[Openid-specs-ab] Spec call notes 25-May-17
Mike Jones
Michael.Jones at microsoft.com
Thu May 25 14:29:15 UTC 2017
Spec call notes 25-May-17
Mike Jones
George Fletcher
Brian Campbell
Rich Levinson
John Bradley
Agenda
Certification
Open Issues
Refactoring Registration and Discovery
FAPI and OpenID Connect
Next Call
Certification
There is an instance of updated OP certification software running at https://new-op.certification.openid.net:60000/
We need one more tester to validate it before we switch to using it production
The Library of Congress certified an OP
George asked about versioning the test suite
We plan to do this
People will always be required to certify against the current version
When we take the RP test suite out of pilot mode, we'll make it 1.0
The new-op software will probably be called 2.0
Open Issues
https://bitbucket.org/openid/connect/issues?status=new&status=open
There are no new open issues
Refactoring Registration and Discovery
Axel Nennker had asked about refactoring Registration and Discovery to reference the IETF specs
He's interested in this because MODRNA uses software statements
These would have to be new 1.1 specifications - not errata to the existing 1.0 specs
For now, it's fine to reference both registration specifications
The IETF AS metadata specification is not yet complete
FAPI and OpenID Connect
The read/write FAPI profile is using OpenID Connect
It uses signed requests and responses
This spec says that you must use proof-of-possession
It uses Token Binding, PKCE, the mutual TLS client authentication, and software statements
They are also looking at using parts of the Federation profile for nested software statements
Additional APIs have been contributed by FSISAC
Next Call
The next call is Monday, May 29 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170525/bd26a2c5/attachment.html>
More information about the Openid-specs-ab
mailing list