[Openid-specs-ab] Updated Connect Specs

Mike Jones Michael.Jones at microsoft.com
Thu Jun 30 15:33:53 UTC 2011

George, we can discuss your questions on today's working group call.  (Until we declare the specs "developer complete" we've added an additional regular Thursday call in addition to the regular Monday call to keep promptly closing issues.)  The call is at 6pm Eastern if you want to join.

                                                            -- Mike

From: George Fletcher [mailto:gffletch at aol.com]
Sent: Thursday, June 30, 2011 6:08 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; Eric Sachs; Chris Messina; Andrew Nash; Allen Tom; Larry Drebes; Don Thibeau
Subject: Re: [Openid-specs-ab] Updated Connect Specs

Thanks for the updates Mike!

A few comments on the new userinfo specification...

Section 2.1
* The access_token is a required parameter. Is there any reason the access token could not be specified via the HTTP Authorization header?

* Are both GET/POST HTTP methods allowed?

* The spec says that if the schema is "openid" then the endpoint SHOULD return a JSON object that si a subset of the following claims. Given that if no schema parameter is passed, or a value other than "openid" is passed, the response object is undefined (from this specs perspective), wouldn't it make more sense to turn the SHOULD into a MUST?  Right now, from my reading of the spec, I can have a compliant userinfo endpoint that returns the data in a PoCo format even if a schema of "openid" is specified.


On 6/30/11 5:42 AM, Mike Jones wrote:
(adding Allen, Kick, Chris, and Larry, to inform them of this progress towards the Connect launch)

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Thursday, June 30, 2011 2:32 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: Eric Sachs; Andrew Nash; Don Thibeau
Subject: [Openid-specs-ab] Updated Connect Specs

Edmund and I have released updated and restructured Connect specs to openid.net.  The released specs are:

OpenID Connect Core:  http://openid.net/specs/openid-connect-core-1_0.html
OpenID Connect Framework: http://openid.net/specs/openid-connect-framework-1_0.html
OpenID Connect Session Management:  http://openid.net/specs/openid-connect-session-1_0.html
OpenID Connect HTTP Redirect Binding:  http://openid.net/specs/openid-connect-http-redirect-1_0.html
OpenID Connect UserInfo Endpoint:  http://openid.net/specs/openid-connect-userinfo-1_0.html

All are in SubVersion at http://svn.openid.net/repos/specifications/connect/1.0/.

The UserInfo spec now uses names in the style of the Facebook Graph API.  Edmund, I did a consistency pass over all the specs, primarily to update the examples to the new UserInfo schema.  I also ran spelling and grammar checking and corrected issues found.

I'd encourage everyone to read these in detail.  Once we have the updated Discovery and Client Registration specs, these should be ready to turn over to early developers!

                                                            -- Mike


Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>



Chief Architect                   AIM:  gffletch

Identity Services Engineering     Work: george.fletcher at teamaol.com<mailto:george.fletcher at teamaol.com>

AOL Inc.                          Home: gffletch at aol.com<mailto:gffletch at aol.com>

Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com

Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110630/920442bb/attachment-0001.html>

More information about the Openid-specs-ab mailing list