[Openid-specs-ab] OpenID Meeting at IETF 86 - 10-Mar-13

Mike Jones Michael.Jones at microsoft.com
Mon Mar 11 14:29:02 UTC 2013


OpenID Meeting at IETF 86 - 10-Mar-13

Attendees:
               Mike Jones
               Tatsuya Hayashi
               Boku Kihara
               Uwe Rauschenbach
               Christine Runnegar
               Robin Wilton
               Karen O'Donoghue
               Salvatore Loreto
               Derek Atkins
               Wolfgang Beck
               Stina Ehrensvard
               Lucy Lynch
               Leif Johansson
               Roland Hedberg
               John Bradley
               Nat Sakimura
               Stephen Farrell
               Jim Schaad

See the attached deck "OpenID Meeting.pptx" for the meeting agenda

Implementer's Drafts
               We discussed our progress towards Implementer's Drafts
               Release candidates were published this week
               It probably makes sense to wait until the end of IETF to publish Implementer's Drafts
                              because some changes may occur in JOSE, etc.

OAuth Security Discussion
               We discussed recent OAuth security breaches and how they relate to OpenID Connect
               John described how the breaches are the result of bad implementations not following normal security practices
               We described ways in which OpenID Connect places additional requirements for security purposes beyond OAuth

Interoperability Discussion
               We discussed how the OpenID Connect interop testing is testing both Connect and an OAuth profile
                              There are presently 16 implementations participating
                              See http://osis.idcommons.net/
               We plan to start a new round of interop testing once the Implementer's Drafts are published
               Roland Hedberg described his test tools that are funded by GÉANT and how they're used

Compliance Testing
               We discussed the possibility of doing OpenID Connect certification once the Connect specs are final
               Informal discussions have occurred between several parties about this possibility
               The OpenID Board discussed this possibility at its board meeting at RSA

Using OpenID Connect for unmodified non-Web clients
               Nat Sakimura described work being done by NRI on using OpenID Connect for unmodified clients such as IMAP
                              The access token is used as the password value
               We talked about the relationship of this work to GSSAPI
               See the attached deck "Using OpenID Connect on Non-Web environment.pptx"

RS-AS Communication
               Nat gave a presentation on Resource Server / Authorization Server communication
               See the attached deck RS-AS-Communication.pptx

UserInfo Claims
               We discussed people's requests for several additions to the standard set of claims
                              Separate display and machine-usable phone number representations, per issue #800
                              Mobile phone number
                              Verified phone number
                              Country Code
               We also discussed the semantics of email_verified, per issue #797
               Nat discussed legal requirements for a verified phone number in some jurisdictions
                              People were against inventing full-blown Connect-specific schemas for phone numbers
                              We tentatively decided to add phone_number_verified, per issue #806
                                             Nat will investigate whether this meets the legal needs in Japan

Meeting in Berlin
               We agreed that it would be useful to have another meeting like this one in Berlin
               Lucy will put in a meeting request for us

Links:
               Released OpenID Connect specs:
                              http://openid.net/connect
               Working Drafts of OpenID Connect specs:
                              http://openid.bitbucket.org/
               OpenID Connect open issues:
                              https://bitbucket.org/openid/connect/issues?status=new&status=open&sort=-id
               OpenID Connect Interop (on the OSIS site)
                              http://osis.idcommons.net/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130311/6bfd55e1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Meeting.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 49004 bytes
Desc: OpenID Meeting.pptx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130311/6bfd55e1/attachment-0003.pptx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Using OpenID Connect on Non-Web environment.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 191879 bytes
Desc: Using OpenID Connect on Non-Web environment.pptx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130311/6bfd55e1/attachment-0004.pptx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RS-AS-Communication.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 186364 bytes
Desc: RS-AS-Communication.pptx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130311/6bfd55e1/attachment-0005.pptx>


More information about the Openid-specs-ab mailing list