<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:tahoma,new york,times,serif;font-size:10pt;color:black;"><div><p class="MsoNormal">Spec call notes 6-Oct-11</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Mike Jones</p>
<p class="MsoNormal">Johnny Bufu</p>
<p class="MsoNormal">Edmund Jay</p>
<p class="MsoNormal">John Bradley</p>
<p class="MsoNormal">Pamela Dingle</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Agenda:</p>
<p class="MsoNormal"> Open Specs Issues & Editing<br></p>
<p class="MsoNormal"> Summit Interop<br></p><br><br><br>Open Spec Issues<br> John has been going over the Issues tracker and putting resolution notes for open spec issues<br> Some issues that need decisions the following :<br> #101: Messages - 3.3.2 UserInfo Response should include namespace<br> Result : Namespace will not be included in response<br><br> #148: Standard 4.3.1.3.3. - Request
File URL must be unique for every unique content<br> This issues relates to RP using an request file for per user authorization requests and OpenID Providers may cache them and<br> may not have the most current file.<br> Result : John to add text to explain issue, but not list specific solutions on how to prevent caching.<br><br> #151: Standard - 4.3.4.1 - "resource owner" -> "the End-User" for consistency<br> Resource
owner comes from OAuth and End-User comes from OpenID<br> John says Resource Owner may theoretically be different from the End-User<br> Result : Add text to explain such a case<br><br> #161: Standard - 7.1/7.2/7.2.1 - Check ID: Simply refer to messages 3.4.1/3.4.2/3.4.3<br> #160: Standard - 6.1/6.2/6.2.1 - UserInfo - Simply refer to 3.3.1/3.3.2/3.3.3<br> #159: Standard - 5.2.1. Simply refer to 3.2.2 and 3.2.3 of
Message<br> These 3 issues relate to the duplicating of text from the Messages spec in the Standard spec.<br> Result : John will leave as is until the final version and then do refactoring, rewriting<br> Johnny prefers that Messages is consistent and then other specs reference the appropriate sections<br><br> #167 Standard - 4.3.1 - "As described in How To Get An Authorization Code, Access Token, and ID Token...."<br> Result : John added some text in
the issue notes regarding textual changes and is accepted by group.<br><br><br> John/Hideki/Johnny brought up the issue of format of ID Token and how to validate it and whether the Check ID Endpoint <br> needs to be called by client<br> John will add some explanation text for ID Token validation and Check ID Endpoint is only required if client cannot process it.<br><br><br> John will go over rest of open issues<br> Johnny will add some more issues to
the tracker<br><br><br><br>Summit Interop<br> Nov and Edmund working on implementation of discovery and registration.<br> Edmund will try to have implementation early next week.<br><br> Pam said they have implementation issues with returning ID Tokens in authorization response<br><br><span> Oct 17 pre-IIW Summit session can be registered at <a target="_blank"
href="http://openidconnectworkshop.eventbrite.com/">http://openidconnectworkshop.eventbrite.com/</a></span><br><br><br><br><br><br> <br> <br> <br> <br> <br></div>
</div></body></html>