<html><body><div style="color:#000; background-color:#fff; font-family:tahoma, new york, times, serif;font-size:10pt"><div>Spec Call notes 03-Oct-2013</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;">Attendees</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Nat Sakimura</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Justin Richer</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Edmund Jay</span></div><div style="color: rgb(0, 0, 0);
font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab">Agenda</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Spec Refactoring</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Issues</span></div><div style="color: rgb(0, 0, 0); font-size:
13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Session Management<br></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab">Spec Refactoring</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Mike was absent from call so it was not
discussed.</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br><span class="tab"></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab">Issues</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #882: All - JWT and JOSE specification versions</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #881: Discovery 1 -
Relationship to OAuth Dynamic Registration</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> The above 2 issues are editorial changes <br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #879: Messages 6.1 - The OpenID Foundation may consider hosting a site https://self-issued.me/</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #880: Messages 6.2 - The OpenID Foundation may consider hosting the endpoint
https://self-issued.me/registration/1.0/</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> Nat and Justin suggests using https://self-issued.openid.net/ rather than a domain in another country.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #878: Messages 2.1.1.1 Define "negative response" for id_token_hint <br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> Summary from coversations in the mailing list :</div><div
style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> When prompt=none is requested and the user is not logged in, the error response will be login_required</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> When prompt=none is requested and there is no id_token_hint, Breno suggests trying to satisfy the request <br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> if there is a signed-in user who has approved the application previously<br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family:
tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #876: Google "iss" value missing https://</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> Needs further discussion<br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> #877: Messages 2.1.3 Description of interaction_required, login_required, session_selection_required and consent_required conflicts with prompt
none specification</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> It is agreed that language will be changed to MUST NOT to keep consistency</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;">Session Management</div><div style="color: rgb(0, 0, 0);
font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"> Needs more interop work<br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Edmund has session management RP working with Microsoft OP</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Currently seeking Google's session management endpoints (please respond if anyone knows)</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> The Session
Management spec is not as mature as the other specs and also subject to cookie and local storage policies.</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Will need to explore the possibility of going forward without Session Management</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><span class="tab"> Edmund will suggest text to clarify some points for current doc.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color:
transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: tahoma,new york,times,serif; background-color: transparent; font-style: normal;"><br></div></div></body></html>