[Openid-specs-ab] Spec Call Notes 11-Jun-18

Mike Jones Michael.Jones at microsoft.com
Mon Jun 11 23:39:34 UTC 2018 

Spec Call Notes 11-Jun-18

Mike Jones
John Bradley
Vittorio Bertocci
Edmund Jay
Bjorn Hjelm

Potential iOS Changes
              Vittorio gave the working group a summary of possible changes for iOS 12 and their implications
              This is part of Apple's "Intelligent Track Protection" initiative
              Detects cross-frame cookie access and blocks or prompts
              SPA applications use this for renewing tokens using prompt=none
              There is an API that asks for access to storage but it prompts the user
                           Makes no sense during non-interactive prompt=none operations
                           Would only confuse users
              Vittorio will ask Andrew Hindle for an ad-hoc session to discuss this at Identiverse
                           Much as we held the session at CIS about iOS 11 changes last year

Federation Specification Review
              The 45-day review period to become an Implementer's Draft started Friday
                           http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/
              We have gotten feedback so far from Michael Schwartz and Filip Skokan
              This specification isn't yet complete
                           It's missing Federation Operator key rotation, for instance
              There are prototypes of this in operation and in interop testing already
              People are encouraged to review the draft

New RP Libraries
              We did agree on GitHub names last week, which were sent to the list
                           They will all live directly under https://github.com/openid/
              Roland plans to contribute the Python library to the working group before Identiverse
                           Two Finnish maintainers have signed up in addition to Roland
              Edmund Jay just joined the team working on the Java library
              Mike will ask for creation of an OpenID jwtconnect mailing list to discuss all the implementations
                           We plan to continue using the IdentityPython list for python-specific discussions
              We are talking about how to keep the libraries functionally in sync, once they achieve that status

Certification
              We plan to launch the Form Post Response Mode certification profiles by Identiverse
                           We can then have people test the tests at Identiverse

Open Issues
              See https://bitbucket.org/openid/connect/issues
              #1028: example response for Hybrid flow is lacking token_type
                           Closed since Hans and Brian agreed that it is invalid
              #1029: authentication_failed error response
                           Added comments during the call

Next Calls
              Thursday, June 21 at 7am Pacific Time
              We are cancelling the Monday, June 25th call because it is during Identiverse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180611/38f48de1/attachment.html>

More information about the Openid-specs-ab mailing list