[Openid-specs-ab] Spec call notes 31-Jan-13
Mike Jones
Michael.Jones at microsoft.com
Thu Jan 31 16:47:27 UTC 2013
Spec call notes 31-Jan-13
Nat Sakimura
Mike Jones
Tim Bray
Edmund Jay
George Fletcher
Justin Richer
Tim Bray
Roland Hedberg
Brian Campbell
Agenda:
MTI for OpenID Request Object
New Open Issues
MTI for OpenID Request Object:
Google didn't feel like the ROI was there for the request object for them
You could have a perfectly functional SSO system without it
People agreed that if it's not supported, this needs to be discoverable
People agreed that the implementation shouldn't fail due to unrecognized parameters
OAuth 3.1 says that unrecognized parameters must be ignored
Mike expressed view that the existence of the request object should at least trigger a request for default claims
George would prefer to define basic request object support, rather than just punting it
Or if not, then maybe fail
Mike pointed out that we've always said that authentications should succeed if possible
And clients have to check whether the claims returned meet their needs
Nat is worried about the privacy implications of returning more information than is requested
Tim also expressed strong reservations about the request_file
Support for that could be made discoverable, rather than MTI
Brian suggested possibly separating support for fine-grained authorization from support for signed parameters
Mike will write up a middle ground Request Object proposal
Parse request parameters in request object but ignore claims sections
Tim will review proposal with Google team
New Open Issues:
We went through most of the new open issues and decided upon resolutions
We didn't get through the issues that are actually lists of comments
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130131/76809079/attachment.html>
More information about the Openid-specs-ab
mailing list