[Openid-specs-ab] Spec call partial notes 7-Jul-11

Nat Sakimura sakimura at gmail.com
Fri Jul 8 00:27:46 UTC 2011 

My portion of the note:

   Spec Call Minute (Draft)


Date: July 7, 15:00-17:00 PDT

Present: Mike Jones, Edmund Jay, Nat Sakimura, John Bradley, George
Fletcher, Johnny Bufu


*Agenda*

   1. Account Setup
   2. Update on the uploads
   3. Launch Plan, Contacting Developers
   4. Johnny Buhu's comments

*1. Account Setup*


Accounts at openid.net and svn.openid.net are different.

Darin administers svn.openid.net and he is on vacation until Jul 11.


openid.net keeps HTML version etc. for web access. For accounts, send
request to osl with SSH public key.


*2. Update on Uploads*


Uploaded all the specs (7). Formatting is also done.

Functionally complete. Editorial changes can be made.



*3. Launch Plan*


Contacting Developers


Now we want to go to the set of developers.


               Johnny Bufu - Mike to contact****

               Pam lining somebody up at Ping - Mike to contact****

               Andrew Arnott - John to contact****

               Chuck Mortimore - Mike to contact****

               University of Newcastle - John to contact****

               NII (Japanese InCommon), Yahoo! Japan - Nat to contact****

               Andreas Solberg (OpenSAMLPHP guy) - John to contact****

               Breno****

               Edmund


Spec Page Update

Add Link to the spec page : Mike


Overview Page Creation

Pam to take a stub at it by the end of this week.


Update the content of Openidconnect.com

 Getting access: Mike, John to get in touch with David.


Send note to openid specs list.

 - Ask Allen to review docs and post, as a kick off.


For Demo at Cloud Identity Summit


Breno is helping internally by consulting with the team in charge of the
demo as well as building some of the features.

They have a version of UserInfo in sandbox mode right now and I amworking on
id token, and session management bits

Since our spec is still in flux, Breno is implementing something reasonable
right now for the demo but probably spec-compliant versions will only be
available in time for IIW (October).


For the demo, just having Google IdP and Google RP is not interesting.

If Breno has the document for the current version of their implementation,
NRI team may be able to provide another sample RP.

Nat will ask Breno for the docs.



*4. Johnny Buhu's Comment*

**

See separate notes.

**





On Fri, Jul 8, 2011 at 8:12 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  Spec call partial notes 7-Jul-11****
>
> ** **
>
> Edmund Jay****
>
> Mike Jones****
>
> Nat Sakimura****
>
> John Bradley****
>
> George Fletcher****
>
> Johnny Bufu****
>
> ** **
>
> Agenda:****
>
>                Accounts on openid.net, svn.openid.net****
>
>                Mike's update on spec release****
>
>                Launch plan****
>
>                Contacting developers****
>
>                Johnny Bufu's feedback****
>
> ** **
>
> Contacting Developers****
>
>                Johnny Bufu - Mike to contact****
>
>                Pam lining somebody up at Ping - Mike to contact****
>
>                Andrew Arnott - John to contact****
>
>                Chuck Mortimore - Mike to contact****
>
>                University of Newcastle - John to contact****
>
>                NII (Japanese InCommon) - Nat to contact****
>
>                Andreas Solberg (OpenSAMLPHP guy) - John to contact****
>
>                Breno****
>
>                Edmund****
>
> ** **
>
> Formal launch plan****
>
>                Adding links from specs page****
>
>                               Mike to drive****
>
>                Pam writing overview one-pager - to be done by Friday****
>
>                openidconnect.com content update****
>
>                               John to get access from David****
>
>                Note to OpenID specs and board public list****
>
>                               Ask Allen and Kick to review note before
> sending it****
>
>                               Probably have Allen send it****
>
> ** **
>
> Ping Summit****
>
>                A week from now****
>
>                We discussed whether Edmund can rig a demo for the summit**
> **
>
> ** **
>
> Johnny Bufu's feedback:****
>
> ** **
>
> Base64url is defined but not used anywhere.****
>
>                Check****
>
> UserInfo Endpoint... "returns information about the current user":****
>
>                The user who presented the access token****
>
> RP is defined as "Client and Resource Servers"****
>
>                Fix****
>
> UserInfo Endpoint is defined as "protected resource"****
>
>                Fix - provided by OP****
>
> ** **
>
> "ID Token" is referenced but not defined.****
>
>                See session spec (and fix multiple definitions)****
>
> ** **
>
> (Can use introspection endpoint rather than id_token)****
>
>                Verify whether it's written down - possibly in the framework
> spec****
>
> ** **
>
> response_type: "Acceptable values are code, token, and none." - Is the list
> complete?****
>
>                Intended to be extensible****
>
>                Session management defines id_token type as well - add to
> core****
>
>                We are counting on the ability for OAuth to return multiple
> values****
>
>                               Mike will shepherd this at the IETF meeting*
> ***
>
> ** **
>
> "Response values for other requested response_type parameters are returned
> in the Access Token Endpoint (Need Confirmation)."****
>
>                Delete this sentence****
>
> ** **
>
> Where is the "openid": {...} (JSON) construct from the example defined?***
> *
>
>                Delete this example and replace with a correct one****
>
>                               John to supply correct example****
>
> ** **
>
> OAuth 2.0 doesn't define a parameter named "request" that I could find.***
> *
>
>                Parameter in the OAuth request****
>
> ** **
>
> Session Token referenced but not defined****
>
>                Is id_token****
>
> ** **
>
> Pointer should be to Core/Section 3.1.2 instead of 4.1.2.****
>
>                Fix****
>
> ** **
>
> Does session_selection_required correspond to an error in processing the
> prompt:select_account from a Authorization Request?****
>
>                Edmund to recommend how to fix this****
>
> ** **
>
> "Claims object" not formally defined - reader left to guess/assume it's the
> same as ""clm" object" described in section 3.1.1 / OpenID Request Object.
> ****
>
>                Fix****
>
> ** **
>
> "RESERVED" is capitalized but not defined by RFC2119****
>
>                Fix****
>
> ** **
>
> What is a (request/response) schema?****
>
>                Fix****
>
> ** **
>
> "See the OpenID Connect Core [OpenID.CC] specification on how to request a
> different format."****
>
>                Edmund to recommend fix****
>
> ** **
>
> 3.Check if the current time is within the validity period. ** **
>
>                Fix - refers to token****
>
> ** **
>
> Is "User Info API request" the same as a regular request to the UserInfo
> Endpoint (these are not referred to as APIs before this occurrence)?****
>
>                Fix****
>
> ** **
>
> Claim objects are not formally defined.****
>
>                George to look at UserInfo comments****
>
>                Including schema comments****
>
>                Reference Framework and format parameter from UserInfo spec
> ****
>
> ** **
>
> [The call continued after the first hour without Mike, who had a hard stop
> - Nat is taking further notes.]****
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110708/f52a8663/attachment.html>

More information about the Openid-specs-ab mailing list