[Openid-specs-ab] Spec call notes 31-Jan-13

Mike Jones Michael.Jones at microsoft.com
Thu Jan 31 16:47:27 UTC 2013


Spec call notes 31-Jan-13

Nat Sakimura
Mike Jones
Tim Bray
Edmund Jay
George Fletcher
Justin Richer
Tim Bray
Roland Hedberg
Brian Campbell

Agenda:
               MTI for OpenID Request Object
               New Open Issues

MTI for OpenID Request Object:
               Google didn't feel like the ROI was there for the request object for them
                              You could have a perfectly functional SSO system without it
               People agreed that if it's not supported, this needs to be discoverable
               People agreed that the implementation shouldn't fail due to unrecognized parameters
                              OAuth 3.1 says that unrecognized parameters must be ignored
               Mike expressed view that the existence of the request object should at least trigger a request for default claims
               George would prefer to define basic request object support, rather than just punting it
                              Or if not, then maybe fail
               Mike pointed out that we've always said that authentications should succeed if possible
                              And clients have to check whether the claims returned meet their needs
               Nat is worried about the privacy implications of returning more information than is requested
               Tim also expressed strong reservations about the request_file
                              Support for that could be made discoverable, rather than MTI
               Brian suggested possibly separating support for fine-grained authorization from support for signed parameters
               Mike will write up a middle ground Request Object proposal
                              Parse request parameters in request object but ignore claims sections
                              Tim will review proposal with Google team

New Open Issues:
               We went through most of the new open issues and decided upon resolutions
               We didn't get through the issues that are actually lists of comments
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130131/76809079/attachment.html>


More information about the Openid-specs-ab mailing list