[Openid-specs-ab] Spec call notes 19-Sep-11
Mike Jones
Michael.Jones at microsoft.com
Mon Sep 19 23:53:36 UTC 2011
Spec call notes 19-Sep-11
Mike Jones
Edmund Jay
John Bradley
Nat Sakimura
Pamela Dingle
Breno de Medeiros (for part of the call)
George Fletcher
Johnny Bufu
Agenda:
Status of fixes in the specs, per the agenda in Nat's schedule message
Open Issues Discussion
Breno's Issues
Several proposals from Roland
Status of fixes in the specs
Edmund made fixes to Basic spec
About a dozen issues left
Nothing new that specifically calls for working group attention
Will finish edits today or tomorrow
Nat made fixes to Messages spec
Incorporating resolutions from last week
#49 Nat dropped the underspecified sentence
One remaining issue before back-porting Basic changes
Key specification issue still outstanding - Assigned to Nat, John, Mike - John to take a stab at it
No changes yet to other specs
Spec consistency
Edmund will make changes to other specs parallel to those he's making in basic
He will try to get this done before Thursday's call
Mike asked that we no longer check things into SVN until a spelling checker has been run
John will pick up editing Basic after Edmund finishes this week
Open Issues Discussion
Issue #98 (Security Considerations) - John will fix
Breno's Issues
Breno managed to get some time to do spec work this week
We should expect updates from him by the end of the week
Topics he plans to work on:
Response types and coding
Session management
Feedback on other parts of the spec
Proposed Logout Changes
OPs can keep track of logged in RPs
RPs provide a logout URL at registration time
RP will redirect or iFrame user to logout URL at OP
OP will iFrame a page with logout URLs for all RPs
Using ID Token appropriate to each RP
Redirect back to continue URL at RP
Write-up about including a hash of one token in another
Response type handling to be written up separately
Will send to us to review before submitting it to the OAuth WG
Nat pointed out that there is no id_token work in the OAuth WG
Mike pointed out that OAuth registration just requires a reference to a stable document
How to encode code+id_token (both in fragment?)
Breno is in favor of this, both for JavaScript
Also, because using the query parameter breaks caching and JavaScript
The working group agreed
Several proposals from Roland
Roland proposed that the UserInfo claims have a namespace
We agreed to define a namespace for when these claims are used in other contexts such as SAML tokens
And we also agreed that this will not change the wire format already specified for Connect or JWT
Token Revocation
Roland asked how http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-03 relates to session management
We agreed to have Breno think about that as he works on the Session Management spec
We are concerned that the current IETF spec isn't yet stable
Editing plan:
At present, we are waiting on Edmund to finish his edits
Then Edmund will hand off to John
Then Mike will review the result
And we will then check the reviewed result into SVN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/480767e3/attachment.html>
More information about the Openid-specs-ab
mailing list