SIG Meeting: 2025-09-03 27th Meeting (72nd from Ex FAPI-SIG)

# SIG Meeting: 2025-09-03 27th Meeting (72nd from Ex FAPI-SIG) [Meeting Slides](https://github.com/keycloak/kc-sig-fapi/blob/main/OAuth-SIG/meetings/27th/presentations/OAuth-SIG_27th_MTG_agenda.pdf) - Date: Wed 3 September 2025 - Time: 11:00 - 12:00 UTC in 1 hour 07:00 - 08:00 EDT (UTC-4) 12:00 - 13:00 BST (UTC+1) 13:00 - 14:00 CEST (UTC+2) 14:00 - 15:00 EEST (UTC+3) 16:30 - 17:30 IST (UTC+5:30) 20:00 - 21:00 JST (UTC+9) 21:00 - 22:00 AEST (UTC+10) ## Agenda Agenda Items to discuss ## Attendees - Takashi Norimatsu - Rodrick Awambeng - Vinod Anandan - Francis Pouatcha - Pascal Knüppel - Arndt Schwenkschuster (SPIRL) - Thomas Darimont - Ingrid Kamga - Forkim Akwichek - Dmitry Telegin - Dominik Sclosser - Kannan Rasappan - Costas Georgilakis ## Notes Notes by Topic ### General - Takashi presents current state of efforts - Next OAuth SIG meeting will be held on Wednesday 1 October 2025. 3 September 2025: - Takashi: I cannot attend the next meeting because I will attend MCP Developers Summit in UK. - Takashi: Keycloak AI SIG started. What both OAuth SIG and AI SIG do might be overlapped (e.g., MCP support). I joined AI SIG, so I will consider arranging that. - Takashi: I renamed the name of #1 item from "Workload Identity - Transaction Token, SPIFEE" to "Workload/Agentic Identity" because this item can also incorporate Agent Identity in AI industry. ## New Support ### 1. Workload/Agentic Identity 3 September 2025: - We include the specification [OAuth Identity and Authorization Chaining Across Domains](https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/). - Several (3?) parties work on the same topic (SPIFEE client authentication). - Dmitry: consentrates on Transaction Identity and OAuth Identity and Authorization Chaining Across Domains. - We will have breakout session for this working item (4PM london time). ### 2. OAuth 2.0 for First-Party Applications (FiPA) 3 September 2025: - Adorsys considers 2nd phase PoC by incorporating comments on the discussion. ### 3. Shared Signals Framework (SSF) 3 September 2025: - Shared Signals Final Specifications Approved - Specs: OpenID Shared Signals Framework, OpenID CAEP, OpenID RISC - see: https://openid.net/three-shared-signals-final-specifications-approved/ - see: https://sgnl.ai/2025/09/sgnl-welcomes-the-publication-of-the-final-shared-signals-and-caep-specifications/ - Added SSF Transmitter support to my PoC - Currently implementing OIDF Conformance tests for SSF Receivers ### 4. OpenID Federation 1.0 (OIDFED) 3 September 2025: - Adopt of OpenID Federation : European Open Science Cloud and eduGAIN global network of academic Identity & Service providers (not that of GRNET mentioned) - Alexander Schwartz mentioned about knowing the general showcase of OpenID Federation for proceeding with PR during 'Keycloak Maintainers & Friends'. Any help with other cases needed it, escecially automatic registration as OP? ### 5. Attestation-Based Client Auth 3 September 2025: ### 6. Model Context Protocol (MCP) 3 September 2025: - Takashi: no progress. Until the PRs are merged, I presented in KeyConf 25 Amsterdam the workaround for keycloak to comply with MCP specification's authorization part (2025-06-18 ver). ## Refinement ### 7. OpenID Verifiable Credentials Issuance (OID4VCI) 3 September 2025: - Focusing on Draft 15 and 16 epic issue. - It seems that Final spec voting in Sep is for Draft 17. ### 8. Token Exchange (External-Internal) 3 September 2025: - Takashi: It seems that there is no progress. ### 9. Demonstrating Proof-of-Possession (DPoP) 3 September 2025: - Takashi: It seems that Keycloak 26.4 (the end of this Sep release expected) support DPoP as officially supported feature. ### 10. Passkeys 3 September 2025: - Takashi: It seems that Keycloak 26.4 (the end of this Sep release expected) support Passkeys as officially supported feature. ### 11. FAPI 2.0 FINAL 3 September 2025: - Takashi: no progress. ## Commuity Events 3 September 2025: - Takashi: KeyConf 25 Amsterdam was successfully completed. Thank you for your help. - Takashi: Hitachi submitted the CfP for holding KeycloakCon Europe 2026 as CNCF-hosted co-located event of KubeCon + CloudNativeCon Europe 2026 Amsterdam (23-26 March, 2026). I have not yet received its response. - Takashi: Hitachi has a plan to hold KeycloakCon Japan 2026 as CNCF-hosted co-located event of KubeCon + CloudNativeCon Japan 2026 Yokohama (29-30 July, 2026). - ## Recordings https://us06web.zoom.us/rec/share/_tt0U4vNb59AQCJfOzEMjfJtJSqnmzhsF8sdNEJ3YZ3rFuDUBMgaf4xe0myYsTdz.qReX3U3B_ndBaLqD Passcode: ==iU+7S7