[Openid-specs-ab] Spec call notes 27-Jun-11

Mike Jones Michael.Jones at microsoft.com
Tue Jun 28 15:02:21 UTC 2011


I had a naming thought this morning.  It occurs to me that the spec we'd given the ungainly working name "OpenID Connect Extended Requests and Responses" might be better named "OpenID Connect Enhancements".  It's a more workable name and still makes it clear that the functionality is distinct from the Core.

What do people think?

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Monday, June 27, 2011 4:04 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Spec call notes 27-Jun-11

Spec call notes 27-Jun-11

Mike Jones
Nat Sakimura
John Bradley
Edmund Jay
Breno de Medeiros

Agenda items:
                Review steps remaining to declare specs developer-ready
                Where are aggregated, distributed claims specified?
                Change citations to reference specs on openid.net/specs and to reference current versions
                Accounts on svn.openid.net and openid.net
                Discovery and client registration status
                UserInfo status
                Bindings status

                Breno's request to move claims functionality to a separate document
                Discuss whether session management should be in core or separate document

Where are aggregated, distributed claims specified?
                They are currently missing - need to be put back in

Document structuring
                Breno proposes that we make the core as small as possible
                We initially proposed to split the core into (smaller core), session management, and claims specs
                                Nat and Mike initially proposed that the OpenID request and response stay in the core
                                                Because requests and responses will contain more than just claims
                Breno proposes that everything optional be removed from the core
                                We agree for now to use the name "OpenID Connect Extended Requests and Responses" for the optional parts
                                It contains:
                                                the request format
                                                the response format
                                                claims, including aggregated and distributed claims representations
                                                signing and encryption
                                Also, make id_token format opaque, per agreement from Facebook meeting
                Security Considerations
                                Should pertain only to the functionality in each doc
                                Core may just refers to extensive OAuth 2.0 security considerations section
                                Maybe talk about risks of userids in requests and responses
                                Maybe talk about replay attacks
                                Maybe talk about assertion disclosure

Editorial:
                Change citations to reference specs on openid.net/specs and to reference current versions

Accounts on svn.openid.net and openid.net
                Mike initiated creation of accounts for editors
                Mike will update documents on open.net and svn.openid.net for now

Discovery and client registration status
                John will finish draft in 1.5 days or so

UserInfo
                Mike will finish update in 1 day or so

Bindings
                Edmund sent out a doc combining the Code and AB and Implicit Grant bindings
                Breno strongly objects to having a separate HTTP binding document
                Edmund should be ready for the bindings document to be posted in a day or two
                After we have checked in this round of revisions, Mike will take a stab at adding the HTTP binding to the core

John is working on a PPID specification for future consideration

All but Breno plan to be on the call 3 days hence (Thursday US/Chile, Friday Japan)

====

Action items:
                Edmund will split the core into:
                                smaller core
                                session management
                                extended requests and responses docs
                John will finish revising discovery and client registration docs
                Mike will finish revising UserInfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110628/1fa9ffed/attachment.html>


More information about the Openid-specs-ab mailing list