[Openid-specs-ab] Spec call notes 6-Oct-11
ejay at mgi1.com
Thu Oct 6 23:48:23 UTC 2011
Spec call notes 6-Oct-11
Open Specs Issues & Editing
Open Spec Issues
John has been going over the Issues tracker and putting
resolution notes for open spec issues
Some issues that need decisions the following :
#101: Messages - 3.3.2 UserInfo Response should include
Result : Namespace will not be included in response
#148: Standard 188.8.131.52.3. - Request File URL must be unique
for every unique content
This issues relates to RP using an request file for per user
authorization requests and OpenID Providers may cache them and
may not have the most current file.
Result : John to add text to explain issue, but not list
specific solutions on how to prevent caching.
#151: Standard - 184.108.40.206 - "resource owner" -> "the End-User"
Resource owner comes from OAuth and End-User comes from
John says Resource Owner may theoretically be different from
Result : Add text to explain such a case
#161: Standard - 7.1/7.2/7.2.1 - Check ID: Simply refer to
#160: Standard - 6.1/6.2/6.2.1 - UserInfo - Simply refer to
#159: Standard - 5.2.1. Simply refer to 3.2.2 and 3.2.3 of
These 3 issues relate to the duplicating of text from the
Messages spec in the Standard spec.
Result : John will leave as is until the final version and
then do refactoring, rewriting
Johnny prefers that Messages is consistent and then other
specs reference the appropriate sections
#167 Standard - 4.3.1 - "As described in How To Get An
Authorization Code, Access Token, and ID Token...."
Result : John added some text in the issue notes regarding
textual changes and is accepted by group.
John/Hideki/Johnny brought up the issue of format of ID Token
and how to validate it and whether the Check ID Endpoint
needs to be called by client
John will add some explanation text for ID Token validation
and Check ID Endpoint is only required if client cannot process it.
John will go over rest of open issues
Johnny will add some more issues to the tracker
Nov and Edmund working on implementation of discovery and
Edmund will try to have implementation early next week.
Pam said they have implementation issues with returning ID
Tokens in authorization response
Oct 17 pre-IIW Summit session can be registered at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab