[Openid-specs-ab] Spec call notes 19-Mar-15

Mike Jones Michael.Jones at microsoft.com
Thu Mar 19 15:18:11 UTC 2015


Spec call notes 19-Mar-15

John Bradley
Mike Jones
Nat Sakimura
Brian Campbell
Edmund Jay
Justin Richer
George Fletcher

Agenda
               Certification
               Next Call

Certification
               #107: missing intermediate page on "Request with redirect_uri with query component [Dynamic] (OP-redirect_uri-Query)"?
                              There are already two tests - OP-redirect_uri-RegQuery and OP-redirect_uri-BadQuery
                              John filed new issue #110 in response to this discussion and tests he ran
                                             #110: Rejects redirect_uri when query parameter does not match [Dynamic] (OP-redirect_uri-BadQuery)

               Brian ran through the dynamic registration tests and found a number of problems
                              These seem less stable than the other tests
                              Mike suggested that we may want to wait a week to lock down Dynamic
                              Edmund, Brian, and Justin are testing Dynamic

               OP-OAuth-2nd-Revokes
                              This should result in a warning if the second use of the access token succeeds
                              Brian will add a comment to #109 about the problem he's seeing

               There are currently 19 open issues in the tracker
               Those requiring further investigation are:
                              Ian #33: Giving a login hint (OP-H-03) Test falls into indeterminate state with error on our side
                              Mike #59: ? shown for Providing claims_locales (OP-Req-claims_locales) when test generated WARNING
                              Mike #60: Test results in logs and on test page are often inconsistent
                              Mike #62: Keys in OP JWKs well formed (OP-Discovery-JWKs) doesn't fail malformed keys
                              Mike #71: Decoded ID Token header parameters not shown in log
                              Roshni #82: Configuration does not get modified when changing from dynamic to static discovery
                              Roshni/Brian #83: OP-OAuth-2nd Test Failure despite error value return
                              Roshni #84: Test Traces ONLY refer to last test run.
                              Justin #100: OP test server not including intermediate certificate.
                              Roland #101: https://bitbucket.org/openid/certification/issue/101/no-idea-what-happened-but-something-went
                              Brian #107: missing intermediate page on "Request with redirect_uri with query component [Dynamic] (OP-redirect_uri-Query)"?
                              Edmund #109: OP-OAuth-2nd-Revokes (Trying to use access code twice should result in revoking previous issued tokens) Test does not check for access token revocation.
                              John #110: Rejects redirect_uri when query parameter does not match [Dynamic] (OP-redirect_uri-BadQuery)
               Those not essential to certification are:
                              Mike #66: Confusing provider configuration instructions at https://op.certification.openid.net:60000/
                              Mike #67: Shown redirect_uri paths at https://op.certification.openid.net:60000/ appear to be wrong
                              Mike #68: The "Add" functionality at https://op.certification.openid.net:60000/ is confusing
                              Mike #70: Add OpenID favicon to test machines
                              Brian #102: "Which response type should be used?" does what?
                              Mike #103: Create Web page content at http://op.certification.openid.net/ and http://rp.certification.openid.net/

               We will decide on the Monday call whether we're ready to lock down
                              The normal time conflicts with the IETF technical plenary

Next Call
               We decided to reschedule the Monday call to the same time as the regular Thursday call
                              7am Pacific / 9am Central / 10am Eastern / 3pm CET
                              We will use the standard Monday bridge https://www3.gotomeeting.com/join/695548174
                              or +1 (646) 982-0002, access code 695-548-174
               Those of us at IETF should try to have the call together in someone's room at the Dallas Fairmont

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150319/76a448be/attachment-0001.html>


More information about the Openid-specs-ab mailing list