[Openid-specs-ab] Spec call notes 18-Jul-13

Mike Jones Michael.Jones at microsoft.com
Tue Sep 17 23:39:46 UTC 2013


FYI, I spoke to Vittorio Bertocci (and Caleb Baker) about the two items below.

Caleb believes that he knows how to use prompt=none without a page change, so no action is required on our part.  I'll stay in touch with him on this.

Vittorio didn't have a concrete need for an expiration time on JWKs - he was more raising the point that some deployments will requirement key metadata for managing the key.  He understands that the JWK format is extensible and that additional fields can be added later by other specifications, as needed.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Thursday, July 18, 2013 8:01 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Spec call notes 18-Jul-13

Spec call notes 18-Jul-13

Nat Sakimura
Mike Jones
Justin Richer
William Kim (Mitre observer)
Edmund Jay
John Bradley
Brian Campbell
George Fletcher

Agenda:
               Implementer's Draft Vote
               Open Issues
               OpenID Meeting at IETF

Implementer's Draft Vote:
               Notifications didn't appear to go out to members
               Mike will ask Darin Richardson about it

Open Issues:
               #860: id_token_signing_alg_values_supported: RS256 - This is editorial - we will do this for Final
               JavaScript client check id immediate without page change - Mike to talk to Vittorio
               JWKS not having expiry date - Mike to talk to Vittorio
               unregistered stateless client issue - John to file an issue
               iOS Native Public Client nondeterministic - John to file an issue

OpenID Meeting at IETF:
               People should register at http://openid-ietf-87.eventbrite.com/
               We will have a special working group meeting (with the Note Well, etc.)
               We will do an update on the Connect status and the relationship to the IETF specs
               We could talk about OpenID 2.0 migration
               Phil Hunt will be advocating creating a SSO profile in OAuth
                              Per http://www.ietf.org/mail-archive/web/oauth/current/msg11757.html
                              He's stating that Connect is too complicated
                                             This is a perception problem we need to address
                              We should write up the server version of Nat's simplicity blog post
                              We could revise the first paragraph of the abstract to say "how" - not just "what"
                              We should look at whether we're explaining Connect well at openid.net/connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130917/d1c8a656/attachment.html>


More information about the Openid-specs-ab mailing list