[Openid-specs-ab] Spec call notes 21-Apr-14

Justin Richer jricher at mitre.org
Tue Apr 22 13:23:39 UTC 2014


 > We added a tools section listing http://jwt.io/

Now that we have that page, you might want to list the JWK generator 
that we have:

   https://github.com/mitreid-connect/json-web-key-generator

It's a commandline Java app that uses the Nimbus library and 
BouncyCastle to generate JWKs and JWK sets, with both public and private 
keys. Our server uses the JWK format natively to store its keys (no 
certs, yay!), and this is the tool we generally use to make the keys for 
new deployments.

  -- Justin


On 04/21/2014 07:43 PM, Mike Jones wrote:
>
> Spec call notes 21-Apr-14
>
> Mike Jones
>
> John Bradley
>
> Edmund Jay
>
> Agenda:
>
>                OpenID 2.0 Transition Spec
>
>                OAuth 2.0 Symmetric Proof of Possession Spec
>
>                Errata
>
>                Upcoming Events
>
>                Open Issues
>
>                Google question to the list: [Openid-specs-ab] nonce 
> for code+id_token flow
>
>                Libraries Page
>
>                openid.net Web Site
>
> OpenID 2.0 Transition Spec
>
>                Nat is studying proposals
>
>                He believes that the Google proposal has some issues
>
>                There appear to be three ways to do this:
>
>                1. One way is to publish the Issuer key in the OpenID 
> 2.0 discovery (YADIS) document
>
>                2. Another way is to publish the Issuer Identifier in 
> the OpenID 2.0 discovery (YADIS) document
>
>                3. Another way is to publish the OpenID 2.0 verified 
> identifier
>
>                The downside of 1 is that it doesn't account for key 
> rotation
>
>                2 seems to make the most sense.  Nat will start a rough 
> draft using this method.
>
> OAuth 2.0 Symmetric Proof of Possession Spec
>
>                This is the document formerly known as "Transient 
> Client Secret"
>
>                Nat and John's spec needs to be refreshed
>
>                John plans to refresh it
>
>                John also plans an asymmetric version
>
>                               This may address some of Chuck 
> Mortimore's use cases
>
> Errata
>
>                The next step seems to be to write proposed text
>
>                               Mike will try to have some text by the 
> week of IIW
>
>                Ideally we could review the updated text at Yahoo! or 
> at IIW
>
> Upcoming Events
>
>                Pre-IIW event at Yahoo!, Monday, May 5
>
> http://www.eventbrite.com/e/openid-foundation-workshop-tickets-1174511997
>
>                               We need an updated "OpenID Connect 
> Overview" talk
>
> Mike will try to put this together
>
>                               We likely have some working group 
> sessions during IIW itself
>
> We don't have much working time at Yahoo!
>
>                               Native Applications will either be John 
> or Paul
>
>                               Mobile Profile may not have a GSMA 
> representative
>
> Torsten would be a good person to lead this
>
>                European Identity Conference, Tuesday, May 13
>
> http://www.id-conf.com/events/eic2014/agenda
>
>                               This will probably be more 
> presentation-oriented than interactive
>
>                               EIC is more of an enterprise and privacy 
> audience - less technical than IIW
>
> Nat can think about possible differences from the Yahoo! deck
>
> We can also work on this during IIW
>
> Open Issues
>
>                There were no new issues
>
> Google question to the list: [Openid-specs-ab] nonce for code+id_token 
> flow
>
>                We don't think that a nonce is technically necessary 
> for the code flow
>
>                               But not putting it in would cause 
> interoperability problems
>
>                If included, it will be the same in both ID Tokens
>
>                John will reply to the list
>
> Libraries Page
>
>                We added Ping Federate and Azure AD
>
>                               Others can also supply product links to 
> be listed
>
>                We added a tools section listing http://jwt.io/
>
> openid.net Web Site
>
>                We probably want to merge these pages:
>
> http://openid.net/foundation/community/
>
> http://openid.net/foundation/community/get-involved/
>
>                We also want to revise this one and possibly make it 
> easier to find:
>
> http://openid.net/foundation/community/mailing-lists/
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140422/72447c2f/attachment.html>


More information about the Openid-specs-ab mailing list