[Openid-specs-ab] Spec call notes 14-Nov-11

Mike Jones Michael.Jones at microsoft.com
Tue Nov 15 00:08:47 UTC 2011


Spec call notes 14-Nov-11

Mike Jones
Nat Sakimura
Edmund Jay
John Bradley

Agenda:
               JOSE and IETF Update
               Editing Status
               Open Issues
               Implementer's Draft Next Steps
               Google/Verizon/ID DataWeb pilot announcement

JOSE and IETF Update:
               JOSE accepted JWS, JWE, JWK as working group documents
               Mike appointed by chairs as editor
               Chairs requested to shorten author list - Move some authors to Contributing Authors section
               Chairs requested terminology change:  Signature -> Integrity
                              There uses of HMAC to tell who sent it - not just integrity
               WG requested using short names for JWK since keys appear in ECDH ephemeral public keys

Editing Status:
               Mike did global edits, closed many issues
               Mike still has a small set of edits to perform
               Will do the spelling/grammar check before SVN checkin

Open Issues:
               #286: Discovery 3.4 - Simple Web Discovery endpoint unreachable fallback dangerous
                              John said that some IdPs may want to work without doing per-user discovery
                              John may file a tracking bug for this feature to consider post ID
                              Agreed to remove - Mike

               #284: Access Token needs to include an audience of the Resource Server (Normative)
                              John thinks that we may want to specify what an interoperable access token is
                              But not necessary at this time
                              John will send a note to the OAuth list about what an audience restriction does and does not do
                              Agreement that Access Token should contain an audience restriction - Mike

               #281: Obtaining claims without requiring additional round trips
                              Hold - Mike will continue trying to determine what mechanism is desired

               #232: Client sends a request to the Authorization Server (Editorial)
                              Nat will do within next day

               #133: Basic - 3.1. What is conversion? What benefit comes if it will be increased?
                              Mike will use language from Standard in Basic

               Mike will still file issues based upon Yaron Goland's comments

Implementer's Draft Next Steps:
               Take snapshot of updated draft-jones-json-web-* drafts
               Plan to announce Implementer's Drafts by Japan summit

Google/Verizon/ID DataWeb pilot announcement
               Verizon is at level 3 (but hasn't officially announced this yet)
               A lot of interest in OpenID Connect
               Not using the mechanism in Connect for Distributed Claims
               They may move to it once Connect is finished
               They have speced an OAuth-based protocol to register a remote resource with an authorization server
                              We should look at that
                              UMA-like but not exactly UMA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111115/08bc9c4d/attachment.html>


More information about the Openid-specs-ab mailing list