[Openid-specs-ab] July 15 Call Note (draft)

Nat Sakimura sakimura at gmail.com
Tue Jul 16 00:43:26 UTC 2013


==================================
OpenID AB/Connect WG Meeting Note
==================================
Date: 2013-07-15
Time: 16:00 - 17:40PDT

Attendee: John B, Edmund, Nat, Mike (16:36-)

Feature Requests
=================
1) Javascript client check id immediate without page change
 - CORS or postMessage to server frame
   - Google way: https://code.google.com/p/oauth2-postmessage-profile/
     - register javascript origine or redirect_uri
   - see:
http://www.riskcompletefailure.com/2013/03/postmessage-oauth-20.html
 => Mike will talk to Vittorio

2) JWKS not having expiry date
 - Brought up by Vittorio
 - for http, can use http dates
 - for others there may not any way

3) iOS Native Public Client indeterministic
 - send one time client secret in the auth request
 - send the secret with code
 => OAuth profile perhaps

4) Unregistered/stateless client
 - Dynamic stateless client registration that encodes client secret in the
client_id
 - OR use similar thing as in self-issued
 => File tasks. Good practice guide on stateless regsitration.
  => John

Voting
========
- Announcement draft to be reviewed next Monday
- Double check the OpenID Porcess to do it right
  -
http://openid.net/wordpress-content/uploads/2010/01/OpenID_Process_Document_December_2009_Final_Approved.pdf

Berlin IETF Meeting
================
- John will make eventbright
- Agenda for JOSE and OAuth
- JOSE Tue Afternoon - 2 hours
  - Probably concentrate on issues resolutions
    - issue resolution proposal to get to WGLC
- OAuth
  - Should deal with Dynamic Regsitration and Assertion Draft



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130715/f99c8936/attachment.html>


More information about the Openid-specs-ab mailing list