<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:tahoma, 'new york', times, serif;font-size:10pt;color:#000000;"><div>Spec call notes 05-Jul-12<br><br>Nat Sakimura<br>John Bradley<br>Justin Richer<br>Edmund Jay<br>George Fletcher<br><br><br><br>Agenda</div><div> - Editing</div> - Issues<br><div> - Interop<br><br><br></div><div>Editing</div><div> John is working on self-issued edits and hope to be done soon.</div><div> Nat has checked in session management specs and requests feedback. Planning for an ad-hoc meeting at CIS in Vail next week.</div><div> John has sent a comment to the list regarding sending an alias in the authorization request for working with Account Chooser.</div><div> The alias is a string that is opaque to the RP and is used as a hint to the IdP on who to authenticate. The resulting identity
may not </div><div> be the same as the hint and must not be binded to it either.</div><div><br></div><div><br></div><div>Issues</div><div> #614 : Discovery 3.2 Distinguishing between signature and integrity parameters for HMAC algorithms</div><div> This was decided at the last call to put on hold pending JOSE outcome.</div><div><br></div><div> #615 : nonce still in Basic</div><div> The nonce is informative so it may remain. Assigned to John</div><div><br></div><div> #616 : nonce should be required in implicit client profile</div><div> Nonce will be changed to required in implicit profile spec. Assigned to John.</div><div><br></div><div> #539 : Messages - add scope for offline access</div><div> George has updated
the issue with some text regarding processing rules for Authorization Servers for offline access.</div><div> He has decided to use a scope value for offline access so that generic OAuth Servers can use it for offline access also.</div><div> A refresh token should be returned from offline access request or new scope values to indicate which scopes were granted.</div><div> The proposal is not specific to any implementation so that Google/AOL/others can have their own offline access modes.</div><div> George has sent proposal to Breno and the list for feedback.</div><div><br></div><div><br></div><div>Interop</div><div> George is planning on participating in the Interop but is unsure of interoperability status</div><div> John obtained domain for Brian to use and will help setup the
domain.</div><div> Edmund's implementation still has some minor issues which will be solved soon.</div><div><br></div><div> May need different MTIs for public and private IdPs.</div><div> Justin prefers a MTI centered around Basic client profile .</div><div> MTI text should be in Messages and Standard.</div><div><br></div><div>JOSE</div><div> Mike is planning on releasing a new version today.</div><div><br></div><div>OAuth</div><div> New version will be out sometimes this week.</div><div><br></div><div>Webfinger</div><div> It looks like this will become a WG item. Need to look at how to profile Webfinger for use with OpenID Connect.</div><div><br></div><div><br></div><div> </div><div style="position:fixed"></div>
</div></body></html>