[Openid-specs-ab] Spec call notes 18-Oct-12
Mike Jones
Michael.Jones at microsoft.com
Thu Oct 18 15:46:22 UTC 2012
Spec call notes 18-Oct-12
Nat Sakimura
John Bradley
Mike Jones
Roland Hedberg
Brian Campbell
Edmund Jay
Agenda:
Interop
Self-Issued OP
Mobile phone application
Editing
Open Issues
OAuth Update
JOSE Update
Connect Meeting before IIW
OpenID Meeting at IETF
Interop:
Roland reports that the number of people actually testing has increased
Roland reported that a question came up about who is sending the authorization request
Whether it's the user's browser or the relying party
Apparently some participants are having issues about cookies
If the authorization server sets a cookie on the authorization endpoint,
it should not expect to receive it at the token endpoint or userinfo endpoint
Roland reported that his funding for the testing was renewed for another three years
So we are in no danger of the testing framework going away
Self-Issued OP:
Jun has fixed his bug in the self-issued OP
He is making it available on TestFlight now
Nat will send out instructions soon
Open Issues:
#668: Messages,Multi Response - Cope with bloating id_token_hint in self-issued cases
Mike observed that we're sending URLs to pictures, not pictures
A way of reducing the size of the hint would be to send the user_id value as the hint
We currently have login_hint, but it doesn't capture the issuer
Nat is proposing a userinfo token instead of putting the claims in the ID token
This would add another response_type value
There are also privacy issues to discuss
#667: Registration - Restructuring
No normative changes are proposed
We also want to take a look at the structure of Messages
Connect Meeting before IIW:
http://connect-wg-oct-2012.eventbrite.com/
Most important to discuss:
Session management issues - 650, 605, 634, 635
#595: Discovery 2 - No means of discovery without web server for domain
#604: All - Create a MTI section
#633: Messages - 4.2 JWK and X509 format support
Should also discuss:
#668: Messages,Multi Response - Cope with bloating id_token_hint in self-issued cases
#667: Registration - Restructuring
#656: Discovery - 4.2 Provider Configuration File does not specify what optional parameters the server accepts
#653: Registration - 2.1 policy_url SHOULD be displayed?
#636: JWT - intermediate audience claim
#628: Discovery 3.2 - need a strict JSON structure
#601: Standard - No way of doing IdP initiated login defined
#576: Discovery - Monitor IETF discovery spec decisions
#539: Messages - 0. Add scope for offline access
Editing:
Nat has done some of his edits
Mike will work on the edits bringing Connect in sync with the recent JOSE changes
OpenID Meeting at IETF:
http://connect-ietf-85.eventbrite.com/
We now have an assigned room for our meeting
John will try to have them get us a projector
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121018/f19caf5f/attachment.html>
More information about the Openid-specs-ab
mailing list