[Openid-specs-ab] Spec call notes 30-Jun-11

Mike Jones Michael.Jones at microsoft.com
Thu Jun 30 22:57:05 UTC 2011


Spec call notes 30-Jun-11

John Bradley
George Fletcher
Mike Jones
Nat Sakimura
Edmund Jay
Johnny Bufu

Agenda:
                Discovery and Client Registration
                George's questions about UserInfo
                Mike's question about locale
                Mike's question about consistency of request parameters
                Nat's question about BCP47 multi-script support
                Encryption

Discovery and Client Registration
                John is part way done, will dedicate tomorrow to finishing drafts to circulate

George's questions about UserInfo
                George asked whether the UserInfo endpoint is a true OAuth endpoint or not
                                John said yes - that we need to update the draft to match current OAuth versions
                                Presentation of access token follows OAuth 2.0 bearer token conventions
                                Bindings need to call out a specific required method
                                                Need GET to work for implicit grant flow
                                Call out bearer token profile
                George asked us to tighten up behavior if "openid" schema specified
                                Wants to change SHOULD to a MUST
                                (If people want to support other schemas, they can do so)
                George may have time to take a stab at these edits soon

locale
                We decided to use RFC 5646 / BCP 47 rather than the current ad-hoc definition

Consistency of request parameters
                Edmund will change "ses" to "idt" in the HTTP-Redirect spec

BCP47 multi-script support
                In UserInfo but not in Framework.  Nat to supply text for Framework spec to Edmund.
                We discussed whether requests should have per-claim script requests or whether to do this in a more general way
                We agreed that per-claim script requests should work
                We will also consider having a requested set of scripts in a non-claim specific manner
                                Mike suggested that we delegate this to Nat, who will make a proposal

Encryption
                Mike plans to finish a first draft by Monday - requests friendly review before then

Implementers
                Maybe share with a few friendly developers as-is as soon as edits discussed on the call made
                                Andrew Arnott
                                Ping Identity developer that John's in touch with via Patrick

Next call
                The next call will be on July 5th in the US due to the 4th of July holiday (at the regular time)
                Nat will send an invitation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110630/053552f2/attachment.html>


More information about the Openid-specs-ab mailing list