[Openid-specs-ab] Spec Call Notes 24-Oct-19

Mike Jones Michael.Jones at microsoft.com
Thu Oct 24 15:51:22 UTC 2019


Spec Call Notes 24-Oct-19

Mike Jones
Marcos Sanz
Roland Hedberg
George Fletcher
Bjorn Hjelm
Rich Levinson

Federation
              Please review https://openid.net/specs/openid-connect-federation-1_0.html this week
              We agreed to start an Implementer's Draft review in a week
              Marcos has been reviewing and is finding only nits
                           He will send them to the list
              We discussed the relationship between this draft and the FastFed work

OpenID Connect for Identity Proofing
              We're still in the 45-day review period
              https://openid.net/2019/09/19/public-review-period-for-openid-connect-for-identity-assurance-specification-started/
              Torsten released a new revision adding a Japanese verification method
              Voting will open on Monday

SURFnet OpenID Connect Proxy Certification Issues
              This is being discussed at https://github.com/openid-certification/oidctest/issues/184
                           Requesting ID Token with max_age=10000 seconds restriction expects same authentication
              We didn't have enough of the right people on the call today to discuss it there

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1117 Core 5.6.2 - not clear behavior for distributed claims source if not all claims present
                           Mike to comment
              #1118 All claims should be in a scope
                           Mike commented in the issue that this is unnecessary
                           Others on the call agreed
              #1119 place_of_birth -> birthplace
                           This seems like a reasonable change
              #1120 Missing claims due to backend error
                           Mike believes that this is already covered by the spec cited in the issue and that you shouldn't return an error
                           Of course, if it's truly a server error, you can always return the 500 Internal Server Error HTTP error code
              #1121 Client Authentication error
                           We agreed that implementations have latitude to return different errors, per Joseph's comment on the issue

Next Call
              The next call is Monday, October 28 at 4pm Pacific Time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191024/c194dd12/attachment.html>


More information about the Openid-specs-ab mailing list