[Openid-specs-ab] Spec call notes 15-Oct-12

Nat Sakimura sakimura at gmail.com
Thu Oct 18 02:03:44 UTC 2012

On Tue, Oct 16, 2012 at 2:57 PM, Vladimir Dzhuvinov / NimbusDS <
vladimir at nimbusds.com> wrote:

> Thank you guys for putting the MTIs wiki together. Nicely structured.

You are welcome :-)

> Is request_uri deliberately omitted from the Authz Endpoint MTI?

Yes. However, it can be discussed.

> BTW, we noticed that depending on network condition retrieval of
> request_uri may slow authz request significantly to affect smooth user
> experience. So I decided to allow for HTTP connect and read timeouts in
> the Java OpenID Connect SDK. I suppose that's acceptable.


> Also, if "nonce" and "state" are not going to be included in the request
> object, there's potential for caching it. Can clients mark the object as
> cacheable by appending the appropriate HTTP headers to it? Our current
> retriever class doesn't support caching.

Yes, it can be cached. That's why nonce and state can be outside of the
request object.
For that matter, with the hash of the request object in the request_uri, in
a lot of case, the server does not have to do the GET for the uri to obtain
the request object either. It should speed up the IdP significantly.

> Cheers,
> Vladimir
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
> -------- Original Message --------
> Subject: [Openid-specs-ab] Spec call notes 15-Oct-12
> From: Mike Jones <Michael.Jones at microsoft.com>
> Date: Tue, October 16, 2012 1:04 am
> To: "openid-specs-ab at lists.openid.net"
> <openid-specs-ab at lists.openid.net>
>   Spec call notes 15-Oct-12
>  Mike Jones
>  Nat Sakimura
>  Edmund Jay
>  John Bradley
>  Pamela Dingle
>  Agenda:
>                  Pending JOSE release
>                  WebFinger
>                  Potential SWD changes
>                  Self-Issued OPs
>                  Mobile phone application
>                  Interop
>                  Editing
>                  Open Issues
>                  Connect Meeting before IIW
>                  OpenID Meeting at IETF
>  Pending JOSE release:
>                  Mike reviewed the pending JOSE changes
>                  He plans to release new versions in the next 24 hours
>  WebFinger:
>                  Mike has seen a draft the removes XML support to a
> non-normative appendix
>                  It should be released before Monday's deadline
>  Potential SWD changes:
>                  Do we want to do a release a SWD draft that removes the
> JSON redirect and adds a host prefix?
>                                  Let's talk about this on Monday -
> especially with Google
>  Self-Issued OPs:
>                  Jun is hitting an issue having to do with a change of
> iOS versions
>                                  TestFlight allows limited distribution
>                                  We probably want to require them to
> have an RP implementation supporting self-issued OPs
>                  Nat reports that Axel is making progress on an Android
> implementation
>                  Apparently Axel and Jun are testing with Jun's RP,
> which supports self-issued OPs
>  Mobile phone application:
>                  Pam is modifying Ping's test application to let it be
> used in a more generic way
>                                  She will try to have a version for
> people to use by Monday
>  Interop:
>                  Nov had pointed out a certificate problem and Roland
> seems to have addressed it
>                  Edmund tried Roland's new updates for the RP tests
>                                  They seem to be working now
>  Editing:
>                  Nat plans to do his edits tomorrow
>                  Mike plans to do the OpenID Connect changes
> corresponding to the JOSE updates this week as well
>                                  Nat pointed us to this wiki page about
> MTI features: https://bitbucket.org/openid/connect/wiki/MTIs
>  Open Issues:
>                  There were no new issues
>                  At IIW, we should go through the deferred issues
>                  Nat wants us to talk about MTI features for the server
> - issue #604
>                                  Currently it is everything in Basic
> plus the OpenID Request Object
>                                  If an OP has claims and they are
> requested via the request object, they need to be returned
>                                  JWS is mandatory, JWE is optional
>  Connect Meeting before IIW:
>                  http://connect-wg-oct-2012.eventbrite.com/
>                  We need to talk about MTI there
>                  We should get an update on Session Management
>                                  Mike sent a request for this to Naveen
> and Breno
>                  We should talk about on-behalf-of
>                  And other major open issues
>  OpenID Meeting at IETF:
>                  http://connect-ietf-85.eventbrite.com/
>                  We don't know which room we have yet
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121018/6e6973a6/attachment.html>

More information about the Openid-specs-ab mailing list