[Openid-specs-ab] Spec call notes 9-Jan-12
Mike Jones
Michael.Jones at microsoft.com
Tue Jan 10 00:14:31 UTC 2012
Spec call notes 9-Jan-12
Mike Jones
George Fletcher
Nat Sakimura
Edmund Jay
John Bradley
Breno de Medeiros
Naveen Agarwal
Tony Nadalin
Agenda:
Open Issues
Session Management Spec Update
OpenID 2.0 Migration Recommendations
Spec Review Feedback Received
Events
Updating the openid.net/connect page
Updates on Other Work Needed
Open Issues:
For #502-504, we need more details on the change(s) that Hideki is proposing - John will follow up
We assigned #505 to John for him to propose new language
Session Management Spec Update
Breno said that what Google needs for logout/session is reasonably complex
The user experience is important so people aren't logged out by mistake
They want a user confirmation step
Requires a level of indirection
Google wants to give users the option to sign into another account at logout time
So it's "switch account" - not "logout" - at that point
One of the possible outcomes is "logout"
The user may not be logged out at the end
Google wants RPs to quickly detect logout/account switch at the IdP and adapt
Google is working towards those two targets
Google thinks that IdPs want to promote users being signed in
They think that IdPs are not as interested in logout as session synchronization
Breno and Naveen think they understand what it will take to do this
They think that February 6th would be a difficult target to hit
But Breno is willing to start outlining what should be in the spec
Naveen thinks that they can give a demo late this week or early next week
Then Breno can describe how it works
They will work with the working group then on turning it into a real spec
Breno also raised the old issue of whether the ID Token should include a hash of the Access Token
This isn't in the current spec since we never received a write-up of it
They are using the same algorithm for hashing the ID Token as for signing the ID Token
Naveen will schedule a demo for next Monday's call
OpenID 2.0 Migration Recommendations
Google has been having discussions about it and has ideas they think would work
They would issue both identifiers
Returning the OpenID 2.0 identifier from the UserInfo endpoint
John pointed out that OpenID 2.0 delegation may add complications
Spec Review Feedback Received:
Breno plans to review the present specs during the present review period
Mike gave the WG a heads-up that Yaron sent several pages of feedback
In particular, Yaron believes that Issuers must be able to include a path
Mike will come back to discuss this once he has a specific proposal
Events:
John spoke with Don about an interop event at RSA
Don will communicate to the board that we want to do that
We need to find a sponsor that can provide space
John also gave the other list of proposed events to Don
We ran out of time to discuss:
Updating the openid.net/connect page
Updates on Other Work Needed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120110/9f70f165/attachment.html>
More information about the Openid-specs-ab
mailing list