[Openid-specs-ab] Spec call notes 19-Sep-11

Mike Jones Michael.Jones at microsoft.com
Mon Sep 19 23:53:36 UTC 2011


Spec call notes 19-Sep-11

Mike Jones
Edmund Jay
John Bradley
Nat Sakimura
Pamela Dingle
Breno de Medeiros (for part of the call)
George Fletcher
Johnny Bufu

Agenda:
                Status of fixes in the specs, per the agenda in Nat's schedule message
                Open Issues Discussion
                Breno's Issues
                Several proposals from Roland

Status of fixes in the specs
                Edmund made fixes to Basic spec
                                About a dozen issues left
                                Nothing new that specifically calls for working group attention
                                Will finish edits today or tomorrow
                Nat made fixes to Messages spec
                                Incorporating resolutions from last week
                                #49 Nat dropped the underspecified sentence
                                One remaining issue before back-porting Basic changes
                                                Key specification issue still outstanding - Assigned to Nat, John, Mike - John to take a stab at it
                No changes yet to other specs
                Spec consistency
                                Edmund will make changes to other specs parallel to those he's making in basic
                                He will try to get this done before Thursday's call
                                Mike asked that we no longer check things into SVN until a spelling checker has been run
                John will pick up editing Basic after Edmund finishes this week

Open Issues Discussion
                Issue #98 (Security Considerations) - John will fix

Breno's Issues
                Breno managed to get some time to do spec work this week
                                We should expect updates from him by the end of the week
                Topics he plans to work on:
                                Response types and coding
                                Session management
                                Feedback on other parts of the spec
                Proposed Logout Changes
                                OPs can keep track of logged in RPs
                                RPs provide a logout URL at registration time
                                RP will redirect or iFrame user to logout URL at OP
                                OP will iFrame a page with logout URLs for all RPs
                                                Using ID Token appropriate to each RP
                                Redirect back to continue URL at RP
                Write-up about including a hash of one token in another
                Response type handling to be written up separately
                                Will send to us to review before submitting it to the OAuth WG
                                Nat pointed out that there is no id_token work in the OAuth WG
                                Mike pointed out that OAuth registration just requires a reference to a stable document
                How to encode code+id_token (both in fragment?)
                                Breno is in favor of this, both for JavaScript
                                Also, because using the query parameter breaks caching and JavaScript
                                The working group agreed

Several proposals from Roland
                Roland proposed that the UserInfo claims have a namespace
                                We agreed to define a namespace for when these claims are used in other contexts such as SAML tokens
                                And we also agreed that this will not change the wire format already specified for Connect or JWT
                Token Revocation
                                Roland asked how http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-03 relates to session management
                                We agreed to have Breno think about that as he works on the Session Management spec
                                We are concerned that the current IETF spec isn't yet stable

Editing plan:
                At present, we are waiting on Edmund to finish his edits
                Then Edmund will hand off to John
                Then Mike will review the result
                And we will then check the reviewed result into SVN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/480767e3/attachment.html>


More information about the Openid-specs-ab mailing list