[Openid-specs-ab] Spec Call Notes 2 July 2015

Pamela Dingle pdingle at pingidentity.com
Thu Jul 2 14:47:27 UTC 2015


Connect Spec Meeting

Attending:

   - Justin Richer
   - Mike Jones
   - Pamela Dingle
   - Nat Sakimura
   - Brian Campbell
   - John Bradley
   - Roland Hedberg
   - Nov Matake


OAuth dynamic registration spec is nearly done - in “Auth 48”.

*RP Conformance Tests*

- Roland has written the OP that will perform the RP conformance tests
https://rp.certification.openid.net:8080/test_list
- Descriptions have been written
- Hans has started already, Roland hopes to see Edmund start soon as well
Under discussion: how to make it easier for testing RPs to know which test
they have to run for a specific profile and what information to provide
- Want to make it easier for folks to evaluate the tests and know you have
the info that’s needed
- one thing would be to set up a web form where, if you choose a profile,
all the necessary tests would appear and you could manage your screen
dumps, logs etc and you can see that you’ve done all the tests
- One big difference between RP tests and OP tests is that the results will
be screen captures not logs.
- Roland has fixed the certificate

Nat is meeting with Edmund tomorrow and will speak to him about
re-prioritizing his time more towards the rp test side of the house

*Please read the RP test descriptions and provide feedback*

*Logout Specs*
- Mike got feedback from developers at MS
- outstanding questions for HTTP spec are: whether to invoke as image GET
or iFrame load, or to allow the choice
-- most of the protocols are now just using iframe load — can this protocol
be simplified by eliminating image GET?
  Justin -  hasn’t implemented yet but feels that the image get is a hack
  John - that possibly using iFrames is somehow less deterministic, i.e.
never-ending loops of nested iframe that never exit
one bad RP could mess up all the RPs
  Justin - that is us trying to police RPs which isn’t our job
  Mike says iframe tab can execute javascript, which would let you execute
client-side code to clean up
  - OTOH javascript is alsorequred to login, so maybe if they can’t login,
maybe it is ok if they can’t logout.

- NRI is using image get - because of common use of feature phones is a
barrier to using iFrame only protocol, question is whether those phones can
execute iFrame or not?  Nat will check out the situation and get back to
the group.

ACTION DOES ANYONE OBJECT TO REMOVING IMAGE GET LANGUAGE FROM THE SPECS?
Comment in email in the next few days.  If not, Mike will start the task of
simplification.

One of the things idenified as part of NAPPS was a way to signal to a
downstream provider that something has happened (theft, termination) so
please clean things up
Talking to Google about backchannel login
Mike -   even though NAPPS will use the logout spec, the spec should still
be part of the Connect group
John - confirmed that the plan is to keep everything in connect

Nat asked John about status of the PKCE draft, there is an IETF submission
deadline on Monday, so John is working to meet that government

New government working group will do profiles of specs
question was, why not roll that into Connect,  but John noted that it’s an
IPR thing, the IPR burden for profiling  is less, hopefully
if they can come up with a strong enough quickly enough, HEART can use it.
Ideas for Names:
“Government Assurance Profile (GAP) WG”


-- 

  [image: Ping Identity logo] <https://www.pingidentity.com/>
Pam Dingle
Principal Technical Architect
  @ pdingle at pingidentity.com  [image: phone] +1 303.999.5890  Connect with
us…  [image: twitter logo] <https://twitter.com/pingidentity> [image:
youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image:
LinkedIn logo] <https://www.linkedin.com/company/21870> [image: Facebook
logo] <https://www.facebook.com/pingidentitypage> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo]
<http://www.slideshare.net/PingIdentity> [image: flipboard logo]
<http://flip.it/vjBF7> [image: rss feed icon]
<https://www.pingidentity.com/blogs/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150702/637557f8/attachment.html>


More information about the Openid-specs-ab mailing list