SIG Breakout Session: 2025-08-13

# SIG Breakout Session: 2025-08-13 - Date: Wed 13 August 2025 - Time: 11:00 - 12:00 UTC in 1 hour 07:00 - 08:00 EDT (UTC-4) 12:00 - 13:00 BST (UTC+1) 13:00 - 14:00 CEST (UTC+2) 14:00 - 15:00 EEST (UTC+3) 16:30 - 17:30 IST (UTC+5:30) 20:00 - 21:00 JST (UTC+9) 21:00 - 22:00 AEST (UTC+10) ## Agenda Agenda Items to discuss ## Attendees - Vinod Anandan - Francis Pouatcha - Bertrand Ogen - Forkim Akwichek ## Notes ## New Support ### 1. Workload Identity - Transaction Token, SPIFEE 13 August 2025(Dmitry): Automatic client registration (on first use) is working as expected (PoC) - Needs authomatic client cleanup Client Authentication with SPIFFE - Agentic Identity (new contributor) Transaction Token We might have a special session for these topic on a selected Wednesday at 4PM GMT (8AM Arizona, Midnight in Japan). The keycloak team is verry interrested in this contribution. ### 2. OAuth 2.0 for First-Party Applications (FiPA) Discussion: [#38796](https://github.com/keycloak/keycloak/discussions/38796) ### 3. Shared Signals Framework (SSF) 13 August 2025 : No updates ### 4. OpenID Federation 1.0 (OIDFED) 13 August 2025 : No updates Epic Ticket: [#40509](https://github.com/keycloak/keycloak/issues/40509) Slack - https://cloud-native.slack.com/archives/C096PUDTC3U ### 5. Client Attestation 13 August 2025 : Specification: [OAuth 2.0 Attestation-Based Client Authentication ](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/) Ticket: [#39287](https://github.com/keycloak/keycloak/issues/39287) Discussion: https://github.com/keycloak/keycloak/discussions/40413 PoC : https://github.com/thomasdarimont/keycloak/tree/poc/client-attestation ### 6. Model Context Protocol (MCP) Specification: [Base Protocol - Authorization](https://modelcontextprotocol.io/specification/draft/basic/authorization) Latest issue by Dick Hardt https://github.com/modelcontextprotocol/modelcontextprotocol/issues/1299 Epic Ticket: [#41521](https://github.com/keycloak/keycloak/issues/41521) Pull request active: [#35711](https://github.com/keycloak/keycloak/pull/35711), [#41440](https://github.com/keycloak/keycloak/pull/41440) 13 August 2025: - Takashi: no progress. ## Refinement ### 7. OpenID Verifiable Credentials Issuance (OID4VCI) Last Weeks Pull Requests: [#40751](https://github.com/keycloak/keycloak/pull/40751) LAst Weeks Merged Pull Requests: [#41001](https://github.com/keycloak/keycloak/pull/41001) Open Pull requests: all related to version 15: https://github.com/keycloak/keycloak/pulls?q=is%3Apr+is%3Aopen+OID4VCI Potentials issue with OID4VCI authorization code flow implementaion, we will need to track it via a Github issue (related slack discussion - https://cloud-native.slack.com/archives/C05KR0TL4P8/p1752669762102799 , https://cloud-native.slack.com/archives/C05KR0TL4P8/p1752670003236459 ) Pre-auth code flow issue - https://gitlab.com/openid/conformance-suite/-/issues/1544 ### 8. Token Exchange 13 August 2025: No updates ### 9. Demonstrating Proof-of-Possession (DPoP) 13 August 2025: No updates Vinod will followup with Marek on promotion status - Epic Issue: [#22311](https://github.com/keycloak/keycloak/issues/22311) 30 July 2025: - Takashi: no progress. 11 of 15 issues were resolved. (73%) ### 10. Passkeys 13 August 2025: No updates - Epic Issue: [#23656](https://github.com/keycloak/keycloak/issues/23656) 30 July 2025: - Takashi: 22 of 24 issues were resolved. (no progress, 92%) ### 11. FAPI 2.0 FINAL PR need review and help with approvals: https://github.com/keycloak/keycloak/pull/41341 - FAPI 2.0 Security Profile Final was released on this Feburary. - FAPI 2.0 Message Signing Final will be released on 19 August (not still fixed). #### FAPI 2.0 Security Profile Final - Epic Issue: [#38769](https://github.com/keycloak/keycloak/issues/38769) - Takashi: No progress (I have already sent all three PRs to resolve all three issues). 3 of 4 issues were resolved. (+1 created, +2 resolved, 75%) #### FAPI 2.0 Message Signing Final - Epic Issue: [#41311](https://github.com/keycloak/keycloak/issues/41311) - Takashi: 1 of 3 issues was resolved by merging the PR I had sent. (+1 resolved, 33%) ### Others ## Recordings https://us06web.zoom.us/rec/share/fBYU_WlzBtAhNt2Hf3oI-6-4-r3ZLnf2Am6aqBlA9qB3FGYlMP0Pr6mGTPq04Kb3.LNSA-6e2fDcbjV50 Passcode: GT8fmh3%