[Openid-specs-ab] Spec Call Notes 21-Jun-18

Torsten Lodderstedt torsten at lodderstedt.net
Sat Jul 28 12:31:49 UTC 2018


Hi Mike,

I potentially could do such a spec quickly. But how do you envision a developer to find out there is a complementary spec enhancing OpenID Connect Core? Developers will (at most) consult the OpenID Connect spec because that’s what they are looking for. 

kind regards,
Torsten. 

> Am 30.06.2018 um 14:57 schrieb Mike Jones <Michael.Jones at microsoft.com>:
> 
> I was envisioning a spec that simply defines a new error code and registers it in the OAuth Extensions Error Registry.  Its normative contents would be something like this:
>  
> OAuth “error” Value:
>               unable_to_meet_authentication_requirements
>               The authentication performed did not meet the requirements of the requester.
>  
> In the non-normative parts of the spec, you could say that one place this new error code could be used was if an OpenID Connect “acr” is requested as an essential claim and its criteria could not be met.
>  
> This doesn’t rise to the level of incrementing the Connect version number or updating the entire spec.  In my view, that would send the wrong message to the marketplace.
>  
> You could do this simple spec pretty quickly.
>  
>                                                        -- Mike
>  
> From: Torsten Lodderstedt <torsten at lodderstedt.net> 
> Sent: Friday, June 29, 2018 10:44 PM
> To: Mike Jones <Michael.Jones at microsoft.com>
> Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>  
> What kind of new spec do you have in mind to add the error code, which is required to properly handle an error situation described in OpenId Connect Core? I would assume OpenID Connect 1.x?
> 
> Am 28.06.2018 um 12:28 schrieb Mike Jones <Michael.Jones at microsoft.com>:
> 
> Can you change a published RFC?  No.
>  
> Part of the OIDF maintaining its reputation as a professional standards body is to likewise safeguard the integrity of our final specifications.
>  
> I realize that writing a new specification to introduce new functionality may seem inconvenient but it’s ultimately the right thing to do.
>  
>                                                        -- Mike
>  
> From: Torsten Lodderstedt <torsten at lodderstedt.net> 
> Sent: Wednesday, June 27, 2018 8:14 PM
> To: Mike Jones <Michael.Jones at microsoft.com>
> Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>  
> Even if the error code is obviously missing in the original spec?
> 
> Am 27.06.2018 um 07:31 schrieb Mike Jones <Michael.Jones at microsoft.com>:
> 
> Correct.  Just like the IETF, we don’t make normative changes to Final specifications.
>  
> The way to introduce a new error code is to write a new specification that does so.
>  
>                                                        -- Mike
>  
> From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Vladimir Dzhuvinov via Openid-specs-ab
> Sent: Wednesday, June 27, 2018 8:26 AM
> To: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>  
> My observation is that errata don't introduce new parameters, but are rather used to fix typos and clarify things.
> 
> Depending on how the errata get published - as part of the original spec or as separate doc - developers often fail to notice them :)
> 
> Vladimir
> 
>  
> On 25/06/18 18:34, Torsten Lodderstedt via Openid-specs-ab wrote:
> What about an errata? 
>  
> Am 25.06.2018 um 16:31 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>  
> A new specification needs to be written.  We can't add new functionality to final specifications.
>  
> -----Original Message-----
> From: Torsten Lodderstedt <torsten at lodderstedt.net> 
> Sent: Monday, June 25, 2018 10:30 AM
> To: Mike Jones <Michael.Jones at microsoft.com>
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>  
> Hi Mike,
>  
> what needs to be done in order to bring Issue #1029 forward?
>  
> kind regards,
> Torsten. 
>  
> Am 21.06.2018 um 16:48 schrieb Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
>  
> Spec Call Notes 21-Jun-18
>  
> Mike Jones
> Brian Campbell
> George Fletcher
> Bjorn Hjelm
> John Bradley
>  
> George Fletcher's Native SSO Proposal
>              George plans to produce an xml2rfc version of his Native SSO draft by the end of the week
>  
> Potential iOS Changes
>              Vittorio Bertocci plans to have a meeting at Identiverse to discuss SSO and Apple's "Intelligent Track Protection" initiative
>  
> Federation Specification Review
>              This review is under way
>                           http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/
>              People are encouraged to review the draft
>  
> RISC Approval Vote
>              The vote is open through June 29th
>              Please participate at https://openid.net/foundation/members/polls/141
>  
> Certification
>              We are launching the Form Post Response Mode certification profiles at Identiverse
>                           We will have people test the tests at Identiverse
>  
> New RP Libraries
>              We've created a jwtconnect.io site as a documentation home for the JWTConnect libraries
>              Roland plans to create the Python github projects at https://github.com/openid before Identiverse
>  
> Open Issues
>              See https://bitbucket.org/openid/connect/issues
>              #1029: authentication_failed error response 
>                           No activity since last call
>              #1030: Front & back-channel logout: require HTTPS URIs?
>                           Vladimir is right.  Mike will make the change to require https URIs.
>  
> Unauthenticated Logout Requests
>              George will file an issue proposing Security Considerations language about denial of service attacks using front-channel logout
>  
> Spec Progress
>              We plan to take the three logout specs to final status soon
>                           Please review them now
>              The OAuth AS Metadata spec is in Auth48 so will probably finish this week
>                           This will unblock the errata progress
>              The Security Event Token (SET) spec is with the RFC editor and so should also finish soon
>                           We want this to finish before making back-channel logout final
>  
> Next Calls
>              We are cancelling the Monday, June 25th call because it is during Identiverse
>              The next call is Thursday, July 5th at 7am Pacific Time
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>  
>  
> 
> 
> 
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3872 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180728/bfe3e602/attachment.p7s>


More information about the Openid-specs-ab mailing list