[Openid-specs-ab] Spec call notes 16-Feb-12

Mike Jones Michael.Jones at microsoft.com
Fri Feb 17 00:41:36 UTC 2012


Spec call notes 16-Feb-12

Mike Jones
Nat Sakimura
John Bradley
Edmund Jay
Tony Nadalin
George Fletcher

Agenda:
                Voting Status
                Interop
                Working Group/Interop Meeting
                Session Management
                Open Issues
                JOSE Strategy

Voting Status:
                86 for, 1 against, 2 abstentions
                the quorum requirement was 72 - based upon there being 360 active members
                Nat will draft a post and run it by Mike for editorial

Session Management:
                Mike had exchanged thoughts with Eric yesterday
                                Google is actively prototyping
                The Google participants plan to be present at RSA
                The board discussed that this spec is blocking completion of the others yesterday

Interop:
                The test features are all live on the interop wiki
                                See a solution page for the list
                Roland has tests for nearly all of the features
                                He plans to publicize how to use them by Monday or so

Working Group/Interop Meeting:
                John put up an EventBrite page: http://openid-rsa-interop.eventbrite.com/
                Tony will try to get a second room so interop can happen in parallel with the working group meeting
                We will cover the hard open issues in person there

Open Issues:
                Deferred until in-person meeting:
                                #535 Messages add id_token to Authorization Request
                                                Normally optional
                                                Possibly require it for prompt=none
                                #536: Messages, Multi Token Response, add hash of token to id_token
                                #539: Messages - 0. Add scope for offline access

                Resolved:
                                #540: Messages - 2.2.3 id_token MUST NOT be returned for grant_type=refresh
                                                Nat
                                #541: Standard - 2.3.1.3 Request file requiring all request param to be included is false
                                                Nat
                                #542 Messages 2.1.2.1 required fields for request object don't match Standard
                                                We discussed whether the client_id should optional in the request file or not
                                                We decoded that it should be optional
                                                Nat
                                #544 Messages - 2.1.2 Some scope=openid behavior redundant?
                                                John will change to better fit with Multiple Response Type semantics
                                #546 Basic 2.1 & 2.1.2 - Claims requested by profile scope not defined
                                                Mike
                                #547 Messages 2.1.2.1.1.1 - Spec not clear that user_id claim must be explicitly requested in userinfo claims member

                New issue:
                                Do the requested claims in the request object add to or replace the claims requested in the scope values?
                                                Mike will file issue - to be talked about in person

JOSE strategy:
                New requirements being expressed
                                Multiple signatures - Cisco
                                JSON serialization
                Put both into a new JSON serialization spec

                Need to update JWE for integrity
                                Nat had a proposal with 3 fields
                                John had a 4 field proposal
                                Mike asked Nat and John to forward their proposals to him

                EC-DH "static static" (being discussed on JOSE list)
                                EC-DH is a key agreement mechanism
                                                "static static" mode doesn't use an ephemeral public key
                                Can use for integrity:
                                                Use key agreement to establish shared secret
                                                Encrypt MAC of the message
                                                Integrity verified if MAC decrypts correctly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120217/1f019abb/attachment.html>


More information about the Openid-specs-ab mailing list