[Openid-specs-ab] Spec call notes 12-Feb-15

Mike Jones Michael.Jones at microsoft.com
Thu Feb 12 15:27:05 UTC 2015

Spec call notes 12-Feb-15

Roland Hedberg
Mike Jones
John Bradley
Brian Campbell
Edmund Jay

               Session Management
               Form Post Response Mode Binding
               OpenID Workshop on April 6

               Roland has been fixing issues in the OP tests as they arrive

               Roland is waiting on fixes to the Symantec machines to be able to use them
                              There are network ACLs preventing the ability to access the ports they need
                              We also don't have the certificates

               RP Tests
                              Roland made a special OP that acts in different ways depending up the URL used
                              For instance, can request signature algorithms, specific errors, etc.
                              He added aggregated and distributed claims
                              There will be a page where each test is described
                              Hans Zandbelt believes that he could do all the tests
                              Logs will be filed under IP address and test ID
                              The tester will have to provide information about what they saw
                                             This is mostly self-reporting
                              Roland plans to deploy this on the Symantec hosts

               Edmund asked about the token endpoint auth issue he's seeing (issue #3)
                              Roland suggested they have a Skype call to sort it out

               Mike plans to write initial web pages for certification

Form Post Response Mode Binding
               This test is intended be used in combination with the implicit and hybrid response types
               In theory, it could also be used with the code flow

               We announced on Monday that we would start the 60 day review next Monday

Session Management
               Mike plans to write a one-pager on image get based logout
               This is aligned with what Ping and probably Deutsche Telekom have done
               This has the advantage of being parallelizable
               And it's kind of the lowest common denominator logout mechanism

OpenID Workshop on April 6
               The Connect WG plans to go over the certification program and results
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150212/c6a13de5/attachment.html>

More information about the Openid-specs-ab mailing list