[Openid-specs-ab] Spec call notes 15-Sep-11

Mike Jones Michael.Jones at microsoft.com
Thu Sep 15 22:47:59 UTC 2011


Spec call notes 15-Sep-11

Mike Jones
Nov Matake
Nat Sakimura
Edmund Jay
(John Bradley was flying and so couldn't make the call)

Agenda:
                Issue Resolutions
                Open Issues
                Issues Identified During the Interop
                Soliciting more developer feedback

Issue Resolution
                Nat, John, Edmund and others met yesterday to go through the tracked issues
                They developed proposed resolutions to all but two issues:

                Issue 52: It was proposed to rename the check_session endpoint to check_id
                                No one on the call objected to the change
                                Edmund will make a post notifying the list of this change
                Issue 31: When response type is code+token, how are the two tokens returned?
                                Nat and Edmund's proposal was that code should be returned in the query string and token in the fragment
                                John's proposal was that both be returned in the fragment, for the benefit of JavaScript clients
                                Edmund will post about this

                Proposed to all the other issues were recorded in the tickets
                                They expect that these will be non-controversial
                Edmund and Nat will do an initial editing pass incorporating these resolutions so people can review the revised specs

Open Issues
                We need to think more about how to specify keys for encryption
                                Nat, John, and Mike to make a concrete proposal
                Breno's idea about including a hash of one token in another
                                Status:  Waiting for a concrete write-up by Breno
                Session Management Rewrite
                                Status:  Waiting for a concrete write-up by Breno
                Recording specific versions of JWT, JWS, JWE, JWK to reference since Internet Drafts will expire
                                We need to decide on specific versions
                                                Mike suggested waiting until JWT is revised to better document use of JWE
                                We need to decide on specific URLs
                                The proposal is to make copies on openid.net/specs

Issues Identified During the Interop
                The key identification and usage issues for signing and encryption came up during the interop
                Andres Solberg had an issue with id_token verification
                                Nov has asked him for more specifics
                                Nov will do a write-up of this issue

Soliciting more developer feedback
                Nat suggested that we wait for the current set of issue resolution edits before making a big push
                Edmund will try to produce drafts to review before Monday's call
                We are targeting getting these versions up by Tuesday
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110915/47a7318c/attachment.html>


More information about the Openid-specs-ab mailing list