[Openid-specs-native-apps] Minutes - Jan 22

[Paul Madsen]

6 pm EST

Attending

Thomas Debenning, John Bradley, Paul Madsen, Mike Gile, Darren Platt, 
Morteza Ansari, Ashish Jain

Discussion

Any outstanding issues from last call?

Thomas done some preliminary work on all 3 platforms - windows, IOS, & 
Android

Mike Varley sent an email with some privacy recommendations - everybody 
should read & review.

Thomas has a question about revocation? a revocation message from the AS 
to the TA?

Morteza asks 'why would this be necessary, could it not be handled by 
the general OAuth token revocation mechanisms'

John 'we should specify what should happen about the client behaviour as 
to what happens when a token is revoked'

Thomas - another question is 'the spec allows for immediate delivery of 
tokens to secondary apps'.

Are there privacy implications - Mike V suggests so.

Likely the privacy issue is possible correlation

John will edit spec to ensure that an app can ask for tokens for 
multiple tokens.

Thomas suggests that the current MUST about how a TA delivers a token to 
the secondary app is too strong.

John thinks that the MUST should be a SHOULD.

Thomas thinks this has implications for how the bindings would work. eg 
a URL scheme may not guarantee delivery.

Ashish asks about timelines. Is it relevant to pick a milestone around 
RSA time frame?

Who is attending RSA? Ashish, Mike, Darren.

John - next relevant milestone would be some sort of interop test.

Morteza - what about IIW? Aim for some interop.

Ashish - that implies we freeze the spec at some point in advance of 
IIW. lets work in the near term to do so

Meeting closed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140203/5e9ec98e/attachment.html>