[Openid-specs-ab] Spec call notes 23-Feb-15

Mike Jones Michael.Jones at microsoft.com
Mon Feb 23 23:32:46 UTC 2015 

Spec call notes 23-Feb-15

Nat Sakimura
Mike Jones
Brian Campbell
Edmund Jay
John Bradley

Agenda
               Use of Pragma: no-cache in Form Post Response Mode
               Logout
               Certification

Use of Pragma: no-cache in Form Post Response Mode
               Brian believes the only change needed is to remove the "Pragma: no-cache"
               He believes that "Cache-Control: no-store" also performs a "Cache-Control: no-cache"
                              Mike will confirm this
               Then Mike will make the change and update the blog post
               Later in the call, Brian pointed out that we should have normative text about not caching the result
                              He will propose a sentence to add

Logout
               When using the Session ID on the front channel, you're only picking from among those that are live in the browser
               An alternative to putting "sid" and "iss" as query parameters is to them in a JWT
                              But it should not be a legal ID Token, so perhaps shouldn't have a subject
                              John pointed out that we should at least consider whether an audience would be needed
               John will be working on a back channel logout spec also using the Session ID
                              We should try to have these be as close to one another as reasonably possible
                              He's on his way to Barcelona for MWC, so this may not happen for a bit
               People agreed that the differentiation between image and iframe GETs must happen at registration time
               The query parameters still need to be reviewed

Certification
               Roland now has testing up on the Symantec hosts
               A team member of Roland's created an OP self-registration page at https://op.certification.openid.net:60000/
                              When you select dynamic configuration, the answer to the first question is the issuer path (this isn't obvious)
                              Mike will file some bugs on clarifying how the tool works
               People doing testing should migrate over to the official server
               This also means that Roland can now also put up the RP tests
               Breno should be getting back to us within a week or so on how long it will take them to create a conforming implementation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150223/479c0d8e/attachment.html>

More information about the Openid-specs-ab mailing list