[Openid-specs-ab] Spec call notes 25-Jul-13
Mike Jones
Michael.Jones at microsoft.com
Thu Jul 25 15:03:30 UTC 2013
Spec call notes 25-Jul-13
Mike Jones
Brian Campbell
John Bradley
Edmund Jay
Agenda:
Implementer's Draft Vote
Open Issues
JOSE issues about JWKs
OpenID Meeting at IETF
Nat's blog post
Implementer's Draft Vote:
We currently have 20 votes out of the 48 needed
We may have to send individual reminders to some people
Open Issues:
#863 - Stateless Registration Discovery/Messages
John will add a comment about the alternative method for doing this
By returning registration state encoded in client_id value
#864 - Native Client code leakage
The effect upon native apps would be that they would use the nonce as the HTTP basic password
Google is already doing this for their native apps
Brian would prefer that this be an OAuth level solution, rather than at the Connect level
Or this could be sent as a different parameter, rather than as the password
John will add a comment describing Brian's concern about mixing the layers
John will file a bug on the possibility of clients using the Code flow registering for "alg":"none"
JOSE issues about JWKs:
#30: Align key usages with WebCrypto
Would make usage multi-valued
It's not clear what practical value this actually provides
Typically use is there to restrict usage to a single usage - not to support multiple uses
Multiple uses seems like a bad idea
#31: Add extractability field for JWK
It's not clear what the intended semantics are
OpenID Meeting at IETF:
People should register at http://openid-ietf-87.eventbrite.com/
We have 13 people registered currently
Nat's blog post:
People are encouraged to review Nat's post for accuracy
http://nat.sakimura.org/2013/07/25/write-openid-connect-server-in-three-simple-steps/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130725/45a4896d/attachment.html>
More information about the Openid-specs-ab
mailing list