SIG Meeting: 2024-12-04

# SIG Meeting: 2024-12-04 18th Meeting (63rd from Ex FAPI-SIG) [Meeting Slides](https://github.com/keycloak/kc-sig-fapi/blob/main/OAuth-SIG/meetings/18th/presentations/OAuth-SIG_18th_MTG_agenda.pdf) - Date: Wed 4 November 2024 - Time: 12:00 - 13:00 UTC in 1 hour 8:00 - 9:00 EDT (UTC-4) 12:00 - 13:00 GMT (UTC+0) 13:00 - 14:00 CET (UTC+1) 13:00 - 14:00 WAT (UTC+1) 14:00 - 15:00 EET (UTC+2) 17:30 - 18:30 IST (UTC+5:30) 21:00 - 22:00 JST (UTC+9) 22:00 - 23:00 AEST (UTC+10) ## Agenda Agenda Items to discuss - Ongoing 1. OID4VCI 2. DPoP 3. OpenID Federation 1.0 4. SSF - Standing Still 1. Token Exchange 2. Passkeys - Keeping Watch 1. OAuth 2.0 for First-Party Applications 2. Transaction Token 3. OpenID Connect Native SSO for Mobile Apps 1.0 4. OIDC4IDA - Community Event 1. KeyConf 25 ## Attendees - Assah Bismark - Caleb Asah - Costas Georgilakis - Dmitry Telegin - Francis Pouatcha - Kalpana - Kannan Rasappan - Marek Posolda - Ogen Bertrand - Pascal Knüppel - Rodrick Awambeng - Stefan Wiedemann - Takashi Norimatsu - Thomas Darimont - Vinod Anandan ## Notes Notes by Topic ### General - Takashi presents current state of efforts - Next OAuth SIG meeting will be held on Wednesday 8th January 2025. ### KeyConf 25 2 day format (conference + unconf) preferred. Notifying CfP notification early is good for participants to plan a travel. Need to consider Hybrid style of the conference. For reference keycloak-dev-day: - https://keycloak-day.dev/ - Conference in germany - 99€ + 19% VAT for 1 day - 1 day before (contribfest), 1 day after internal Keycloak contributor meeting - 120+ Attendees - Conference sold out quite quickly ### OAuth 2.0 Demonstrating Proof of Possession (DPoP) - DPoP on PAR endpoint was supported (its PR was merged). - Authz code binding with a DPoP Key was supported (its PR was merged). ### Token Exchange Update - Token Exchange feature is currently in revision - Marek presented a new issue breakdown in this epic: https://github.com/keycloak/keycloak/issues/31546 - Use-case document presented by Marek. https://docs.google.com/document/d/1T_4hjf0tapLAC5Hpac8wNiEHcrAmYZDQGpj3JRJ2MBI/edit?tab=t.0 - Marek explains the use-cases from the document. - Marek asks for additional comments / feedback. ### Shared Signals Framework Support - Thomas will present about SSF at next Keycloak Maintainers call - Thomas: SSF can work well with SCIM Events - Thomas: offers to give a brief 30min overview in one of the next meetings if SSF if people are interested ### OAuth 2.0 Setup-Up Authentication - Costas briefly discusses OAuth 2.0 Step Up Authentication Challenge Protocol https://datatracker.ietf.org/doc/rfc9470/ - Currently not supported by Keycloak - Costas asks for adoption ### OpenID Connect for Identity Assurance 1.0 - The specification was finalized. https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html ### SCIM + SSF - https://scim.dev/ ## Recording https://us06web.zoom.us/rec/share/TvtzC_WQDVPvEvyNgpYO7cQDq266YwLi-bqbnv5hHM9kDt8YqiVruHA-8pjcyIrm.oSrzxlPnj2UHwTQE