[Openid-specs-ab] Spec call notes 24-Oct-11

Mike Jones Michael.Jones at microsoft.com
Mon Oct 24 23:25:56 UTC 2011

Spec call notes 24-Oct-11

Nat Sakimura
Pamela Dingle
Edmund Jay
Mike Jones
John Bradley

               Editing to get to Implementer's Drafts
               Open Issues

Editing to get to Implementer's Drafts
               Edmund has finished everything assigned to him
               Justin has finished everything assigned to him
               John's turn next
               Mike needs to update a few IETF submissions this week, then will tackle his issues
               We had a number of new issues come in on Friday from George

Open Issues
               250 - Do we want more display parameters?
               "none" should be a "prompt" parameter, not a "display" parameter
               Use same size popup window as OpenID 2.0 UX extension

               251 - server.example.org, client.example.org
                              We should continue to use .net in the cases we did previously
                              Change server.example.org to server.example.net

               249 - Define way for RP to pass an id_token in authorization request
                              Allows specific user to be authorized
                              Defer until session management update

               235 - Editorial - Discovery & registration
                              No change
                              John will look at updating references

               246 - Editorial - Errors not listed
                              John will call out using OAuth errors

               245 - Formatting
                              Assigned to John

               244 - Do we need a confidential client type?
                              Insufficient description
                              Not clear what the requested change is
                              John will ask Casper to clarify
                              Possibly referring to 5.1.1 of Standard spec

               243 - 5.1.1 of Standard
                              Content-Type header repeated in example
                              Duplicate of another bug
                              Already fixed by Edmund

               242 - Standard
                              Example: rf.js -> rf.jwt

               241 - Request file registration service
                              Decided last week to drop this and make this an extension

               240 - Messages 8.9
                              Request file not defined in messages, but in standard
                              Define in both places

               239 - Standard
                              Curly braces in example nonsensical since JWT

               238 - Standard 4.3.1
                              Do we reference spec or section?
                              Put on hold - not a good time for sweeping edits

               237 - Basic
                              Editorial about certificate validation

               236 - Basic 2
                              Terms duplicated from Messages
                              By design

               229, 236 - Edmund asked whether we decided to change "User" to "End User"
                              We agreed yes

               232 - Client sends request to authorization server
                              Not always a redirect
                              Nat will explain this and close it

               231 - Missing version number in OAuth reference "OAuth Parameters" -> "OAuth 2.0 Parameters"

               230 - Standardize terminology in introduction
                              Ask Casper to provide specific wording

               228 - Messages 6.5
                              If request is signed
                                             But never signed, since only supporting bearer requests

               226 - Messages

               222 - Registration 4.1 - js_origin_uri
                              Asked Breno to follow up
                              Nat will follow up with Breno

               220 - Ask Casper

               213 - Registration logo_url description
                              George was asking for sizes
                              Hold - not necessary for Implementer's Draft

               212 - Cleanup

               211 - Discovery
                              Principal is *entire* e-mail address
                              Silent on whether mailto: or acct: or none
                              Identifier using e-mail address syntax

               203 - Messages 6.8
                              Underspecified check_id response verification
                              What is the exact validation rule?
                              John will decide whether to fix or put on hold

               131 - Terminology
                              Drop artifact from Messages 8.6

               Axel's issue about duplicated parameters between OAuth request and signed OpenID Request
                              Including stuff to not make standard libraries blow up worth doing
                              Don't change before Implementer's Draft
                              Easier for implementations to have all parameters in the request object
                              John will check that draft matches our intent

               252 Should we add optional policy_url to registration parameters
                              Yes - John

Implementer's Draft Logistics
               Mike will talk with John Ehrig about vote logistics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111024/ce0b97e9/attachment-0001.html>

More information about the Openid-specs-ab mailing list