[Openid-specs-ab] Spec call notes 27-Jan-14

Mike Jones Michael.Jones at microsoft.com
Mon Jan 27 23:49:36 UTC 2014 

Spec call notes 27-Jan-14

Nat Sakimura
Todd Lainhart
Mike Jones
Brian Campbell
John Bradley
Edmund Jay

Agenda:
               Revocation endpoint on discovery
               Open Issues
               Session Management Status
               Possible Future Meetings

Revocation endpoint on discovery
               Discussed on the list
               Agreement on what name would be
               Also agreement that we wouldn't edit the specs to restart the process
               We need to establish a registry process
                              There are several registries that we should probably have
                                             Including Discovery, Registration, and others
                              IANA typically only does registration for RFCs
                              We could use a wiki process
                              The designated experts could just be the working group
                              Nat would like something structured
                              Mike would like something readable by developers, rendered as HTML

Open Issues:
               #880 - Host the endpoint https://self-issued.me/registration/1.0/
                              John still needs to complete the WebFinger work for self-issued.me
                              He expect to do it within the week
               #914 - Session 5 - Missing client_id parameter
                              Breno is against having two ways to do this
                              Others believe that RPs may not always have an ID Token value
                              We agree that both id_token_hint and client_id shouldn't be used
               #916 - Session - 5.1.1 Consider registration of session_signout_uri parameter
                              Nat will close this one as won't fix
                              This could be done in an extension spec
               #915 - Session 4.2 - Computation of OP session_state in the IdP requires origin URI
                              The next step would be to propose specific text to add
                              Todd will propose specific text
                              Edmund asked whether we would allow multiple JavaScript origin URIs

Session Management Status:
               Breno sent Mike a private note saying that Google had a JavaScript expert review Session Management
                              They plan on proposing some specific changes

Possible Future Meetings:
               Before IETF 89 in London
                              John will try to confirm with Lucy for Sunday afternoon
               During RSA in San Francisco
                              John and Brian won't be there
                              It might be useful to meet F2F, possibly with Google, Salesforce etc.
                              Mike will investigate this possibility
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140127/d4e8138e/attachment.html>

More information about the Openid-specs-ab mailing list