[Openid-specs-ab] Spec Call note 03-Oct-2013

Torsten Lodderstedt torsten at lodderstedt.net
Thu Oct 3 20:07:43 UTC 2013


who has actually implemented the session management spec and uses it in production? We didn't and use a redirect/jsonp based approach instead.


Edmund Jay <ejay at mgi1.com> schrieb:
>Spec Call notes 03-Oct-2013
>  Nat Sakimura
>  Justin Richer
>  Edmund Jay
>  Spec Refactoring
>  Issues
>  Session Management
>Spec Refactoring
>  Mike was absent from call so it was not discussed.
>  #882: All - JWT and JOSE specification versions
>  #881: Discovery 1 - Relationship to OAuth Dynamic Registration
>      The above 2 issues are editorial changes 
>  #879: Messages 6.1 - The OpenID Foundation may consider hosting a
>site https://self-issued.me/
>  #880: Messages 6.2 - The OpenID Foundation may consider hosting the
>endpoint https://self-issued.me/registration/1.0/
>      Nat and Justin suggests using https://self-issued.openid.net/
>rather than a domain in another country.
>  #878: Messages Define "negative response" for id_token_hint 
>      Summary from coversations in the mailing list :
>         When prompt=none is requested and the user is not logged in,
>the error response will be login_required
>         When prompt=none is requested and there is no id_token_hint,
>Breno suggests trying to satisfy the request 
>         if there is a signed-in user who has approved the application
>  #876: Google "iss" value missing https://
>      Needs further discussion
>  #877: Messages 2.1.3 Description of interaction_required,
>login_required, session_selection_required and consent_required
>conflicts with prompt none specification
>      It is agreed that language will be changed to MUST NOT to keep
>Session Management
>      Needs more interop work
>      Edmund has session management RP working with Microsoft OP
>      Currently seeking Google's session management endpoints (please
>respond if anyone knows)
>      The Session Management spec is not as mature as the other specs
>and also subject to cookie and local storage policies.
>      Will need to explore the possibility of going forward without
>Session Management
>      Edmund will suggest text to clarify some points for current doc.
>Openid-specs-ab mailing list
>Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131003/cde9aa72/attachment-0001.html>

More information about the Openid-specs-ab mailing list