[Openid-specs-ab] Spec call notes 4-Mar-13

Mike Jones Michael.Jones at microsoft.com
Tue Mar 5 00:11:09 UTC 2013


Spec call notes 4-Mar-13

Mike Jones
Tony Nadalin
John Bradley
Nat Sakimura
Pamela Dingle
Edmund Jay

Agenda:
               Open Issues
               Example LoA Values
               "azp" Wording Correction
               ID Tokens from Refresh Tokens
               Native Client Application
               OpenID Meeting at IETF-86
               Implementer's Drafts

Open Issues:
               We went through the two remaining open issues
                              Decisions are now in place for all open issues

Example LoA Values
               The example LOA values we're using such as "2" are prohibited by http://tools.ietf.org/html/rfc6711
               The registry http://www.iana.org/assignments/loa-profiles/loa-profiles.xml is currently empty
               John suggested that we use these URNs in our examples instead:
                              urn:mace:incommon:iap:bronze
                              urn:mace:incommon:iap:silver

"azp" Wording Correction:
               Correct:
                              This Claim is only needed when the Authorized Party is different than the Client that requested the ID Token.
               To:
                              This Claim is only needed when the party requesting the token is different than the audience of the ID Token.
               We can say that "azp" MAY be returned even when the party requesting the token is the audience of the ID token

ID Tokens from Refresh Tokens:
               We will add text clarifying the properties that ID Tokens issued from Refresh Tokens must have
               The auth_time MUST be the original auth_time
               iat must be the time when the new token was issued
               exp is up to the issuer
               azp should not change
               nonce won't be present, because there's no nonce parameter to the Token Endpoint
               acr may change
               at_hash will change

Native Client Application:
               Pam has three days blocked off this week to work on the application
               She expects to release it this week

OpenID Meeting at IETF-86:
               We advertised this at openid-ietf-86.eventbrite.com
               We are meeting at 1:00 on Sunday

Implementer's Drafts:
               Mike should have candidate Implementer's Drafts out today
               We will make a go/no-go decision on the Implementer's Drafts at the meeting on Sunday
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130305/c40c5d59/attachment-0001.html>


More information about the Openid-specs-ab mailing list