[Openid-specs-ab] Spec call notes 2-Jul-12

Mike Jones Michael.Jones at microsoft.com
Tue Jul 3 00:29:17 UTC 2012


Spec call notes 2-Jul-12

Nat Sakimura
John Bradley
Edmund Jay
Mike Jones

Agenda:
                Editing
                Open Issues
                WebFinger and acct: scheme
                OC4 Interop
                JOSE
                OAuth
                Next Call

Editing:
                John continues to work on the self-issued text - issue #566
                                We really want to test this in the OC4 interop

Open Issues:
                #606 Messages - 2.1.1. ID Token - acr missing the type
                                In SAML, you request a set and get back a singleton. We will do the same.
                #607 Messages - Decoded ID Token example needed
                                These examples are in Implicit and Basic. They should also be added to Messages.
                #608 Messages - Request ID Token and Response ID Token
                                We will move the ID Token definition to earlier in the spec
                                                Hopefully this might make the section hierarchy less deep as well
                                We also discussed Blaine's request to authenticate a user with a specific identifier
                                                This would likely be the identifier that discovery was done on
                                                We're not currently passing this to the IdP
                                                This is a different issue than #608.  We need a new bug and a proposal - Nat will do
                                                One idea was to add a "value": qualifier to the e-mail request, but this isn't an actual semantic match
                                                                Nat will check that the "value": language is general-purpose
                #609 Messages - 2.1.1. Add explanation that ID Token may include other claims
                                Nat will look at this as he moves the ID Token definition for #608
                #610 Messages - 2.1.2 Authorization Request - id_token error condition needed
                                Nat will try to come up with a more concrete proposal
                #611 Incompatible values for auth_time in id_token claims of request object
                                John will fix this to make the claim required
                #612 Messages - 4.1 request_object_algs_supported inconsistent with require_signed_request_object
                                Messages 4.1 request_object_algs_supported change HS256 to RS256
                #613 Registration - 2.1 clarification needed for optional parameters during client_update operation
                                We decided the operation should be atomic, with no carry-over from previous values
                #614 Discovery - 3.2 Distinguishing between signature and integrity parameters for HMAC algorithms
                                For Registration, this is unambiguous, with all these parameters:
                                                id_token_signed_response_alg
                                                id_token_encrypted_response_alg
                                                id_token_encrypted_response_enc
                                                id_token_encrypted_response_int
                                                userinfo_signed_response_alg
                                                userinfo_encrypted_response_alg
                                                userinfo_encrypted_response_enc
                                                userinfo_encrypted_response_int
                                In Discovery, this is ambiguous, with only these parameters:
                                                id_token_algs_supported
                                                userinfo_algs_supported
                                We will watch decisions in JOSE and then consider whether to make changes

WebFinger and acct: scheme:
                Peter St. Andre submitted a standalone acct: draft
                                It looks like it may become a WG document

OC4 Interop:
                Testing is under way.  Additional participants are expected.

JOSE:
                Mike is about to published updated JOSE specs

OAuth:
                John's additional security considerations text is being discussed and nearly done
                Eran has resigned as editor for the Core spec and wants his name off of it
                                Dick Hardt agreed to be editor to finish the job
                A new OAuth Assertions draft with non-trivial changes was published today
                                People are encouraged to review the changes

Next Call:
                We will have the call on July 5th at 7am Pacific

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120703/761e53b1/attachment-0001.html>


More information about the Openid-specs-ab mailing list