[Openid-specs-ab] Spec call notes 07-Jan-13
ejay at mgi1.com
Tue Jan 8 00:33:34 UTC 2013
Spec call notes 07-Jan-13
- Editing Status
Justin has checked in changes for Registration spec to keep it aligned with
IETF OAuth2 Dynamic Registration. John will review.
Mike will apply Session Management changes as agreed upon at the last IIW
meeting within the next day or so for review.
Mike will also write the Mandatory To Implement language for servers.
John and Brian has discussed the problems regarding the x5u parameter and
multiple X509 certificates.
There is no way to provider certificate rollovers.
It might be possible if the specs allow multiple x5u's with a key id (kid),
but current specs only allow one.
Another solution is to somehow detect key changes via key id (kid). Key id
must be unique for each key and provide guidance for kid format.
Mike may bring up issue in the JOSE working group.
JWK allows multiple keys so this is not a problem if using jku.
John will file 2 new bugs :
a) How to deal with key rollovers
b) How to deal with multiple keys with x5u
John will try and finish issues #684, 657, 637, 620, 521 for implementer's
619 and 601 are done and needs review.
648 will be put on low priority.
605 reassigned to Mike.
And Security Considerations for the discovery's ETA is still unknown.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab