[Openid-specs-ab] Spec call notes 18-Oct-12

Mike Jones Michael.Jones at microsoft.com
Thu Oct 18 15:46:22 UTC 2012

Spec call notes 18-Oct-12

Nat Sakimura
John Bradley
Mike Jones
Roland Hedberg
Brian Campbell
Edmund Jay

               Self-Issued OP
               Mobile phone application
               Open Issues
               OAuth Update
               JOSE Update
               Connect Meeting before IIW
               OpenID Meeting at IETF

               Roland reports that the number of people actually testing has increased
               Roland reported that a question came up about who is sending the authorization request
                              Whether it's the user's browser or the relying party
                              Apparently some participants are having issues about cookies
                              If the authorization server sets a cookie on the authorization endpoint,
                              it should not expect to receive it at the token endpoint or userinfo endpoint
               Roland reported that his funding for the testing was renewed for another three years
                              So we are in no danger of the testing framework going away

Self-Issued OP:
               Jun has fixed his bug in the self-issued OP
               He is making it available on TestFlight now
               Nat will send out instructions soon

Open Issues:
               #668: Messages,Multi Response - Cope with bloating id_token_hint in self-issued cases
                              Mike observed that we're sending URLs to pictures, not pictures
                              A way of reducing the size of the hint would be to send the user_id value as the hint
                                             We currently have login_hint, but it doesn't capture the issuer
                              Nat is proposing a userinfo token instead of putting the claims in the ID token
                              This would add another response_type value
                              There are also privacy issues to discuss
               #667: Registration - Restructuring
                              No normative changes are proposed
                              We also want to take a look at the structure of Messages

Connect Meeting before IIW:
               Most important to discuss:
                              Session management issues - 650, 605, 634, 635
                              #595: Discovery 2 - No means of discovery without web server for domain
                              #604: All - Create a MTI section
                              #633: Messages - 4.2 JWK and X509 format support
               Should also discuss:
                              #668: Messages,Multi Response - Cope with bloating id_token_hint in self-issued cases
                              #667: Registration - Restructuring
                              #656: Discovery - 4.2 Provider Configuration File does not specify what optional parameters the server accepts
                              #653: Registration - 2.1 policy_url SHOULD be displayed?
                              #636: JWT - intermediate audience claim
                              #628: Discovery 3.2 - need a strict JSON structure
                              #601: Standard - No way of doing IdP initiated login defined
                              #576: Discovery - Monitor IETF discovery spec decisions
                              #539: Messages - 0. Add scope for offline access

               Nat has done some of his edits
               Mike will work on the edits bringing Connect in sync with the recent JOSE changes

OpenID Meeting at IETF:
               We now have an assigned room for our meeting
               John will try to have them get us a projector
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121018/f19caf5f/attachment.html>

More information about the Openid-specs-ab mailing list