[Openid-specs-ab] Spec Call Notes 5-Jul-18
Mike Jones
Michael.Jones at microsoft.com
Thu Jul 5 14:53:01 UTC 2018
Spec Call Notes 5-Jul-18
Mike Jones
Brian Campbell
Nat Sakimura
IETF Updates
OAuth AS Metadata is finally RFC 8414
This unblocks the errata process
Security Event Token (SET) should be RFC 8417 any day
This will unblock back-channel logout finalization
Potential iOS Changes
Vittorio Bertocci organized a meeting at Identiverse about the topic
Brian reported that the decision was that Vittorio was going to draft a response to Apple
He posted a draft to the mailing list for working group review
See "[Openid-specs-ab] ITP2 response draft" sent on July 3rd
Security corner cases
Nat discussed some security corner cases disclosed by our German security researcher friends to FAPI
Nat will file an issue about one of them
Certification
We are launched the Form Post Response Mode certification profiles at Identiverse
Some people have already tested the tests
New RP Libraries
Roland Hedberg released the Python JWTConnect libraries, which uses 4 GitHub projects
https://github.com/openid/JWTConnect-Python-CryptoJWT
https://github.com/openid/JWTConnect-Python-OidcMsg
https://github.com/openid/JWTConnect-Python-OidcService
https://github.com/openid/JWTConnect-Python-OidcRP
See the README.md files in each project
We've created a jwtconnect.io site as a documentation home for the JWTConnect libraries
Content still needs to be created for it
Open Issues
See https://bitbucket.org/openid/connect/issues
There are no new issues
OAuth JAR
The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-16
Nat is going to ask the chairs and area director to send the OAuth JAR specification to the RFC Editor
OAuth JAR doesn't require duplication of parameters such as scope, which Connect does to conform to RFC 6749
Brian reported that Ping's implementation does duplicate the parameters
OAuth PoP Key Distribution
People are encouraged to participate in the thread "[OAUTH-WG] PoP Key Distribution"
Federation Specification Review
Please review the OpenID Connect Federation specification, per
http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/
Next Call
The next call is Monday, July 9th at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180705/0602cbf4/attachment.html>
More information about the Openid-specs-ab
mailing list