<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Spec call notes 27-Jul-15<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Edmund Jay<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda<o:p></o:p></p>
<p class="MsoNormal"> Logout and Session Management spec changes<o:p></o:p></p>
<p class="MsoNormal"> Errata and Issues<o:p></o:p></p>
<p class="MsoNormal"> Bitbucket<o:p></o:p></p>
<p class="MsoNormal"> JWK Thumbprint Spec<o:p></o:p></p>
<p class="MsoNormal"> Workshop before IIW<o:p></o:p></p>
<p class="MsoNormal"> Workshop after IETF 94 Yokohama<o:p></o:p></p>
<p class="MsoNormal"> Certification<o:p></o:p></p>
<p class="MsoNormal"> Next Calls<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Logout and Session Management spec changes<o:p></o:p></p>
<p class="MsoNormal"> Mike simplified the logout spec to use only iframes<o:p></o:p></p>
<p class="MsoNormal"> Mike plans to push it out to openid.net/specs<o:p></o:p></p>
<p class="MsoNormal"> Mike fixed a bug in the JavaScript syntax in Session Management<o:p></o:p></p>
<p class="MsoNormal"> He will also push it out to openid.net/specs<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Errata and Issues<o:p></o:p></p>
<p class="MsoNormal"> #922 - Back channel logout<o:p></o:p></p>
<p class="MsoNormal"> John will look at some IETF specs that Kathleen Moriarty pointed him to that may be relevant<o:p></o:p></p>
<p class="MsoNormal"> #966 - Error code claims_not_supported should have been defined Core<o:p></o:p></p>
<p class="MsoNormal"> Not doing so was a cut-and-paste error made during editing<o:p></o:p></p>
<p class="MsoNormal"> We will say that it SHOULD be returned if not supported<o:p></o:p></p>
<p class="MsoNormal"> #968 - Inconsistent treatment of id_token_hint<o:p></o:p></p>
<p class="MsoNormal"> These are not actually inconsistent - one's id_token_hint and the other's requesting a "sub" claim value<o:p></o:p></p>
<p class="MsoNormal"> Mike added a comment to the bug stating this<o:p></o:p></p>
<p class="MsoNormal"> #969 - Need clarity on session state variable<o:p></o:p></p>
<p class="MsoNormal"> Not pertinent to errata<o:p></o:p></p>
<p class="MsoNormal"> Assigned to John to look at providing clarifying remarks<o:p></o:p></p>
<p class="MsoNormal"> #970 - Core - 2 - ID Token acr claim incorrectly specifies the level 0 of assurance<o:p></o:p></p>
<p class="MsoNormal"> Mike - this is historical usage from OpenID 2.0 PAPE<o:p></o:p></p>
<p class="MsoNormal"> Nat - PAPE referenced SP 800-63 - not ISO 29115<o:p></o:p></p>
<p class="MsoNormal"> Mike - The direct conflict comes from this sentence "Authentication using a long-lived browser cookie, for instance, is one example where the use of "level 0" is appropriate."<o:p></o:p></p>
<p class="MsoNormal"> John - For historic reasons, 0 is used to indicate that there is no confidence that the same person is actually there<o:p></o:p></p>
<p class="MsoNormal"> John will take a stab at new working, saying what "0" meant historically<o:p></o:p></p>
<p class="MsoNormal"> #971 - Registration - 2. userinfo_encrypted_response_enc default value<o:p></o:p></p>
<p class="MsoNormal"> This identifies a fix for a cut-and-paste error<o:p></o:p></p>
<p class="MsoNormal"> Mike will look for other instances of this error while editing<o:p></o:p></p>
<p class="MsoNormal"> #972 - Nonce requirement in hybrid auth request<o:p></o:p></p>
<p class="MsoNormal"> code+token response type doesn't actually require use of a nonce since no ID Token is returned on the front channel<o:p></o:p></p>
<p class="MsoNormal"> John - But the nonce doesn't hurt. We should leave this as-is.<o:p></o:p></p>
<p class="MsoNormal"> Mike - Changing it at this point would cause an interop issue.<o:p></o:p></p>
<p class="MsoNormal"> John will close this one as won't fix<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Mike will add references to the actual registries during the errata process<o:p></o:p></p>
<p class="MsoNormal"> People should add any other errata issues to the tracker at<o:p></o:p></p>
<p class="MsoNormal"> https://bitbucket.org/openid/connect/issues?status=new&status=open<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bitbucket<o:p></o:p></p>
<p class="MsoNormal"> Bitbucket is doing reasonable redirects from the now deprecated project domain names<o:p></o:p></p>
<p class="MsoNormal"> hg.openid.net/connect/issues is redirecting to bitbucket.org/openid/connect/issues<o:p></o:p></p>
<p class="MsoNormal"> So there's no problem that we have to solve at present<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Workshop before IIW<o:p></o:p></p>
<p class="MsoNormal"> Symantec has agreed to host this on Monday, October 26th<o:p></o:p></p>
<p class="MsoNormal"> For Connect, we should focus on RP certification<o:p></o:p></p>
<p class="MsoNormal"> We should set up a registration page for this and start promotion<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Workshop after IETF 94 Yokohama<o:p></o:p></p>
<p class="MsoNormal"> Nat has asked the secretariat of OIDF Japan about this<o:p></o:p></p>
<p class="MsoNormal"> We should get logistics and registration information quickly<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Certification<o:p></o:p></p>
<p class="MsoNormal"> Edmund sent a bunch of RP testing issues in e-mail to Roland<o:p></o:p></p>
<p class="MsoNormal"> Nat thinks Edmund should file these in the issue tracker<o:p></o:p></p>
<p class="MsoNormal"> Then others on Roland's team will have visibility into them as well<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWK Thumbprint Spec<o:p></o:p></p>
<p class="MsoNormal"> This is now at the RFC Editor<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next Calls<o:p></o:p></p>
<p class="MsoNormal"> One in a week on Monday the 3rd at 4pm Pacific time<o:p></o:p></p>
<p class="MsoNormal"> One on Thursday August 6th at the European-Friendly time of 7am Pacific this week<o:p></o:p></p>
</div>
</body>
</html>