[Openid-specs-ab] Agenda addition for today's call

John Bradley ve7jtb at ve7jtb.com
Mon Jun 20 21:52:01 UTC 2011


For discussion:

Dynamic client registration and secret rotation.

Thinking about it,  It makes more sense to have the IdP configuration information as part of registration.

One flow could be having a RP go to a web page and do a manual registration, then plug in their client_id, client_secret, return_to, and Idp client registration endpoint into their software and have it do a refresh to get the other parameters.

I suspect that the Client Registration endpoint will need to also be the issuer_id.   Without introducing a post authentication discovery step we need to map the signature on the session token back to a shared secret (or public key)  If we allow the other endpoints to be on other domains potentially, that leaves the registration one as the likely choice.

John B.


On 2011-06-20, at 1:54 PM, Mike Jones wrote:

> Thanks Nat.  I’d add to this list:
>  
> - IdP Discovery
> - OpenID 2.0 Migration
>  
>                                                                 Thanks,
>                                                                 -- Mike
>  
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
> Sent: Monday, June 20, 2011 10:52 AM
> To: openid-specs-ab at lists.openid.net
> Subject: [Openid-specs-ab] Agenda addition for today's call
>  
> I would like to propose the following for today's spec call. 
>  
> 1. Status check of each sub-specs. 
>  
> Report from each sub-spec editors. 
>  
> - Core
> - UserInfo
> - Session
> - JWE
> - Bindings
>  
> 2. Whether or not to add non-normative text for Bindings
>  
> Currently, we have very little non-normative text in the Bindings and the reader has to go refer the Core and OAuth spec very often. 
> Perhaps including some non-normative text instead of just referencing would improve the readability. 
>  
> 3. Whether or not to merge Code Binding and Artifact Binding
>  
> In fact, the are only a few lines of difference now. Perhaps can we merge them together? 
>  
> 4. Separating out the session spec? 
>  
> Right now, session spec is included in the core. A while ago, there seems to have been some talk around separating it out again. 
> I would like to close on this. 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110620/12ddd522/attachment-0003.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110620/12ddd522/attachment-0004.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110620/12ddd522/attachment-0005.html>


More information about the Openid-specs-ab mailing list