[Openid-specs-ab] Spec call notes 1-Aug-13

Mike Jones Michael.Jones at microsoft.com
Fri Aug 2 21:54:01 UTC 2013


Spec call notes 1-Aug-13

Nat Sakimura
Brian Campbell
Mike Jones
Edmund Jay
John Bradley

Agenda:
               New examples in JWT and JOSE specs
               Open Issues
               Topics raised at OpenID meeting at IETF
               Nat's experiment
               Next steps for the specs

New examples in JWT and JOSE specs
               Mike added nested JWT and key agreement examples in the latest JWT and JOSE specs
               He asked Edmund, Brian, and others to please verify the examples

Open Issues:
               #863 - Stateless Registration Discovery/Messages
                              John will still needs to a comment about the alternative method for doing this
                                             By returning registration state encoded in client_id value
               #864 - Native Client code leakage
                              The effect upon native apps would be that they would use the nonce as the HTTP basic password
                                             Google is already doing this for their native apps
                              Brian would prefer that this be an OAuth level solution, rather than at the Connect level
                                             Or this could be sent as a different parameter, rather than as the password
                              John still needs to add a comment describing Brian's concern about mixing the layers
               John still needs to file a bug on the possibility of clients using the Code flow registering for "alg":"none"

Topics raised at OpenID meeting at IETF:
               MTI Discussion
                              Torsten had asked for the implicit flow not to be required in the closed case
                                             We've agreed to this change
                                             Mike will file a bug
                                             John asked if we should also allow just the implicit flow in the closed case
                                                            We agreed to allow this as well
                              Torsten asked us to put the response_types in the section 8 MTI list
                                             We will do that - this is an editorial change - not a spec change

Possible next steps for the specs:
               Possibly reorganize the specs
               Nat did an experiment merging Messages and Standard
               We could decompose Messages and Standard into feature groups:
                              Core
                              Individual Claims
                              Distributed & Aggregated Claims
                              UserInfo
                              Self-Issued
                              JSON-Based Requests
                              (Some of those could be combined)
                              (Or we could just combine Messages and Standard)
               We could make the uses of the definitions links
               Give each claim definition its own section heading
               Possibly give each definition its own section heading
                              Then link from the first use of each term in a section to its definition

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130802/905bcfb0/attachment.html>


More information about the Openid-specs-ab mailing list