[Openid-specs-ab] Spec call notes 18-Feb-16
Mike Jones
Michael.Jones at microsoft.com
Thu Feb 18 16:19:55 UTC 2016
Spec call notes 18-Feb-16
Mike Jones
John Bradley
Nat Sakimura
George Fletcher
Roland Hedberg
Agenda
Certification Updates
Open Issues
Upcoming Events
Open Source Libraries
Security Test Tools
Next Call
Certification Updates
OP certification is rolling along
Roland regularly gets e-mails from people asking about the certification tests
Something between 100 and 150 implementations have tested
23 have certified to date
RP certification is stalled at present
So far, only Edmund Jay and Hans Zandbelt have done testing
William Denniss said that he would test but apparently hasn't yet
Roland is also working on enabling testing of deployed clients, rather than libraries
You can still cause the OP to create errors and check whether the RP handles them correctly
For instance, sending a bad signature and seeing if the RP rejects it
This isn't deployed yet - it's still just on Roland's laptop
Mike asked if we could get this deployed by IIW in late April and Roland said yes
AOL has been moving lots of their SAAS providers to OpenID Connect
George would like to be able to point them to the RP testing
Mike said that there isn't an easy list of RP tests to just click through
Roland said that there is a web page but you have to do a lot of clicking
https://rp.certification.openid.net:8080/test_list
Mike said that NEC sent a certification request that was nearly complete and he responded to it
Edmund was having problems with key rotation in the RP tests but Roland hasn't figured out what's wrong
Nat suggested that Roland and Edmund arrange a GoToMeeting session with screen sharing to debug it
Roland will send a note to Edmund to schedule this
Open Issues
There are no new issues
Mike and John still need to produce new text for the errata issues
There are also updates to the logout specs that Mike needs to do
Errata has higher priority over the logout changes, other than renaming the front channel logout spec
Upcoming Events
Mobile World Congress is next week
John will be there
MODRNA will have meetings there
RSA will be the following week
Nat and Mike will be there
OpenID Workshop in Santiago on Thursday, March 31 before IETF 95 in Buenos Aires
See http://www.alive.cl/clientes/OpenID/index.html
John, Nat, Mike, William, and Hannes will be there
The city of Buenos Aires has a Python authorization server - Django OpenID provider
OpenID Workshop before IIW on Monday, April 25
https://www.eventbrite.com/e/internet-identity-workshop-xxii-22-2016a-tickets-19430016703
OpenID Workshop at European Identity and Cloud Conference in May
See https://www.id-conf.com/events/eic2016
There is an OAuth security workshop in Trier, Germany on July 14-15, the week before IETF 96 in Berlin
See http://infsec.uni-trier.de/events/osw2016
Open Source Libraries
An OpenID GitHub repository was established
The iOS and Android libraries will be in separate repositories
The legal issues enabling contribution were resolved
William Denniss is expected to post the libraries imminently
Security Test Tools
Christian Mainka and the rub.de folks are working on OAuth security testing tools
Roland is tracking their work and might add some of the new tests as extra tests in our OP test suite
Next Call
Our next call will be Monday, February 22nd at 3pm Pacific / Tuesday morning in Japan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160218/fa7b45e9/attachment.html>
More information about the Openid-specs-ab
mailing list