[Openid-specs-ab] Spec call notes 17-Feb-14

Todd W Lainhart lainhart at us.ibm.com
Tue Feb 18 15:48:36 UTC 2014


>                #915 - Computation of OP session_state in the IdP 
requires origin URI
                              Todd Lainhart will try to write text in the 
next few days

https://bitbucket.org/openid/connect/issue/915/session-42-computation-of-op-session_state#comment-8456200






Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainhart at us.ibm.com




From:   Mike Jones <Michael.Jones at microsoft.com>
To:     "openid-specs-ab at lists.openid.net" 
<openid-specs-ab at lists.openid.net>, 
Date:   02/17/2014 07:24 PM
Subject:        [Openid-specs-ab] Spec call notes 17-Feb-14
Sent by:        openid-specs-ab-bounces at lists.openid.net



Spec call notes 17-Feb-14
 
John Bradley
Mike Jones
Todd Lainhart
Nat Sakimura
 
Agenda:
               Connect Launch
               Session Management
               Connect Voting
               Open Issues
               Meeting before IETF 89 in London
               Possible meeting during RSA in San Francisco
 
Connect Launch:
               Materials have been circulated by the marketing committee
               It would be good to have marketing committee members review 
those materials again now
               Mike had asked Google to make a public statement about 
their "iss" spec compliance intent
                              Then we could remove the interop warning at 
http://openid.net/specs/openid-connect-core-1_0.html#GoogleIss
 
Connect Voting:
               The voting is under way
               It will close next Tuesday the 25th
 
Session Management:
               Mike talked with Breno and Naveen last week
               We agreed that a caching layer is too fluid to standardize
               Breno and Naveen will investigate whether Google actually 
would have a problem using postMessage
                              given that the only values that would 
potentially leak are "unchanged" and "changed"
               We will try to talk more next week while people are there 
for RSA
               Those on the call also agreed that we should further 
explore back channel notification of relying parties
 
Open Issues:
               #918 - typo in basic section 2.1.6.1
                              We will revise this section to make it 
consistent with the wording in Basic
               #917 - space is deliminator while also a legal character in 
client_id and session state
                              We could either use a different delimiter, 
such as Null or Delete or add structure
                                             If we add structure, someone 
would need to make a specific proposal
                              Or we could prohibit using spaces in Client 
IDs and Session State
                                             These values are all under 
the server's control
                                             We could prohibit spaces in 
session state regardless of Client ID syntax
                                             Then a right split would work 
anyway
                                             We decided to use this 
non-breaking solution
               #915 - Computation of OP session_state in the IdP requires 
origin URI
                              Todd Lainhart will try to write text in the 
next few days
               #880 - Host the endpoint 
https://self-issued.me/registration/1.0/
                              This is still on John's to-do list
 
Meeting before IETF 89 in London
               John set up the eventbrite registration for the IETF 
meeting
               Register at http://openid-ietf-89.eventbrite.com
 
Possible meeting during RSA in San Francisco
               Breno, Naveen, and Mike want to meet about session 
management during RSA
               John suggests not doing this Wednesday
               Monday or Thursday seem like the best days
               We could also ask ForgeRock or Ping for space if needed
                              The best contact at ForgeRock would probably 
be Allan Foster
                              Or Pam might be able to come up with space 
at the Ping office_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140218/2ae5633f/attachment.html>


More information about the Openid-specs-ab mailing list