[Openid-specs-ab] Spec call notes 26-Jan-12

Edmund Jay ejay at mgi1.com
Fri Jan 27 01:07:58 UTC 2012


Spec call notes 26-Jan-12

Mike Jones
Nat Sakimura
John Bradley
George Fletcher
Edmund Jay



Agenda :
     - Interop
     - Open Issues


Interop :
    Need to formalize interop with a spreadsheet with list of participants 
contact information, endpoints, and features tested.
    Pam will help setup.
    Edmund will provide list of currently known implementations to Mike.
    John made suggestions to UMA group to join interop.
    Nat may suggest others (NII) to join also.


Issues :

    #521 - Messages 2.1.2.1, etc. - Questioning the ID Token model
            Need a FAQ for OpenID Connect to explain rational for the ID Token
            John blogged about it at 
http://www.thread-safe.com/2011/11/openid-connect-tale-of-two-tokens.html
            John will write a shorter version for the FAQ

    #522 - All specs - Questioning the complexity of the Connect design
            Nat has blogged about this at 
http://nat.sakimura.org/2012/01/20/openid-connect-nutshell/
            The design allows simples things to be simple while also allowing 
more complex cases.
            Complexity and the number of specs are due to layered architectural 
approach.
            Other specs can be leveraged by others.

    #523 - Messages 2.1.4 - session_selection_required is leaking PII
            George has updated the issue with a possible solution. He will post 
to the list for feedback.
            The error codes session_selection_required, consent_required, 
user_mismatched  will be deleted and
            will be replaced with interaction_required
            
    #524 - Messages 2.5.2 - Aggregated and Distributed Claims should be an 
extension
            Issue is invalid because aggregated and distributed claims are part 
of the core feature and was required by others.
            OpenID Connect has already been criticized for having too many 
specs.
            
    #525 - Standard and Messages- Spec organization unnecessarily complex
            Marked as invalid because XMPP and other protocol bindings are in 
progress.
            It was proposed in IETF 82 Taipei OAuth meeting that the OAuth spec 
be separated into an abstract and protocol binding
            as part of rechartering discussions.

    #526 - Basic - Basic spec will become the de-facto Connect standard unless 
deleted
            Marked as invalid. If Basic becomes the defacto RP standard, then it 
will facilitate adoption.
            
            
    #527 - Registration - Spec is premature
            Marked as invalid.  The spec is required for openness and will 
promote feedback on what is required.
            
            
    #528 - Session - Need for spec not apparent
            Deferred while spec is being revised.
            
            
    #529 - Registration 2.3 Error messages should be Bearer
            John will fix.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120126/0b541d92/attachment.html>


More information about the Openid-specs-ab mailing list