[Openid-specs-ab] Spec Call Notes 13-Feb-20

Mike Jones Michael.Jones at microsoft.com
Thu Feb 13 16:11:38 UTC 2020


Spec Call Notes 13-Feb-20

Mike Jones
Brian Campbell
Bjorn Hjelm
George Fletcher
John Bradley

OAuth Specs in Flight
              MTLS and Resource Indicators are in Auth48
              JWT BCP is in Auth48
              JAR needs changes to partially unbreak it - allowing client_id as a request parameter
              RAR and PAR are just starting
              Security BCP and Browser-Based Apps are in flight
              PoP specs need defined directions

Certification and Logout
              OP and RP logout certification are in pilot mode
              We want people testing before we take the Logout specs to Final status

Mobile
              Bjorn is working to establish a relationship between 3GPP and OIDF
              He talked about a mission-critical access profile for first responders
              He will discuss this during today's EC call

Open Issues
              https://bitbucket.org/openid/connect/issues?status=new&status=open
              #1149 Front-channel logout that doesn't rely on cookies
                           This proposes a completely different front-channel logout mechanism
              #1152 value and values processing and certification
                           Closed: Certification doesn't require support for the "claims" request parameter
              #1153 redirect_uri definition contradiction in docs
                           Closed: Joseph's description of the intent of the spec is accurate
              #1146 certification: is returning an empty address object permitted
                           Asked: Joseph, is the new certification code handling this condition?  If so, we can close this issue.
              #1148 certification and kid
                           Duplicate of #1127
              #1147 certification: RFC6749 MUST for error_description
                           Closed: Tracked by ticket in certification suite
              #1137 Is content-type application/x-www-form-urlencoded required when calling user info endpoint with empty body
                           Joseph, is this now handled in the certification suite?  If so, we can close this issue.
              #1109 Use empty object instead of null in the claim request
                           This would be a breaking change to a final specification - therefore no change will be made
              #1135 Assurance: Timestamp resolution in examples
                           This issue belongs to the eKYC-IdA working group now

Next Call
              The next working group call is scheduled for Monday, February 17 at 3pm Pacific Time
              This is Presidents Day in the US.  Will people plan to attend the call?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200213/34b49513/attachment.html>


More information about the Openid-specs-ab mailing list