[Openid-specs-ab] Spec call notes 26-Jan-15
Mike Jones
Michael.Jones at microsoft.com
Mon Jan 26 23:54:04 UTC 2015
Spec call notes 26-Jan-15
Nat Sakimura
John Bradley
Mike Jones
George Fletcher
Edmund Jay
Brian Campbell
Agenda
Certification
OpenID 2.0 Migration
EIC
OpenID Workshop on April 6
Certification
Open Certification Issues at https://bitbucket.org/openid/certification/issues
John filed #27 on using the UserInfo Endpoint with response_type=id_token
John filed #28 on requiring a signing key when alg:none is used
People filing issues should verify that they're fixed and then resolve the issue in the tracker
For instance, Edmund just resolved issue #3
Testing features where there are optional behaviors
We test them individually and at least verify that they don't cause errors
We test that the request= and request_uri= parameters don't cause errors
We need a different test for the Dynamic profile that actually uses a request_uri= parameter
We may or may not choose to include this in the first conformance round
John said that Ping has implemented Dynamic Registration
Mike encouraged Ping to start testing this ASAP
Testing OAuth behaviors
1. Can't reuse code (an OAuth MUST)
In a cluster, may require distributed consensus, which kills performance
2. Reusing the code revokes access tokens (an OAuth SHOULD)
Mike proposed that we leave these in but make them warnings
Another possibility is having a time limit, such as 30 seconds
We'll try to do that for now
We don't have a test for revoking refresh tokens
John would prefer to test revoking refresh tokens than testing revoking access tokens
Of course, we don't have any tests that require refresh tokens, which would make that hard
Roland is currently having DNS issues on the Symantec machines
He's reported them to Symantec
OpenID 2.0 Migration
Nat has applied the fixed pointed out by James
Nat is going to ping Torsten
After that, we should have the public review period
Google is still on track to turn off OpenID 2.0 on April 20th
This effectively means that we have to start the 60 day review period by about February 11
Nat will notify the working group of this timeline
Don has been working with JanRain and Gigya on OpenID Connect RP support
But that doesn't appear to be moving very quickly
EIC
Our session proposal on Certification was accepted at https://www.id-conf.com/sessions/1577
Mike has suggested that Dominick Baier's session come first
OpenID Workshop on April 6
https://openid-mar-2015.eventbrite.com
Don produced a draft set of topics and speakers but there aren't any times in the agenda yet
We have the large room all day
Mike believes that if all the working groups and topics are to be covered, we'll have to start before lunch
George will ask the speakers how much time they think they'll need and how they want to use the time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150126/4c81b8dc/attachment.html>
More information about the Openid-specs-ab
mailing list