SIG Breakout Session: 2025-02-26 - Date: Wed 26 February 2025 - Time: 12:00 - 13:00 UTC in 1 hour ## Agenda Agenda Items to discuss https://hackmd.io/@keycloak-oauth-sig ## Attendees - Francis Pouatcha - Ingrid Kamga - Rodrick Awambeng - Assah Bismark - Motouom Victoire ## Notes Notes by Topic ### General ### OID4VCI (10 minutes) Main Ticket: https://github.com/keycloak/keycloak/issues/32961 - Open: - https://github.com/keycloak/keycloak/issues/32967 - waiting for Thomas' feedback - https://github.com/keycloak/keycloak/issues/32957 - Done. being tested on the SSI sample project and one finished, sample PR will be submitted. Sample Deployments: - Open: https://github.com/adorsys/keycloak-ssi-deployment - Depends on: https://github.com/keycloak/keycloak/issues/32957 Document Versions of Spec supported by Keycloak-Version - OID4VCI - draft 14 - SD-JWT - draft 13 - SD-JWT VC - draft 04 - OpenID4VP - draft 20 - [Token Status List](https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/)? - no planed support for the moment: OCSP & CRL ### OAuth First Party Application (5 minutes) - FIPA: https://github.com/keycloak/keycloak/discussions/25014 - API Based Auth: https://github.com/keycloak/keycloak/discussions/36924 - Analysis completed by Ingrid, being actually implemented. - Status: still working on the demo. ### DPoP (5 minutes) Main ticket: https://github.com/keycloak/keycloak/issues/22311 Need urgent consideration: - https://github.com/keycloak/keycloak/issues/36475 - https://github.com/keycloak/keycloak/issues/36476 Maybe common look at this at KC-DevDay (Takashi, Thomas) or OAtuh Security Workshop (Dmitry, Takashi, Thomas) ### [SSF](https://sharedsignals.guide/) Presented last Breakout by Thomas - Test: https://scim.dev/ - https://scim.dev/playground/ - https://scim.dev/playground/sharedsignalframework/ - POC: https://github.com/thomasdarimont/keycloak/tree/poc/shared-signals Meeting with Keycloak Maintainers on 02/20th for focussed architectural discussion on how to integrate. - Status: none ### [SPIFFE](https://spiffe.io/) - Status:none ### Key selection on Identity Providers (5 minutes) - https://github.com/keycloak/keycloak/discussions/35039 - We might need a sub abstraction of Identity Providers (or trusted parties) inside a single Realm - Consider the __trusted party__ abstraction - Thomas: Look at the org.keycloak.broker.provider.AbstractIdentityProvider class. Could be the right location for managing of provider specific keys. We could provide an optional like "Use custom private Key: on/off" with an input field for a custom private key in the IdentityProviderConfiguration - Thomas: Alterantive: Refactor SAML Identity Provider and add a protected method to determine the key to use, to allow custom SAMLIdentityProviders to use different keys. - Dmitry trying to connect to Ben Cresitello-Dittmar (@ben95cd) as an experienced person in this domain. - Status: no ### Other Topics #### Keyconf25 - Survey started: https://forms.office.com/Pages/ResponsePage.aspx?id=hFQsXiLlnUeRylFdbgziKBgok6UO9mxHnShifZvG4ehUMVVNS1lRQlpJNTFSM0tHRU5QS0RPSlI2Ry4u - Decision to do one day, as Budget for a two day conference is out of reach. - Comment published to CNCF Chat. ## Recording https://us06web.zoom.us/rec/share/tSwlSADTw1Hq2g0wDhZ7p7MPz54SIZdXWQ6J1qlyUMFl55Gx9i9YxaJQGPTbjLpm.k0K5AWL7JLK4njy9