[Openid-specs-ab] Connect Standard annotated word version

Nat Sakimura sakimura at gmail.com
Mon Jun 3 09:30:47 UTC 2013


I prepared a word version with modifications and comments.
Many of them are editorial. It is probably easier to go through than to do
it in multiple tickets.

1 normative change proposed about the processing of prompt parameter. It
was using MUST, but I think it should be SHOULD. It is possible that trying
to obtain active consent may be illegal when it is obvious from other
actions. MUST is a bit too much. It is also prone to “Pavlov” attack.

Also, one question about whether the MIME Type of the signed UserInfo
response should be. It currently is application/jwt but it may be more
appropriate to have it as application/jws.

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130603/34ea16e1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-standard-1_0.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 97970 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130603/34ea16e1/attachment-0001.docx>


More information about the Openid-specs-ab mailing list