<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:tahoma,new york,times,serif;font-size:10pt;color:#000000;"><div>Spec call notes 13-Feb-12<br><br>Nat Sakimura<br>John Bradley<br>Pamela Dingle<br>Edmund Jay<br>George Fletcher<br><br><br><br>Agenda:<br> - Interop<br> - Issues<br><br><br>Interop <br><span> The Interop Wiki at <a target="_blank" href="http://osis.idcommons.net/wiki/OC3_OpenID_Connect_Interop_3">http://osis.idcommons.net/wiki/OC3_OpenID_Connect_Interop_3</a> </span><br> still needs to be populated with the actual test cases.<br> Pamela will try to update by Thursday's call it if Mike Jones has not done so yet.<br> Nat will check will Ebay and Janrain regarding participation in Interop.<br><br><br>Issues<br> #510 and #536 - Messages, Basic - Proposal for adding
hash to id_token<br> Issue 510 is the issue asking for a proposal for adding a hash of the code and/or access token along with the ID Token.<br> Issue 536 is the actual proposal from John. His proposal is to modify the 'code id_token' and 'code token id_token' response_types <br> to include the code as a claim inside the id_token. Since id_token is signed, the code is automatically checked by the id_token signature. <br> It is also more in line with Facebook's signed request method. The ID Token is also modified to include an optional access <br><span> token fingerprint. For full proposal, please see <a target="_blank"
href="http://hg.openid.net/connect/issue/536/messages-multi-token-response-add-hash-of">http://hg.openid.net/connect/issue/536/messages-multi-token-response-add-hash-of</a></span> .<br> John will send proposal to the mailing list for feedback.<br><br><br> #511 Standard: 5.1. UserInfo Request : Reference section number to Messages must be wrong.<br> John made changes to address the problem and was awaiting further feedback from Hideki, but didn't receive any.<br> Issue is changed to closed.<br><br><br> #513 Basic 1.2, Messages 8.14, Discovery 3.1, 3.2 - Issuer Identifier can not contain a path component<br> John made proposal to add a path component to the issuer returned from Simple Web Discovery and append ".well-known/openid-configuration"<br>
to the returned issuer string to retrieve the specific configuration information.<br> John has sent this proposal to the list but has not received much feedback.<br> This issue will be discussed at a face to face meeting in the upcoming RSA conference.<br><br> <br><br> <br></div>
</div></body></html>