[Openid-specs-ab] Spec call notes 9-Feb-15
Mike Jones
Michael.Jones at microsoft.com
Tue Feb 10 00:02:12 UTC 2015
Spec call notes 9-Feb-15
Mike Jones
Edmund Jay
John Bradley
Nat Sakimura
Brian Campbell
Agenda
Certification
OpenID Workshop on April 6
OpenID 2.0 Migration
Session Management
Form Post Response Mode Binding
Next Calls
Certification
It's on Mike's list to create initial certification web pages for review
Profile definitions and instructions
Mike asked whether we want test names to be OP-Letter-Number or to be more semantically meaningful names
Mike will work with Roland to create and convert over to these
That will let us have stable names that don't get renumbered, etc.
Roland continues having problems getting the Symantec hosts to work for our use cases
He can't even do HTTP GETs to port 80 for his source repository
Mike will see if progress can be made on that this week
Open Certification Issues at https://bitbucket.org/openid/certification/issues
Brian asked about the status of tests about revoking access tokens on auth code reuse
We agreed two weeks ago to make that a warning
People are encouraged to verify fixes after Roland marks them fixed and then close the bugs
The RP tests seem to be about a constant week from being live
The current holdup is good UI code in front of them saying how to use them
Apparently Hans Zandbelt talked to Roland about RP testing but it seemed to him that it was going to be complicated
Mike will try to look into why that was
Mike encouraged people to look at the RP tab of the conformance profile definitions spreadsheet
OpenID 2.0 Migration
The 60 day review period is under way
See http://openid.net/2015/02/01/review-of-proposed-final-openid-2-0-to-openid-connect-migration-specification/
The next step is posting about the voting
OpenID Workshop on April 6
https://openid-mar-2015.eventbrite.com
The page is not currently showing who is registered
Times still need to be added to the agenda
The marketing committee is thinking of starting the event earlier (before 11:00) because of all of the working groups
Form Post Response Mode Binding
Ping and Microsoft have successfully interoperated on the form post response mode
Mike asked whether or not we need to add additional security considerations
Brian pointed out that the bad combinations are of things like query in the wrong places and not with the form post response mode
Mike believes we should take it final. Brian agrees.
Mike will ask if there any objections to taking it forward
If no objections are heard, we will start the 60 day review period next Monday
Session Management
Mike plans to write a one-pager on image get based logout
This is aligned with what Ping and probably Deutsche Telekom have done
This has the advantage of being parallelizable
And it's kind of the lowest common denominator logout mechanism
Next Calls
We decided to go back to two calls a week between now and the certification launch
The Thursday call is at https://www3.gotomeeting.com/join/181372694
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150210/f7a13623/attachment.html>
More information about the Openid-specs-ab
mailing list