[Openid-specs-ab] Connect Standard annotated word version

Nat Sakimura sakimura at gmail.com
Mon Jun 3 17:36:38 UTC 2013


I +1'ed to #848.

Re: authentication definition: In reviewing your comment back to my word
comment, I found a descrepancy with the current definition. We are using a
phrase like authenticate client and client authentication. Thus, the
definition of authentication MUST NOT include "End-user". This is a
Messages issue, by the way.

I have done this detail of the read only to Standard. Has anyone else did a
careful read on other specs?
If we distribute the work, we could finish it in one day. I have only a few
hours a day that I can allocate to this, and is taking too long to do.
(Now, decreasing sleeping hours is not an option here. I have been working
more than 20 hours a day last couple of business days.) I do not want to
hold it off, but the goal of 2nd Implementer's draft is to publish
something completely stable. I think we are in a pretty good shape for
Standard now. (If we remove the examples for JWS and JWE, I doubt that we
need to touch the text even JWS/JWE changes.)

The question is: has the same level of vetting done on other specs?




2013/6/4 Mike Jones <Michael.Jones at microsoft.com>

> OK - I'll give you this "SHOULD" if you give me the language proposed in
> #848 that John signed off on. :-)
>
> Then, subject to other working group input, I think we will have reached
> closure on all the proposed changes so we can get back to having proposed
> Implementer's Drafts today again.
>
>                                 -- Mike
>
> -----Original Message-----
> From: Nat Sakimura [mailto:sakimura at gmail.com]
> Sent: Monday, June 03, 2013 9:16 AM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net; John Bradley
> Subject: Re: Connect Standard annotated word version
>
> Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> > As for changing the prompt:consent MUST to a SHOULD, I don’t
> > understand the “obvious from other actions” comment,
>
> It is quite well known concept.
> For example, when you have ordered something to be delivered to your home,
> you do not need an explicit consent for it since it is obvious.
>
> Explicit consent really only one of the possible conditions for processing
> even in EU Data Protection directive.
>
> In Japan, we are even talking of banning unnecessary explicit consent
> right now in a government committee. A protocol should not step on these
> legal issues. It MAY say SHOULD but not MUST.
>
> As to Pavlov effect, we are not talking about one RP here. It is
> potentially thousands of them. An OP should have some room to deal with it
> in the sense of consumer protection. Again, a protocol should not be
> prescriptive here. OP should be able not to show the consent dialogue and
> return an assertion without attributes other than that of authentication
> event.
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/8c6b2efc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-standard-1_0 Nat suggestions+Mike+Nat 3-Jun-13.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 114713 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/8c6b2efc/attachment-0001.docx>


More information about the Openid-specs-ab mailing list