[Openid-specs-ab] Spec call notes 27-Jun-13
Mike Jones
Michael.Jones at microsoft.com
Thu Jun 27 14:55:02 UTC 2013
Spec call notes 27-Jun-13
Mike Jones
John Bradley
Nat Sakimura
Justin Richer
Edmund Jay
Agenda:
Open Issues
JOSE Issues
Interop
Open Issues
#850 login_hint for Initiating Login at Client from Third Party
We will apply the clarification to login_hint as errata
John will send a note to the account chooser WG about requiring an issuer
There were a few other editorial clarifications that we will apply
Conflict between Messages and Basic
Messages requires checking the signature but Basic doesn't
We need to relax Messages to allow the behavior specified in Basic
Mike will file a ticket about this
"If the client is directly receiving the ID Token over a TLS protected session directly from the token endpoint then validating the ID Token signature is optional"
We will apply this as errata
JOSE Issues:
People are encouraged to follow and take part in these current discussions:
#13: use AES-GCM for Key Wrapping
Jim asked which draft people prefer
#25: Detached content for the ALTO use case
John had proposed that this be done at the application level, for instance like at_hash does
#26: Allow for signature payload to not be base64url encoded
Several aspects of this are being discussed on the list
#27: member names MUST be unique needs additional text
Ongoing discussion about using existing JSON parsers
Interop:
We started the OC5 interop
Several solutions will be updated and then come back online, such as PingFederate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130627/2cf3a0cc/attachment.html>
More information about the Openid-specs-ab
mailing list