SIG Breakout Session: 2025-06-25

# SIG Breakout Session: 2025-06-25 - Date: Wed 25 June 2025 - Time: 11:00 - 12:00 UTC in 1 hour 07:00 - 08:00 EDT (UTC-4) 12:00 - 13:00 BST (UTC+1) 13:00 - 14:00 CEST (UTC+2) 14:00 - 15:00 EEST (UTC+3) 16:30 - 17:30 IST (UTC+5:30) 20:00 - 21:00 JST (UTC+9) 21:00 - 22:00 AEST (UTC+10) ## Agenda Agenda Items to discuss ## Attendees - Takashi Norimatsu - Vinod Anandan - Pascal Knüppel - Rodrick Awambeng - Forkim Akwichek - Bertrand Ogen - Dmitry Telegin - Thomas Darimont - Nathalia Pinesi ## Notes ### Keyconf25 Updates from Nathalia on Keyconf25 ## New Support ### 1. Workload Identity - Transaction Token, SPIFEE No updates from Dmitry ### 2. OAuth 2.0 for First-Party Applications (FiPA) No updates from Adorsys ### 3. Shared Signals Framework (SSF) No updates from Thomas ### 4. OpenID Federation 1.0 (OIDFED) No updates ### 5. FIDO2 conformance test No updates ### 6. Client Attestation No updates, Thomas is working on adding client attestation as an authentication method in the openid conformance suite for OpenID4VCI (ASAP - ETA = 1 month). - Specification: [OAuth 2.0 Attestation-Based Client Authentication (Internet-draft v5)](https://www.ietf.org/archive/id/draft-ietf-oauth-attestation-based-client-auth-05.html) - Discussion: [Support for OAuth 2.0 Attestation-Based Client Authentication](https://github.com/keycloak/keycloak/discussions/40413) ### 7. Model Context Protocol (MCP) No updates - Specification: [MCP - Base Protocol - Authorization (version 2025-06-18)](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization) - Discussion: [Keycloak MCP Server](https://github.com/keycloak/keycloak/discussions/39995) - Discussion: [Support for RFC 8707 OAuth2 Resource Indicators](https://github.com/keycloak/keycloak/discussions/35743) - Draft PR: [Add support for RFC 8707 OAuth2 Resource Indicators (#14355) ](https://github.com/keycloak/keycloak/pull/35711) ## Refinement ### 8. OpenID Verifiable Credentials Issuance (OID4VCI) No updates, Francis approved the PR ( https://github.com/keycloak/keycloak/pull/39768 ). ### 9. Token Exchange No updates ### 10. Demonstrating Proof-of-Possession (DPoP) - 10 of 16 issues were resolved. (63%) - Takashi: no progress in this week. - Takashi: no progress in this week. - ### 11. Passkeys - 14 of 19 issues were resolved. (74%) No updates ### 12. FAPI 2.0 FINAL - Takashi: no progress in this week. Takashi to review the PR from keycloak team : https://github.com/Hitachi/keycloak/pull/1103/files ## Others ### Transient users ## Recordings https://us06web.zoom.us/rec/share/8psNuRO9v1nlxAj3RNXpyDdt7iYk1ecrdEF8HM5o6-tPya_ST2tq8yQi-VUVRc_G.6B41Bjr0Q2k9N5hj?startTime=1750849530000