[Openid-specs-ab] Spec call notes 14-Mar-13

Mike Jones Michael.Jones at microsoft.com
Thu Mar 14 16:05:04 UTC 2013


Spec call notes 14-Mar-13

John Bradley
Mike Jones
Brian Campbell
Nat Sakimura
Justin Richer
George Fletcher
Edmund Jay

Agenda:
               OAuth Registration
               Implementer's Drafts
               Open Issues

OAuth Registration
               Justin should have a review draft later today that syncs with Connect Registration
                              It just needs to have response_types added
               We discussed adding claims with language tags for OAuth registration
                              We would apply language tags to human-readable claims and pointers to human-readable resources
                              All localized versions are optional and non-localized claims are required
               Mike will propose a registration_locale as a registration parameter
                              that says what language/script is used in untagged registration parameters

               People should also read the resolution to #802, which specifies language tag responsibilities:
                              https://bitbucket.org/openid/connect/issue/802/messages-252-clarify-responsibilities-when

JOSE Status:
               There's a possibility of an interim meeting and regular calls
               Joe Hildebrand will send a note to David McGrew asking to separate his algorithm description from the AEAD representation description
               We may want to move the CBC+HMAC algorithms to align with McGrew, as we might get less push-back
                              We should investigate what exactly that would entail
               We discussed that the representation of the PKIX key type could change

Implementer's Drafts:
               We will publish implementer's drafts as soon as we close the current set of issues
               But after Mike has applied the must-understand changes to the JOSE specs

Open Issues:
               #809 - Common UserInfo "verified_claims" claim?
                              Those on the call decided that this is more general than we want to define in the base claim set
                              Whereas, a trust framework extension could do something like this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130314/f2f73a00/attachment-0001.html>


More information about the Openid-specs-ab mailing list