# WG Meeting: 2025-04-01 ## Agenda - Review PRs - Review Issues - IPSIE Actions ## Attendees - Shayne Miel (Cisco) - Sean O'Dell (Disney) - Jen Schreiber (Workday) - Thomas Darimont (OIDF) - Yair Sarig (Omnissa) - Mike Kiser (SailPoint) - Apoorva Deshpande (Okta) - JD Pawar (Workday) - Tushar Raibhandare (Google) ## Notes ### IPSIE Action - IPSIE group is looking to us - (Jen) In SET spec, SETs can only be descriptive ### Review PRs - (Jen) Issue 247. Tried to phrase it to be backwards compatible. - If Tx supports pull it should indicate as such - (Shayne) Make it a MAY to be more normative and ship it - (Jen) CAN vs MAY debate - (Apoorva) if thte Tx does not contain events supported should it reject? - (Jen and Shanye) Support backwards compatibility and non normative changes - (Apoorva) Rather than default to defaulted channels error out - (Yair) Implementations are broken regardless if the change is normative. - (Shayne) Normative changes are ok. - (Yair) In the spec you default to pull, but this would error if it not supported or say the Tx is not supporting this method - (Apoorva / Jen) return back 400 or 405 or 406? Not 418 - (Group consensus) 400 was the group vote - (Shayne) Issue 246 - (Shayne) Tx creates the audience value ahead of time for the Rx (new in the Interop) - (SHayne) find a place in the spec that says this. - (Shayne)If the aud value is agreed upon out of band than the Rx must validate it during stream creation. - (Apoorva) aud it Tx supplied. In addition to what is in the Issue. The aud value returned in the stream creation api should be validated b the Rx. - (Shayne Apoorva Jen) Talking about when you validate the aud value. Stream Response from Stream Create Request. - (Shayne) if it is decided out of band it should be validated between the Tx and Rx - (Apoorva) why would need to get the streams that are created - (Apoorva) validate the set aud to match the stream aud - (Yair) if the Rx provides the value it is different from the Tx. If the Rx does not validate then you upen yourself up to receiving events from someone else or spoofing. - (Sean Yair Shayne Jen) Talking about Rx supplied vs Tx created - (Jen) the aud is agreed upon out of band and is agreed upon - (Yair) makes it unique with a binding pair - (Shanye) how can a Rx validate the aud? - (Sean) its like clientID maybe? - (Jen)? - (Yair) aud is the flipped side - (Apoorva) can we table it? - (Jen) Try rephrasing it - Issue 245 - (Shayne)relationshp between Tx and Authorization Servier - (Jen) text is confusing in interop profile - (Jen) existing text must support at least one of the following for a short lived AT - (Jen Shayne) Talking about authorization server and MUST obtain an access_token _out of band_ - (Jen and Apoorva) there is a PR to reorganize this ISSUE - (Apoorva) What is the role of a resource server and authorization server? - (Apoorva and Jen) will work together on this to push it over the finish line. - (Apoorva and Jen) will open the issue and get wording down pat - (Shayne) Issue 243 - (Jen Shayne Sean) SHOULD was agreed to and the interop profile is going to match on the same PR - (Shayne) Issue 244 EVENT METADATA!!! Thunderdome! - (Shayne) updating comment of Issue - Should be representative of the event rather than the subject. - (Apoorva) remove "or actions" from line 177. - (Jen) agreed - (Sean)agreed and :pray: - (Shayne) Rx's were overloading _reason_admin_ - (Thomas and Sean) what were you going to do and what can you pass in? Examples were given. - (Apoorva Jen Sean) Size of the JWT will be an issue - (Apoorva) makes interoperable hard - (Jen Sean) not sure about that - (Shayne) There is going to be a struggle to get shit done between 2 companies versus *all companies* - (Apoorva) provide clear guidance on when, why, what to use - (Apoorva) Issue 225 was reverted and asking why? - (Everyone) see https://hackmd.io/@oidf-wg-sse/wg-meeting-20250211 - (Shaye Apoorva) Approved. Putting `events_supported` back into the well-known endpoint. - (Sean) to approve. - (Jenn Shayne) Can closse Issue 202 ### Review Issues #### ## Action Items