[Openid-specs-ab] Spec call notes 24-Oct-11

Mike Jones Michael.Jones at microsoft.com
Mon Oct 24 23:25:56 UTC 2011


Spec call notes 24-Oct-11

Nat Sakimura
Pamela Dingle
Edmund Jay
Mike Jones
John Bradley

Agenda
               Editing to get to Implementer's Drafts
               Open Issues

Editing to get to Implementer's Drafts
               Edmund has finished everything assigned to him
               Justin has finished everything assigned to him
               John's turn next
               Mike needs to update a few IETF submissions this week, then will tackle his issues
               We had a number of new issues come in on Friday from George

Open Issues
               250 - Do we want more display parameters?
               "none" should be a "prompt" parameter, not a "display" parameter
               Use same size popup window as OpenID 2.0 UX extension

               251 - server.example.org, client.example.org
                              We should continue to use .net in the cases we did previously
                              Change server.example.org to server.example.net

               249 - Define way for RP to pass an id_token in authorization request
                              Allows specific user to be authorized
                              Defer until session management update

               235 - Editorial - Discovery & registration
                              No change
                              John will look at updating references

               246 - Editorial - Errors not listed
                              John will call out using OAuth errors

               245 - Formatting
                              Assigned to John

               244 - Do we need a confidential client type?
                              Insufficient description
                              Not clear what the requested change is
                              John will ask Casper to clarify
                              Possibly referring to 5.1.1 of Standard spec

               243 - 5.1.1 of Standard
                              Content-Type header repeated in example
                              Duplicate of another bug
                              Already fixed by Edmund

               242 - Standard 4.3.1.3.3
                              Example: rf.js -> rf.jwt
                              John

               241 - Request file registration service
                              Decided last week to drop this and make this an extension
                              John

               240 - Messages 8.9
                              Request file not defined in messages, but in standard
                              Define in both places
                              John

               239 - Standard 4.3.1.3
                              Curly braces in example nonsensical since JWT
                              Edmund

               238 - Standard 4.3.1
                              Do we reference spec or section?
                              Put on hold - not a good time for sweeping edits

               237 - Basic 3.3.1.1
                              Editorial about certificate validation
                              John

               236 - Basic 2
                              Terms duplicated from Messages
                              By design

               229, 236 - Edmund asked whether we decided to change "User" to "End User"
                              We agreed yes
                              Edmund

               232 - Client sends request to authorization server
                              Not always a redirect
                              Nat will explain this and close it

               231 - Missing version number in OAuth reference "OAuth Parameters" -> "OAuth 2.0 Parameters"
                              Mike

               230 - Standardize terminology in introduction
                              Ask Casper to provide specific wording
                              Nat

               228 - Messages 6.5
                              If request is signed
                                             But never signed, since only supporting bearer requests
                              Edmund

               226 - Messages 3.1.4.1

               222 - Registration 4.1 - js_origin_uri
                              Asked Breno to follow up
                              Nat will follow up with Breno

               220 - Ask Casper
                              Nat

               213 - Registration logo_url description
                              George was asking for sizes
                              Hold - not necessary for Implementer's Draft

               212 - Cleanup
                              John

               211 - Discovery 6.3.1.2
                              Principal is *entire* e-mail address
                              Silent on whether mailto: or acct: or none
                              Identifier using e-mail address syntax
                              John

               203 - Messages 6.8
                              Underspecified check_id response verification
                              201-203
                              What is the exact validation rule?
                              John will decide whether to fix or put on hold

               131 - Terminology
                              Drop artifact from Messages 8.6
                              John

               Axel's issue about duplicated parameters between OAuth request and signed OpenID Request
                              Including stuff to not make standard libraries blow up worth doing
                              Don't change before Implementer's Draft
                              Easier for implementations to have all parameters in the request object
                              John will check that draft matches our intent

               252 Should we add optional policy_url to registration parameters
                              Yes - John

Implementer's Draft Logistics
               Mike will talk with John Ehrig about vote logistics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111024/ce0b97e9/attachment-0001.html>


More information about the Openid-specs-ab mailing list