[Openid-specs-ab] Agenda addition for today's call

Mike Jones Michael.Jones at microsoft.com
Wed Jun 22 23:43:45 UTC 2011


Now live.  The set of Connect specs now checked in are:

OpenID Connect Core:  http://openid.net/specs/openid-connect-core-1_0.html
OpenID Connect Authorization Code Binding: http://openid.net/specs/openid-connect-code-1_0.html
OpenID Connect Artifact Binding:  http://openid.net/specs/openid-connect-ab-1_0.html
OpenID Connect Discovery:  http://openid.net/specs/openid-connect-swd-1_0.html
OpenID Connect Client Registration:  http://openid.net/specs/openid-connect-registration-1_0.html
OpenID Connect UserInfo:  http://openid.net/specs/openid-connect-userinfo-1_0.html

All are in SubVersion at http://svn.openid.net/repos/specifications/connect/1.0/.

                                                            -- Mike

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Wednesday, June 22, 2011 4:06 PM
To: Mike Jones
Cc: Nat Sakimura; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Agenda addition for today's call

Go ahead,  send me the changes.

John B.
On 2011-06-22, at 7:04 PM, Mike Jones wrote:


This is good enough as-is that I'm going to check it into SVN and put it on openid.net/specs<http://openid.net/specs> after a few editorial changes to make it more like the other docs.

Speak now if any of you want me to hold off for any reason...

                                                                -- Mike

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Monday, June 20, 2011 2:52 PM
To: Mike Jones
Cc: Nat Sakimura; openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] Agenda addition for today's call

For discussion:

Dynamic client registration and secret rotation.

Thinking about it,  It makes more sense to have the IdP configuration information as part of registration.

One flow could be having a RP go to a web page and do a manual registration, then plug in their client_id, client_secret, return_to, and Idp client registration endpoint into their software and have it do a refresh to get the other parameters.

I suspect that the Client Registration endpoint will need to also be the issuer_id.   Without introducing a post authentication discovery step we need to map the signature on the session token back to a shared secret (or public key)  If we allow the other endpoints to be on other domains potentially, that leaves the registration one as the likely choice.

John B.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110622/d47e3272/attachment-0001.html>


More information about the Openid-specs-ab mailing list