[Openid-specs-ab] Spec call notes 12-Mar-15

Mike Jones Michael.Jones at microsoft.com
Thu Mar 12 16:06:03 UTC 2015

Spec call notes 12-Mar-15

Nat Sakimura
Brian Campbell
Edmund Jay
Justin Richer
Mike Jones
George Fletcher
Roland Hedberg

               Name of HTTP logout spec
               Always using iframes to trigger HTTP logouts
               Using Connect at openid.net

               We are currently 8 days from trying to lock down the OP tests
               After that, people can do testing for their actual certifications
               People are highly encouraged to retest soon, to find any additional issues that remain
                              Roland is going through the issues filed today
               Mike annotated the test names to include the profiles that they apply to

               http://openid.net/certification/ needs to be reviewed
               We still need to produce closed-form instructions on what needs to be tested
               For instance, the Dynamic instructions will include the MTI features in Core 15.2

               You can pass with warnings
               John said that MTI warnings should be different than other warnings at some point

               Support for request_uri must actually work if Dynamic is being tested for

               Mike asked Roland to notify people once there's a new release in production

Name of HTTP logout spec
               Some people had asked that it be called HTML logout but the session management spec is the one that uses an HTML communication feature - postMessage
               This spec is a front channel push versus Session Management is a front channel poll
                              Maybe "browser push logout"?

Always using iframes to trigger HTTP logouts
               Microsoft implementers have pointed out that iframe GETs have access to HTML5 local storage
               They'd like to be able to decide after registration time whether to do HTML5 local storage cleanup or not
               RPs could continue to return images if that's what they want to do
               Then they could change to returning HTML pages if the want/need to
               This would simplify the spec by eliminating the logout_use_iframe parameter

Using Connect at openid.net
               We ran out of time to discuss this topic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150312/db2bc720/attachment.html>

More information about the Openid-specs-ab mailing list