[Openid-specs-ab] Spec call notes 3-Jan-13

Mike Jones Michael.Jones at microsoft.com
Thu Jan 3 16:19:41 UTC 2013


Spec call notes 3-Jan-13

John Bradley
Brian Campbell
Justin Richer
George Fletcher
Tim Bray
Mike Jones
Edmund Jay

Agenda:
               Status of Implementer's Drafts work
               Open Issues
               "azp" and Multiple Audiences
               Model for keys and certificates
               Aligning Registration with OAuth Registration spec

Status of Implementer's Drafts work:
               Mike released updated JOSE, JWT, and Connect specs last week
                              Includes user_id -> sub change
               John added IdP-initiated login
               John cleaned up the language around multiple audiences
                              Including validation rules
               John still needs to check in a number of small bug fixes
               Mike still needs to check in the MTI language and Session Management updates

Open Issues:
               There are no new open issues
               #671: Authorisation request with UserInfo claims but no token in response_type
                              We confirmed the current resolution
                              We agreed that this should not open the door for sometimes interpreting
                                             scope claim requests as applying to the ID Token
               #686: JOSE - Do we want to support RFC 5280 SubjectPublicKeyInfo values?
                              We closed this one as Won't Fix
                              Our sense is that having two kinds of keys is already bad enough

"azp" and Multiple Audiences:
               We discussed whether the authorized party is an audience
                              Logically it is, but it need not be in the "aud" field
               People should review John's new token verification text in Messages

Model for keys and certificates:
               Brian had asked questions on the list about the model for keys and certificates
               He perceived inconsistencies between the client and server X.509 model
                              We can't represent multiple keys in the "x5u" element
                              We can represent multiple keys with "jku"
               Any change to this would likely be a JOSE change
               John will review the current text for consistency
               After that, he and Brian will decide whether there is a JOSE issue to file

Aligning Registration with OAuth Registration spec:
               Justin will do an analysis of what would need to change to align with the OAuth registration spec
                              He will post it to the list this week
               We will then discuss whether to make these changes before the Implementer's Drafts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130103/8f035f9a/attachment.html>


More information about the Openid-specs-ab mailing list