[Openid-specs-ab] Spec call notes 10-May-12
Mike Jones
Michael.Jones at microsoft.com
Fri May 11 01:19:01 UTC 2012
Spec call notes 10-May-12
Mike Jones
Edmund Jay
John Bradley
Pamela Dingle
Naveen Agarwal
Agenda:
JOSE Editing Discussions
Session Management
Tracked Issues
Editing
Discovery / WebFinger
JOSE Editing Discussions
Mike sanity checked his new JOSE text on derived key lengths
We discussed the entropy requirements for symmetric keys
John recommended the same number of bits of key entropy as the result
JWA 4.6. Key Encryption with Elliptic Curve Diffie-Hellman Ephemeral Static
160 bits is the minimum size of public key, and the ephemeral key
The generated key should be the correct size for the block encryption algorithm
The result of the key agreement becomes the content master key
John agreed to revise Mike's current text on this
JWA 4.9. Plaintext Encryption with AES Galois/Counter Mode (GCM)
We need to specify the size of the authentication tag output
Specify matched size
Session Management
Google is building a session management implementation in the next few weeks
We will do the other agreed edits first before session management
Tracked Issues:
#583 Messages 2.2.1: client auth claims not consistent with draft-jones-oauth-jwt-bearer-04
Resolved as invalid
Editing to apply last week's decisions:
Still on track for spec updates next week
Discovery / WebFinger
Several implementers have built initial WebFinger implementations for Connect
These are being discussed on the openid-connect-interop at googlegroups.com list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120511/40cbaae9/attachment.html>
More information about the Openid-specs-ab
mailing list