[{"author": "Pieter Kasselman", "text": "

Good morning!

", "time": "2024-03-22T05:01:59Z"}, {"author": "David Waite", "text": "

I'm going to miss all of you after this

", "time": "2024-03-22T05:02:22Z"}, {"author": "Atul Tulshibagwale", "text": "

Happy birthday, @Kelley Burgin !

", "time": "2024-03-22T05:02:36Z"}, {"author": "Aaron Parecki", "text": "

hannes you have to move the mouse cursor over the slides for the clicker to work

", "time": "2024-03-22T05:03:31Z"}, {"author": "Sarah Cecchetti", "text": "

Happy Thursday evening

", "time": "2024-03-22T05:03:40Z"}, {"author": "Dean Saxe", "text": "

Oh good, the brains behind the operation has arrived =)

", "time": "2024-03-22T05:12:17Z"}, {"author": "Kristina Yasuda", "text": "

we did the PR to fix this in oid4vc...

", "time": "2024-03-22T05:16:30Z"}, {"author": "Aaron Parecki", "text": "

kristina can you queue to describe this?

", "time": "2024-03-22T05:17:53Z"}, {"author": "Kristina Yasuda", "text": "

ah actually i am wrong, we only discussed, have not done the PR yet.

", "time": "2024-03-22T05:18:09Z"}, {"author": "Kristina Yasuda", "text": "

i'll get back to you offline, aaron.

", "time": "2024-03-22T05:18:20Z"}, {"author": "Justin Richer", "text": "

we did not commit to not breaking changes -- requiring PKCE breaks things.

", "time": "2024-03-22T05:21:51Z"}, {"author": "Justin Richer", "text": "

but it's important to be deliberate about what we'd consider an interop between 2.0 and 2.1, and from which side

", "time": "2024-03-22T05:22:14Z"}, {"author": "Dean Saxe", "text": "

requiring PKCE only breaks things that want to be 2.1 compliant.

", "time": "2024-03-22T05:22:50Z"}, {"author": "Dean Saxe", "text": "

at least, as far I understand things

", "time": "2024-03-22T05:23:02Z"}, {"author": "David Waite", "text": "

audio issue, again :'(

", "time": "2024-03-22T05:23:10Z"}, {"author": "Muhammad Sardar", "text": "

Please speak closer to the mic.

", "time": "2024-03-22T05:23:37Z"}, {"author": "David Waite", "text": "

what I was queued to say: requiring deployed client_ids to change is a nightmare, but requiring alphanumeric secrets seems untenable.

", "time": "2024-03-22T05:24:34Z"}, {"author": "David Waite", "text": "

if this is the only way we think the feature can be interoperable, we should deprecate for 2.1

", "time": "2024-03-22T05:24:56Z"}, {"author": "Kristina Yasuda", "text": "

+1 to probably treating client_id and client_secrets differently..

", "time": "2024-03-22T05:25:57Z"}, {"author": "Filip Skokan", "text": "

if only the character set didn't include the \":\" character we could get away from any additional encoding of all username / password characters.

", "time": "2024-03-22T05:27:17Z"}, {"author": "Justin Richer", "text": "

@dean that's exactly my point.

", "time": "2024-03-22T05:27:22Z"}, {"author": "Justin Richer", "text": "

@david if people implemented properly it as it's already specified, it would ALSO be interoperable ;)

", "time": "2024-03-22T05:27:59Z"}, {"author": "Kristina Yasuda", "text": "

I have seen\"did:...\" as a client_id, filip...

", "time": "2024-03-22T05:29:26Z"}, {"author": "David Waite", "text": "

@Justin yeah I doubt this is the only way, although it is certainly a way to force the peg through the hole

", "time": "2024-03-22T05:32:01Z"}, {"author": "Pieter Kasselman", "text": "

https://github.com/cedar-policy/cedar

", "time": "2024-03-22T05:32:27Z"}, {"author": "Sarah Cecchetti", "text": "

and https://www.cedarpolicy.com/en and https://cedarland.blog/

", "time": "2024-03-22T05:33:27Z"}, {"author": "Sarah Cecchetti", "text": "

https://datatracker.ietf.org/doc/draft-cecchetti-oauth-rar-cedar/

", "time": "2024-03-22T05:35:31Z"}, {"author": "Justin Richer", "text": "

big +1 to George's comment just now

", "time": "2024-03-22T05:37:33Z"}, {"author": "Justin Richer", "text": "

client -> AS, AS -> client, and AS -> RS don't need to be the same format or value in a functioning system

", "time": "2024-03-22T05:38:23Z"}, {"author": "Sarah Cecchetti", "text": "

Yup. The next draft will use \"type\" to indicate format in URI format. Another open question is whether to give guidance about when to make that an array that also includes intent.

