[Openid-specs-ab] FW: OpenID Meeting at IETF 88 3-Nov-13
Michael.Jones at microsoft.com
Sun Nov 3 23:19:28 UTC 2013
From: Mike Jones
Sent: Sunday, November 03, 2013 2:58 PM
To: Nat Sakimura (sakimura at gmail.com); John Bradley; Brian Campbell; Lucy Lynch; Karen O'Donoghue; Justin P. Richer; Christine Runnegar; Joni Brennan; Prateek Mishra; Torsten Lodderstedt; Roland Hedberg; Dave Crocker; Melinda Shore; Derek Atkins (DAtkins at mocana.com); Dan Siemon; Anthony Nadalin
Subject: OpenID Meeting at IETF 88 3-Nov-13
OpenID Meeting at IETF 88 3-Nov-13
Discussed status of OpenID Connect documents
Which are going to final, versus implementer's drafts and guides
Discussion of Core 14.5.1 (Pre-Final IETF Specifications)
Torsten asked whether to move parts of this to Discovery, etc.
We decided to refactor this section by normative dependencies
Dave Crocker: We should say why this choice is being made
Dave suggested possibility of publishing informational docs
If significant changes are made
#894 - Core 126.96.36.199. Redirect URI Fragment Handling
We will change the "MUST" to "needs to"
#897 - Authentication introduction
We agreed to incorporate text similar to what Nat proposed
The issuer returned from WebFinger MUST be equal to the "issuer" metadata field
"OpenID Provider discovery is OPTIONAL" ->
"OpenID Provider issuer discovery is OPTIONAL"
We discussed requesting "acr" as an essential claim
The privacy reasons for not returning failed responses in some cases
We decided that we were better off leaving this (optional) capability in
Authentication Request versus Authentication Request
The change from Authentication Request to Authentication Request is in the bitbucket version
People are requested to review all uses of these terms
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab