[Openid-specs-ab] Spec call notes 25-Nov-13
Mike Jones
Michael.Jones at microsoft.com
Tue Nov 26 01:40:57 UTC 2013
Correction - this was for 25-Nov-13
From: Mike Jones
Sent: Monday, November 25, 2013 3:26 PM
To: openid-specs-ab at lists.openid.net
Subject: Spec call notes 21-Nov-13
Spec call notes 25-Nov-13
John Bradley
Edmund Jay
Brian Campbell
Mike Jones
Agenda:
Open Issues
E-mails to the list
Editing Status
Hosting self-issued.me
Next call
Open Issues:
There are no new open issues
John plans to add one to track his message "Login Initiation endpoint"
E-mails to the list:
Login Initiation endpoint
John answered the questions that Mike asked on the list
This is an optimization for the case where the initiator is the OP
It gives the RP an ID Token but not an access token
You could get an Access Token with a prompt=none request
This is common in SAML
This lets the session fit more naturally into environments with a Web access manager
The short lifetime is an attempt to prevent replays, since there is no nonce
It makes Brian nervous that the ID Token would be query parameter, rather than a POST
session_selection_required versus account_selection_required
Should this the "session_selection_required" error code actually be called "account_selection_required"?
Mike forwarded the question to Breno
Hosting self-issued.me
John will try to work on this this week
Next Call:
Thursday is US Thanksgiving
The next call will be in a week
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131126/ce50a327/attachment.html>
More information about the Openid-specs-ab
mailing list