- #290 (Generality of RReg spec?) and #296 (Out-of-the-box profiling for tight AS-RS coupling): This is a biggie. Current proposal (for which I hope to have some more details soon) is to consider a different way of modularizing the specs. A group consisting of me, Mark L, Maciej, Andi, and Cigdem talked about this further in London on Monday and there was a pretty strongly favorable impression.
- #294 (Consider a proof-of-possession option for the RPT): This topic is broader by now, including token binding etc., and we suspect this all might "just work". This just needs to be analyzed a bit. Prabath, you were going to take a look -- can you, please, and write up?
- #295 (When a requesting party needs to withdraw their access): This touches on downscoping and token revocation, and thus could use some analysis. Justin, this could use your eyeballs in particular, but it's really for everyone.
- #298 (Reconsider whether ticket should be on all redirect-back AS responses): Justin and Cigdem have been commenting on this one and seem to have consensus so far that we're okay, but it could use more eyeballs. But another related issue has come up about the appropriateness of not_authorized as an error that we could consider.
For anyone interested, I'd like to propose an ad hoc meeting next Tue, Apr 11 at 9am PT to discuss these issues (and any others people report), in addition to our regular Thu, Apr 13 call.
I'll make the changes to the calendar right now.
Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl