[Openid-specs-ab] Spec call notes 6-Oct-11

Edmund Jay ejay at mgi1.com
Thu Oct 6 23:48:23 UTC 2011


Spec call notes 6-Oct-11
 
Mike Jones
Johnny Bufu
Edmund Jay
John Bradley
Pamela Dingle
 
Agenda:
                Open Specs Issues & Editing

                Summit Interop



Open Spec Issues
               John has been going over the Issues tracker and putting 
resolution notes for open spec issues
               Some issues that need decisions the following :
                   #101: Messages - 3.3.2 UserInfo Response should include 
namespace
                   Result : Namespace will not be included in response

                   #148: Standard 4.3.1.3.3. - Request File URL must be unique 
for every unique content
                   This issues relates to RP using an request file for per user 
authorization requests and OpenID Providers may cache them and
                   may not have the most current file.
                   Result : John to add text to explain issue, but not list 
specific solutions on how to prevent caching.

                   #151: Standard - 4.3.4.1 - "resource owner" -> "the End-User" 
for consistency
                   Resource owner comes from OAuth and End-User comes from 
OpenID
                   John says Resource Owner may theoretically be different from 
the End-User
                   Result : Add text to explain such a case

                  #161: Standard - 7.1/7.2/7.2.1 - Check ID: Simply refer to 
messages 3.4.1/3.4.2/3.4.3
                  #160: Standard - 6.1/6.2/6.2.1 - UserInfo - Simply refer to 
3.3.1/3.3.2/3.3.3
                  #159: Standard - 5.2.1. Simply refer to 3.2.2 and 3.2.3 of 
Message
                  These 3 issues relate to the duplicating of text from the 
Messages spec in the Standard spec.
                  Result : John will leave as is until the final version and 
then do refactoring, rewriting
                  Johnny prefers that Messages is consistent and then other 
specs reference the appropriate sections

                  #167 Standard - 4.3.1 - "As described in How To Get An 
Authorization Code, Access Token, and ID Token...."
                  Result : John added some text in the issue notes regarding 
textual changes and is accepted by group.


                  John/Hideki/Johnny brought up the issue of format of ID Token 
and how to validate it and whether the Check ID Endpoint 

                  needs to be called by client
                  John will add some explanation text for ID Token validation 
and Check ID Endpoint is only required if client cannot process it.


                  John will go over rest of open issues
                  Johnny will add some more issues to the tracker



Summit Interop
                 Nov and Edmund working on implementation of discovery and 
registration.
                 Edmund will try to have implementation early next week.

                 Pam said they have implementation issues with returning ID 
Tokens in authorization response

                 Oct 17 pre-IIW Summit session can be registered at 
http://openidconnectworkshop.eventbrite.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111006/04005d73/attachment.html>


More information about the Openid-specs-ab mailing list