[Openid-specs-ab] Spec call notes 27-Jul-15
Mike Jones
Michael.Jones at microsoft.com
Tue Jul 28 00:28:39 UTC 2015
Spec call notes 27-Jul-15
Mike Jones
John Bradley
Nat Sakimura
Edmund Jay
Agenda
Logout and Session Management spec changes
Errata and Issues
Bitbucket
JWK Thumbprint Spec
Workshop before IIW
Workshop after IETF 94 Yokohama
Certification
Next Calls
Logout and Session Management spec changes
Mike simplified the logout spec to use only iframes
Mike plans to push it out to openid.net/specs
Mike fixed a bug in the JavaScript syntax in Session Management
He will also push it out to openid.net/specs
Errata and Issues
#922 - Back channel logout
John will look at some IETF specs that Kathleen Moriarty pointed him to that may be relevant
#966 - Error code claims_not_supported should have been defined Core
Not doing so was a cut-and-paste error made during editing
We will say that it SHOULD be returned if not supported
#968 - Inconsistent treatment of id_token_hint
These are not actually inconsistent - one's id_token_hint and the other's requesting a "sub" claim value
Mike added a comment to the bug stating this
#969 - Need clarity on session state variable
Not pertinent to errata
Assigned to John to look at providing clarifying remarks
#970 - Core - 2 - ID Token acr claim incorrectly specifies the level 0 of assurance
Mike - this is historical usage from OpenID 2.0 PAPE
Nat - PAPE referenced SP 800-63 - not ISO 29115
Mike - The direct conflict comes from this sentence "Authentication using a long-lived browser cookie, for instance, is one example where the use of "level 0" is appropriate."
John - For historic reasons, 0 is used to indicate that there is no confidence that the same person is actually there
John will take a stab at new working, saying what "0" meant historically
#971 - Registration - 2. userinfo_encrypted_response_enc default value
This identifies a fix for a cut-and-paste error
Mike will look for other instances of this error while editing
#972 - Nonce requirement in hybrid auth request
code+token response type doesn't actually require use of a nonce since no ID Token is returned on the front channel
John - But the nonce doesn't hurt. We should leave this as-is.
Mike - Changing it at this point would cause an interop issue.
John will close this one as won't fix
Mike will add references to the actual registries during the errata process
People should add any other errata issues to the tracker at
https://bitbucket.org/openid/connect/issues?status=new&status=open
Bitbucket
Bitbucket is doing reasonable redirects from the now deprecated project domain names
hg.openid.net/connect/issues is redirecting to bitbucket.org/openid/connect/issues
So there's no problem that we have to solve at present
Workshop before IIW
Symantec has agreed to host this on Monday, October 26th
For Connect, we should focus on RP certification
We should set up a registration page for this and start promotion
Workshop after IETF 94 Yokohama
Nat has asked the secretariat of OIDF Japan about this
We should get logistics and registration information quickly
Certification
Edmund sent a bunch of RP testing issues in e-mail to Roland
Nat thinks Edmund should file these in the issue tracker
Then others on Roland's team will have visibility into them as well
JWK Thumbprint Spec
This is now at the RFC Editor
Next Calls
One in a week on Monday the 3rd at 4pm Pacific time
One on Thursday August 6th at the European-Friendly time of 7am Pacific this week
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150728/81e749b4/attachment.html>
More information about the Openid-specs-ab
mailing list