[Openid-specs-ab] Spec call notes 17-Oct-13
Mike Jones
Michael.Jones at microsoft.com
Thu Oct 17 14:57:37 UTC 2013
Spec call notes 17-Oct-13
Mike Jones
Brian Campbell
George Fletcher
John Bradley
Nat Sakimura
Edmund Jay
Agenda:
Open Issues
Multiple response type requests returning values in ways other than fragments
Document Restructuring and Review
Open Issues:
#873: session 4.1. Can we use opbs with http (not httponly)
We developed proposed text for this
#879 & #880: Hosting self-issued.me
John will get the cheapest Amazon VM and give Edmund access to it
Multiple response type requests returning values in ways other than fragments
Microsoft has asked for a POST binding, like WS-Federation and SAML have
Ping has an extra response_type component x_post
This causes the responses to POST to be returned as form-encoded body content
Google has a way of registering clients to use a postMessage binding
They do that by registering a JavaScript origin, rather than response_type
AOL's OpenID 2.0 provider often uses the POST response because of large AX responses
John had proposed a registration parameter for this:
redirect_type fragment | POST | postMessage
This would be discoverable as
redirect_types_supported
Another reason for this is to not hit fragment size limits
Mike will file a bug on this to make a concrete proposal
We will discuss this at the Monday meeting
Document Restructuring and Review:
Mike posted a Word version of the Core spec with tracked changes turned on
People are requested to mark it up with specific proposed changes this week
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131017/80aef51b/attachment.html>
More information about the Openid-specs-ab
mailing list