[Openid-specs-ab] Spec call notes 9-Jan-12

Mike Jones Michael.Jones at microsoft.com
Tue Jan 10 00:14:31 UTC 2012

Spec call notes 9-Jan-12

Mike Jones
George Fletcher
Nat Sakimura
Edmund Jay
John Bradley
Breno de Medeiros
Naveen Agarwal
Tony Nadalin

                Open Issues
                Session Management Spec Update
                OpenID 2.0 Migration Recommendations
                Spec Review Feedback Received
                Updating the openid.net/connect page
                Updates on Other Work Needed

Open Issues:
                For #502-504, we need more details on the change(s) that Hideki is proposing - John will follow up
                We assigned #505 to John for him to propose new language

Session Management Spec Update
                Breno said that what Google needs for logout/session is reasonably complex
                The user experience is important so people aren't logged out by mistake
                                They want a user confirmation step
                                Requires a level of indirection
                Google wants to give users the option to sign into another account at logout time
                                So it's "switch account" - not "logout" - at that point
                                One of the possible outcomes is "logout"
                                The user may not be logged out at the end
                Google wants RPs to quickly detect logout/account switch at the IdP and adapt
                Google is working towards those two targets
                Google thinks that IdPs want to promote users being signed in
                                They think that IdPs are not as interested in logout as session synchronization
                Breno and Naveen think they understand what it will take to do this
                They think that February 6th would be a difficult target to hit
                                But Breno is willing to start outlining what should be in the spec
                                Naveen thinks that they can give a demo late this week or early next week
                                Then Breno can describe how it works
                                They will work with the working group then on turning it into a real spec

                Breno also raised the old issue of whether the ID Token should include a hash of the Access Token
                                This isn't in the current spec since we never received a write-up of it
                                They are using the same algorithm for hashing the ID Token as for signing the ID Token

                Naveen will schedule a demo for next Monday's call

OpenID 2.0 Migration Recommendations
                Google has been having discussions about it and has ideas they think would work
                They would issue both identifiers
                                Returning the OpenID 2.0 identifier from the UserInfo endpoint
                John pointed out that OpenID 2.0 delegation may add complications

Spec Review Feedback Received:
                Breno plans to review the present specs during the present review period
                Mike gave the WG a heads-up that Yaron sent several pages of feedback
                In particular, Yaron believes that Issuers must be able to include a path
                                Mike will come back to discuss this once he has a specific proposal

                John spoke with Don about an interop event at RSA
                                Don will communicate to the board that we want to do that
                                We need to find a sponsor that can provide space
                John also gave the other list of proposed events to Don

We ran out of time to discuss:
                Updating the openid.net/connect page
                Updates on Other Work Needed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120110/9f70f165/attachment.html>

More information about the Openid-specs-ab mailing list