[Openid-specs-ab] Spec call notes 4-Jun-12

Mike Jones Michael.Jones at microsoft.com
Tue Jun 5 00:39:56 UTC 2012


Spec call notes 4-Jun-12

Nat Sakimura
Mike Jones
Edmund Jay
Pamela Dingle
John Bradley

Agenda:
                Open Issues
                Edits and Release
                OAuth
                JOSE
                Discovery

Open Issues:
                One new issue
                                #601: Standard - No way of doing IdP initiated login defined
                                                Agreed to do - assigned to John
                                                John will ask Brian Campbell for his input on how it should happen
                                                Probably do around the same time as Session Management
                Existing issues
                                #595 Discovery 2 - No means of discovery without web server for domain
                                                Agreed to proceed (despite it probably upsetting purists)

Edits and Release:
                Similar status as before - John plans to do self-issued checkins by next call
                Unfortunately, Basic is code flow and self-issued only supports the implicit flow

OAuth:
                We should allow any URI in client_id and probably any printable ASCII characters
                password should allow printable ASCII characters plus whitespace
                state, code, access_token, and refresh_token should probably be any printable ASCII characters plus whitespace

                We should review the comments on the Assertions specs

JOSE:
                Discussion about non-AEAD algorithms
                                We do need to think about how to accommodate new algorithms such as SHA-3 in the KDF
                Nat sent this reference to the (uncommon) AES 512 algorithm
                                http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6122835&contentType=Conference+Publications
                Discussion about compression of signed text
                                No one has replied to John's message thus far
                                John wrote that the more MTI features, the fewer people will build the spec

Discovery:
                No updates since last call
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120605/9ee4c4ed/attachment.html>


More information about the Openid-specs-ab mailing list