[Openid-specs-ab] Spec call notes 24-Oct-11
Mike Jones
Michael.Jones at microsoft.com
Mon Oct 24 23:25:56 UTC 2011
Spec call notes 24-Oct-11
Nat Sakimura
Pamela Dingle
Edmund Jay
Mike Jones
John Bradley
Agenda
Editing to get to Implementer's Drafts
Open Issues
Editing to get to Implementer's Drafts
Edmund has finished everything assigned to him
Justin has finished everything assigned to him
John's turn next
Mike needs to update a few IETF submissions this week, then will tackle his issues
We had a number of new issues come in on Friday from George
Open Issues
250 - Do we want more display parameters?
"none" should be a "prompt" parameter, not a "display" parameter
Use same size popup window as OpenID 2.0 UX extension
251 - server.example.org, client.example.org
We should continue to use .net in the cases we did previously
Change server.example.org to server.example.net
249 - Define way for RP to pass an id_token in authorization request
Allows specific user to be authorized
Defer until session management update
235 - Editorial - Discovery & registration
No change
John will look at updating references
246 - Editorial - Errors not listed
John will call out using OAuth errors
245 - Formatting
Assigned to John
244 - Do we need a confidential client type?
Insufficient description
Not clear what the requested change is
John will ask Casper to clarify
Possibly referring to 5.1.1 of Standard spec
243 - 5.1.1 of Standard
Content-Type header repeated in example
Duplicate of another bug
Already fixed by Edmund
242 - Standard 4.3.1.3.3
Example: rf.js -> rf.jwt
John
241 - Request file registration service
Decided last week to drop this and make this an extension
John
240 - Messages 8.9
Request file not defined in messages, but in standard
Define in both places
John
239 - Standard 4.3.1.3
Curly braces in example nonsensical since JWT
Edmund
238 - Standard 4.3.1
Do we reference spec or section?
Put on hold - not a good time for sweeping edits
237 - Basic 3.3.1.1
Editorial about certificate validation
John
236 - Basic 2
Terms duplicated from Messages
By design
229, 236 - Edmund asked whether we decided to change "User" to "End User"
We agreed yes
Edmund
232 - Client sends request to authorization server
Not always a redirect
Nat will explain this and close it
231 - Missing version number in OAuth reference "OAuth Parameters" -> "OAuth 2.0 Parameters"
Mike
230 - Standardize terminology in introduction
Ask Casper to provide specific wording
Nat
228 - Messages 6.5
If request is signed
But never signed, since only supporting bearer requests
Edmund
226 - Messages 3.1.4.1
222 - Registration 4.1 - js_origin_uri
Asked Breno to follow up
Nat will follow up with Breno
220 - Ask Casper
Nat
213 - Registration logo_url description
George was asking for sizes
Hold - not necessary for Implementer's Draft
212 - Cleanup
John
211 - Discovery 6.3.1.2
Principal is *entire* e-mail address
Silent on whether mailto: or acct: or none
Identifier using e-mail address syntax
John
203 - Messages 6.8
Underspecified check_id response verification
201-203
What is the exact validation rule?
John will decide whether to fix or put on hold
131 - Terminology
Drop artifact from Messages 8.6
John
Axel's issue about duplicated parameters between OAuth request and signed OpenID Request
Including stuff to not make standard libraries blow up worth doing
Don't change before Implementer's Draft
Easier for implementations to have all parameters in the request object
John will check that draft matches our intent
252 Should we add optional policy_url to registration parameters
Yes - John
Implementer's Draft Logistics
Mike will talk with John Ehrig about vote logistics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111024/ce0b97e9/attachment.html>
More information about the Openid-specs-ab
mailing list