[Openid-specs-ab] Spec call notes 13-Jun-11
Mike Jones
Michael.Jones at microsoft.com
Mon Jun 13 22:45:45 UTC 2011
Spec call notes 13-Jun-11
Nat Sakimura
John Bradley
Edmund Jay
Mike Jones
Edmund met with Breno
Breno and Facebook want to use new OAuth response types - comma separated
code,token,session
Session is what we used to call the ID Token
Facebook also proposed a response type "none"
John believes that current OAuth draft only allows you to ask for one token type
Breno thinks it's being changed
We need to monitor this in the draft
Breno and Edmund discussed how to restructure the session management to make it more readable
Edmund is working on that
They talked about additional request parameters related to the user experience. Breno proposed
display={none,mobile,popup}
They discussed a parameter expressing the approval required
This would be a space-separated list of the following choices:
prompt=login consent selectaccount
They discussed a nonce parameter
John wasn't sure what they were trying to accomplish with this
Edmund said that it would be passed back as part of the session token
Apparently Facebook is interested in this
Edmund will follow up with Breno on this and get a description of it
They discussed the token introspection endpoint
It can either be called with an access token or session token
Edmund expects to get these things written up this week
John has been working on writing up how to get back multiple endpoints for the OpenID provider
He will try to circulate something tomorrow
Mike committed to update the UserInfo endpoint schema - will try to circulate something tomorrow or Wednesday
Scott Cantor and John had discussed that a problem with SAML has been not nailing down the EntityID format for the issuer
We should try to avoid this
Is it a URL for one of our endpoints, or something more abstract?
We probably need to be specific about what the identifier for the IdP is
The initial endpoint where you do discovery for the identifiers is likely a good choice
John will take a stab at this as part of his write-up
John, Nat, and Mike are planning to go to the OpenID summit in Colorado
They are also plan to go to IETF meeting in Quebec City that is soon after it
Don is meeting with Alan Tom and Eric this week about the Connect launch plan
John plans to try to call in for that
We plan to have specs complete enough for early implementers by the end of this month
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110613/9514fdc8/attachment.html>
More information about the Openid-specs-ab
mailing list