul Tulshibagwale
  • Nancy Cam Winget (Cisco)
  • Badi Azad (Google)
  • Shayne Miel (Cisco)
  • Joshua Matz (Cisco)
  • Roshni Chandrashekhar (Google)
  • Martin Gallo (SecureAuth)
  • Stan Bounev (VeriClouds)

Notes

Pre 1.0 Philosophy {Tim} The spec never got to 1.0, so putting in a bunch of language about backwards compat, is a bit odd and makes the spec complex

{Badi} That is our concern, because we have so many people using this. How do we do this without breaking customers?

{Tim} Isn't most of this consumed through Firebase or an SDK, so changes would be easy?

{Roshni} Majority of usage comes through Firebase, but there are still many other user

{Shayne} Should we release the old version as 1.0 and make changes in 2.0?

{Nancy} Which pieces of the draft are affected?

{Atul} It is secevent, still in draft

{Tim} We also are planning to make major changes to the subscription management component of SSE to make it more RESTful

{Nancy} Similar things happened with TLS 1.3. Google did draft-23. They reserved a version. Pre-1.0 ones gets IANA consideration, for future proofing, not stomping on version negotiation.

{Atul} Is there any indication in the protocol itself about the version of the draft.

{Nancy} TLS 1.3 header, there is a version negotiation

{Roshni} There was a callout in OIDC

{Tim}

{Atul} In RISC spec, if Tx metadata is available at the previous location (/risc/), the transmitter must use subject_type as the name

{Tim}

{Tim} SSE doesn't currently have a version

{Atul} We had proposed it way back, but it was removed. We could add version to metadata

{Tim} Do drafts in OIDF stay published and dereferencable? If you're normatively matching a version number to a document that doesn't exist, that causes even more confusion

{Tim} We've come full circle to defining legacy behavior in a 1.0 spec. I prefer to get someone from OpenID Foundation folks here to discuss

{Nancy} Agree