<div dir="ltr"><div>Not sure it's the same thing as was brought up by Vittorio but in February I posed the idea of a TTL(expiry date) for JWK/S in JOSE. Google/Bing/etc "TTL for JWK" and you'll find the thread, if you like.<br>
<br></div>It didn't get much traction, however, and the group convinced me to just go with the HTTP constructs for the current needs. And that's what's in Connect now.<br></div><div class="gmail_extra"><br><br>
<div class="gmail_quote">On Mon, Jul 15, 2013 at 6:43 PM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>==================================</div><div>OpenID AB/Connect WG Meeting Note</div><div>==================================</div><div>Date: 2013-07-15</div><div>Time: 16:00 - 17:40PDT</div><div><br></div>
<div>Attendee: John B, Edmund, Nat, Mike (16:36-)</div><div><br></div><div>Feature Requests</div><div>=================</div><div>1) Javascript client check id immediate without page change</div><div> - CORS or postMessage to server frame</div>
<div> - Google way: <a href="https://code.google.com/p/oauth2-postmessage-profile/" target="_blank">https://code.google.com/p/oauth2-postmessage-profile/</a></div><div> - register javascript origine or redirect_uri</div>
<div> - see: <a href="http://www.riskcompletefailure.com/2013/03/postmessage-oauth-20.html" target="_blank">http://www.riskcompletefailure.com/2013/03/postmessage-oauth-20.html</a></div>
<div> => Mike will talk to Vittorio</div><div><br></div><div>2) JWKS not having expiry date</div><div> - Brought up by Vittorio</div><div> - for http, can use http dates</div><div> - for others there may not any way</div>
<div><br></div><div>3) iOS Native Public Client indeterministic</div><div> - send one time client secret in the auth request</div><div> - send the secret with code</div><div> => OAuth profile perhaps</div><div><br></div>
<div>4) Unregistered/stateless client</div><div> - Dynamic stateless client registration that encodes client secret in the client_id</div><div> - OR use similar thing as in self-issued</div><div> => File tasks. Good practice guide on stateless regsitration. </div>
<div> => John</div><div><br></div><div>Voting</div><div>========</div><div>- Announcement draft to be reviewed next Monday</div><div>- Double check the OpenID Porcess to do it right</div><div> - <a href="http://openid.net/wordpress-content/uploads/2010/01/OpenID_Process_Document_December_2009_Final_Approved.pdf" target="_blank">http://openid.net/wordpress-content/uploads/2010/01/OpenID_Process_Document_December_2009_Final_Approved.pdf</a></div>
<div><br></div><div>Berlin IETF Meeting</div><div>================</div><div>- John will make eventbright</div><div>- Agenda for JOSE and OAuth</div><div>- JOSE Tue Afternoon - 2 hours</div><div> - Probably concentrate on issues resolutions</div>
<div> - issue resolution proposal to get to WGLC</div><div>- OAuth</div><div> - Should deal with Dynamic Regsitration and Assertion Draft</div><span class="HOEnZb"><font color="#888888"><div><br></div><div><br></div>
<div><br></div>-- <br>Nat Sakimura (=nat)<div>
Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div>