[Openid-specs-ab] Spec Call note 03-Oct-2013
ejay at mgi1.com
Thu Oct 3 18:57:50 UTC 2013
Spec Call notes 03-Oct-2013
Mike was absent from call so it was not discussed.
#882: All - JWT and JOSE specification versions
#881: Discovery 1 - Relationship to OAuth Dynamic Registration
The above 2 issues are editorial changes
#879: Messages 6.1 - The OpenID Foundation may consider hosting a site https://self-issued.me/
#880: Messages 6.2 - The OpenID Foundation may consider hosting the endpoint https://self-issued.me/registration/1.0/
Nat and Justin suggests using https://self-issued.openid.net/ rather than a domain in another country.
#878: Messages 18.104.22.168 Define "negative response" for id_token_hint
Summary from coversations in the mailing list :
When prompt=none is requested and the user is not logged in, the error response will be login_required
When prompt=none is requested and there is no id_token_hint, Breno suggests trying to satisfy the request
if there is a signed-in user who has approved the application previously
#876: Google "iss" value missing https://
Needs further discussion
#877: Messages 2.1.3 Description of interaction_required, login_required, session_selection_required and consent_required conflicts with prompt none specification
It is agreed that language will be changed to MUST NOT to keep consistency
Needs more interop work
Edmund has session management RP working with Microsoft OP
Currently seeking Google's session management endpoints (please respond if anyone knows)
The Session Management spec is not as mature as the other specs and also subject to cookie and local storage policies.
Will need to explore the possibility of going forward without Session Management
Edmund will suggest text to clarify some points for current doc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab