SIG Meeting: 2025-10-08 28th Meeting (73rd from Ex FAPI-SIG)

# SIG Meeting: 2025-10-08 28th Meeting (73rd from Ex FAPI-SIG) [Meeting Slides](https://github.com/keycloak/keycloak-oauth-sig/blob/main/OAuth-SIG/meetings/28th/presentations/OAuth-SIG_28th_MTG_agenda.pdf) - Date: Wed 8 October 2025 - Time: 11:00 - 12:00 UTC in 1 hour 07:00 - 08:00 EDT (UTC-4) 12:00 - 13:00 BST (UTC+1) 13:00 - 14:00 CEST (UTC+2) 14:00 - 15:00 EEST (UTC+3) 16:30 - 17:30 IST (UTC+5:30) 20:00 - 21:00 JST (UTC+9) 21:00 - 22:00 AEST (UTC+10) ## Agenda Agenda Items to discuss ## Attendees - Takashi Norimatsu - Francis Pouatcha - Rodrick Awambeng - Bertrand Ogen - Vinod Anandan - Costas Georgilakis - Dmitry Telegin - Forkim Akwichek - Ingrid Kamga - Pascal Knüppel ## Notes Notes by Topic ### General 8 October 2025: - Takashi presents current state of efforts - Next OAuth SIG meeting will be held on Wednesday 5 November 2025. - Thomas: Big Fix for signed JWT: https://github.com/keycloak/keycloak/pull/43281 (merged) ## New Support ### 1. Workload/Agentic Identity 8 October 2025: preview with Keycloak 26.4 - Dmtry: In 2 Week could present more detail on SPIFFE protocol - We could have a breakout session together with Arndt. ### 2. OAuth 2.0 for First-Party Applications (FiPA) 8 October 2025: - Ingrid: on Pause, - Francis: foccus toward OID4VCI ### 3. Shared Signals Framework (SSF) 8 October 2025: - Thomas: Stian, Pedro and I will meet Thursday next week to discuss an incremental (minimal) adoption of SSF in Keycloak. ### 4. OpenID Federation 1.0 (OIDFED) 8 October 2025: - Costas: Work allmost done. Want to support automatic registration. - Bucci: has finish work on different way to do the automatic registration. - Some changes might affect SPIFFE. But is is different. - Reference to https://github.com/keycloak/keycloak/discussions/42197, sort of general trust relationship for keycloak ### 5. Attestation-Based Client Auth 8 October 2025: - Thomas: no progress. ### 6. Model Context Protocol (MCP) 8 October 2025: - Thomas: Regarding RFC 8707 Resource Indicator, Stian commented on the PoC PR and had some suggestions on how to break this down and implement this step by step: https://github.com/keycloak/keycloak/pull/35711#issuecomment-3365533871 - Takashi: see agenda of this session. ## Refinement ### 7. OpenID Verifiable Credentials Issuance (OID4VCI) 8 October 2025: - Ingrid: version 15, 16 done. - Blocker waiting for the conformance test to be ready. - We shall work toward having it promoted to Preview in 26.5 (January 2026): - Promotion Ticket https://github.com/keycloak/keycloak/issues/42889 - Address subissues and have IBM Team close the tickets if done. - Please for Review from the SIG Team: - https://github.com/keycloak/keycloak/issues/43214 - https://github.com/keycloak/keycloak/pull/43182 - Failing on the main branch too: https://github.com/keycloak/keycloak/pull/42858 ### 8. Token Exchange 8 October 2025: - Takashi: It seems that there is no progress. ### 9. Other #### FAPI Test Faiing - https://github.com/keycloak/keycloak/issues/43269 - Vinod: How do we avoid regretion test failure inside releases. We shall find a way to prevent or reduce such situations in the feature. - Francis: we could add conformance test tickets to release tickets assign them to conformance test. - Vinod: Automation would be preferable... - Takashi: would be nice if can have IBM core team learn how to run the conformance tests. Takashi will approach keycloak maintenance team with the topic. ## Recordings https://us06web.zoom.us/rec/share/dsdwBheetmPiZI4oB33-XWuOWoonw0C5i3uUeDm9Z3lWRO2IXhFia8HziK4UNeGC.l6qACTMloECS0M6L