<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Spec call notes 26-Apr-12<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal">Pamela Dingle<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda:<o:p></o:p></p>
<p class="MsoNormal"> Tracked Issues<o:p></o:p></p>
<p class="MsoNormal"> Agenda for Yahoo! meeting on the 30th<o:p></o:p></p>
<p class="MsoNormal"> Logistics for Yahoo! meeting<o:p></o:p></p>
<p class="MsoNormal"> Interop<o:p></o:p></p>
<p class="MsoNormal"> Underlying Standards<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tracked Issues:<o:p></o:p></p>
<p class="MsoNormal"> No new issues <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda for Yahoo! meeting on the 30th:<o:p></o:p></p>
<p class="MsoNormal"> Introductions including project descriptions (if able to say)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> For issues, first go through Torsten's issues (567-571), since they're big-picture<o:p></o:p></p>
<p class="MsoNormal"> Do an overview first, then go one-by-one<o:p></o:p></p>
<p class="MsoNormal"> Other big picture issues:<o:p></o:p></p>
<p class="MsoNormal"> #566 Messages, Standard - Define self issued OP mechanism<o:p></o:p></p>
<p class="MsoNormal"> #281 Obtaining claims without requiring additional round trips<o:p></o:p></p>
<p class="MsoNormal"> #561 Messages - new response_type = id_token userinfo<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> About session management: Say being developed at present - expect spec in a few weeks<o:p></o:p></p>
<p class="MsoNormal"> Scope discussions to closing current issues - move future ideas to IIW<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Other important issues:<o:p></o:p></p>
<p class="MsoNormal"> #577 Messages 2.1.2.1.1.1 - Behavior when required claims unavailable underspecified<o:p></o:p></p>
<p class="MsoNormal"> #564: Messages 2.4.2 it is not clear to developers what the verified claim relates to<o:p></o:p></p>
<p class="MsoNormal"> #539 Messages - 0. Add scope for offline access<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> If we have time:<o:p></o:p></p>
<p class="MsoNormal"> #363 Registration 2.2 - Why must client_secret change with each response?<o:p></o:p></p>
<p class="MsoNormal"> #360 Registration 2.1 - What is application_type (native, web) used for?<o:p></o:p></p>
<p class="MsoNormal"> #47 General - Dependency to unfinished specs<o:p></o:p></p>
<p class="MsoNormal"> Talk about interop testing<o:p></o:p></p>
<p class="MsoNormal"> Plan for sessions at IIW<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Logistics for Yahoo! meeting:<o:p></o:p></p>
<p class="MsoNormal"> John tried to contact hosts about logistics, no response so far<o:p></o:p></p>
<p class="MsoNormal"> It would be good to get phone numbers for the organizers, just in case...<o:p></o:p></p>
<p class="MsoNormal"> We have 25 people registered + someone we don't know who registered for 10 spots<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Interop:<o:p></o:p></p>
<p class="MsoNormal"> Mike will ask Roland about new tests<o:p></o:p></p>
<p class="MsoNormal"> Edmund's support for issuers with paths should be up tomorrow<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Underlying Standards<o:p></o:p></p>
<p class="MsoNormal"> Mike updated the WG on the OAuth and JOSE spec work in progress<o:p></o:p></p>
<p class="MsoNormal"> Edmund asked about how the size is determined for JWE encrypted content<o:p></o:p></p>
<p class="MsoNormal"> Edmund asked about whether the GCM integrity value can go in the fourth JWE field<o:p></o:p></p>
<p class="MsoNormal"> Edmund pointed out that the client secrets are typically not 128 or 256 bits long,<o:p></o:p></p>
<p class="MsoNormal"> so a transform such as a hash is needed to use them as an encryption key<o:p></o:p></p>
</div>
</body>
</html>