[Openid-specs-ab] Spec call notes 29-Jun-15

Edmund Jay ejay at mgi1.com
Tue Jun 30 06:54:39 UTC 2015


Spec call notes 29-Jun-15

Mike JonesJohn BradleyNat SakimuraEdmund Jay

Agenda 
    RP Certification    Logout specs    Sender Constrained JWT for OAuth 2.0 spec
    Government profile workgroup charter    Next Calls


RP Certification :    A preliminary version of the RP certifications tests and documentation is available at https://rp.certification.openid.net:8080/test_list    Everyone, please review the tests and documentation and if possible, start testing the tests.

Logout Specs :   Currently, there are three logout specs outstanding:        1) Logout using Iframe        2) Logout using image get        3) Backchannel logout 
  The following questions are posed to the workgroup:
  a) Do we want to keep both iframe and image get method or just use the iframe method?
  b) Which method is better and why prefer one method over the other?
  Backchannel logout is getting highest priority in NAPPS WG.  May decide to move it to Connect WG to keep all logout specs in one place.  New functionality in iOS and Android for app communication eliminates the need for token agent on those OSes.  Backchannel logout is needed for native apps when there is no front channel.       

   Sender Constrained JWT for OAuth 2.0 (draft-sakimura-oauth-rjwtprof):   Nat and Kepeng published new Sender Constrained JWT for OAuth 2.0 draft in Oauth WG. It can potentially  be incorporated into the Proof of Posession Sematics for JWTs. POPS describes Sender constraint and key  confirmation as threat mitigation methods for unauthorized token usage. Draft-sakimura-oauth-rjwtprof provides  a more detailed method of sender constraint in the JWT.


Government profile workgroup charter :
    There is discussion of proposing a charter for a government profile workgroup.    Various governments are starting to adopt OpenID Connect for government applications.    Need a workgroup to address uses cases for government.    The government profile of OpenID Connect will act as baseline for conformance to the various levels of assurances.

Next Calls :    There will be an OpenID Connect WG call this Thursday, July 2 at the European-Friendly time of 7am Pacific     

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150630/6be6f8bf/attachment.html>


More information about the Openid-specs-ab mailing list