", "time": "2024-03-22T05:41:35Z"}, {"author": "Justin Richer", "text": "

the value of \"type\" is defined to be a single string, so having it as an array would break parsing. You could define a secondary field to carry the other information, though, and require/recommend/etc that when the type is \"cedarpolicy.org\"

", "time": "2024-03-22T05:45:30Z"}, {"author": "Arndt Schwenkschuster", "text": "

For this question to answer wouldn't the entities.json be more necessary on top of the policy?

", "time": "2024-03-22T05:46:33Z"}, {"author": "Atul Tulshibagwale", "text": "

+1 to @Brian Campbell , can't the RS simply get the Cedar policy directly from the Cedar service?

", "time": "2024-03-22T05:46:47Z"}, {"author": "Atul Tulshibagwale", "text": "

why does the client or AS need to be involved?

", "time": "2024-03-22T05:47:05Z"}, {"author": "Hannes Tschofenig", "text": "

Have others looked at other policy languages, such as OPA/Rego?

", "time": "2024-03-22T05:55:26Z"}, {"author": "Atul Tulshibagwale", "text": "

I have some familiarity

", "time": "2024-03-22T05:56:36Z"}, {"author": "Pieter Kasselman", "text": "

@Hannes - there is a very large number of policy languages out there (some number above 20 by last count)

", "time": "2024-03-22T05:57:26Z"}, {"author": "Hannes Tschofenig", "text": "

But only a few have found wider usage

", "time": "2024-03-22T05:57:42Z"}, {"author": "Christian Bormann", "text": "

I was wondering about Rego as well, but Rego is used more on the infrastructure side from my experience?

", "time": "2024-03-22T05:57:52Z"}, {"author": "Hannes Tschofenig", "text": "

The question for me was whether we should standardize the two most popular policy languages

", "time": "2024-03-22T05:58:36Z"}, {"author": "Pieter Kasselman", "text": "

OPA/Rego has found adoption, but it is also very flexible and requires a skilled user to avoid unfortunate outcomes.

", "time": "2024-03-22T05:59:16Z"}, {"author": "Pieter Kasselman", "text": "

@Hannes - how would you define popular?

", "time": "2024-03-22T06:00:05Z"}, {"author": "Dean Saxe", "text": "

XACML? ;-)

", "time": "2024-03-22T06:00:16Z"}, {"author": "Hannes Tschofenig", "text": "

popular = what the group prefers

", "time": "2024-03-22T06:00:35Z"}, {"author": "Aaron Parecki", "text": "

gotta do your homework before the meetings! ;-)

", "time": "2024-03-22T06:02:05Z"}, {"author": "Muhammad Sardar", "text": "

on the mic please

", "time": "2024-03-22T06:04:55Z"}, {"author": "Aaron Parecki", "text": "

use the mic brian

", "time": "2024-03-22T06:04:58Z"}, {"author": "Nat Sakimura", "text": "

Please use mic

", "time": "2024-03-22T06:05:48Z"}, {"author": "Yaroslav Rosomakho", "text": "

Might be a good idea to provide an optional URL to redirect user to so that user would know why he/she got kicked out

", "time": "2024-03-22T06:20:18Z"}, {"author": "Aaron Parecki", "text": "

@Yaroslav there is no user interaction in this draft, it happens entirely without the user context.

", "time": "2024-03-22T06:21:31Z"}, {"author": "Kristina Yasuda", "text": "

what is the lifecycle for this signed jwk set?

", "time": "2024-03-22T06:24:22Z"}, {"author": "Muhammad Sardar", "text": "

What is the lifetime of these certs?

", "time": "2024-03-22T06:30:54Z"}, {"author": "Nat Sakimura", "text": "

Thanks!

", "time": "2024-03-22T06:33:05Z"}, {"author": "Nigel Hickson", "text": "

thank you

", "time": "2024-03-22T06:33:10Z"}, {"author": "Kristina Yasuda", "text": "

the times remotely were pretty brutal :)

", "time": "2024-03-22T06:33:25Z"}, {"author": "Kristina Yasuda", "text": "

thank you!

", "time": "2024-03-22T06:33:31Z"}, {"author": "Aaron Parecki", "text": "

confirmed

", "time": "2024-03-22T06:33:32Z"}, {"author": "Christian Bormann", "text": "

Thanks and have a great day!

", "time": "2024-03-22T06:33:46Z"}]