[Openid-specs-ab] Spec call notes 05-Jul-12

Edmund Jay ejay at mgi1.com
Thu Jul 5 16:00:47 UTC 2012


Spec call notes 05-Jul-12

Nat Sakimura
John Bradley
Justin Richer
Edmund Jay
George Fletcher



Agenda
    - Editing    - Issues

    - Interop



Editing
    John is working on self-issued edits and hope to be done soon.
    Nat has checked in session management specs and requests feedback. Planning 
for an ad-hoc meeting at CIS in Vail next week.
    John has sent a comment to the list regarding sending an alias in the 
authorization request for working with Account Chooser.
    The alias is a string that is opaque to the RP and is used as a hint to the 
IdP on who to authenticate. The resulting identity may not 
    be the same as the hint and must not be binded to it either.


Issues
    #614 : Discovery 3.2 Distinguishing between signature and integrity 
parameters for HMAC algorithms
            This was decided at the last call to put on hold pending JOSE 
outcome.

    #615 : nonce still in Basic
            The nonce is informative so it may remain. Assigned to John

    #616 : nonce should be required in implicit client profile
            Nonce will be changed to required in implicit profile spec. 
 Assigned to John.

    #539 : Messages - add scope for offline access
           George has updated the issue with some text regarding processing 
rules for Authorization Servers for offline access.
           He has decided to use a scope value for offline access so that 
generic OAuth Servers can use it for offline access also.
           A refresh token should be returned from offline access request or new 
scope values to indicate which scopes were granted.
          The proposal is not specific to any implementation so that 
Google/AOL/others can have their own offline access modes.
          George has sent proposal to Breno and the list for feedback.


Interop
    George is planning on participating in the Interop but is unsure of 
interoperability status
    John obtained domain for Brian to use and will help setup the domain.
    Edmund's implementation still has some minor issues which will be solved 
soon.

    May need different MTIs for public and private IdPs.
    Justin prefers a MTI centered around Basic client profile .
    MTI text should be in Messages and Standard.

JOSE
    Mike is planning on releasing a new version today.

OAuth
    New version will be out sometimes this week.

Webfinger
    It looks like this will become a WG item. Need to look at how to profile 
Webfinger for use with OpenID Connect.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120705/09b5e0e0/attachment-0001.html>


More information about the Openid-specs-ab mailing list