[Openid-specs-ab] Spec call notes 19-Dec-13

Mike Jones Michael.Jones at microsoft.com
Thu Dec 19 16:39:08 UTC 2013

Spec call notes 19-Dec-13

Nat Sakimura
Edmund Jay
Brian Campbell
Roland Hedberg
Mike Jones
John Bradley
Nov Matake

               Open Issues
               Brian's comments on the list
               Editing update
               Next Call

Open Issues:
               #913 - Discovery - Protocol relative URLs are allowed?
                              We will close this as won't fix, since it's an edge case
               #730 - Privacy Considerations
                              Nat will close this.  We may have a separate standing privacy document as well in the future.
               #41 - Discovery Security Considerations
                              John will do this this morning
               #257 - Acknowledgements
                              Mike will close this later today
               #879 - Host the site https://self-issued.me/
                              The site is up now
               #880 - Host the endpoint https://self-issued.me/registration/1.0/
                              John will work with Edmund to get this working

Brian's comments on the list
               Registration: client_secret is used for more than token endpoint authentication
                              request_object_encryption_alg and request_object_encryption_enc added
                              Change from "declaring that it will use" to "declaring that it may use"
                              Default is will not -> default is that RP is not declaring its intent to
                              Clarify that RP may use any of the supported encryption algs
                              Delete qualifier about "for the request object"
               Core: is "dir" an allowed alg for Symmetric Encryption?
                              Changed to enable keys longer than 256 bits
               Registration: request_uris with fragments?
                              We discussed why the fragment is necessary as to indicate request changes
               Registration: how does client_secret rotation work?
                              We discussed that we don't specify how to rotate client secrets
                              If we want to do that, this would require another spec
                              We will say that GET is idempotent

Editing Status:
               All review comments had been applied as of the third release candidates

               People are requested to review the 11 sentences in which "if omitted" occurs in Registration
                              8 of these are new text

               We will start the review period 24 hours from when updates are published unless people raise objections
               The schedule as currently anticipated is:
                              Thu, Dec 19 - WG consensus to publish proposed final specs and notice to the OIDF Secretary
                              Fri, Dec 29 - Final review period starts and first voting notice made
                              Tue, Feb  4 - Second voting notice and opening of early voting
                              Tue, Feb 18 - Review period ends and vote to approve final specifications officially starts
                              Tue, Feb 25 - Final specifications approved

Next Call:
               The next call with be January 6th
               However, if the specs do not complete as anticipated, we will continue regular calls until they do
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131219/2b3edbec/attachment-0001.html>

More information about the Openid-specs-ab mailing list