[Openid-specs-ab] Remaining Issues

hideki nara hdknr at ic-tact.co.jp
Tue Oct 12 17:48:35 UTC 2010


Thank you for your recap, Nat.

1. For JSS

I like "json-simple-sign-1_0a.html" more.

2. _uri or _url ?

_uri is fine.

2. Assertion returned by RFR( 2-leg , in Section 8.2 of AB )

I'm not quite sure what we can convey in claims and what we should not
do for authN.
If we support 2-leg,  the Request File seems to be re-structured to hold claims.
Clam format can be the one in Kantara( http://bit.ly/claims_2_0) .
But we can think of Requet File JSON as a claim too.
This may be the other matter of favor.

Although we don't define assertion for RFR,  CX will be use this
anyway if we need policy based contracts.
But we should prepare the meaning of identity used for policy based
contracts anyway.

---
hideki



2010/10/12 Nat Sakimura <sakimura at gmail.com>:
> So far, the feedbacks that I got are:
>
> For the main spec:
>
> * Make 8.3 and 8.4 optional so that there could be two leg style request
>  -> I am not sure if this should be in AB as there is no "artifact"
> involved then.
>     Perhaps it is better to save it for Connect or CX?
>
> * _url and _uri are mixed. Understand that the authors made careful
>  selection of the terms, but it may be too much. Better standardize on _uri
>  -> OK to standardize on _uri ?
>
> For the signature spec (JSS):
>
> * Try to Unify with JWT for the Web Token serialization and signature:
> -> As I understand, the main deltas are:
>   * Whether to use short names as in JWT or long name as in Facebook.
>   * Whether to have sig_params so that it can support multiple
> signers and keys.
>   * Whether to have "payload" or just inserting signature parameters
> to the original JSON Object.
>
> For JSON serialization of JSS:
>
> * Whether to use "dictionary" as in the current proposal or "array"
> which simplifies bunch of things.
>
> For JWT serialization:
>
> * Whether to allow multiple signatures by sig1.sig2.sig3. ... . payload style.
>
> Please indicate your preferences.
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


More information about the Openid-specs-ab mailing list