[Openid-specs-ab] Spec call notes 2-Mar-17

Mike Jones Michael.Jones at microsoft.com
Thu Mar 2 15:40:36 UTC 2017 

Spec call notes 2-Mar-17

John Bradley
Phil Hunt
Mike Jones
Justin Richer
Nat Sakimura
Brian Campbell
Rich Levinson
George Fletcher

Agenda
              Certification Profile Discussion
              Thread Document about Misuse of OAuth
              Open Issues
              Next Call
              HEART Update
              Proposed Logout Implementer's Drafts

Certification Profile Discussion
              The next certification profile will be Form Post Response Mode
              We agreed that it can be used for any response_type
              Mike, Roland, and Hans had proposed that you must support it for the response_types you are certified for
                           The working group agreed with this approach
              John and Mike discussed that response_type=token is out of scope since it returns no ID Token

Certification Update
              Mike reported that Hans Zandbelt has edited and deployed code on both certification servers
                           op.certification.openid.net and rp.certification.openid.net
                           Hans and Roland are documenting everything needed to do this
              Hans will next be working with Roland to add tests

              John said that the request object is becoming more important
                           For instance, the banking industry wants to use it
                           We should consider a request object certification profile

Thread Document about Misuse of OAuth
              William was planning to write this up as a blog post
              John will find out whether he still plans to do this
              This is important, given the articles about things that some implementers are getting wrong

Open Issues
              #1009: Contradictory statements about ID Token azp Claim
                           We discussed this on the last call
                           It will be assigned to Mike as part of the errata actions

Next Call
              The next call is Monday, March 6th at 3pm Pacific Time

HEART Update
              Justin reported that HEART is using a fork of Roland's code
                           Justin said that he tried a clean-room approach and didn't finish it
              Justin reported that HEART is working towards a second set of Implementer's Drafts
                           Some mobile content that was missing has been added
                           The content has been somewhat restructured
                           The intent of some of the requirements has been clarified, per Mike Jones' earlier feedback
                           There are two new semantic profiles
                                         OAuth protection of FHIR resources
                                         UMA protection of FHIR resources
              HEART is not yet tracking the UMA 2.0 work, which Eve Maler said is getting under way

Proposed Logout Implementer's Drafts
              Rich plans to review these
              People should remind others that they are currently out for public review
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170302/ed1276ef/attachment.html>

More information about the Openid-specs-ab mailing list