[Openid-specs-ab] Spec Call Notes 21-Jun-18

Thu Jun 28 17:28:34 UTC 2018

Can you change a published RFC?  No.

Part of the OIDF maintaining its reputation as a professional standards body is to likewise safeguard the integrity of our final specifications.

I realize that writing a new specification to introduce new functionality may seem inconvenient but it’s ultimately the right thing to do.

                                                       -- Mike

From: Torsten Lodderstedt <torsten at lodderstedt.net>
Sent: Wednesday, June 27, 2018 8:14 PM
To: Mike Jones <Michael.Jones at microsoft.com>
Cc: Vladimir Dzhuvinov <vladimir at connect2id.com>; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18

Even if the error code is obviously missing in the original spec?

Am 27.06.2018 um 07:31 schrieb Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>:
Correct.  Just like the IETF, we don’t make normative changes to Final specifications.

The way to introduce a new error code is to write a new specification that does so.

                                                       -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Vladimir Dzhuvinov via Openid-specs-ab
Sent: Wednesday, June 27, 2018 8:26 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18

My observation is that errata don't introduce new parameters, but are rather used to fix typos and clarify things.

Depending on how the errata get published - as part of the original spec or as separate doc - developers often fail to notice them :)

Vladimir

On 25/06/18 18:34, Torsten Lodderstedt via Openid-specs-ab wrote:

What about an errata?

Am 25.06.2018 um 16:31 schrieb Mike Jones <Michael.Jones at microsoft.com><mailto:Michael.Jones at microsoft.com>:

A new specification needs to be written.  We can't add new functionality to final specifications.

-----Original Message-----

From: Torsten Lodderstedt <torsten at lodderstedt.net><mailto:torsten at lodderstedt.net>

Sent: Monday, June 25, 2018 10:30 AM

To: Mike Jones <Michael.Jones at microsoft.com><mailto:Michael.Jones at microsoft.com>

Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>

Subject: Re: [Openid-specs-ab] Spec Call Notes 21-Jun-18

Hi Mike,

what needs to be done in order to bring Issue #1029 forward?

kind regards,

Torsten.

Am 21.06.2018 um 16:48 schrieb Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net><mailto:openid-specs-ab at lists.openid.net>:

Spec Call Notes 21-Jun-18

Mike Jones

Brian Campbell

George Fletcher

Bjorn Hjelm

John Bradley

George Fletcher's Native SSO Proposal

             George plans to produce an xml2rfc version of his Native SSO draft by the end of the week

Potential iOS Changes

             Vittorio Bertocci plans to have a meeting at Identiverse to discuss SSO and Apple's "Intelligent Track Protection" initiative

Federation Specification Review

             This review is under way

                          http://openid.net/2018/06/08/public-review-period-for-openid-connect-federation-specification-started/

             People are encouraged to review the draft

RISC Approval Vote

             The vote is open through June 29th

             Please participate at https://openid.net/foundation/members/polls/141

Certification

             We are launching the Form Post Response Mode certification profiles at Identiverse

                          We will have people test the tests at Identiverse

New RP Libraries

             We've created a jwtconnect.io<http://jwtconnect.io> site as a documentation home for the JWTConnect libraries

             Roland plans to create the Python github projects at https://github.com/openid before Identiverse

Open Issues

             See https://bitbucket.org/openid/connect/issues

             #1029: authentication_failed error response

                          No activity since last call

             #1030: Front & back-channel logout: require HTTPS URIs?

                          Vladimir is right.  Mike will make the change to require https URIs.

Unauthenticated Logout Requests

             George will file an issue proposing Security Considerations language about denial of service attacks using front-channel logout

Spec Progress

             We plan to take the three logout specs to final status soon

                          Please review them now

             The OAuth AS Metadata spec is in Auth48 so will probably finish this week

                          This will unblock the errata progress

             The Security Event Token (SET) spec is with the RFC editor and so should also finish soon

                          We want this to finish before making back-channel logout final

Next Calls

             We are cancelling the Monday, June 25th call because it is during Identiverse

             The next call is Thursday, July 5th at 7am Pacific Time

_______________________________________________

Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________

Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180628/821ce5e5/attachment.html>