[OpenID-specs-EAP] No call today and IESG Token Binding review results

[Mike Jones]

Make it so!
________________________________
From: Brian Campbell <bcampbell at pingidentity.com>
Sent: Friday, May 11, 2018 2:51:44 PM
To: Mike Jones
Cc: openid-specs-eap at lists.openid.net
Subject: Re: [OpenID-specs-EAP] No call today and IESG Token Binding review results

That is good news. Thanks for the update, Mike.

There are two smallish changes to the Connect Token Binding draft that I'd like to see before going to Implementer’s Draft:

1)  Be explicit that the "tbh" value doesn't include any trailing pad characters '=' or any line breaks/whitespace. This is sort of assumed now but isn't explicitly stated so there is some ambiguity. And different interpretations could result in interop problems if the "tbh" check is done as a string comparison.

2) As discussed on the April 18th call, adjust the metadata to advertise supported confirmation method hash algorithms.  "tbh" will still be the only one that's defined but allowing metadata to convey the alg(s) will better position the spec with respect to algorithm agility in the future.

I'll work up a pull request or two in the nearish future that capture those changes.





On Thu, May 10, 2018 at 9:05 AM, Mike Jones via Openid-specs-eap <openid-specs-eap at lists.openid.net<mailto:openid-specs-eap at lists.openid.net>> wrote:
John and I don’t feel that there’s a need for the EAP call today.

The good news is that the DISCUSSes on the IETF Token Binding specs that might have resulted in protocol changes were cleared.  Additional editorial changes will be made to clarify some points.  After that, they should be approved to go to the RFC Editor.

Therefore, we should plan to at least get to an Implementer’s Draft of the Connect Token Binding draft shortly.

                                                       -- Mike


_______________________________________________
Openid-specs-eap mailing list
Openid-specs-eap at lists.openid.net<mailto:Openid-specs-eap at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-eap



CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20180511/a5b702b0/attachment.html>