[Openid-specs-ab] Spec call notes 7-Jul-16

Mike Jones Michael.Jones at microsoft.com
Thu Jul 7 15:30:10 UTC 2016


Spec call notes 7-Jul-16

Justin Richer
Nov Matake
Phil Hunt
Mike Jones
Prateek Mishra
Nat Sakimura

Agenda
              SCIM Draft
              Open Issues
              Federation section in new version of NIST SP 800-63
              Preparing for IETF 96 Berlin
              Next meetings

SCIM Draft
              Phil described the use case and motivation
              Prateek said that many business applications are converting to OpenID Connect
                           Post authentication, applications want to access business data via SCIM
              Prateek had asked about spec mechanics on the list
              The integration with OpenID Connect for directory enabled applications seems obvious
              Phil had talked with Chuck Mortimore about SCIM identifiers versus OpenID Connect identifiers
                           People shouldn't assume that the identifiers are the same, particularly for legacy systems
              The spec uses two methods the /me path and the scim_id and scim_location claims
              An open question is whether applications would access both the UserInfo Endpoint and the SCIM endpoint
              A question was asked on the list about scopes
                           Phil thought that scopes work might want to happen in the IETF SCIM working group
                           Then it would not be Connect specific
              Having a standard will let developers do this in a consistent way
              Mike asked who on the call has reviewed the spec
                           Justin has skimmed it
                           Nov has looked through it
              Nov described a use case in Japan in which the OpenID Provider is a SCIM client provisioning profile data to the RP

              The document has been proposed for adoption
              We will give people a week to review the document and provide comments on adoption
              Mike said that adopting the document indicates interest in the area and having a starting point for the work
                           It's normal for the specification to evolve after adoption
              Prateek said that having a formal document will help it get attention

Open Issues
              Open issues are at https://bitbucket.org/openid/connect/issues?status=new&status=open
              Issue #994 on the definition of country within the address claim
                           The issue asked whether it's an ISO two letter code
                           Mike said that this is part of a postal address, so may be written out, such as "Deutschland"
                           Phil asked if we know how implementers are typically using this
                           We don't have much data
                           This is actually presently coming up at Microsoft, where there's a desire for an ISO country code claim
                                         Mike will gather data and report back
              Issue #995 Editorial Issue: description of policy_uri in DynReg
                           Mike will fix this syntactic nit as part of the errata edits
              Issue #993  How to treat a zero max_age request parameter?
                           This is effectively prompt=login
                           We can add a comment to this effect as part of the errata process

Federation section in new version of NIST SP 800-63
              Justin asks that people review this
              See https://github.com/usnistgov/800-63-3/issues

Preparing for IETF 96 Berlin
              Token Binding of access tokens is one important topic
                           The current Token Binding drafts don't provide a way to provide the referred token binding
              The OAuth Mix-Up Mitigation is another important topic to participate in
              The OAuth JWS Request draft will progress
                           People should get any last comments in on it ASAP
                           Hannes produced some comments that John is applying to the present draft

Next Calls
              Our next call is Monday, July 11th at 3pm Pacific Time
              We are tentatively cancelling the 7am call on Thursday, July 21st, since it's during IETF
              See the calendar at http://openid.net/wg/connect/ to see the call times in your local time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160707/d9c6c0dc/attachment.html>


More information about the Openid-specs-ab mailing list