[Openid-specs-ab] Spec call notes 21-Jun-12

Mike Jones Michael.Jones at microsoft.com
Thu Jun 21 15:22:53 UTC 2012


Spec call notes 21-Jun-12

Nat Sakimura
John Bradley
Edmund Jay
Brian Campbell
Justin Richer
Mike Jones

Agenda:
               Editing
               WebFinger and acct: scheme
               JOSE
               OAuth
               Session Management
               MTI Features
               preferred_username
               OC4 Interop

Editing:
               Mike did a release removing claims_in_id_token
               John is still working on self-issued - hopes to finish by the end of the weekend
               Nat needs to send out the proposed acknowledgements list

WebFinger and acct: scheme:
               John says that Tim Berners-Lee and the W3C tag are against the acct: scheme
                              He says that they plan to intervene soon

JOSE:
               Richard Barnes is proposing a wholly JSON signing/encryption format that is incompatible with JWTs
               We had a discussion about signing the header data, which his proposal doesn't do

OAuth
               The W3C Review of the Bearer URI Query Parameter is under way
               Once that finishes next week, all DISCUSSes for Core and Bearer should be cleared

Session Management:
               Nat sent a session management draft to the list
                              People are requested to provide feedback
                              Nat will ping the Google participants
               Nat wrote an implementation while writing the spec to verify its correctness
               John and Nat had a discussion about what should be in the hashed value

MTI Features:
               There's been a discussion about Mandatory to Implement (MTI) features on the list
               We need to do a pass over the specs and make it clear what is MTI for IdPs
               Things that are optional to send are not necessarily optional to implement
               Brian said that there is text saying that support for the request object is optional
               We need to be clearer
               For instance, if an IdP doesn't understand the request object, should it say so?
               Similarly, we need to clarify requirements for the display and prompt parameters

               We need to be clearer that the scopes are shorthands, not the primary mechanisms
                              This was not universally understood

preferred_username:
               #584 Messages - Username claim
               John will do this change so we have it in for the interop
               Mike will then do a release

OC4 Interop:
               Pam continues to make progress on cloning OC3 to create OC4
               IBM will be joining the OC4 interop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120621/4c9f8f46/attachment.html>


More information about the Openid-specs-ab mailing list