SIG Breakout Session: 2025-07-30

# SIG Breakout Session: 2025-07-30 - Date: Wed 30 July 2025 - Time: 11:00 - 12:00 UTC in 1 hour 07:00 - 08:00 EDT (UTC-4) 12:00 - 13:00 BST (UTC+1) 13:00 - 14:00 CEST (UTC+2) 14:00 - 15:00 EEST (UTC+3) 16:30 - 17:30 IST (UTC+5:30) 20:00 - 21:00 JST (UTC+9) 21:00 - 22:00 AEST (UTC+10) ## Agenda Agenda Items to discuss ## Attendees - Takashi Norimatsu - Vinod Anandan - Bertrand Ogen - Francis Pouatcha - Rodrick Awambeng - Dmitry Telegin - Assah Bismark - Costas Georilakis - Ingrid Kamga - Forkim Akwichek ## Notes ## New Support ### 1. Workload Identity - Transaction Token, SPIFEE Event: [IETF 123](https://events.oauth.net/2025/07/ietf-123-madrid-ASzyJKU1TnAV) 30 July 2025: IETF 123 Good progress, more updates will be on next week's general session. ### 2. OAuth 2.0 for First-Party Applications (FiPA) Discussion: [#38796](https://github.com/keycloak/keycloak/discussions/38796) 30 July 2025: Ingrid will update new flow details on the discussion - https://github.com/keycloak/keycloak/discussions/38796) ### 3. Shared Signals Framework (SSF) 30 July 2025: No updates ### 4. OpenID Federation 1.0 (OIDFED) Epic Ticket: [#40509](https://github.com/keycloak/keycloak/issues/40509) 30 July 2025: Slack - https://cloud-native.slack.com/archives/C096PUDTC3U Costas will updates draft PR with changes recommended by Thomas ( https://cloud-native.slack.com/archives/C096PUDTC3U/p1753688525169639) ### 5. Client Attestation Specification: [OAuth 2.0 Attestation-Based Client Authentication ](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/) Ticket: [#39287](https://github.com/keycloak/keycloak/issues/39287) 30 July 2025: Adorsys is working on this PR - https://github.com/adorsys/keycloak-oid4vc/pull/56 which will be contributed to upstream later. ### 6. Model Context Protocol (MCP) Specification: [Base Protocol - Authorization](https://modelcontextprotocol.io/specification/draft/basic/authorization) Epic Ticket: [#41521](https://github.com/keycloak/keycloak/issues/41521) Pull request active: [#35711](https://github.com/keycloak/keycloak/pull/35711), [#41440](https://github.com/keycloak/keycloak/pull/41440) 30 July 2025: - Takashi: created the epic ticket. It includes two mandatory sub issues. I sent [the Pull Request #41440](https://github.com/keycloak/keycloak/pull/41440). ## Refinement ### 7. OpenID Verifiable Credentials Issuance (OID4VCI) Last Weeks Pull Requests: [#40751](https://github.com/keycloak/keycloak/pull/40751), [#41001](https://github.com/keycloak/keycloak/pull/41001) Open Pull requests: all related to version 15: https://github.com/keycloak/keycloak/pulls?q=is%3Apr+is%3Aopen+OID4VCI 30 July 2025: Pending PR review Marek. Adorsys will create a seperate EPIC issue for Draft 16 support by August 1st and implementation by end of August aiming for Keycloak 26.4.0 release. Potenail issue with OID4VCI authorization code flow implementaion, we will need to track it via a Github issue (related slack discussion - https://cloud-native.slack.com/archives/C05KR0TL4P8/p1752669762102799 , https://cloud-native.slack.com/archives/C05KR0TL4P8/p1752670003236459 ) Pre-auth code flow issue - https://gitlab.com/openid/conformance-suite/-/issues/1544 ### 8. Token Exchange 30 July 2025: No updates ### 9. Demonstrating Proof-of-Possession (DPoP) - Epic Issue: [#22311](https://github.com/keycloak/keycloak/issues/22311) 30 July 2025: - Takashi: no progress. 11 of 15 issues were resolved. (73%) - Takashi wil follow-up with Marek on the support state (Current implmentation of DPoP as a supported feature in Keycloak) ### 10. Passkeys - Epic Issue: [#23656](https://github.com/keycloak/keycloak/issues/23656) 30 July 2025: - Takashi: 22 of 24 issues were resolved. (+1 resolved, 92%) - https://github.com/keycloak/keycloak/issues/40975 ### 11. FAPI 2.0 FINAL - FAPI 2.0 Security Profile Final was released on this Feburary. - FAPI 2.0 Message Signing Final will be released on this August (not still fixed). 30 July 2025: #### FAPI 2.0 Security Profile Final - Epic Issue: [#38769](https://github.com/keycloak/keycloak/issues/38769) - Takashi: No progress (I have already sent all three PRs to resolve all three issues). 1 of 3 issues were resolved. (33%) #### FAPI 2.0 Message Signing Final - Epic Issue: [#41311](https://github.com/keycloak/keycloak/issues/41311) - Takashi: 1 of 3 issues was resolved by merging the PR I had sent. (+1 resolved, 33%) ### Others ## Recordings https://us06web.zoom.us/rec/share/4UlRfWKfc-Zax1zfbMda8kDzKr3qD0bKWdq-hDpQUFlaq9i96l59sBBPhlK9z2Gg.c0USI_BctR8C6kMW Passcode: z.03Vi&+