[Openid-specs-ab] July 15 Call Note (draft)
Nat Sakimura
sakimura at gmail.com
Tue Jul 16 00:43:26 UTC 2013
==================================
OpenID AB/Connect WG Meeting Note
==================================
Date: 2013-07-15
Time: 16:00 - 17:40PDT
Attendee: John B, Edmund, Nat, Mike (16:36-)
Feature Requests
=================
1) Javascript client check id immediate without page change
- CORS or postMessage to server frame
- Google way: https://code.google.com/p/oauth2-postmessage-profile/
- register javascript origine or redirect_uri
- see:
http://www.riskcompletefailure.com/2013/03/postmessage-oauth-20.html
=> Mike will talk to Vittorio
2) JWKS not having expiry date
- Brought up by Vittorio
- for http, can use http dates
- for others there may not any way
3) iOS Native Public Client indeterministic
- send one time client secret in the auth request
- send the secret with code
=> OAuth profile perhaps
4) Unregistered/stateless client
- Dynamic stateless client registration that encodes client secret in the
client_id
- OR use similar thing as in self-issued
=> File tasks. Good practice guide on stateless regsitration.
=> John
Voting
========
- Announcement draft to be reviewed next Monday
- Double check the OpenID Porcess to do it right
-
http://openid.net/wordpress-content/uploads/2010/01/OpenID_Process_Document_December_2009_Final_Approved.pdf
Berlin IETF Meeting
================
- John will make eventbright
- Agenda for JOSE and OAuth
- JOSE Tue Afternoon - 2 hours
- Probably concentrate on issues resolutions
- issue resolution proposal to get to WGLC
- OAuth
- Should deal with Dynamic Regsitration and Assertion Draft
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130715/f99c8936/attachment.html>
More information about the Openid-specs-ab
mailing list