[Openid-specs-ab] Spec call notes 21-Apr-14

Mike Jones Michael.Jones at microsoft.com
Mon Apr 21 23:43:47 UTC 2014


Spec call notes 21-Apr-14

Mike Jones
John Bradley
Edmund Jay

Agenda:
               OpenID 2.0 Transition Spec
               OAuth 2.0 Symmetric Proof of Possession Spec
               Errata
               Upcoming Events
               Open Issues
               Google question to the list: [Openid-specs-ab] nonce for code+id_token flow
               Libraries Page
               openid.net Web Site

OpenID 2.0 Transition Spec
               Nat is studying proposals
               He believes that the Google proposal has some issues
               There appear to be three ways to do this:
               1. One way is to publish the Issuer key in the OpenID 2.0 discovery (YADIS) document
               2. Another way is to publish the Issuer Identifier in the OpenID 2.0 discovery (YADIS) document
               3. Another way is to publish the OpenID 2.0 verified identifier
               The downside of 1 is that it doesn't account for key rotation
               2 seems to make the most sense.  Nat will start a rough draft using this method.

OAuth 2.0 Symmetric Proof of Possession Spec
               This is the document formerly known as "Transient Client Secret"
               Nat and John's spec needs to be refreshed
               John plans to refresh it
               John also plans an asymmetric version
                              This may address some of Chuck Mortimore's use cases

Errata
               The next step seems to be to write proposed text
                              Mike will try to have some text by the week of IIW
               Ideally we could review the updated text at Yahoo! or at IIW

Upcoming Events
               Pre-IIW event at Yahoo!, Monday, May 5
                              http://www.eventbrite.com/e/openid-foundation-workshop-tickets-1174511997
                              We need an updated "OpenID Connect Overview" talk
                                             Mike will try to put this together
                              We likely have some working group sessions during IIW itself
                                             We don't have much working time at Yahoo!
                              Native Applications will either be John or Paul
                              Mobile Profile may not have a GSMA representative
                                             Torsten would be a good person to lead this

               European Identity Conference, Tuesday, May 13
                              http://www.id-conf.com/events/eic2014/agenda
                              This will probably be more presentation-oriented than interactive
                              EIC is more of an enterprise and privacy audience - less technical than IIW
                                             Nat can think about possible differences from the Yahoo! deck
                                             We can also work on this during IIW

Open Issues
               There were no new issues

Google question to the list: [Openid-specs-ab] nonce for code+id_token flow
               We don't think that a nonce is technically necessary for the code flow
                              But not putting it in would cause interoperability problems
               If included, it will be the same in both ID Tokens
               John will reply to the list

Libraries Page
               We added Ping Federate and Azure AD
                              Others can also supply product links to be listed
               We added a tools section listing http://jwt.io/

openid.net Web Site
               We probably want to merge these pages:
                              http://openid.net/foundation/community/
                              http://openid.net/foundation/community/get-involved/
               We also want to revise this one and possibly make it easier to find:
                              http://openid.net/foundation/community/mailing-lists/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140421/6eaa05da/attachment-0001.html>


More information about the Openid-specs-ab mailing list