[Openid-specs-ab] Spec Call Notes 21-Jun-18
George Fletcher
gffletch at aol.com
Fri Aug 24 13:47:11 UTC 2018
+1 Thanks for writing this up Torsten!
On 8/24/18 8:45 AM, Torsten Lodderstedt via Openid-specs-ab wrote:
> Hi Mike,
>
> I created the new draft and sent you a pull request (https://bitbucket.org/openid/connect/pull-requests/3/1029-authentication-failed-error-response/diff).
>
> I also attached the HTML.
>
> @all: Please review and give feedback.
>
> Thanks in advance,
> Torsten.
>
>
>> Am 28.07.2018 um 21:52 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>>
>> It would be listed in the set of Connect specifications at http://openid.net/connect/.
>>
>> -- Mike
>>
>> -----Original Message-----
>> From: Torsten Lodderstedt <torsten at lodderstedt.net>
>> Sent: Saturday, July 28, 2018 5:32 AM
>> To: Mike Jones <Michael.Jones at microsoft.com>
>> Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
>> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>>
>> Hi Mike,
>>
>> I potentially could do such a spec quickly. But how do you envision a developer to find out there is a complementary spec enhancing OpenID Connect Core? Developers will (at most) consult the OpenID Connect spec because that�s what they are looking for.
>>
>> kind regards,
>> Torsten.
>>
>>> Am 30.06.2018 um 14:57 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>>>
>>> I was envisioning a spec that simply defines a new error code and registers it in the OAuth Extensions Error Registry. Its normative contents would be something like this:
>>>
>>> OAuth �error� Value:
>>> unable_to_meet_authentication_requirements
>>> The authentication performed did not meet the requirements of the requester.
>>>
>>> In the non-normative parts of the spec, you could say that one place this new error code could be used was if an OpenID Connect �acr� is requested as an essential claim and its criteria could not be met.
>>>
>>> This doesn�t rise to the level of incrementing the Connect version number or updating the entire spec. In my view, that would send the wrong message to the marketplace.
>>>
>>> You could do this simple spec pretty quickly.
>>>
>>> -- Mike
>>>
>>> From: Torsten Lodderstedt <torsten at lodderstedt.net>
>>> Sent: Friday, June 29, 2018 10:44 PM
>>> To: Mike Jones <Michael.Jones at microsoft.com>
>>> Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
>>> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>>>
>>> What kind of new spec do you have in mind to add the error code, which is required to properly handle an error situation described in OpenId Connect Core? I would assume OpenID Connect 1.x?
>>>
>>> Am 28.06.2018 um 12:28 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>>>
>>> Can you change a published RFC? No.
>>>
>>> Part of the OIDF maintaining its reputation as a professional standards body is to likewise safeguard the integrity of our final specifications.
>>>
>>> I realize that writing a new specification to introduce new functionality may seem inconvenient but it�s ultimately the right thing to do.
>>>
>>> -- Mike
>>>
>>> From: Torsten Lodderstedt <torsten at lodderstedt.net>
>>> Sent: Wednesday, June 27, 2018 8:14 PM
>>> To: Mike Jones <Michael.Jones at microsoft.com>
>>> Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
>>> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>>>
>>> Even if the error code is obviously missing in the original spec?
>>>
>>> Am 27.06.2018 um 07:31 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>>>
>>> Correct. Just like the IETF, we don�t make normative changes to Final specifications.
>>>
>>> The way to introduce a new error code is to write a new specification that does so.
>>>
>>> -- Mike
>>>
>>> From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Vladimir Dzhuvinov via Openid-specs-ab
>>> Sent: Wednesday, June 27, 2018 8:26 AM
>>> To: openid-specs-ab at lists.openid.net
>>> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>>>
>>> My observation is that errata don't introduce new parameters, but are rather used to fix typos and clarify things.
>>>
>>> Depending on how the errata get published - as part of the original spec or as separate doc - developers often fail to notice them :)
>>>
>>> Vladimir
>>>
>>>
>>> On 25/06/18 18:34, Torsten Lodderstedt via Openid-specs-ab wrote:
>>> What about an errata?
>>>
>>> Am 25.06.2018 um 16:31 schrieb Mike Jones <Michael.Jones at microsoft.com>:
>>>
>>> A new specification needs to be written. We can't add new functionality to final specifications.
>>>
>>> -----Original Message-----
>>> From: Torsten Lodderstedt <torsten at lodderstedt.net>
>>> Sent: Monday, June 25, 2018 10:30 AM
>>> To: Mike Jones <Michael.Jones at microsoft.com>
>>> Cc: openid-specs-ab at lists.openid.net
>>> Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18
>>>
>>> Hi Mike,
>>>
>>> what needs to be done in order to bring Issue #1029 forward?
>>>
>>> kind regards,
>>> Torsten.
>>>
>>> Am 21.06.2018 um 16:48 schrieb Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
>>>
>>> Spec Call Notes 21-Jun-18
>>>
>>> Mike Jones
>>> Brian Campbell
>>> George Fletcher
>>> Bjorn Hjelm
>>> John Bradley
>>>
>>> George Fletcher's Native SSO Proposal
>>> George plans to produce an xml2rfc version of his Native SSO draft by the end of the week
>>>
>>> Potential iOS Changes
>>> Vittorio Bertocci plans to have a meeting at Identiverse to discuss SSO and Apple's "Intelligent Track Protection" initiative
>>>
>>> Federation Specification Review
>>> This review is under way
>>> http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/
>>> People are encouraged to review the draft
>>>
>>> RISC Approval Vote
>>> The vote is open through June 29th
>>> Please participate at https://openid.net/foundation/members/polls/141
>>>
>>> Certification
>>> We are launching the Form Post Response Mode certification profiles at Identiverse
>>> We will have people test the tests at Identiverse
>>>
>>> New RP Libraries
>>> We've created a jwtconnect.io site as a documentation home for the JWTConnect libraries
>>> Roland plans to create the Python github projects at https://github.com/openid before Identiverse
>>>
>>> Open Issues
>>> See https://bitbucket.org/openid/connect/issues
>>> #1029: authentication_failed error response
>>> No activity since last call
>>> #1030: Front & back-channel logout: require HTTPS URIs?
>>> Vladimir is right. Mike will make the change to require https URIs.
>>>
>>> Unauthenticated Logout Requests
>>> George will file an issue proposing Security Considerations language about denial of service attacks using front-channel logout
>>>
>>> Spec Progress
>>> We plan to take the three logout specs to final status soon
>>> Please review them now
>>> The OAuth AS Metadata spec is in Auth48 so will probably finish this week
>>> This will unblock the errata progress
>>> The Security Event Token (SET) spec is with the RFC editor and so should also finish soon
>>> We want this to finish before making back-channel logout final
>>>
>>> Next Calls
>>> We are cancelling the Monday, June 25th call because it is during Identiverse
>>> The next call is Thursday, July 5th at 7am Pacific Time
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Distinguished Engineer
Identity Services Engineering Work: george.fletcher at teamaol.com
AOL Inc. AIM: gffletch
Mobile: +1-703-462-3494 Twitter: http://twitter.com/gffletch
Office: +1-703-265-2544 Photos: http://georgefletcher.photography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180824/60fe8d05/attachment.html>
More information about the Openid-specs-ab
mailing list