[Openid-specs-ab] Spec call notes 11-Jul-11

Mike Jones Michael.Jones at microsoft.com
Mon Jul 11 22:59:42 UTC 2011

Spec call notes 11-Jul-11

Nat Sakimura
George Fletcher
Johnny Bufu
Mike Jones
Pamela Dingle
John Bradley
Breno de Medeiros

                Developer feedback from "Identity Conference #9" held at mixi in Tokyo
                Spec URLs and URIs
                Johnny's feedback on discovery and registration

Johnny's feedback on discovery and registration
                John is still working on this
                Will have it to me before Noon tomorrow

Developer feedback from "Identity Conference #9" held at mixi in Tokyo
                Core feedback
                1. We need to place HTTP Redirect Binding as the Center Piece
                                We need to rename some of the specs
                2. Short names are quite unpopular
                                For Connect uses, longer names are OK, even on feature phones
                                The WG decided to adopt Nat's names from today's e-mailed proposal

Mike suggested these possible spec names if we just rename:
                Core Messages
                Core Bindings
                Framework Messages
                Framework Bindings (this would contain content from the current HTTP Redirect and Framework)

John channeled Breno saying that it would be nice to have all the must-to-implement stuff in one spec
Breno suggested this spec organization
                Minimum - Must implement
                Then add session management

John asked whether the token introspection endpoint is required
                Breno noted:  Accepts either an ID Token or Access Token
                Breno thinks this should be required for the Access Token
                In the min profile, ID token not required

John asked whether the UserInfo endpoint is mandatory
                Breno said yes
                Something that returns the userid needs to be mandatory

Breno proposes:
                Introspection Endpoint goes in the core - Necessary for SSO
                ID Token and Session Management go together
                He objects to the UserInfo claims being required.  Others, including Nat and Mike disagree.

Mike asked whether there is definition of what claims the introspection endpoint must return
                This defined in 3.1.1 of the Session Management specs

-> Fix text saying that ID Token is opaque

We agreed that we want it to be possible for the Introspection Endpoint and UserInfo Endpoint to be implemented on the same endpoint.

Editing plan:
                1.  Mike will check in John's changes to Discovery, Registration
                2.  Nat with do the renaming changes
                3.  Then do the reorganization changes
                                Do this face-to-face in Quebec City - Nat only there Monday

Nat will send out invitations for more calls

[Mike had to leave the call after an hour but it continued so Pam could ask questions about the summary document she's writing]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110711/bd7f7f28/attachment-0001.html>

More information about the Openid-specs-ab mailing list