[Openid-specs-ab] Spec call notes 14-Oct-13

Mike Jones Michael.Jones at microsoft.com
Tue Oct 15 00:13:46 UTC 2013


Spec call notes 14-Oct-13

John Bradley
Mike Jones
Edmund Jay
Pamela Dingle
Nat Sakimura

Agenda:
                Document Restructuring and Review
                Multiple Response Types
                Open Issues
                Basic and Implicit
                Hosting self-issued.me

Document Restructuring and Review:
                Mike will create a Word version of the Core spec with tracked changes in
                People are requested to mark it up with specific proposed changes this week
                We have basically a week and a half to publish if we want to finish in this calendar year

Multiple Response Types:
                Mike asked why responses SHOULD be fragment encoded, rather than MUST be fragment encoded
                                John said that the SHOULDs are to leave the door open for using PostMessage - not to allow query encoding
                Referrer includes query parameters, and so query parameter encoded content will leak to third parties
                The only thing that may be query encoded is "code", when using a confidential client
                                That's OK because the Code is not useful to a third party that doesn't have the Client Secret
                Mike will file a bug about this
                                We will prohibit query encoding

Open Issues:
                There were no new issues
                Mike has applied changes for all issues, other than session management issues
                We still need to review the issues that are on hold

Basic and Implicit:
                A lot of features were redacted to make Basic and Implicit
                                For instance, Encryption, individual Claims, Request Object
                                Basic and Implicit are still pretty useful and should be retained
                Do we call them profiles, as we currently do, or do we call them Implementer's Guides?
                                People preferred Implementer's Guides
                We won't take them final at the same time as the other specs

Hosting self-issued.me:
                John will get a certificate
                Pam will create a VM
                Edmund will work with John and Pam on the server pages
                Some of this may happen at IIW

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131015/66129562/attachment.html>


More information about the Openid-specs-ab mailing list