<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I propose to set aside the session management. We do not have to go final all at once. We need to prioritize. </div><div><br></div><div>See inline: </div><div><br>Oct 10, 2013 0:15、Mike Jones <<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:217128346;
mso-list-type:hybrid;
mso-list-template-ids:-1181722922 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">In order to help us finish OpenID Connect in a timely manner, I wanted to put together a list of the decisions I believe we still need to make for the final specifications. This list does not include issues in the issue tracker for which
we already have decisions in place.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/876/google-iss-value-missing-https" title="#876: Google "iss" value missing https://">#876: Google
"iss" value missing https://</a> - What do we say about the possibility of “iss” values without the leading <a href="https://?">https://?</a></span></p></div></div></blockquote><div><br></div>Keep it as is. <div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/863/stateless-registration-discovery-messages" title="#863: Stateless Registration Discovery/Messages">#863:
Stateless Registration Discovery/Messages</a> – How do we want stateless registration to occur? (This also affects the outcome of
<a href="https://bitbucket.org/openid/connect/issue/865/registration-needs-update-capability-too" title="#865: Registration needs update capability too">
#865: Registration needs update capability too</a>).</span></p></div></div></blockquote><div><br></div>New feature. Do it as an extent ion. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/864/native-client-code-leakage" title="#864: Native Client code leakage">#864: Native Client code
leakage</a> – What do we want to say about how to handle this issue with iOS and Android, and do we want to handle it now or in an extension spec? If in an extension spec, do we want to at least describe the issue to implementers and say to look for a future
specification about this?</span></p></div></div></blockquote><div><br></div>Do it in OAuth. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/875/registration-parameter-for-specifying-the" title="#875: Registration: Parameter for specifying the preferred JWS alg for JWT-based client auth?">#875:
Registration: Parameter for specifying the preferred JWS alg for JWT-based client auth?</a> – Do we want to add this?</span></p></div></div></blockquote><div><br></div><div><br></div><div>New feature. Do it as an extent ion. </div> <br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/879/messages-61-the-openid-foundation-may" title="#879: Messages 6.1 - The OpenID Foundation may consider hosting a site https://self-issued.me/">#879:
Messages 6.1 - The OpenID Foundation may consider hosting a site https://self-issued.me/</a> - What are we going to say about this in the final specifications?</span></p></div></div></blockquote><div><br></div>If we are to go as is, we should secure the domain. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/880/messages-62-the-openid-foundation-may" title="#880: Messages 6.2 - The OpenID Foundation may consider hosting the endpoint https://self-issued.me/registration/1.0/">#880:
Messages 6.2 - The OpenID Foundation may consider hosting the endpoint https://self-issued.me/registration/1.0/</a> – What are we going to say about this in the final specifications?</span></p></div></div></blockquote><div><br></div>Ditto. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/881/discovery-1-relationship-to-oauth-dynamic" title="#881: Discovery 1 - Relationship to OAuth Dynamic Registration">#881:
Discovery 1 - Relationship to OAuth Dynamic Registration</a> – What are we going to say about this in the final specifications?</span></p></div></div></blockquote><div><br></div><div>If we cannot finalize this today, I would go further to propose that we go final without it. </div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/883/order-of-the-description-about-iframe" title="#883: Order of the description about iframe">#883:
Order of the description about iframe</a> – How will we resolve this issue?</span></p></div></div></blockquote><div><br></div>Session management should go final separately. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/884/decide-whether-to-keep-basic-and-implicit" title="#884: Decide whether to keep Basic and Implicit in the final set of specifications">#884:
Decide whether to keep Basic and Implicit in the final set of specifications</a> – Will we keep the Basic Client and Implicit Client specifications?</span></p></div></div></blockquote><div><br></div>Depends on whether we can finalize the restructured version in a few days. </div><div><br></div><div>If not, need to keep them. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#333333"><a href="https://bitbucket.org/openid/connect/issue/885/decide-whether-session-management-is-ready" title="#885: Decide whether Session Management is ready to be a final specification">#885:
Decide whether Session Management is ready to be a final specification</a> – Will we recommend approval of Session Management as a final specification now?</span></p></div></div></blockquote><div><br></div>No. </div><div><br><blockquote type="cite"><div><div class="WordSection1"><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If at all possible, <b><span style="background:yellow;mso-highlight:yellow">please join tomorrow’s call in which we will discuss these decisions</span></b>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also, if I’ve missed any decisions we need to make, please reply-all adding them to our list.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Thanks all,<o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></div></blockquote></div></body></html>