[Openid-specs-ab] Spec call notes 19-Mar-12

Nat Sakimura sakimura at gmail.com
Wed Mar 21 20:53:29 UTC 2012


On Wed, Mar 21, 2012 at 4:58 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  Spec call notes 19-Mar-12****
>
> ** **
>
> Pamela Dingle****
>
> Brian Campbell****
>
> Paul Madsen****
>
> Nat Sakimura****
>
> John Bradley****
>
> George Fletcher****
>
> Edmund Jay****
>
> Mike Jones****
>
> ** **
>
> Agenda:****
>
>                 New Ping spec sent by Paul Madsen to OAuth list****
>
>                 OAuth Rechartering Issues****
>
>                 Open Issues****
>
>                 Editing****
>
>                 Paris week meetings****
>
>                 Interop****
>
> ** **
>
> New Ping spec sent by Paul Madsen to OAuth list:****
>
>                 ping-oauth-verification-01.txt sent in Paul Madsen's March
> 15 3:35am (PDT) note to the OAuth list****
>
>                                 Authorization Server to Resource Server
> communication****
>
>                 Ping has validation endpoint in Ping Federate****
>
>                                 Resource Server can send token to issuing
> Authorization Server****
>
>                                 Get back scopes****
>
>                                 Relevant attributes to be returned back to
> Resource Server****
>
>                                 Architected validation as a grant type****
>
>                                                 An extension to the token
> endpoint - not a protected resource****
>
>                                 Ping proprietary, but hoped that would
> eventually be standardized****
>
>                 Paul Madsen sent spec draft to OAuth list to describe what
> is done in Ping Federate product****
>
>                 Paul sent spec to indicate Ping's interest in an eventual
> standard****
>
>                                 They recognize that any eventual standard
> will have differences****
>
>                 Intended to fill in gaps in the OAuth specs needed for
> their deployments****
>
>                 George Fletcher's YATVE (Yet Another Token Validation
> endpoint) has similar properties
>

YATVE uses different token validation endpoint, which is an OAuth bearer
protected resource, than overloading the token endpoint. The response is
just uid for the performance optimization reason.


> ****
>
> ** **
>
>                 Brian is turning his attention to OpenID Connect****
>
>                                 Will be at Sunday meeting****
>
>                                 Will be in London****
>
>                                 Travis Spencer doing SCIM work and will be
> at the IETF meetings****
>
> ** **
>
>                 We agree that SWD and this are more important than Use
> Cases and the Dynamic Registration proposal****
>
> ** **
>
> OAuth Rechartering Issues:****
>
>                 SWD should replace use cases (normative taking precedence
> over non-normative)****
>
>                 Proposed Dynamic client registration spec not enough like
> Connect Registration spec****
>
>                                 Taking a dependence in Connect would
> randomize the completion schedule****
>
> ** **
>
> Open Issues:****
>
>                 Same open issues as at the end of Thursday's call****
>
>                 We have 39 issues on hold****
>
>                                 We should review these on Thursday as our
> primary agenda items****
>
> ** **
>
> Editing:****
>
>                 John and Nat have had to spend time working on a US
> government OAuth profile****
>
>                                 ICANN - with extensions for SSO
>

I am not involved in it.
I think it is ICAM, not ICANN.


> ****
>
>                 John plans to finish his Connect edits by Thursday (before
> boarding a plane to Paris)****
>
> ** **
>
> Paris Week Meetings:****
>
>                 Sunday OpenID Session****
>
>                 Tuesday Internet Society****
>
>                 Tuesday JOSE****
>
>                 Wednesday London OpenID Meeting****
>
>                 Thursday W3C****
>
>                 Thursday OAuth****
>
> ** **
>
> Interop:****
>
>                 More interop results keep coming in****
>
>                 Nat persuaded NRI to participate****
>
>                 Roland will be in Paris, but not on Sunday****
>
>                 In Paris, we will analyze the interop results****
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120322/0f7f84b6/attachment.html>


More information about the Openid-specs-ab mailing list