[Openid-specs-ab] Spec Call Notes 7-Jun-18
Nick Roy
nroy at internet2.edu
Tue Jun 26 18:10:15 UTC 2018
Not sure this is relevant or helpful, but in case it is, the REFEDS IoLR
working group has built a set of requirements for "IdPs of Last Resort"
that might be useful input into the self-issued IdP best practices work.
Best,
Nick
On 6/7/18 10:07 AM, Mike Jones via Openid-specs-ab wrote:
> Spec Call Notes 7-Jun-18
>
> Mike Jones
>
> Nat Sakimura
>
> Brian Campbell
>
> George Fletcher
>
> Rich Levinson
>
> New RP Libraries
>
> JWTConnect GitHub naming
>
> People agreed that GitHub doesn't support hierarchical
> projects
>
> George suggested the possibility of having the different
> projects just be subdirectories
>
> Mike will talk with Roland about the tradeoffs later today
>
> We are going to try to get the Python library contributed
> before Identiverse in 2.5 weeks
>
> George's Native SSO Draft
>
> George has updated the draft based on feedback from the
> OAuth security workshop and IIW
>
> Annabelle had suggested calling a value the "device secret"
>
> George sent an updated draft in PDF format
>
> He plans to convert it to xml2rfc format
>
> George is interested in more feedback
>
> Open Issues
>
> See https://bitbucket.org/openid/connect/issues
>
> #1026 Self Issued provider returning tokens to an RP App
> in iOS
>
> George asked about the possibility of also
> using PKCE
>
> Mike pointed out the self-issued
> response_type is id_token, so PKCE doesn't apply
>
> Nat will propose possible additional
> security considerations text.
>
> Certification
>
> We plan to launch the Form Post Response Mode
> certification profile by Identiverse
>
> [Openid-specs-ab] ITP and OIDC session issues
>
> We will make this a topic on the next call
>
> Hopefully Vittorio will be able to attend and provide
> additional information
>
> [Openid-specs-ab] Failed Authentication Attempts
>
> Nat has responded to the thread asking that an issue be
> created
>
> [Openid-specs-ab] Self-issued IdP Best Practice document
>
> Nat suggested we write a whitepaper explaining the
> self-issued provider
>
> Mike suggested that Nat also post his talk on the topic
> from EIC and send pointers to it
>
> Nat will add a task to the tracker
>
> Next Call
>
> 4pm Pacific Time on Monday, June 11
>
More information about the Openid-specs-ab
mailing list