[Openid-specs-ab] Spec call notes 15-Oct-12
Vladimir Dzhuvinov / NimbusDS
vladimir at nimbusds.com
Tue Oct 16 05:57:24 UTC 2012
Thank you guys for putting the MTIs wiki together. Nicely structured.
Is request_uri deliberately omitted from the Authz Endpoint MTI?
BTW, we noticed that depending on network condition retrieval of
request_uri may slow authz request significantly to affect smooth user
experience. So I decided to allow for HTTP connect and read timeouts in
the Java OpenID Connect SDK. I suppose that's acceptable.
Also, if "nonce" and "state" are not going to be included in the request
object, there's potential for caching it. Can clients mark the object as
cacheable by appending the appropriate HTTP headers to it? Our current
retriever class doesn't support caching.
Cheers,
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
-------- Original Message --------
Subject: [Openid-specs-ab] Spec call notes 15-Oct-12
From: Mike Jones <Michael.Jones at microsoft.com>
Date: Tue, October 16, 2012 1:04 am
To: "openid-specs-ab at lists.openid.net"
<openid-specs-ab at lists.openid.net>
Spec call notes 15-Oct-12
Mike Jones
Nat Sakimura
Edmund Jay
John Bradley
Pamela Dingle
Agenda:
Pending JOSE release
WebFinger
Potential SWD changes
Self-Issued OPs
Mobile phone application
Interop
Editing
Open Issues
Connect Meeting before IIW
OpenID Meeting at IETF
Pending JOSE release:
Mike reviewed the pending JOSE changes
He plans to release new versions in the next 24 hours
WebFinger:
Mike has seen a draft the removes XML support to a
non-normative appendix
It should be released before Monday's deadline
Potential SWD changes:
Do we want to do a release a SWD draft that removes the
JSON redirect and adds a host prefix?
Let's talk about this on Monday -
especially with Google
Self-Issued OPs:
Jun is hitting an issue having to do with a change of
iOS versions
TestFlight allows limited distribution
We probably want to require them to
have an RP implementation supporting self-issued OPs
Nat reports that Axel is making progress on an Android
implementation
Apparently Axel and Jun are testing with Jun's RP,
which supports self-issued OPs
Mobile phone application:
Pam is modifying Ping's test application to let it be
used in a more generic way
She will try to have a version for
people to use by Monday
Interop:
Nov had pointed out a certificate problem and Roland
seems to have addressed it
Edmund tried Roland's new updates for the RP tests
They seem to be working now
Editing:
Nat plans to do his edits tomorrow
Mike plans to do the OpenID Connect changes
corresponding to the JOSE updates this week as well
Nat pointed us to this wiki page about
MTI features: https://bitbucket.org/openid/connect/wiki/MTIs
Open Issues:
There were no new issues
At IIW, we should go through the deferred issues
Nat wants us to talk about MTI features for the server
- issue #604
Currently it is everything in Basic
plus the OpenID Request Object
If an OP has claims and they are
requested via the request object, they need to be returned
JWS is mandatory, JWE is optional
Connect Meeting before IIW:
http://connect-wg-oct-2012.eventbrite.com/
We need to talk about MTI there
We should get an update on Session Management
Mike sent a request for this to Naveen
and Breno
We should talk about on-behalf-of
And other major open issues
OpenID Meeting at IETF:
http://connect-ietf-85.eventbrite.com/
We don't know which room we have yet
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list