[Openid-specs-ab] Spec call notes 27-Jun-11

Mike Jones Michael.Jones at microsoft.com
Tue Jun 28 16:54:27 UTC 2011


I think it would be better if we chose a one-word, or at most two-word name, enabling natural English usages like "I implemented the X" (just like one would say "I implemented the Core"), rather than "I implemented the Extended Requests and Responses" or "I implemented the Extended JSON Syntax".

I suggested the word "Enhancements" exactly because it was different than "extension".  But I get your point.

What about the name "OpenID Connect Framework" instead?  "Framework", because that spec will be the framework for all other extensions to OpenID Connect.

			-- Mike

-----Original Message-----
From: Breno de Medeiros [mailto:breno at google.com] 
Sent: Tuesday, June 28, 2011 9:42 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Spec call notes 27-Jun-11

On Tue, Jun 28, 2011 at 08:02, Mike Jones <Michael.Jones at microsoft.com> wrote:
> I had a naming thought this morning.  It occurs to me that the spec 
> we'd given the ungainly working name "OpenID Connect Extended Requests 
> and Responses" might be better named "OpenID Connect Enhancements".  
> It's a more workable name and still makes it clear that the 
> functionality is distinct from the Core.

It sounds better but is a tad overreaching since other extensions could also claim to be 'enhancements'.

What about something like "OpenID Connect Extended JSON Syntax"

>
>
>
> What do people think?
>
>
>
>                                                             -- Mike
>
>
>
> From: openid-specs-ab-bounces at lists.openid.net
> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike 
> Jones
> Sent: Monday, June 27, 2011 4:04 PM
> To: openid-specs-ab at lists.openid.net
> Subject: [Openid-specs-ab] Spec call notes 27-Jun-11
>
>
>
> Spec call notes 27-Jun-11
>
>
>
> Mike Jones
>
> Nat Sakimura
>
> John Bradley
>
> Edmund Jay
>
> Breno de Medeiros
>
>
>
> Agenda items:
>
>                 Review steps remaining to declare specs 
> developer-ready
>
>                 Where are aggregated, distributed claims specified?
>
>                 Change citations to reference specs on 
> openid.net/specs and to reference current versions
>
>                 Accounts on svn.openid.net and openid.net
>
>                 Discovery and client registration status
>
>                 UserInfo status
>
>                 Bindings status
>
>
>
>                 Breno's request to move claims functionality to a 
> separate document
>
>                 Discuss whether session management should be in core 
> or separate document
>
>
>
> Where are aggregated, distributed claims specified?
>
>                 They are currently missing - need to be put back in
>
>
>
> Document structuring
>
>                 Breno proposes that we make the core as small as 
> possible
>
>                 We initially proposed to split the core into (smaller 
> core), session management, and claims specs
>
>                                 Nat and Mike initially proposed that 
> the OpenID request and response stay in the core
>
>                                                 Because requests and 
> responses will contain more than just claims
>
>                 Breno proposes that everything optional be removed 
> from the core
>
>                                 We agree for now to use the name 
> "OpenID Connect Extended Requests and Responses" for the optional 
> parts
>
>                                 It contains:
>
>                                                 the request format
>
>                                                 the response format
>
>                                                 claims, including 
> aggregated and distributed claims representations
>
>                                                 signing and encryption
>
>                                 Also, make id_token format opaque, per 
> agreement from Facebook meeting
>
>                 Security Considerations
>
>                                 Should pertain only to the 
> functionality in each doc
>
>                                 Core may just refers to extensive 
> OAuth 2.0 security considerations section
>
>                                 Maybe talk about risks of userids in 
> requests and responses
>
>                                 Maybe talk about replay attacks
>
>                                 Maybe talk about assertion disclosure
>
>
>
> Editorial:
>
>                 Change citations to reference specs on 
> openid.net/specs and to reference current versions
>
>
>
> Accounts on svn.openid.net and openid.net
>
>                 Mike initiated creation of accounts for editors
>
>                 Mike will update documents on open.net and 
> svn.openid.net for now
>
>
>
> Discovery and client registration status
>
>                 John will finish draft in 1.5 days or so
>
>
>
> UserInfo
>
>                 Mike will finish update in 1 day or so
>
>
>
> Bindings
>
>                 Edmund sent out a doc combining the Code and AB and 
> Implicit Grant bindings
>
>                 Breno strongly objects to having a separate HTTP 
> binding document
>
>                 Edmund should be ready for the bindings document to be 
> posted in a day or two
>
>                 After we have checked in this round of revisions, Mike 
> will take a stab at adding the HTTP binding to the core
>
>
>
> John is working on a PPID specification for future consideration
>
>
>
> All but Breno plan to be on the call 3 days hence (Thursday US/Chile, 
> Friday
> Japan)
>
>
>
> ====
>
>
>
> Action items:
>
>                 Edmund will split the core into:
>
>                                 smaller core
>
>                                 session management
>
>                                 extended requests and responses docs
>
>                 John will finish revising discovery and client 
> registration docs
>
>                 Mike will finish revising UserInfo
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>



--
--Breno


More information about the Openid-specs-ab mailing list