[Openid-specs-ab] Spec call notes 18-Jul-11
Mike Jones
Michael.Jones at microsoft.com
Mon Jul 18 23:05:00 UTC 2011
Spec call notes 18-Jul-11
Nat Sakimura
Mike Jones
John Bradley
Edmund Jay
Agenda:
Encryption spec
Anonymous client flow using asymmetric signatures
Implementation update
Feedback update
Structure for reorganizing the specs
Encryption
Mike implementing in .NET
Maybe get Breno to do Java version
Edmund updating PHP library
Could maybe do encryption
Not doing integrity check if function doesn't support it
Using key wrap function from XMLDSIG, rather than from JSMS
An interesting question whether AES-GCM implemented in PHP
Can call out to openssl, but sometimes fraught with peril
Left OAEP out of list in 7.1
May need to change OAEP definition. Uses 2 hash functions:
1. One has to do with key size of thing you're encrypting - should be as big as RSA key size
Should be SHA-256,384,512 family
2. Has to do with how intermediate internal values in padding are calculated
John will send reference and recommendations
Mike asked John to sanity check the current JCA values
John and Nat to provide encryption spec feedback within 24 hours
Anonymous client flow using asymmetric signatures
What Mozilla BrowserID is doing
Not OAuth, so no client or RP identification in BrowserID
Could have anonymous clients with unregistered clients using token flow
Send to the introspection endpoint
Get something useful without client registration
Can get userid and access token to use at UserInfo endpoint
John will write up an informal proposal for the list
Almost indistinguishable flow from BrowserID except for IdP Discovery part
Can be done in JavaScript
No discovery needed for BrowserID since uses a central service run by Mozilla
They eventually plan to remove need for service by building client into the browser
Implementation update
Google announced theirs (in incomplete state)
Ryo Ito did test RP - specific to Google endpoint
Feedback update
Chuck Mortimore sent feedback today - need to review
On July 13, Andrew Arnott had comments to AB list
Nat responded on the list
Structure for reorganizing the specs
John and Nat will talk in person in Colorado
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110718/34290ada/attachment.html>
More information about the Openid-specs-ab
mailing list