[Openid-specs-ab] Spec Call Notes 6-Dec-18

Mike Jones Michael.Jones at microsoft.com
Thu Dec 6 15:52:44 UTC 2018

Spec Call Notes 6-Dec-18

Filip Skokan
Bjorn Hjelm
Mike Jones
George Fletcher

Federation Specification
              Roland Hedberg recently updated the spec to incorporate feedback received
              Reviews are requested

Open Issues
              #1056 Use of id_token in RP-Initiated Logout as the id_token_hint
                           The issues identified could be addressed by using POST
              #1032 rp-initiated logout - proposal for client_id parameter
                           George is adding a comment about identifying the session ID without an ID Token
              #1057 OIDCC appears to override single-use nature of auth code in RFC6749
                           A spec change doesn't appear to be warranted
              #1058 sector_identifier_uri should have a /.well-known/ path
                           This is requesting a specification change
                           This appears to need more discussion because it's not totally clear why the change is being requested
                           George is writing a comment trying to flesh out the nature of the possible attack described
              #1045 Signalling that a Request Object must always be present in Authorization Request
                           We could use the presence of request_object_signing_alg to signal that signed request objects are being requested
                           This likely wouldn't be a breaking change in practice

Submission: Native SSO for Mobile Apps (txt and xml)
              George asked what the next steps are for the document he submitted
              The working group needs to decide whether it wants to work on that topic

Next Call
              The next call is at 3pm Pacific Time on Monday, December 10th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181206/7ef7d469/attachment.html>

More information about the Openid-specs-ab mailing list