[Openid-specs-ab] Spec call notes 19-Aug-11

Nat Sakimura sakimura at gmail.com
Thu Aug 18 23:43:20 UTC 2011

Date: Aug. 18, 2011, 22:00UTC - 23:15UTC
Place: HiDef Conferencing.
Attending: Tony, Johnny, John, George, Edmund, Nat

0. IANA registration
- Tony reported back on his research.
- The process is written in OAuth 2.0 d20 but there are some TBDs yet
and the registry will not be up
  until OAuth is done.
- There are two options: 1) Cite OpenID as the spec and register the
parameter, 2) Write a new
  OAuth extension and register the parameter.
- In case of 2), we do not know where we are to standardize this extra
spec. If we were to do it
  formally in the OAuth WG, we have to wait till the charter change probably.
- Since 2) is a much larger task than 1), the consensus among the
participant was to do 1) and
  do 2) later as it suites.

1. Lite Progress
- John just posted the draft 9.
- Naming: draft 9. No change in the name.
  - Option 1) Lite Client Option 2) Basic Client Profile
  - There was a consensus among the participant that 2) is better.

2. id_token
  - Lengthy discussion started off by Johnny.
  - John explained the history.
  - Nat reported Breno's comment wrt this.
  - Johnny's proposal and Breno's proposal are going oposite direction
from John's current draft.
  - John and Johnny to take this to a separate session. Breno et al.
should also be in the call.

3. scope granularity and claims
  - Tony raised a concern that specifying anything but the default
scope would lead to endless number of scopes.
  - Also, it will complicate the server processing.
  - John pointed out that we cannot stop people defining scope.
  - Edmund commented that currently as it is written, if the scope
include a parameter that is not
    in the request claims, it is not clear if it should be treated as valid.
  - Nat asked if there is a request parameter, we do not process the
scope but use claims included in the request
    (or request_uri) parameter, it would alleviate the concern a bit.
  - Tony said potentially yes, but he need more time to think through it.

4. Messages & Standard progress
  - Edmund committed new version at hg.openid.net as a working copy.
  - He will post it to the list as well, with questions and comments.
  - Members of the list is expected to respond before the next call (Monday).

Nat Sakimura (=nat)
Chairman, OpenID Foundation

More information about the Openid-specs-ab mailing list