What additional standards should we consider implementing (long-term)?

[christiansmith]

At present we have a pretty good handle on OAuth 2.0 and OpenID Connect. Our in the near future will be centered around OIDC certification and achieving 100% implementation. Along with other improvements like the CLI rewrite and other additional production support, this brings us most of the way toward a stable release (0.2.0).

Looking farther ahead, we should start the conversation about what additional specs and standards we ought to implement. Here are a few candidates:

• OpenID Connect related
  • OpenID Account Chooser – basic | advanced
  • OpenID Connect Native Application Token Provisioning Profile
  • OpenID Connect Native Application Token Agent API Bindings
  • Authorization Cross Domain Code
  • OpenID Native Apps Working Group – repos
  • WebFinger
• FIDO
• UMA
• SCIM
• ABAC
• XACML
• Using XACML Policies as OAuth Scope
• OpenAz

I'll add to this list and organize further based on the discussion.