[Openid-specs-ab] Spec call notes 2-Jul-12
Mike Jones
Michael.Jones at microsoft.com
Tue Jul 3 00:29:17 UTC 2012
Spec call notes 2-Jul-12
Nat Sakimura
John Bradley
Edmund Jay
Mike Jones
Agenda:
Editing
Open Issues
WebFinger and acct: scheme
OC4 Interop
JOSE
OAuth
Next Call
Editing:
John continues to work on the self-issued text - issue #566
We really want to test this in the OC4 interop
Open Issues:
#606 Messages - 2.1.1. ID Token - acr missing the type
In SAML, you request a set and get back a singleton. We will do the same.
#607 Messages - Decoded ID Token example needed
These examples are in Implicit and Basic. They should also be added to Messages.
#608 Messages - Request ID Token and Response ID Token
We will move the ID Token definition to earlier in the spec
Hopefully this might make the section hierarchy less deep as well
We also discussed Blaine's request to authenticate a user with a specific identifier
This would likely be the identifier that discovery was done on
We're not currently passing this to the IdP
This is a different issue than #608. We need a new bug and a proposal - Nat will do
One idea was to add a "value": qualifier to the e-mail request, but this isn't an actual semantic match
Nat will check that the "value": language is general-purpose
#609 Messages - 2.1.1. Add explanation that ID Token may include other claims
Nat will look at this as he moves the ID Token definition for #608
#610 Messages - 2.1.2 Authorization Request - id_token error condition needed
Nat will try to come up with a more concrete proposal
#611 Incompatible values for auth_time in id_token claims of request object
John will fix this to make the claim required
#612 Messages - 4.1 request_object_algs_supported inconsistent with require_signed_request_object
Messages 4.1 request_object_algs_supported change HS256 to RS256
#613 Registration - 2.1 clarification needed for optional parameters during client_update operation
We decided the operation should be atomic, with no carry-over from previous values
#614 Discovery - 3.2 Distinguishing between signature and integrity parameters for HMAC algorithms
For Registration, this is unambiguous, with all these parameters:
id_token_signed_response_alg
id_token_encrypted_response_alg
id_token_encrypted_response_enc
id_token_encrypted_response_int
userinfo_signed_response_alg
userinfo_encrypted_response_alg
userinfo_encrypted_response_enc
userinfo_encrypted_response_int
In Discovery, this is ambiguous, with only these parameters:
id_token_algs_supported
userinfo_algs_supported
We will watch decisions in JOSE and then consider whether to make changes
WebFinger and acct: scheme:
Peter St. Andre submitted a standalone acct: draft
It looks like it may become a WG document
OC4 Interop:
Testing is under way. Additional participants are expected.
JOSE:
Mike is about to published updated JOSE specs
OAuth:
John's additional security considerations text is being discussed and nearly done
Eran has resigned as editor for the Core spec and wants his name off of it
Dick Hardt agreed to be editor to finish the job
A new OAuth Assertions draft with non-trivial changes was published today
People are encouraged to review the changes
Next Call:
We will have the call on July 5th at 7am Pacific
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120703/761e53b1/attachment.html>
More information about the Openid-specs-ab
mailing list