[Openid-specs-ab] Spec call notes 18-Feb-16

Mike Jones Michael.Jones at microsoft.com
Thu Feb 18 16:19:55 UTC 2016


Spec call notes 18-Feb-16

Mike Jones
John Bradley
Nat Sakimura
George Fletcher
Roland Hedberg

Agenda
              Certification Updates
              Open Issues
              Upcoming Events
              Open Source Libraries
              Security Test Tools
              Next Call

Certification Updates
              OP certification is rolling along
              Roland regularly gets e-mails from people asking about the certification tests
              Something between 100 and 150 implementations have tested
              23 have certified to date
              RP certification is stalled at present
                             So far, only Edmund Jay and Hans Zandbelt have done testing
                             William Denniss said that he would test but apparently hasn't yet
              Roland is also working on enabling testing of deployed clients, rather than libraries
                             You can still cause the OP to create errors and check whether the RP handles them correctly
                             For instance, sending a bad signature and seeing if the RP rejects it
                             This isn't deployed yet - it's still just on Roland's laptop
                             Mike asked if we could get this deployed by IIW in late April and Roland said yes
              AOL has been moving lots of their SAAS providers to OpenID Connect
                             George would like to be able to point them to the RP testing
              Mike said that there isn't an easy list of RP tests to just click through
                             Roland said that there is a web page but you have to do a lot of clicking
                             https://rp.certification.openid.net:8080/test_list
              Mike said that NEC sent a certification request that was nearly complete and he responded to it
              Edmund was having problems with key rotation in the RP tests but Roland hasn't figured out what's wrong
                             Nat suggested that Roland and Edmund arrange a GoToMeeting session with screen sharing to debug it
                             Roland will send a note to Edmund to schedule this

Open Issues
              There are no new issues
              Mike and John still need to produce new text for the errata issues
              There are also updates to the logout specs that Mike needs to do
              Errata has higher priority over the logout changes, other than renaming the front channel logout spec

Upcoming Events
              Mobile World Congress is next week
                             John will be there
                             MODRNA will have meetings there
              RSA will be the following week
                             Nat and Mike will be there
              OpenID Workshop in Santiago on Thursday, March 31 before IETF 95 in Buenos Aires
                             See  http://www.alive.cl/clientes/OpenID/index.html
                             John, Nat, Mike, William, and Hannes will be there
                             The city of Buenos Aires has a Python authorization server - Django OpenID provider
              OpenID Workshop before IIW on Monday, April 25
                             https://www.eventbrite.com/e/internet-identity-workshop-xxii-22-2016a-tickets-19430016703
              OpenID Workshop at European Identity and Cloud Conference in May
                             See https://www.id-conf.com/events/eic2016
              There is an OAuth security workshop in Trier, Germany on July 14-15, the week before IETF 96 in Berlin
                             See http://infsec.uni-trier.de/events/osw2016

Open Source Libraries
              An OpenID GitHub repository was established
                             The iOS and Android libraries will be in separate repositories
              The legal issues enabling contribution were resolved
              William Denniss is expected to post the libraries imminently

Security Test Tools
              Christian Mainka and the rub.de folks are working on OAuth security testing tools
              Roland is tracking their work and might add some of the new tests as extra tests in our OP test suite

Next Call
              Our next call will be Monday, February 22nd at 3pm Pacific / Tuesday morning in Japan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160218/fa7b45e9/attachment.html>


More information about the Openid-specs-ab mailing list