# WG Meeting: 2023-05-02 ## Agenda - Meeting frequency - weekly post Identiverse? (atul) - Async communication (smiel) - Combine add and remove subject endpoints: https://github.com/openid/sharedsignals/issues/39 - Complex Subject with incomplete info: https://github.com/openid/sharedsignals/issues/32 - Move subject out of events: https://github.com/openid/sharedsignals/issues/52 - ComplexSubject format claim: https://github.com/openid/sharedsignals/issues/53 - PUT/PATCH behavior for "events_delivered": https://github.com/openid/sharedsignals/issues/55 ## Attendees - Stan Bounev (VeriClouds) - Atul Tulshibagwale (SGNL) - Nancy Cam Winget (Cisco) - Philip Hunt (Independent Identity) - Mike Kiser (SailPoint) - Asad Ali (Thales) - Jen Schreiber (Workday) - Eric Karlinsky (Okta) - Tim Cappalli (Microsoft) - Shayne Miel (Cisco) ## Notes ### Meeting Frequency - Weekly frequency agreeable to Shayne, Asad, Tim, Eric, Phil, Mike ### Async Communication - Consider using async communication more - GitHub, Slack, Email - Agreed to - Atul, Tim, Phil, ### Combine add and remove subject endpoints - Keep one endpoint for all subject operations, and use HTTP methods like PATCH, DELETE on the endpoint - (Phil) Does DELETE allow payload? - Adding URL parameters is leaky due to logging - A combined endpoint with a payload that provides a command and the subject description may be another approach - Is adding subjects / removing subjects even scalable ### Complex Subject with incomplete info - What happens when an event has some claims and not others in the subject identifiers - Missing claims in subject should act like wildcards - If a Receiver has subscribed to a "user" and "session" combination, and the Transmitter has an event that has "user" information but not "session" information, should that event be sent to the Recevier? - Atul (yes), Phil (yes) - If a Receiver has subscribed to only a "user", and the Transmitter has an event that has "user" information and "session" information, should that event be sent to the Recevier? - Atul (yes) - Missing fields are wildcards in both directions ### Move subject out of events - Since the SecEvents standardizes subject identifiers, should they be at the high level - (Atul) But interpretation is dependent on event type - Discussion is inconclusive so far - ## Action Items