[OpenID-specs-EAP] No call today and IESG Token Binding review results
Brian Campbell
bcampbell at pingidentity.com
Fri May 11 18:51:44 UTC 2018
That is good news. Thanks for the update, Mike.
There are two smallish changes to the Connect Token Binding draft that I'd
like to see before going to Implementer’s Draft:
1) Be explicit that the "tbh" value doesn't include any trailing pad
characters '=' or any line breaks/whitespace. This is sort of assumed now
but isn't explicitly stated so there is some ambiguity. And different
interpretations could result in interop problems if the "tbh" check is done
as a string comparison.
2) As discussed on the April 18th call, adjust the metadata to advertise
supported confirmation method hash algorithms. "tbh" will still be the
only one that's defined but allowing metadata to convey the alg(s) will
better position the spec with respect to algorithm agility in the future.
I'll work up a pull request or two in the nearish future that capture those
changes.
On Thu, May 10, 2018 at 9:05 AM, Mike Jones via Openid-specs-eap <
openid-specs-eap at lists.openid.net> wrote:
> John and I don’t feel that there’s a need for the EAP call today.
>
>
>
> The good news is that the DISCUSSes on the IETF Token Binding specs that
> might have resulted in protocol changes were cleared. Additional editorial
> changes will be made to clarify some points. After that, they should be
> approved to go to the RFC Editor.
>
>
>
> Therefore, we should plan to at least get to an Implementer’s Draft of the
> Connect Token Binding draft shortly.
>
>
>
> -- Mike
>
>
>
> _______________________________________________
> Openid-specs-eap mailing list
> Openid-specs-eap at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-eap
>
>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20180511/a25e7a35/attachment.html>
More information about the Openid-specs-eap
mailing list