[Openid-specs-ab] Spec Call Notes 11-Aug-11

Nat Sakimura sakimura at gmail.com
Mon Aug 15 21:46:40 UTC 2011


Attending: Tony Nadalin, Pam Dingle, Edmund Jay, John Bradley, Johnny
Bufu, Nat Sakimura
Date/Time: Aug. 11, 2011 / 22:00UTC
Location: +9900827041051580 (skype)

Agenda

1. Updates on Lite Spec
2. Updates on Messages and Standard
3. Updates on JWT
4. Updates on Connect Landing page and developer list.

1. Updates on Lite Spec.

John Bradley called in from the plain and reported on the changes made
on the last rev of Lite Spec.
The Introspection Endpoint name has been changed to match the session
management spec.
Comment from Allen et al. were also incorporated.
Although there was a suggestion to change the name from Lite to Lite
Client, it has not been changed.
We may need more discussion around it whether it would be clearer or
would cause confusion.

2. Updates on Messages and Standard

Edmund reported the current status of the two specs. Both are almost
ready to go.
It need to change the name of the Introspection endpoint to match the
Lite spec.

Issue of the token format was also talked about.
There are desire by facebook to use other token format than JWT,
namely "signed request format."
It was the main reason for leaving the id_token format opaque in the Lite
spec.
Four approaches were suggested:
 a) Mandate JWT
 b) Token Sniffing
 c) Token type parameter
 d) Metadata

Option a) was rejected as it would alienate some potential large provider.
Option b) was rejected as it would be indeterminate, expensive, and
may have potential security impact.
Option c) and d) were considered acceptable.

Option c) was more flexible but would be more complex
on the wire. [John Bradley dropped here as the plane was taking off.]

Option d) would either require the discovery or the out-of-band metadata,
but
is simpler on the wire. The advantage of simplicity seemed to prevail over
the
additional flexibility granted by option c).

The consensus in the call was to  go with option d).

3. Update on JWT

Though we have a new home for JWE and JWS at IETF (JOSE/JOES WG),
JWT seems to be in search of it as yet. Tony reported that it is unlikely
that
JWT will be taken up by the JOSE WG as it is currently is not in the charter
and is more application specific. It seems logical to host it at the OIDF.

Tony will check if it is fine to house it at OIDF.
It has to be decided before we go implementor's draft.

4. Updates on Connect landing page and Developer List

Pam sought feedback on the Connect landing page draft that was sent earlier.
Tony indicated that except for a few nits it seems fine.
Other people on the call were fine with the current draft.

Nat and Pam will coordinate to post the page.

Also, developer list need to be set up for the feedback process.
Pam will ask JohnE to set it up.

Call adjourned 22:39UTC.


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/6cfab7ab/attachment-0001.html>


More information about the Openid-specs-ab mailing list