# WG Meeting: 2023-10-24 ## Agenda - Authentication Scheme for streams ## Attendees - Atul Tulshibagwale (SGNL) - Steve Venema (ForgeRock) - Nancy Cam Winget (Cisco) - Shayne Miel (Cisco) - Sean O'dell (Disney) - Victor Lu () - Tim Cappalli (Microsoft) - Apoorva Deshpande (Okta) ## Notes ### How do we keep working during the review period - Let's tag the commit that we sent for review - Blog post refers to draft at [this location](https://openid.net/specs/openid-sharedsignals-framework-1_0-02.html), which is different from our working draft - We should bump up the version number either now or before we send for another review - Do we need to separate changes that should be incorporated into draft-02 - Let's work on a branch (not main) for any changes related to post-draft-02 work - The main branch will be used for draft-02 (any non-normative changes do not restart the review period) - ### Authentication Scheme for streams - Section 10.2.1.1 states that the "authorization_header" field in the Stream Configuration should be used. However, section 7.1.1 does not specify the "authorization_header" field. - The language in section 10.2.1.1 can be made clearer by switching the order of the sentences. Proposed revision: "If the authorization_header field is present in the Stream Configuration, then it MUST be set in each SET delivery." - The authorization_header field in 7.1.1 should be a sub field of "delivery" so that it applies to both PUSH and POLL ### Other - "optinal" is misspelled in the description of the "description" field in section 7.1.1 ## Action Items - (atul) tag the version that was sent for review - (atul) to check with OpenID Foundation if adding this to the section 7.1.1 constitutes a normative change - (steve) create a fiel in the repo that explains how we will be tagging individual commits to keep track of IDs and final specs