[Openid-specs-ab] Structure of the spec documents

Andreas Åkre Solberg andreas.solberg at uninett.no
Tue Aug 23 20:31:54 UTC 2011

Right now, I've found these specs:

* Framework
* Core
* Session Management
* UserInfo
* HTTP Redirect Binding

And I see that a 'Lite' spec is beeing added as well.

My impression is that each of these documents are well written, well structured and easy to read (in general). The collection of documents as a whole is more difficult to understand. My feeling is that there is a lot of redundance / repetition between the specs, and that the border lines between these are diffuse and hard to get. 

How does the 'Lite' relates to the others? Is it replacing one of them?

If the spec is being reorganized, is there an overview somewhere of the old documents, and the new documents, and which is replacing which?
Would it be a good idea with one stable web page that always refers to the last version of all of the current documents, so that external commenters (like me) are not led to the wrong documents?

I also think the current documents have an unclear interface towards OAuth. It seems that much of the Oauth spec is repeated, and it is not always clear what comes from OAuth and what is added (in example in REDIRECT-05 Section 3.1.1). I understand that copying Oauth might be useful to make the spec more readable, but if the OAuth spec is updated, there might be inconsistence that is difficult to deal with - like, which spec is authorative on the OAuth parameters?

In example REDIRECT-05 Section mention the Cache-Control header on the Access Token response without mentioning the Pragma header (which is required in OAuth Section 5.1.)

Kind regards,
Andreas Åkre Solberg

More information about the Openid-specs-ab mailing list