[Openid-specs-ab] Spec call notes 10-Sep-12

Mike Jones Michael.Jones at microsoft.com
Mon Sep 10 23:56:49 UTC 2012

Spec call notes 10-Sep-12

Mike Jones
John Bradley
Edmund Jay
Nat Sakimura

                Open Issues

Open Issues:
                #582 Messages - Overlay client request registration over the authentication request
                                Had been waiting for self-issued checkin
                                Capabilities this would give us:
                                                Ability to request encrypted ID token responses
                                                Inline JWK
                                WG members requested to think about this
                #621 Discovery 1.2 - "account URI" is remaining
                                Agreed. Assigned to Nat
                #625 Discovery 2.2.3 - "example.com:8080" has a scheme
                                The current definition is too loose
                                RFC 5322 includes comments, etc. in e-mail addresses, which is part of the looseness
                                RFC 3986 includes an e-mail syntax we could consider using
                                                Even though the meaning is somewhat different than the one used in that context
                #641 Registration - 2.1 add JavaScript origin URL for session management
                                Edmund discussed possibly using all the registered redirect URIs
                                John discussed why this may be hard, per a comment added to the bug
                                This issue appears to require more thought

                Nat has checked in his other edits other than those above and the Acknowledgements
                John has done some edits that he still needs to check in

                Mike said that he'd like to see a native application work with a self-issued OP
                Mike and John talked with Roland and Anders about interop infrastructure this morning
                                Roland plans to report on what they've done on the Thursday call

                Google has confirmed that they will host the WG meeting - thanks to Tim Bray!
                John will set up an eventbrite page once we have the logistics info
                                We'll use a name something like connect-wg-Oct-2012

                It looks like Lucy can get us space for a Connect meeting Sunday afternoon in Atlanta

                Mike talked with Yaron about the domain prefix idea
                                He wondered how much of a barrier creating the subdomain TLS certificate would create
                                Because we believe that wildcard certificates only go down one domain level
                WebFinger doesn't require HTTPS - this seems like a bug
                                Mike will send a note to the appsawg about this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120910/627b9268/attachment.html>

More information about the Openid-specs-ab mailing list