[Openid-specs-ab] Conformance test features grouped by category

Mike Jones Michael.Jones at microsoft.com
Mon Nov 10 23:33:31 UTC 2014


The attached conformance criteria spreadsheets have been updated to address the issues discussed below.

                                                            -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Sunday, November 09, 2014 9:46 AM
To: Torsten Lodderstedt; Dominick Baier; roland.hedberg at umu.se
Cc: openid-specs-ab at lists.openid.net; Don Thibeau
Subject: Re: [Openid-specs-ab] Conformance test features grouped by category

Thanks for reviewing the conformance criteria, Torsten.

The requirement to include a "kid" for key rotation purposes normative when the ID Token is signed.  However, I agree with you that the requirement to include the "kid" is dependent upon whether the OP is only using the code and flow and "alg": "none".  If so, no "kid" is required.

I'll plan to update the conformance criteria accordingly.

                                                            -- Mike

From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net]
Sent: Sunday, November 09, 2014 6:58 AM
To: Dominick Baier; Mike Jones; roland.hedberg at umu.se<mailto:roland.hedberg at umu.se>
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; Don Thibeau
Subject: Re: [Openid-specs-ab] Conformance test features grouped by category

true, but that's "just" an implementation advice (in my opinion)
Am 09.11.2014 17:29, schrieb Dominick Baier:
10.1.1 of the OIDC spec mentions kid as a means to rotate signing keys.

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Torsten Lodderstedt
Sent: Sonntag, 9. November 2014 14:07
To: Mike Jones; roland.hedberg at umu.se<mailto:roland.hedberg at umu.se>
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; Don Thibeau
Subject: Re: [Openid-specs-ab] Conformance test features grouped by category

Hi Mike,

I just took a quick onto the criteria for the basic conformance profile. It looks good from my perspective.

I think "ID Token has kid claim" should be "y unless only uses none" as this claim is apparently not needed for "none".

This criterion also raised a question: Making existence of "kid" a conformance criterion means making it a mandatory to implement feature. Is the kid header parameter mandatory in JWS, JWT, or OpenID Connect? I didn't find any text about that. I'm not against this criterion, but probably text in one of the before mentioned specs should probably be enhanced a bit.

kind regards,
Torsten.
Am 06.11.2014 18:11, schrieb Mike Jones:
The attached version contains updates resulting from the discussion on today's call.

                                                            -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Tuesday, November 04, 2014 11:39 PM
To: roland.hedberg at umu.se<mailto:roland.hedberg at umu.se>
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; Don Thibeau
Subject: [Openid-specs-ab] Conformance test features grouped by category

Hi Roland and working group,

Please review the conformance test features, which are now grouped into logical categories.  Particular, if you think we're missing features that should be tested, please let us know what they are.

Note that there are both OP and RP tabs in the spreadsheet.

                                                            Thanks all,
                                                            -- Mike





_______________________________________________

Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-ab


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20141110/7004267d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Connect Conformance Features.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 45370 bytes
Desc: OpenID Connect Conformance Features.xlsx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20141110/7004267d/attachment-0001.xlsx>


More information about the Openid-specs-ab mailing list