[Openid-specs-ab] Spec call notes 4-Jun-12
Mike Jones
Michael.Jones at microsoft.com
Tue Jun 5 00:39:56 UTC 2012
Spec call notes 4-Jun-12
Nat Sakimura
Mike Jones
Edmund Jay
Pamela Dingle
John Bradley
Agenda:
Open Issues
Edits and Release
OAuth
JOSE
Discovery
Open Issues:
One new issue
#601: Standard - No way of doing IdP initiated login defined
Agreed to do - assigned to John
John will ask Brian Campbell for his input on how it should happen
Probably do around the same time as Session Management
Existing issues
#595 Discovery 2 - No means of discovery without web server for domain
Agreed to proceed (despite it probably upsetting purists)
Edits and Release:
Similar status as before - John plans to do self-issued checkins by next call
Unfortunately, Basic is code flow and self-issued only supports the implicit flow
OAuth:
We should allow any URI in client_id and probably any printable ASCII characters
password should allow printable ASCII characters plus whitespace
state, code, access_token, and refresh_token should probably be any printable ASCII characters plus whitespace
We should review the comments on the Assertions specs
JOSE:
Discussion about non-AEAD algorithms
We do need to think about how to accommodate new algorithms such as SHA-3 in the KDF
Nat sent this reference to the (uncommon) AES 512 algorithm
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6122835&contentType=Conference+Publications
Discussion about compression of signed text
No one has replied to John's message thus far
John wrote that the more MTI features, the fewer people will build the spec
Discovery:
No updates since last call
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120605/9ee4c4ed/attachment.html>
More information about the Openid-specs-ab
mailing list