[Openid-specs-ab] Spec call notes 6-Oct-11

Edmund Jay ejay at mgi1.com
Thu Oct 6 23:48:23 UTC 2011

Spec call notes 6-Oct-11
Mike Jones
Johnny Bufu
Edmund Jay
John Bradley
Pamela Dingle
                Open Specs Issues & Editing

                Summit Interop

Open Spec Issues
               John has been going over the Issues tracker and putting 
resolution notes for open spec issues
               Some issues that need decisions the following :
                   #101: Messages - 3.3.2 UserInfo Response should include 
                   Result : Namespace will not be included in response

                   #148: Standard - Request File URL must be unique 
for every unique content
                   This issues relates to RP using an request file for per user 
authorization requests and OpenID Providers may cache them and
                   may not have the most current file.
                   Result : John to add text to explain issue, but not list 
specific solutions on how to prevent caching.

                   #151: Standard - - "resource owner" -> "the End-User" 
for consistency
                   Resource owner comes from OAuth and End-User comes from 
                   John says Resource Owner may theoretically be different from 
the End-User
                   Result : Add text to explain such a case

                  #161: Standard - 7.1/7.2/7.2.1 - Check ID: Simply refer to 
messages 3.4.1/3.4.2/3.4.3
                  #160: Standard - 6.1/6.2/6.2.1 - UserInfo - Simply refer to 
                  #159: Standard - 5.2.1. Simply refer to 3.2.2 and 3.2.3 of 
                  These 3 issues relate to the duplicating of text from the 
Messages spec in the Standard spec.
                  Result : John will leave as is until the final version and 
then do refactoring, rewriting
                  Johnny prefers that Messages is consistent and then other 
specs reference the appropriate sections

                  #167 Standard - 4.3.1 - "As described in How To Get An 
Authorization Code, Access Token, and ID Token...."
                  Result : John added some text in the issue notes regarding 
textual changes and is accepted by group.

                  John/Hideki/Johnny brought up the issue of format of ID Token 
and how to validate it and whether the Check ID Endpoint 

                  needs to be called by client
                  John will add some explanation text for ID Token validation 
and Check ID Endpoint is only required if client cannot process it.

                  John will go over rest of open issues
                  Johnny will add some more issues to the tracker

Summit Interop
                 Nov and Edmund working on implementation of discovery and 
                 Edmund will try to have implementation early next week.

                 Pam said they have implementation issues with returning ID 
Tokens in authorization response

                 Oct 17 pre-IIW Summit session can be registered at 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111006/04005d73/attachment.html>

More information about the Openid-specs-ab mailing list