[Openid-specs-ab] Spec call notes 17-Feb-14

Mike Jones Michael.Jones at microsoft.com
Tue Feb 18 00:24:14 UTC 2014

Spec call notes 17-Feb-14

John Bradley
Mike Jones
Todd Lainhart
Nat Sakimura

               Connect Launch
               Session Management
               Connect Voting
               Open Issues
               Meeting before IETF 89 in London
               Possible meeting during RSA in San Francisco

Connect Launch:
               Materials have been circulated by the marketing committee
               It would be good to have marketing committee members review those materials again now
               Mike had asked Google to make a public statement about their "iss" spec compliance intent
                              Then we could remove the interop warning at http://openid.net/specs/openid-connect-core-1_0.html#GoogleIss

Connect Voting:
               The voting is under way
               It will close next Tuesday the 25th

Session Management:
               Mike talked with Breno and Naveen last week
               We agreed that a caching layer is too fluid to standardize
               Breno and Naveen will investigate whether Google actually would have a problem using postMessage
                              given that the only values that would potentially leak are "unchanged" and "changed"
               We will try to talk more next week while people are there for RSA
               Those on the call also agreed that we should further explore back channel notification of relying parties

Open Issues:
               #918 - typo in basic section
                              We will revise this section to make it consistent with the wording in Basic
               #917 - space is deliminator while also a legal character in client_id and session state
                              We could either use a different delimiter, such as Null or Delete or add structure
                                             If we add structure, someone would need to make a specific proposal
                              Or we could prohibit using spaces in Client IDs and Session State
                                             These values are all under the server's control
                                             We could prohibit spaces in session state regardless of Client ID syntax
                                             Then a right split would work anyway
                                             We decided to use this non-breaking solution
               #915 - Computation of OP session_state in the IdP requires origin URI
                              Todd Lainhart will try to write text in the next few days
               #880 - Host the endpoint https://self-issued.me/registration/1.0/
                              This is still on John's to-do list

Meeting before IETF 89 in London
               John set up the eventbrite registration for the IETF meeting
               Register at http://openid-ietf-89.eventbrite.com

Possible meeting during RSA in San Francisco
               Breno, Naveen, and Mike want to meet about session management during RSA
               John suggests not doing this Wednesday
               Monday or Thursday seem like the best days
               We could also ask ForgeRock or Ping for space if needed
                              The best contact at ForgeRock would probably be Allan Foster
                              Or Pam might be able to come up with space at the Ping office
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140218/7de2f36a/attachment.html>

More information about the Openid-specs-ab mailing list