[Openid-specs-ab] Spec call notes 6-Sep-12

Mike Jones Michael.Jones at microsoft.com
Thu Sep 6 15:22:23 UTC 2012

Spec call notes 6-Sep-12

John Bradley
Mike Jones
Justin Richer
Salvatore D'Agostino
George Fletcher
Edmund Jay
Nat Sakimura

               Open Issues

Open Issues:
               #649: New error code needed on client registration
                              Added error code invalid_redirect_uri
               #650: Session - Dependency on Third Party Cookies
                              We need a way for two web sites to collaborate on a user's state, which is the problem we're running into
                              George will add more description for the issue
                              George will also ask a question on the list to Breno about this

               Nat, John, Edmund, and Mike all have assigned issues to do edits for
               John is working on some of his

               Mike reviewed the additional proposed OC4 tests
                              A new test is needed "Logout Received by OP"
               We discussed RP testing
                              We agreed that manual RP testing with specific OPs is the right approach
                              Roland will describe how to use his IdPs for RP testing
                              John will describe how we did this with test-id.org in the past

               Mike will follow up with Google to confirm their sponsorship

               John will talk with Lucy about getting space for a Connect meeting in Atlanta

               Mike and Edmund will touch base about reproducing the JWE RSA PKCS 1 1.5 encrypted key

               John started an IETF appsawg thread about discovery for hosted services
                              It went all over the map without reaching a working consensus
                              John had proposed using an alternative well-known host prefix like webfinger.
               Using DNS SRV or MX records as an alternative would likely be too hard to deploy as well
               John is wondering whether we want to make a change to SWD to solve this there
                              We would define a specific prepended SWD hostname prefix
                              We might be able to get rid of the SWD_redirect return as a result
                              We would try the prefix first and then fall back to the no-prefix hostname
                              Browsers often do a similar thing by prepending www.
                              Mike will run this by some others
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120906/0345ab87/attachment.html>

More information about the Openid-specs-ab mailing list