[OpenID-specs-EAP] No call today and IESG Token Binding review results

Wed May 16 20:00:05 UTC 2018

And here's the other PR: https://bitbucket.org/openid/
eap/pull-requests/5/adjust-the-metadata-to-indicate-supported/diff

I also committed some housekeeping type changes (like updating references
and the draft number) directly to the EAP repo.

On Fri, May 11, 2018 at 4:24 PM, Brian Campbell <bcampbell at pingidentity.com>
wrote:

> The easy one is done: https://bitbucket.org/openid/e
> ap/pull-requests/4/be-explicit-that-the-base64url-encoding-of/diff
>
> I'll try and do the other one next week.
>
> On Fri, May 11, 2018 at 2:57 PM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>
>> Make it so!
>> ------------------------------
>> *From:* Brian Campbell <bcampbell at pingidentity.com>
>> *Sent:* Friday, May 11, 2018 2:51:44 PM
>> *To:* Mike Jones
>> *Cc:* openid-specs-eap at lists.openid.net
>> *Subject:* Re: [OpenID-specs-EAP] No call today and IESG Token Binding
>> review results
>>
>> That is good news. Thanks for the update, Mike.
>>
>> There are two smallish changes to the Connect Token Binding draft that
>> I'd like to see before going to Implementer’s Draft:
>>
>> 1)  Be explicit that the "tbh" value doesn't include any trailing pad
>> characters '=' or any line breaks/whitespace. This is sort of assumed now
>> but isn't explicitly stated so there is some ambiguity. And different
>> interpretations could result in interop problems if the "tbh" check is done
>> as a string comparison.
>>
>> 2) As discussed on the April 18th call, adjust the metadata to advertise
>> supported confirmation method hash algorithms.  "tbh" will still be the
>> only one that's defined but allowing metadata to convey the alg(s) will
>> better position the spec with respect to algorithm agility in the future.
>>
>> I'll work up a pull request or two in the nearish future that capture
>> those changes.
>>
>>
>>
>>
>>
>> On Thu, May 10, 2018 at 9:05 AM, Mike Jones via Openid-specs-eap <
>> openid-specs-eap at lists.openid.net> wrote:
>>
>>> John and I don’t feel that there’s a need for the EAP call today.
>>>
>>>
>>>
>>> The good news is that the DISCUSSes on the IETF Token Binding specs that
>>> might have resulted in protocol changes were cleared.  Additional editorial
>>> changes will be made to clarify some points.  After that, they should be
>>> approved to go to the RFC Editor.
>>>
>>>
>>>
>>> Therefore, we should plan to at least get to an Implementer’s Draft of
>>> the Connect Token Binding draft shortly.
>>>
>>>
>>>
>>>                                                        -- Mike
>>>
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-eap mailing list
>>> Openid-specs-eap at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-eap
>>>
>>>
>>
>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>> privileged material for the sole use of the intended recipient(s). Any
>> review, use, distribution or disclosure by others is strictly prohibited.
>> If you have received this communication in error, please notify the sender
>> immediately by e-mail and delete the message and any file attachments from
>> your computer. Thank you.*
>>
>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20180516/f7abb5e8/attachment.html>