[Openid-specs-native-apps] Minutes - Dec 10
Paul Madsen
paul.madsen at gmail.com
Tue Dec 10 16:52:46 UTC 2013
attending
John Bradley, Paul Madsen, Mike Varley, Darren Platt, Thomas
DeBenning,Brian Campbell,Nat Sakimura, Morteza Ansari
Paul taking notes
Nat asks whether this is 1st or 2nd meeting of working group , John
confirms we adopted scope at 1st meeting. provisionally accepted input
document , presuming IPR agreements have been accepted - which has happened
Nat moves to accept previously provisionally accepted document as accepted
input doc
John seconds
John moves that the input document become the basis for workgroup activities
Darren seconds
John took the group through the current document.
nat asked about Step 5 - should be both arrows up/down
Nat posed question about how the TA obtains access tokens - whether from
the Token Endpoint or some dedicated API - allowing for triples to be
returned
John points out advantage of Token Endpoint, allowing for the TA to
authenticate when obtaining access tokens
We can have
1) TA uses refresh token on call to Token Endpoint
2) TA uses access token on call to 'AppInfo' API
3) both
More discussion
Nat suggests the TA might , on install, register a key pair, or do dynamic
registration, to use subsequently to the AS
Nat suggests that credential provisioning is important . John agrees but
argues that this spec neednt necessarily specify that
Consensus is that TA SHOULD be a confidential client, as opposed to MUST
Nat points out that the TA aggregates risk, and that may push the SHOULD to
MUST for deployments
Morteza asks about how discovery might work, and goes onto ask about the
scope of interoperability, ie is the goal that a given app work with any
TA, or a specific TA?
John answer is that we need to explore what the mobile OSs provide
Morteza asks 'Will we have different bindings for the different OSs'?
Things will change.
John suggests that the bindings will change evolve as the OSs change, and
so may not belong in the same document.
Group agrees. What to call it? Or are there individual docs for each OS &
version?
John will take first stab at pulling the content out.
John asks 'whether the AppInfo API definition belongs in the main spec?'
Group says keep it in for now
Discussion as to what the TA should pass to the apps, just an access token,
or also a refresh token, or maybe an id_token etc? Future discussion
required
Brian has questions/concerns about the TBD of 7.4.3, ie how a TA uses an
id-token to obtain access tokens. More discussion required
People dont like the 'provisioning' in current spec title - has existing
connotation. Agree to change spec names to
Native Apps Core
Native Apps OS Bindings
Agree to have call bi-weekly, alternating between Tuesday 10 AM EST &
Wednesday 6 PM EST.
--
Paul Madsen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20131210/1ca67389/attachment.html>
More information about the Openid-specs-native-apps
mailing list