[Openid-specs-heart] Draft HEART Meeting Notes 2017-04-10
Sarah Squire
sarah at engageidentity.com
Mon Apr 10 21:01:07 UTC 2017
Eve:
The specs are always up to date here:
https://openid.bitbucket.io/HEART/
Danny:
Can someone explain dynamic registration?
Justin:
Dynamic registration allows clients to register themselves through an API.
As opposed to static registration in which a human enters metadata and
specifies security restrictions.
Luis:
Shouldn’t we require a client id for native apps?
Justin:
You’re right. It needs to be consistent. Everyone should have to register
dynamically whether or not they use PKCE or use the key pair. I’ll change
that to native applications SHOULD use PKCE rather than MUST which is was
previously.
Luis:
Can we say that applications that use PKCE MUST use the S256 challenge?
Justin:
Yes, that’s a good edit.
Luis:
In section 2.2 of OIDC, it says they can be signed or encrypted, but later
it says they must be signed.
Justin:
That’s a good point. I’ll remove that first section.
Luis:
When we say that UMA servers MAY also be OAuth servers, what do we mean?
Justin:
The intent is that any parts of UMA that inherit OAuth should be
HEART-compliant, but anything that is UMA’s special sauce is out of scope.
Eve:
Should we say that it’s possible for an OIDC compliant server to not be
OAuth compliant?
Luis:
So maybe we should say that UMA servers should implement relevant portions
of the OAuth profile?
Sarah:
Do we want to specify which portions are relevant just so that developers
who are checking off boxes know which boxes to check?
Luis:
How about all OAuth functionality used to implement the UMA protocol must
conform to the OAuth HEART profile?
Justin, Sarah, Eve, Danny:
Perfect!
Eve:
I think it’s worthwhile to look at the FAPI specs, because they’re very
similar to ours just to see if there’s anything we missed.
http://openid.net/wg/fapi/
Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170410/5a99a128/attachment.html>
More information about the Openid-specs-heart
mailing list