[Openid-specs-ab] Spec call notes 16-Feb-12
Mike Jones
Michael.Jones at microsoft.com
Fri Feb 17 00:41:36 UTC 2012
Spec call notes 16-Feb-12
Mike Jones
Nat Sakimura
John Bradley
Edmund Jay
Tony Nadalin
George Fletcher
Agenda:
Voting Status
Interop
Working Group/Interop Meeting
Session Management
Open Issues
JOSE Strategy
Voting Status:
86 for, 1 against, 2 abstentions
the quorum requirement was 72 - based upon there being 360 active members
Nat will draft a post and run it by Mike for editorial
Session Management:
Mike had exchanged thoughts with Eric yesterday
Google is actively prototyping
The Google participants plan to be present at RSA
The board discussed that this spec is blocking completion of the others yesterday
Interop:
The test features are all live on the interop wiki
See a solution page for the list
Roland has tests for nearly all of the features
He plans to publicize how to use them by Monday or so
Working Group/Interop Meeting:
John put up an EventBrite page: http://openid-rsa-interop.eventbrite.com/
Tony will try to get a second room so interop can happen in parallel with the working group meeting
We will cover the hard open issues in person there
Open Issues:
Deferred until in-person meeting:
#535 Messages add id_token to Authorization Request
Normally optional
Possibly require it for prompt=none
#536: Messages, Multi Token Response, add hash of token to id_token
#539: Messages - 0. Add scope for offline access
Resolved:
#540: Messages - 2.2.3 id_token MUST NOT be returned for grant_type=refresh
Nat
#541: Standard - 2.3.1.3 Request file requiring all request param to be included is false
Nat
#542 Messages 2.1.2.1 required fields for request object don't match Standard
We discussed whether the client_id should optional in the request file or not
We decoded that it should be optional
Nat
#544 Messages - 2.1.2 Some scope=openid behavior redundant?
John will change to better fit with Multiple Response Type semantics
#546 Basic 2.1 & 2.1.2 - Claims requested by profile scope not defined
Mike
#547 Messages 2.1.2.1.1.1 - Spec not clear that user_id claim must be explicitly requested in userinfo claims member
New issue:
Do the requested claims in the request object add to or replace the claims requested in the scope values?
Mike will file issue - to be talked about in person
JOSE strategy:
New requirements being expressed
Multiple signatures - Cisco
JSON serialization
Put both into a new JSON serialization spec
Need to update JWE for integrity
Nat had a proposal with 3 fields
John had a 4 field proposal
Mike asked Nat and John to forward their proposals to him
EC-DH "static static" (being discussed on JOSE list)
EC-DH is a key agreement mechanism
"static static" mode doesn't use an ephemeral public key
Can use for integrity:
Use key agreement to establish shared secret
Encrypt MAC of the message
Integrity verified if MAC decrypts correctly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120217/1f019abb/attachment.html>
More information about the Openid-specs-ab
mailing list