[Openid-specs-ab] Spec call notes 7-Jul-16
Mike Jones
Michael.Jones at microsoft.com
Thu Jul 7 15:30:10 UTC 2016
Spec call notes 7-Jul-16
Justin Richer
Nov Matake
Phil Hunt
Mike Jones
Prateek Mishra
Nat Sakimura
Agenda
SCIM Draft
Open Issues
Federation section in new version of NIST SP 800-63
Preparing for IETF 96 Berlin
Next meetings
SCIM Draft
Phil described the use case and motivation
Prateek said that many business applications are converting to OpenID Connect
Post authentication, applications want to access business data via SCIM
Prateek had asked about spec mechanics on the list
The integration with OpenID Connect for directory enabled applications seems obvious
Phil had talked with Chuck Mortimore about SCIM identifiers versus OpenID Connect identifiers
People shouldn't assume that the identifiers are the same, particularly for legacy systems
The spec uses two methods the /me path and the scim_id and scim_location claims
An open question is whether applications would access both the UserInfo Endpoint and the SCIM endpoint
A question was asked on the list about scopes
Phil thought that scopes work might want to happen in the IETF SCIM working group
Then it would not be Connect specific
Having a standard will let developers do this in a consistent way
Mike asked who on the call has reviewed the spec
Justin has skimmed it
Nov has looked through it
Nov described a use case in Japan in which the OpenID Provider is a SCIM client provisioning profile data to the RP
The document has been proposed for adoption
We will give people a week to review the document and provide comments on adoption
Mike said that adopting the document indicates interest in the area and having a starting point for the work
It's normal for the specification to evolve after adoption
Prateek said that having a formal document will help it get attention
Open Issues
Open issues are at https://bitbucket.org/openid/connect/issues?status=new&status=open
Issue #994 on the definition of country within the address claim
The issue asked whether it's an ISO two letter code
Mike said that this is part of a postal address, so may be written out, such as "Deutschland"
Phil asked if we know how implementers are typically using this
We don't have much data
This is actually presently coming up at Microsoft, where there's a desire for an ISO country code claim
Mike will gather data and report back
Issue #995 Editorial Issue: description of policy_uri in DynReg
Mike will fix this syntactic nit as part of the errata edits
Issue #993 How to treat a zero max_age request parameter?
This is effectively prompt=login
We can add a comment to this effect as part of the errata process
Federation section in new version of NIST SP 800-63
Justin asks that people review this
See https://github.com/usnistgov/800-63-3/issues
Preparing for IETF 96 Berlin
Token Binding of access tokens is one important topic
The current Token Binding drafts don't provide a way to provide the referred token binding
The OAuth Mix-Up Mitigation is another important topic to participate in
The OAuth JWS Request draft will progress
People should get any last comments in on it ASAP
Hannes produced some comments that John is applying to the present draft
Next Calls
Our next call is Monday, July 11th at 3pm Pacific Time
We are tentatively cancelling the 7am call on Thursday, July 21st, since it's during IETF
See the calendar at http://openid.net/wg/connect/ to see the call times in your local time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160707/d9c6c0dc/attachment.html>
More information about the Openid-specs-ab
mailing list