[Openid-specs-ab] Decisions we need to make to complete OpenID Connect

Mike Jones Michael.Jones at microsoft.com
Wed Oct 9 23:15:55 UTC 2013

In order to help us finish OpenID Connect in a timely manner, I wanted to put together a list of the decisions I believe we still need to make for the final specifications.  This list does not include issues in the issue tracker for which we already have decisions in place.

*         #876: Google "iss" value missing https://<https://bitbucket.org/openid/connect/issue/876/google-iss-value-missing-https> - What do we say about the possibility of "iss" values without the leading https://?

*         #863: Stateless Registration Discovery/Messages<https://bitbucket.org/openid/connect/issue/863/stateless-registration-discovery-messages> - How do we want stateless registration to occur?  (This also affects the outcome of #865: Registration needs update capability too<https://bitbucket.org/openid/connect/issue/865/registration-needs-update-capability-too>).

*         #864: Native Client code leakage<https://bitbucket.org/openid/connect/issue/864/native-client-code-leakage> - What do we want to say about how to handle this issue with iOS and Android, and do we want to handle it now or in an extension spec?  If in an extension spec, do we want to at least describe the issue to implementers and say to look for a future specification about this?

*         #875: Registration: Parameter for specifying the preferred JWS alg for JWT-based client auth?<https://bitbucket.org/openid/connect/issue/875/registration-parameter-for-specifying-the> - Do we want to add this?

*         #879: Messages 6.1 - The OpenID Foundation may consider hosting a site https://self-issued.me/<https://bitbucket.org/openid/connect/issue/879/messages-61-the-openid-foundation-may> - What are we going to say about this in the final specifications?

*         #880: Messages 6.2 - The OpenID Foundation may consider hosting the endpoint https://self-issued.me/registration/1.0/<https://bitbucket.org/openid/connect/issue/880/messages-62-the-openid-foundation-may> - What are we going to say about this in the final specifications?

*         #881: Discovery 1 - Relationship to OAuth Dynamic Registration<https://bitbucket.org/openid/connect/issue/881/discovery-1-relationship-to-oauth-dynamic> - What are we going to say about this in the final specifications?

*         #883: Order of the description about iframe<https://bitbucket.org/openid/connect/issue/883/order-of-the-description-about-iframe> - How will we resolve this issue?

*         #884: Decide whether to keep Basic and Implicit in the final set of specifications<https://bitbucket.org/openid/connect/issue/884/decide-whether-to-keep-basic-and-implicit> - Will we keep the Basic Client and Implicit Client specifications?

*         #885: Decide whether Session Management is ready to be a final specification<https://bitbucket.org/openid/connect/issue/885/decide-whether-session-management-is-ready> - Will we recommend approval of Session Management as a final specification now?

If at all possible, please join tomorrow's call in which we will discuss these decisions.

Also, if I've missed any decisions we need to make, please reply-all adding them to our list.

                                                                Thanks all,
                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131009/9d4e9948/attachment.html>

More information about the Openid-specs-ab mailing list