[Openid-specs-ab] Spec call notes 3-Nov-11
Mike Jones
Michael.Jones at microsoft.com
Thu Nov 3 23:30:30 UTC 2011
Spec call notes 3-Nov-11
Nat Sakimura
John Bradley
Tony Nadalin
Edmund Jay
Mike Jones
Agenda:
Editing and Issues Update
Servers without check_id and UserInfo endpoints
Marketing Update
IETF in Taipei
Editing and Issues Update:
John and Edmund have closed "a gargantuan number of tickets"
Mike has been working the OAuth Bearer token draft 14 - will finish today
Mark those we're not doing before the Implementer's Drafts as being on hold
John will do this, plus mark those already done and still open "fixed"
221 - Clarification on how to use the sector identifier
Include paragraph to Messages on implementing PPIDs - John
Change sector_identifier to sector_identifier_url - John
Why is js_origin_uri a uri versus url?
Decision not to change this without input from Breno
Add "redirect_uri" to the FAQs saying we're using the same value as OAuth did (even though it's a URL)
192 - Requesting clarification of the OpenID request object - John will close based upon his reworking of the text
191 - Fixed by moving it into discovery
35 - Session management endpoints GET or POST - Put on hold
88 - Define how messages should be encrypted
John will fix Section 6 of messages to be consistent with the rest of the encryption language
210 - Minimum parameters for registration
Parameters dynamically discovered at discovery time
A static set of required parameters is therefore not appropriate
232 - "Client" versus "end-user"
Nat will close
230 - Terminology introduction standardization (Editorial)
Caspar provided content - Mike
163 - Copyright and IPR notices
Hold - Nat
58 - Consistent capitalization
Mike
227 Signed response and server check
John will review current text
Servers without check_id and UserInfo endpoints
Mike described an ask from one group to allow IdPs without check_id and UserInfo endpoints
All claims would be returned in the tokens
(Nat remarked that this is a whole lot like draft one of the Artifact Binding!)
Client needs to know the format of the access token, and that it's a JWT
We would have to define this in discovery
This saves a round-trip
The audience of both tokens should be the client ID
Do we also want expiration time?
Mike will write up these as DCRs
File the bugs against the UserInfo endpoint
We'll decide on Monday
Marketing Update
Nat will ask Pam to finish the diagram update that includes the Bearer Token spec
At Japan summit, there will be simultaneous translation
We should have the list of terms translated in advance
IETF in Taipei
Nat, Tony, and Mike will be there in person
There will be a dial-in number for the OAuth rechartering discussion
We should have supporters dial in for the rechartering discussion
Nat will send a note to OpenID general list asking if the local community wants to meet with us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111103/c3b959e6/attachment.html>
More information about the Openid-specs-ab
mailing list