[Openid-specs-ab] Spec call notes 06-Feb-12
ejay at mgi1.com
Tue Feb 7 01:08:08 UTC 2012
Spec call notes 06-Feb-12
Mike Jones has sent an updated interop test list to the mailing list and
will update the Interop Wiki soon.
The following test case have been requested to be added to the Interop
1) Test for Bad ID Token Signature at the RP
It was decided that encryption related features will not be tested pending
outcome of the Jose specs.
#530 Add Authentication Context Class to Registration
This adds a default context to the authorization request.
#531: add default_max_age to Registration
This adds a default max_age to the authorization request.
#532: Add require_auth_time to registration.
This option returns an auth_time parameter in the ID Token.
The above 3 issues are used for setting default request options without
requiring the client to send a signed
request object in each request. These options are relatively static per
client so they have been accepted
and John will make necessary modifications.
On a side note, it was discussed that maybe we should change the
Registration spec to use JSON format
similar to the OpenID Request Object. John will create a new issue for
#533 Basic 2.3.2 Example has wrong aud
Wrong aud value in the spec. Edmund will fix.
#534 Messages add iat to id_token
It is considered good security practice to include the iat value in the
ID Token, but Messages haven't been updated
to include the value in the ID Token.
Assigned to John.
#535 Messages add id_token to Authorization Request
This parameter is used to identify a particular session via the ID Token
in the authorization request. It differs from the
user_id in the id_token object of the OpenID Request Object in that the
latter identifies only the particular user.
The issue has been modified to make the parameter optional instead of
Issue is assigned to John.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab