-
Notifications
You must be signed in to change notification settings - Fork 15
WG_Meeting 2021 12 14
Pre 1.0 Philosophy RISC PR feedback
- Tim Cappalli (Microsoft Identity)
- Atul Tulshibagwale
- Nancy Cam Winget (Cisco)
- Badi Azad (Google)
- Shayne Miel (Cisco)
- Joshua Matz (Cisco)
- Roshni Chandrashekhar (Google)
- Martin Gallo (SecureAuth)
- Stan Bounev (VeriClouds)
Pre 1.0 Philosophy {Tim} The spec never got to 1.0, so putting in a bunch of language about backwards compat, is a bit odd and makes the spec complex
{Badi} That is our concern, because we have so many people using this. How do we do this without breaking customers?
{Tim} Isn't most of this consumed through Firebase or an SDK, so changes would be easy?
{Roshni} Majority of usage comes through Firebase, but there are still many other user
{Shayne} Should we release the old version as 1.0 and make changes in 2.0?
{Nancy} Which pieces of the draft are affected?
{Atul} It is secevent, still in draft
{Tim} We also are planning to make major changes to the subscription management component of SSE to make it more RESTful
{Nancy} Similar things happened with TLS 1.3. Google did draft-23. They reserved a version. Pre-1.0 ones gets IANA consideration, for future proofing, not stomping on version negotiation.
{Atul} Is there any indication in the protocol itself about the version of the draft.
{Nancy} TLS 1.3 header, there is a version negotiation
{Roshni} There was a callout in OIDC
{Tim}
{Atul} In RISC spec, if Tx metadata is available at the previous location (/risc/), the transmitter must use subject_type as the name
{Tim}
{Tim} SSE doesn't currently have a version
{Atul} We had proposed it way back, but it was removed. We could add version to metadata
{Tim} Do drafts in OIDF stay published and dereferencable? If you're normatively matching a version number to a document that doesn't exist, that causes even more confusion
{Tim} We've come full circle to defining legacy behavior in a 1.0 spec. I prefer to get someone from OpenID Foundation folks here to discuss
{Nancy} Agree