[Openid-specs-ab] Spec call notes 26-Feb-15

Mike Jones Michael.Jones at microsoft.com
Thu Feb 26 16:00:49 UTC 2015


Spec call notes 26-Feb-15

Justin Richer
Brian Campbell
Mike Jones
John Bradley
Pamela Dingle
Edmund Jay
Nat Sakimura
George Fletcher

Agenda
               Form Post Response Mode
               Certification
               Logout
               OpenID Workshop on April 6

Form Post Response Mode
               We talked about the no-store wording
               Nat and Brian suggested using more generic wording in the normative text and concrete wording in the example
               Mike would prefer that we not include the kitchen sink in the example because it makes it look like we don't know what we're doing
                              John countered that caches are all over the map in practice, and may respond to different directives
               Nat will talk to Lef (Tatsuya Hayashi) about the right constructs to use

Certification
               Roland fixed the bug in the OP configuration tool at https://op.certification.openid.net:60000/
               Brian with guinea pig it today
               After that, others should be able to proceed with it

               Roland should be able to put up the RP tests on rp.certification.openid.net now

               Don will work on a first draft of the press release with Symantec on Friday and with Jeff Fishburn on Monday

               No review comments have come in yet for the certification pages at http://openid.net/certification/
                              Edmund volunteered to look at them

               Edmund has moved to op.certification.openid.net and it seems to be working fine

Logout
               It seems like people are talking past one another to some degree on the list
                              Brian believes that back channel issues may be polluting the front channel discussions
               Nat suggested that Mike try to have a phone conversation with Torsten
               John said that we should have a common identifier for sessions on the front or back channel
               John and Brian said that we don't need any signed tokens in the front channel
               John also said that adding an issuer likely only adds complexity
                              The numbers of logged in sessions will be small and collisions will almost never occur
                              Even when collisions occur the result would just be extra logouts
                              To prevent cross site request forgery, the session ID needs to contain some entropy
                              This would effectively prevent collisions as well

OpenID Workshop on April 6
               https://openid-mar-2015.eventbrite.com
               George circulated a draft agenda
                              He asked whether we have the right amounts of time for each slot
               We asked whether to start at 10:00 and finish at 5:15
                              George said that people flying in that morning might miss the start even at 10:30
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150226/848ab2ea/attachment-0001.html>


More information about the Openid-specs-ab mailing list