[Openid-specs-ab] Spec call notes 21-Feb-13

Mike Jones Michael.Jones at microsoft.com
Thu Feb 21 16:28:53 UTC 2013

Spec call notes 21-Feb-13

Mike Jones
Roland Hedberg
Brian Campbell
Edmund Jay
Tim Bray
John Bradley
Justin Richer
George Fletcher
Pamela Dingle

               MTI Discussion
               Open Issues
               Key Rollover
               Native Test Client

MTI Discussion:
               We went through the MTI lists in 9.1 and 9.2
               John said that the one thing that we could potentially drop as MTI is the "request" parameter
                              while keeping "request_uri" as MTI
               Tim and Justin felt that UserInfo should be MTI for all non-self-issued OPs
                              It makes client code much easier
                              It's actually only required to return the "sub" claim
                              We decided to make this required for other than for non-self-issued OPs
               Breno plans to be on the Monday call

Open Issues:
               We approved #782 - Change uses of "url" in identifiers to "uri"

Key Rollover:
               Brian described his proposals for enabling key rollover
               The most practical idea seems to be the x.509 pkix JWK type
                              No better idea that actually solves the problem has been proposed
                              As described in Matt Miller's individual submission draft
                                             Using the JWK Set
                                             Otherwise we would be creating a different set type for X.509
                              Using the x509_url might go away, but we'll take that up after these changes are applied
               Key expiration might just be done with HTTP cache directives
               Justin also asked about bare keys
                              We previously discussed X.509 SubjectPublicKeyInfo and rejected it
                              The last time we talked about this we decided to do bare keys in JWK
                                             or use self-signed X.509 certificates
               Brian is willing to do the editing
                              Mike will coordinate with him

Native Test Client:
               We didn't receive any status update from Pam
               Ideally we will use the native client test app with a self-issued OP soon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130221/dff38330/attachment.html>

More information about the Openid-specs-ab mailing list