WG Meeting: 2024-10-08

# WG Meeting: 2024-10-08 ## Agenda - Which issues need to be fixed before v1 spec is proposed for vote - [v1](https://github.com/openid/sharedsignals/labels/v1) label has been created - Which specs should be proposed for final? All, just SSF, or SSF + CAEP? - [Proposal Multi-push delivery](https://datatracker.ietf.org/doc/draft-deshpande-secevent-http-multi-push/) - Current DeliveryPush RFC 8935 does not support sending multiple SETs to the receiver in a single HTTP call - New delivery mechanism will enable sending multiple SETs by clubbing them together at the Tx in a single HTTP call to Rx - This will help improve performace, reduce outbound calls, enable faster processing by the Rx etc ## Attendees - Tim Cappalli (Okta) - Apoorva Deshpande (Okta) - Sean O'Neill (Easy Dynamics) - Thomas Darimont (OIDF Certification Team) - Jen Schreiber (Workday) - Kartik Patel - Alexey Yemelyanov - Rajvardhan Deshmukh (Cisco) - Mike Kiser (SailPoint) - Gail Hodges (OIDF) - Swathi Kollavajjala (Cisco) - Stan Bounev (VeriClouds) ## Notes [Gael] (From the chat) Mike L will reach out to the cochairs to ask if there is appetite to discuss a new family of payment settlement signals, as I recall hearing there was some interest in getting some wider member feedback on any work that would go in this direction. This could be exploring if there is market appetite for this work, any cross WG efforts needed to scope it, and priority for the SSWG. ### Specs v1 [Apoorva] Which specs take forward? [Tim] That's the question. I don't think we should take the dictionary profiles forward until the JSON schema work is done [Tim] Anyone think we should take CAEP and RISC profiles forward as they are? <crickets> [Tim] issue 206: IP subject identifiers. Should this be a v1 blocker? - Do we want to add the ability to add new subject identifiers (re: related to schema spec) [Tim] https://github.com/openid/sharedsignals/issues/149 Seems to be a normative change. Atul removed v3. should be in v1? Result: no v1 blockers tagged ### Proposal Multi-push delivery Apoorva: - RFC 8935 only allow sending about the same subject - To solve at scale, proposal is to allow multiple events to be sent in the same SET - https://datatracker.ietf.org/doc/draft-deshpande-secevent-http-multi-push/ - Could be useful in SCIM events as well (more than one event happening in the org) ### JSON Schema draft Jen: - Initial thoughts? Apoorva: - Questions: - How specific for semver? E.g. major version only or down to patch? https://semver.org/ - Deprecation vs superseding? - leaning towards superseding - Registry holds WG approved or private as well? - leaning towards WG approved / hosted schemas ### Conformance test demos Thomas showed an early demo of the SSF conformance test tools Thomas is also looking for additional example environments for testing. He currently uses caep.dev and his own SSF implementation. Feel free to add some more suggestions / requirements with respect to conformance testing here https://github.com/openid/sharedsignals/issues/210 ## Action Items All v1 JSON schemas must match the existing IDs of CAEP and RISC. Any changes would trigger v2 schemas.