[Openid-specs-ab] Spec Call Notes 21-Jun-18

Mike Jones Michael.Jones at microsoft.com
Thu Jun 21 14:48:19 UTC 2018


Spec Call Notes 21-Jun-18

Mike Jones
Brian Campbell
George Fletcher
Bjorn Hjelm
John Bradley

George Fletcher's Native SSO Proposal
              George plans to produce an xml2rfc version of his Native SSO draft by the end of the week

Potential iOS Changes
              Vittorio Bertocci plans to have a meeting at Identiverse to discuss SSO and Apple's "Intelligent Track Protection" initiative

Federation Specification Review
              This review is under way
                           http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/
              People are encouraged to review the draft

RISC Approval Vote
              The vote is open through June 29th
              Please participate at https://openid.net/foundation/members/polls/141

Certification
              We are launching the Form Post Response Mode certification profiles at Identiverse
                           We will have people test the tests at Identiverse

New RP Libraries
              We've created a jwtconnect.io site as a documentation home for the JWTConnect libraries
              Roland plans to create the Python github projects at https://github.com/openid before Identiverse

Open Issues
              See https://bitbucket.org/openid/connect/issues
              #1029: authentication_failed error response
                           No activity since last call
              #1030: Front & back-channel logout: require HTTPS URIs?
                           Vladimir is right.  Mike will make the change to require https URIs.

Unauthenticated Logout Requests
              George will file an issue proposing Security Considerations language about denial of service attacks using front-channel logout

Spec Progress
              We plan to take the three logout specs to final status soon
                           Please review them now
              The OAuth AS Metadata spec is in Auth48 so will probably finish this week
                           This will unblock the errata progress
              The Security Event Token (SET) spec is with the RFC editor and so should also finish soon
                           We want this to finish before making back-channel logout final

Next Calls
              We are cancelling the Monday, June 25th call because it is during Identiverse
              The next call is Thursday, July 5th at 7am Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180621/de4e3ebb/attachment.html>


More information about the Openid-specs-ab mailing list