[Openid-specs-native-apps] Minutes - January 6

[Paul Madsen]

Attending

Paul M, John B, Brian C, Darren P, Mike G., Thomas D, Mike V, Nat S., 
Tony N.,

John B reported that the docs have been split, reflecting decision into

1) core spec
2) native API bindings

Two docs will evolve separately

John reports that there is still some cleaning up to do after the split

John asks for feedback on naming of docs

i) OIDC Native Applications Token Agent Core
ii) OIDC Native Applications Token Agent Native API Bindings

John asks for review of spec, Use issue tracker on BitBucket

Tom D suggests that we should normalize 'trusted agent' & 'token agent' 
terminology.

Tom D interested in contributing to bindings spec.

John notes that bindings spec is thin.

John will send invite to Tom to allow him to contribute to bindings spec 
via BitBucket

2) On issue of how TA obtains access tokens, John will send note to list 
summarizing options with their pros/cons

Mike V asks if anybody has been able to review A2P3 spec? Mike points 
out similarities between NAPPS & A2P3, albeit latter may have more 
privacy focus. Any chance on harmonization.

Mike's thought is that in A2P3 there is a separation between 
authentication & token issuance - with privacy advantages.

John points out that there is nothing in current NAPPS that stipulates 
that authentication need be performed by the AZ.

Mike V will provide summary of A2P3, comparison to NAPPS, and potential 
convergence path.

Darren argues that this feels similar to relationship between SAML & Shib.

Tony points out we need be careful of IPR taint.

Next call January 24 at 6pm EST

Close











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140107/2554d534/attachment.html>