[Openid-specs-ab] 24 hour notice for review of potential Implementer's Drafts

Mike Jones Michael.Jones at microsoft.com
Thu May 30 21:59:33 UTC 2013

Hi Leif,

I'm sorry that discussion on this dropped off before it reached any definitive conclusions.  I must admit, it slipped off my personal radar while trying to get the updated JOSE drafts and Connect drafts out in a timely manner.

I think we should proceed with the drafts as-is and not try to slip this in at the last minute, in part, because I think there are unanswered issues and questions about the proposal.  Some of those are:

  - I'm personally queasy with the proposal that we duplicate all the discovery information in a signed form.  That raises questions about who checks the consistency, what happens if they're inconsistent, etc.

  - An alternative would be to take an either/or approach, where either the discovery claims are in plaintext or they're in a singed JWT.  But that makes clients more complicated.

If there weren't those unanswered questions, I'd probably feel differently about adding it now.

The good news is that your proposal is additive, rather than a breaking change.  So if we decide in the next few months that we want to do it as you proposed, we can always add it before the specs go final.  So keep the discussion going...

Anyway, that's how I see it.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Leif Johansson
Sent: Thursday, May 30, 2013 12:10 PM
To: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] 24 hour notice for review of potential Implementer's Drafts

On 05/30/2013 05:48 PM, Mike Jones wrote:
Unless anyone expresses objections and clearly describes the specific changes they think are needed before we declare the start of the Implementer's Draft review, we will go with the current specs 24 hours from now.  The specs are at the locations below.  See the History entries for a summary of (the minor) changes that have been made.

*         http://openid.net/specs/openid-connect-basic-1_0-27.html

*         http://openid.net/specs/openid-connect-implicit-1_0-10.html

*         http://openid.net/specs/openid-connect-messages-1_0-19.html

*         http://openid.net/specs/openid-connect-standard-1_0-20.html

*         http://openid.net/specs/openid-connect-discovery-1_0-16.html

*         http://openid.net/specs/openid-connect-registration-1_0-18.html

*         http://openid.net/specs/openid-connect-session-1_0-14.html

                                                            -- Mike

I'm not seeing any discussion of the signed-discovery response idea that I floated
a couple of weeks ago. The idea seemed to have some support on the list but I
confess to being un-informed about the procedure for moving forward with that

        Cheers Leif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130530/4620b33e/attachment-0001.html>

More information about the Openid-specs-ab mailing list