[Openid-specs-ab] Spec call notes 4-Aug-14

Mike Jones Michael.Jones at microsoft.com
Mon Aug 4 23:52:21 UTC 2014


Spec call notes 4-Aug-14

Mike Jones
John Bradley
Edmund Jay
Nat Sakimura

Agenda:
               Next Call
               Possible "error" return from OP i-frame
               OpenID 2.0 Transition Spec
               Errata
               Spec approval logistics
               Open Issues
               Interop Report from CIS

Next Call
               We will have the Thursday 7am Pacific Time call on the 7th
                              This is the European friendly time

OpenID 2.0 Transition Spec
               There's been discussion on whether to return issuer keys or the issuer identifier
               We decided it makes more sense to return the issuer identifier
               We will discuss the disposition of the spec on the call in 1/2 a week

Errata
               Mike applied all the tracked errata changes
               He will send out Word versions with tracked changes for people to review
               We will discuss timing of approving the errata on the next call
               We may want to hold the approval vote for this at the same time as the transition spec
                              The review period for errata changes is 45 days

Spec approval logistics
               Darin Richardson of Refresh Media will be back from vacation September 1
               The openid.net https certificate has been revoked!
               Mike will send a note about this

Possible "error" return from OP i-frame
               Currently only "changed" versus "unchanged" are allowed
               Allowing "error" on syntactically malformed input could help prevent an infinite loop of prompt=none requests
                              Put guidance in the spec to fix your code - not retry
               Mike will send a follow-up reply to his note on the list and file a bug

Open Issues
               Most of the open issues were closed by applying the errata edits
               #914 - Session 5 - Missing client_id parameter
                              There doesn't seem to be consensus to add this parameter
                              Breno opposed having two ways to communicate this information
               #915 - Computation of OP session_state in the IdP requires origin URI
                              Mike will ask Todd to propose language about deriving the origin URI from the hostname in the registered redirect_uri values
               #922 - Session cleanup via back-channel
                              Requires a full write-up on its own - a completely different mechanism than the current Session Management
               #928 - New - add back policy_uri definition?
                              This could be done in an extension spec
                              It's not errata, because it's a new feature

Interop Report from CIS
               Hans and Roland have this data but are both on vacation at present
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140804/4e382530/attachment.html>


More information about the Openid-specs-ab mailing list