[Openid-specs-ab] Spec call notes 25-Jul-13

Mike Jones Michael.Jones at microsoft.com
Thu Jul 25 15:03:30 UTC 2013


Spec call notes 25-Jul-13

Mike Jones
Brian Campbell
John Bradley
Edmund Jay

Agenda:
               Implementer's Draft Vote
               Open Issues
               JOSE issues about JWKs
               OpenID Meeting at IETF
               Nat's blog post

Implementer's Draft Vote:
               We currently have 20 votes out of the 48 needed
               We may have to send individual reminders to some people

Open Issues:
               #863 - Stateless Registration Discovery/Messages
                              John will add a comment about the alternative method for doing this
                                             By returning registration state encoded in client_id value
               #864 - Native Client code leakage
                              The effect upon native apps would be that they would use the nonce as the HTTP basic password
                                             Google is already doing this for their native apps
                              Brian would prefer that this be an OAuth level solution, rather than at the Connect level
                                             Or this could be sent as a different parameter, rather than as the password
                              John will add a comment describing Brian's concern about mixing the layers
               John will file a bug on the possibility of clients using the Code flow registering for "alg":"none"

JOSE issues about JWKs:
               #30: Align key usages with WebCrypto
                              Would make usage multi-valued
                              It's not clear what practical value this actually provides
                              Typically use is there to restrict usage to a single usage - not to support multiple uses
                              Multiple uses seems like a bad idea
               #31: Add extractability field for JWK
                              It's not clear what the intended semantics are

OpenID Meeting at IETF:
               People should register at http://openid-ietf-87.eventbrite.com/
               We have 13 people registered currently

Nat's blog post:
               People are encouraged to review Nat's post for accuracy
               http://nat.sakimura.org/2013/07/25/write-openid-connect-server-in-three-simple-steps/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130725/45a4896d/attachment.html>


More information about the Openid-specs-ab mailing list