...
*122 - implement and yank the SAML mentions
*123 - URI does mean URNs as well as URLs - can we consider this editorial to a first approximation, and then use the review period to reflect on the further consequences? George wants to ensure that URNs can be used for things like grant types
*124 - we discussed it -
There’s some sentiment to remove the list Roland doesn’t like, because the “true audience” for the spec doesn’t find it all that helpful.
...
We seem to have consensus on the newly proposed text with the list missing, but with the required behavior and the additional rationale emphasized.
Domenico’s new question about the recommendation to use OIDC in the case of the protection API: Does it make sense? Since client authentication only comes into play when first acquiring the tokens, it still applies; it still enables proving that the UMA-RS-as-OAuth-client is who it says it is (at the point of PAT issuance). It’s true that the ID token doesn’t get leveraged at the protection API, however.
No change.
MOTION: Thomas moves and Mike seconds: Publish Core rev 11f as amended with our instructions on issues 120 through 124 and RSR rev 04c as Core rev 11 and RSR rev 04 for a 45-day Kantara Public Review and contribute as IETF I-Ds. APPROVED by unanimous consent. YAY!
Attendees
As of 4 Dec 2014, quorum is 6 of 11. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike, Jin, Yuriy)
...