[Openid-specs-ab] Spec call notes 5-Nov-12
Richer, Justin P.
jricher at mitre.org
Tue Nov 6 13:30:29 UTC 2012
#667 Registration - Restructuring
We agreed to restructure - assigned to Nat
#672 Registration 2.1: Rename token_endpoint_auth_type to token_endpoint_auth_method
We won't make a change because there isn't a compelling reason for a breaking change at this point
#673 Registration 2.1: Rename require_signed_request_object to request_object_alg
We will send a note to the WG asking if people would object to changing the name to require_signed_request_object_alg
#674 Registration 2.1: Typo in require_auth_time
The "(default max authentication age)" text is a cut-and-paste error
I would hold off on all of these issues due to the new OAuth2 registration draft, which supersedes (by design) the core functionality of the OIDC registration draft. This will change the structure and content of the OIDC registration draft significantly. Ideally, in my mind at least, the OIDC draft should be an extension/profile/whatever of the OAuth2 registration draft, and I've tried to structure the OAuth2 one such that the OIDC one can easily do just that by extending the data structure in section 3, Client Metadata. If you want, assign the above issues all to me so that I can make sure they get incorporated into the right document.
Both John and Mike have volunteered to be co-authors on the OAuth2 document, so we can have a pretty strong assurance of compatibility. However, I do anticipate a handful of breaking changes, generally in the form of changed parameter names and values (I anticipate the overall structure remaining the same). I'm of the mindset that if we're going to be changing one, we should change and clean up the rest at the same time. I'll be keeping the latest rendition of the OAuth2 draft in GitHub:
So the best way for *anyone* to get changes incorporated is to file a pull request there.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab