<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Spec call notes 2-Jul-12<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda:<o:p></o:p></p>
<p class="MsoNormal"> Editing<o:p></o:p></p>
<p class="MsoNormal"> Open Issues<o:p></o:p></p>
<p class="MsoNormal"> WebFinger and acct: scheme<o:p></o:p></p>
<p class="MsoNormal"> OC4 Interop<o:p></o:p></p>
<p class="MsoNormal"> JOSE<o:p></o:p></p>
<p class="MsoNormal"> OAuth<o:p></o:p></p>
<p class="MsoNormal"> Next Call<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Editing:<o:p></o:p></p>
<p class="MsoNormal"> John continues to work on the self-issued text - issue #566<o:p></o:p></p>
<p class="MsoNormal"> We really want to test this in the OC4 interop<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Open Issues:<o:p></o:p></p>
<p class="MsoNormal"> #606 Messages - 2.1.1. ID Token - acr missing the type<o:p></o:p></p>
<p class="MsoNormal"> In SAML, you request a set and get back a singleton. We will do the same.<o:p></o:p></p>
<p class="MsoNormal"> #607 Messages - Decoded ID Token example needed<o:p></o:p></p>
<p class="MsoNormal"> These examples are in Implicit and Basic. They should also be added to Messages.<o:p></o:p></p>
<p class="MsoNormal"> #608 Messages - Request ID Token and Response ID Token<o:p></o:p></p>
<p class="MsoNormal"> We will move the ID Token definition to earlier in the spec<o:p></o:p></p>
<p class="MsoNormal"> Hopefully this might make the section hierarchy less deep as well<o:p></o:p></p>
<p class="MsoNormal"> We also discussed Blaine's request to authenticate a user with a specific identifier<o:p></o:p></p>
<p class="MsoNormal"> This would likely be the identifier that discovery was done on<o:p></o:p></p>
<p class="MsoNormal"> We're not currently passing this to the IdP<o:p></o:p></p>
<p class="MsoNormal"> This is a different issue than #608. We need a new bug and a proposal - Nat will do<o:p></o:p></p>
<p class="MsoNormal"> One idea was to add a "value": qualifier to the e-mail request, but this isn't an actual semantic match<o:p></o:p></p>
<p class="MsoNormal"> Nat will check that the "value": language is general-purpose<o:p></o:p></p>
<p class="MsoNormal"> #609 Messages - 2.1.1. Add explanation that ID Token may include other claims<o:p></o:p></p>
<p class="MsoNormal"> Nat will look at this as he moves the ID Token definition for #608<o:p></o:p></p>
<p class="MsoNormal"> #610 Messages - 2.1.2 Authorization Request - id_token error condition needed<o:p></o:p></p>
<p class="MsoNormal"> Nat will try to come up with a more concrete proposal<o:p></o:p></p>
<p class="MsoNormal"> #611 Incompatible values for auth_time in id_token claims of request object<o:p></o:p></p>
<p class="MsoNormal"> John will fix this to make the claim required<o:p></o:p></p>
<p class="MsoNormal"> #612 Messages - 4.1 request_object_algs_supported inconsistent with require_signed_request_object<o:p></o:p></p>
<p class="MsoNormal"> Messages 4.1 request_object_algs_supported change HS256 to RS256<o:p></o:p></p>
<p class="MsoNormal"> #613 Registration - 2.1 clarification needed for optional parameters during client_update operation<o:p></o:p></p>
<p class="MsoNormal"> We decided the operation should be atomic, with no carry-over from previous values<o:p></o:p></p>
<p class="MsoNormal"> #614 Discovery - 3.2 Distinguishing between signature and integrity parameters for HMAC algorithms<o:p></o:p></p>
<p class="MsoNormal"> For Registration, this is unambiguous, with all these parameters:<o:p></o:p></p>
<p class="MsoNormal"> id_token_signed_response_alg<o:p></o:p></p>
<p class="MsoNormal"> id_token_encrypted_response_alg<o:p></o:p></p>
<p class="MsoNormal"> id_token_encrypted_response_enc<o:p></o:p></p>
<p class="MsoNormal"> id_token_encrypted_response_int<o:p></o:p></p>
<p class="MsoNormal"> userinfo_signed_response_alg<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encrypted_response_alg<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encrypted_response_enc<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encrypted_response_int<o:p></o:p></p>
<p class="MsoNormal"> In Discovery, this is ambiguous, with only these parameters:<o:p></o:p></p>
<p class="MsoNormal"> id_token_algs_supported<o:p></o:p></p>
<p class="MsoNormal"> userinfo_algs_supported<o:p></o:p></p>
<p class="MsoNormal"> We will watch decisions in JOSE and then consider whether to make changes<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">WebFinger and acct: scheme:<o:p></o:p></p>
<p class="MsoNormal"> Peter St. Andre submitted a standalone acct: draft<o:p></o:p></p>
<p class="MsoNormal"> It looks like it may become a WG document<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OC4 Interop:<o:p></o:p></p>
<p class="MsoNormal"> Testing is under way. Additional participants are expected.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JOSE:<o:p></o:p></p>
<p class="MsoNormal"> Mike is about to published updated JOSE specs<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OAuth:<o:p></o:p></p>
<p class="MsoNormal"> John's additional security considerations text is being discussed and nearly done<o:p></o:p></p>
<p class="MsoNormal"> Eran has resigned as editor for the Core spec and wants his name off of it<o:p></o:p></p>
<p class="MsoNormal"> Dick Hardt agreed to be editor to finish the job<o:p></o:p></p>
<p class="MsoNormal"> A new OAuth Assertions draft with non-trivial changes was published today<o:p></o:p></p>
<p class="MsoNormal"> People are encouraged to review the changes<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Call:<o:p></o:p></p>
<p class="MsoNormal"> We will have the call on July 5th at 7am Pacific<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>