[Openid-specs-ab] Spec call notes 19-Jan-15

Mike Jones Michael.Jones at microsoft.com
Tue Jan 20 00:09:57 UTC 2015 

Spec call notes 19-Jan-15

Mike Jones
Nat Sakimura
John Bradley

Agenda
               Call Times
               Certification
               OpenID 2.0 Migration
               Delegation
               OAuth SPOP
               Session Management

Call Times
               Are people interested in having a second Thursday call every month, at least between now and the Certification launch?
               We would do it on the third Thursday of the month
               Let's have one this month on the 22nd and see what the attendance is like
                              https://www3.gotomeeting.com/join/181372694

Certification
               Microsoft did a fairly comprehensive test pass on Friday for several configurations
                              Mike sent test issues that were found to Roland, some of which he's already fixed
               Mike will log issues that Roland hasn't fixed in the issue tracker
                              Nat created an issue tracker for the test tools at https://bitbucket.org/openid/certification/issues
               Getting other groups engaged in testing now is critical
               John reported that Ping Identity is starting testing
               Nat reported that Edmund hasn't started testing yet
                              This should happen this week
                              Mike encouraged Edmund to configure the test endpoint with Roland as soon as possible
               Mike plans to touch base with Ian at Salesforce and Adam at Google shortly
               There isn't yet any web page for the certification work
                              It's Mike's goal to get one up by the end of the month, with WG input/help

OpenID 2.0 Migration
               Google will turn off OpenID 2.0 support on April 20th - the first day of RSA
               There are existing open issues for the migration spec:
                              #962: "NOT FOUND" special value for openid2_id looks dangerous Migration
                                             Nat will apply this fix
                              #963: openid2 scope should be ignored if not supported
                                             Nat will apply this fix
               After these are fixed and reviewed, we should take this spec final

Delegation
               There was a question about delegation on stackoverflow
                              http://stackoverflow.com/questions/27945031/openid-connect-delegation-with-google-now-that-they-are-deprecating-their-openid
               The short answer is that we don't have a delegation feature proper in the protocol
               People could use personal domains as the user input identifier for WebFinger discovery
                              But this doesn't have the same properties as OpenID 2.0 delegation
               Nat already wrote a response there.  Others are encouraged to chime in if they have things to add.

OAuth SPOP
               Native applications plans to use OAuth SPOP
               There are 8 open issues
               Mike asked if there's going to be a new name for it
                              John came up with a new name with Hannes: Proof Key for Code Exchange

Session Management
               Work on session management has taken a back seat to certification for the time being
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150120/416ac682/attachment.html>

More information about the Openid-specs-ab mailing list