[Openid-specs-ab] Spec call notes 21-Feb-13
Mike Jones
Michael.Jones at microsoft.com
Thu Feb 21 16:28:53 UTC 2013
Spec call notes 21-Feb-13
Mike Jones
Roland Hedberg
Brian Campbell
Edmund Jay
Tim Bray
John Bradley
Justin Richer
George Fletcher
Pamela Dingle
Agenda:
MTI Discussion
Open Issues
Key Rollover
Native Test Client
MTI Discussion:
We went through the MTI lists in 9.1 and 9.2
John said that the one thing that we could potentially drop as MTI is the "request" parameter
while keeping "request_uri" as MTI
Tim and Justin felt that UserInfo should be MTI for all non-self-issued OPs
It makes client code much easier
It's actually only required to return the "sub" claim
We decided to make this required for other than for non-self-issued OPs
Breno plans to be on the Monday call
Open Issues:
We approved #782 - Change uses of "url" in identifiers to "uri"
Key Rollover:
Brian described his proposals for enabling key rollover
The most practical idea seems to be the x.509 pkix JWK type
No better idea that actually solves the problem has been proposed
As described in Matt Miller's individual submission draft
Using the JWK Set
Otherwise we would be creating a different set type for X.509
Using the x509_url might go away, but we'll take that up after these changes are applied
Key expiration might just be done with HTTP cache directives
Justin also asked about bare keys
We previously discussed X.509 SubjectPublicKeyInfo and rejected it
The last time we talked about this we decided to do bare keys in JWK
or use self-signed X.509 certificates
Brian is willing to do the editing
Mike will coordinate with him
Native Test Client:
We didn't receive any status update from Pam
Ideally we will use the native client test app with a self-issued OP soon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130221/dff38330/attachment.html>
More information about the Openid-specs-ab
mailing list