[Openid-specs-ab] Spec call notes 9-Feb-15

Mike Jones Michael.Jones at microsoft.com
Tue Feb 10 00:02:12 UTC 2015


Spec call notes 9-Feb-15

Mike Jones
Edmund Jay
John Bradley
Nat Sakimura
Brian Campbell

Agenda
               Certification
               OpenID Workshop on April 6
               OpenID 2.0 Migration
               Session Management
               Form Post Response Mode Binding
               Next Calls

Certification
               It's on Mike's list to create initial certification web pages for review
                              Profile definitions and instructions

               Mike asked whether we want test names to be OP-Letter-Number or to be more semantically meaningful names
                              Mike will work with Roland to create and convert over to these
                              That will let us have stable names that don't get renumbered, etc.

               Roland continues having problems getting the Symantec hosts to work for our use cases
                              He can't even do HTTP GETs to port 80 for his source repository
                              Mike will see if progress can be made on that this week

               Open Certification Issues at https://bitbucket.org/openid/certification/issues
                              Brian asked about the status of tests about revoking access tokens on auth code reuse
                                             We agreed two weeks ago to make that a warning
                              People are encouraged to verify fixes after Roland marks them fixed and then close the bugs

               The RP tests seem to be about a constant week from being live
                              The current holdup is good UI code in front of them saying how to use them

               Apparently Hans Zandbelt talked to Roland about RP testing but it seemed to him that it was going to be complicated
                              Mike will try to look into why that was
                              Mike encouraged people to look at the RP tab of the conformance profile definitions spreadsheet

OpenID 2.0 Migration
               The 60 day review period is under way
               See http://openid.net/2015/02/01/review-of-proposed-final-openid-2-0-to-openid-connect-migration-specification/
               The next step is posting about the voting

OpenID Workshop on April 6
               https://openid-mar-2015.eventbrite.com
               The page is not currently showing who is registered
               Times still need to be added to the agenda
               The marketing committee is thinking of starting the event earlier (before 11:00) because of all of the working groups

Form Post Response Mode Binding
               Ping and Microsoft have successfully interoperated on the form post response mode
               Mike asked whether or not we need to add additional security considerations
                              Brian pointed out that the bad combinations are of things like query in the wrong places and not with the form post response mode
               Mike believes we should take it final.  Brian agrees.
                              Mike will ask if there any objections to taking it forward
                              If no objections are heard, we will start the 60 day review period next Monday

Session Management
               Mike plans to write a one-pager on image get based logout
               This is aligned with what Ping and probably Deutsche Telekom have done
               This has the advantage of being parallelizable
               And it's kind of the lowest common denominator logout mechanism

Next Calls
               We decided to go back to two calls a week between now and the certification launch
               The Thursday call is at https://www3.gotomeeting.com/join/181372694

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150210/f7a13623/attachment-0001.html>


More information about the Openid-specs-ab mailing list