[Openid-specs-ab] Spec call notes 30-Jun-11

Breno de Medeiros breno at google.com
Fri Jul 1 00:34:48 UTC 2011


I will later provide detailed feedback on the writing of at least the
following three specs: Core, UserInfo, and Session Management.
However, what strikes me immediately is that too much was extracted
from the core w/ regards to request parameters.

'display' parameter, with modes such as 'mobile', 'popup', and 'none'.

Discussion on using 'none' in an invisible i-frame and description of
auto-approval of requests both in the UserAgent and WebServer use
cases.


On Thu, Jun 30, 2011 at 15:57, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Spec call notes 30-Jun-11
>
>
>
> John Bradley
>
> George Fletcher
>
> Mike Jones
>
> Nat Sakimura
>
> Edmund Jay
>
> Johnny Bufu
>
>
>
> Agenda:
>
>                 Discovery and Client Registration
>
>                 George's questions about UserInfo
>
>                 Mike's question about locale
>
>                 Mike's question about consistency of request parameters
>
>                 Nat's question about BCP47 multi-script support
>
>                 Encryption
>
>
>
> Discovery and Client Registration
>
>                 John is part way done, will dedicate tomorrow to finishing
> drafts to circulate
>
>
>
> George's questions about UserInfo
>
>                 George asked whether the UserInfo endpoint is a true OAuth
> endpoint or not
>
>                                 John said yes - that we need to update the
> draft to match current OAuth versions
>
>                                 Presentation of access token follows OAuth
> 2.0 bearer token conventions
>
>                                 Bindings need to call out a specific
> required method
>
>                                                 Need GET to work for
> implicit grant flow
>
>                                 Call out bearer token profile
>
>                 George asked us to tighten up behavior if "openid" schema
> specified
>
>                                 Wants to change SHOULD to a MUST
>
>                                 (If people want to support other schemas,
> they can do so)
>
>                 George may have time to take a stab at these edits soon
>
>
>
> locale
>
>                 We decided to use RFC 5646 / BCP 47 rather than the current
> ad-hoc definition
>
>
>
> Consistency of request parameters
>
>                 Edmund will change "ses" to "idt" in the HTTP-Redirect spec
>
>
>
> BCP47 multi-script support
>
>                 In UserInfo but not in Framework.  Nat to supply text for
> Framework spec to Edmund.
>
>                 We discussed whether requests should have per-claim script
> requests or whether to do this in a more general way
>
>                 We agreed that per-claim script requests should work
>
>                 We will also consider having a requested set of scripts in a
> non-claim specific manner
>
>                                 Mike suggested that we delegate this to Nat,
> who will make a proposal
>
>
>
> Encryption
>
>                 Mike plans to finish a first draft by Monday - requests
> friendly review before then
>
>
>
> Implementers
>
>                 Maybe share with a few friendly developers as-is as soon as
> edits discussed on the call made
>
>                                 Andrew Arnott
>
>                                 Ping Identity developer that John's in touch
> with via Patrick
>
>
>
> Next call
>
>                 The next call will be on July 5th in the US due to the 4th
> of July holiday (at the regular time)
>
>                 Nat will send an invitation
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>



-- 
--Breno


More information about the Openid-specs-ab mailing list