[Openid-specs-ab] Spec call notes 10-May-12

Mike Jones Michael.Jones at microsoft.com
Fri May 11 01:19:01 UTC 2012


Spec call notes 10-May-12

Mike Jones
Edmund Jay
John Bradley
Pamela Dingle
Naveen Agarwal

Agenda:
               JOSE Editing Discussions
               Session Management
               Tracked Issues
               Editing
               Discovery / WebFinger

JOSE Editing Discussions
               Mike sanity checked his new JOSE text on derived key lengths
               We discussed the entropy requirements for symmetric keys
                              John recommended the same number of bits of key entropy as the result
               JWA 4.6. Key Encryption with Elliptic Curve Diffie-Hellman Ephemeral Static
                              160 bits is the minimum size of public key, and the ephemeral key
                              The generated key should be the correct size for the block encryption algorithm
                              The result of the key agreement becomes the content master key
                              John agreed to revise Mike's current text on this
               JWA 4.9.  Plaintext Encryption with AES Galois/Counter Mode (GCM)
                              We need to specify the size of the authentication tag output
                              Specify matched size

Session Management
               Google is building a session management implementation in the next few weeks
               We will do the other agreed edits first before session management

Tracked Issues:
               #583 Messages 2.2.1: client auth claims not consistent with draft-jones-oauth-jwt-bearer-04
                              Resolved as invalid

Editing to apply last week's decisions:
               Still on track for spec updates next week

Discovery / WebFinger
               Several implementers have built initial WebFinger implementations for Connect
               These are being discussed on the openid-connect-interop at googlegroups.com list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120511/40cbaae9/attachment.html>


More information about the Openid-specs-ab mailing list