[Openid-specs-ab] Connect Standard annotated word version

Nat Sakimura sakimura at gmail.com
Mon Jun 3 18:27:42 UTC 2013


Yeah. I was a bit surprised by the state of Standard.
Message seems to be fairly good, as far as I remember I read it through
last time.

Here is a word version of it with comments - I did it till the end of the
Section 1.
Apparently, the definition of Authentication was not working, so I rewrote
it.
I added a few others with comments. I removed your text about RFC 4949 at
the begining of the Terminology section, since there is no single
definition of validation and verification in the document. The definition I
extracted is buried inside the validation vs. verification tutorial. So,
instead, I added the actual definition to ther Terminology.

I also added Identity and Identifier as they are very often mistaken and
conflated words.




2013/6/4 Mike Jones <Michael.Jones at microsoft.com>

>  It’s my sense that we’ve been getting good feedback on Basic, Implicit,
> Messages, Discovery, and Registration all along because of the developers
> implementing them.  Standard less so, because in practice, you can
> implement most everything by just reading Messages (or by supplementing
> Messages with Basic and Implicit).  Session Management has had less
> feedback because there has been less implementation work to date.  (That
> said, Microsoft developers have recently read through it, which resulted in
> some of the good feedback we’ve received lately - for instance resulting in
> the practical refinements to RP-initiated logout.)****
>
> ** **
>
> There’s always room for improvement.  But my sense is that, after the
> round of changes that we’ve already agreed to, we’re ready for the
> Implementer’s Drafts.  More review is always good, but as they say at
> Microsoft, “shipping is a feature too”. J****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* Nat Sakimura [mailto:sakimura at gmail.com]
> *Sent:* Monday, June 03, 2013 10:37 AM
>
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net; John Bradley
> *Subject:* Re: Connect Standard annotated word version****
>
> ** **
>
> I +1'ed to #848. ****
>
> ** **
>
> Re: authentication definition: In reviewing your comment back to my word
> comment, I found a descrepancy with the current definition. We are using a
> phrase like authenticate client and client authentication. Thus, the
> definition of authentication MUST NOT include "End-user". This is a
> Messages issue, by the way. ****
>
> ** **
>
> I have done this detail of the read only to Standard. Has anyone else did
> a careful read on other specs? ****
>
> If we distribute the work, we could finish it in one day. I have only a
> few hours a day that I can allocate to this, and is taking too long to do.
> (Now, decreasing sleeping hours is not an option here. I have been working
> more than 20 hours a day last couple of business days.) I do not want to
> hold it off, but the goal of 2nd Implementer's draft is to publish
> something completely stable. I think we are in a pretty good shape for
> Standard now. (If we remove the examples for JWS and JWE, I doubt that we
> need to touch the text even JWS/JWE changes.)  ****
>
> ** **
>
> The question is: has the same level of vetting done on other specs? ****
>
> ** **
>
> ** **
>
> ** **
>
> 2013/6/4 Mike Jones <Michael.Jones at microsoft.com>****
>
> OK - I'll give you this "SHOULD" if you give me the language proposed in
> #848 that John signed off on. :-)
>
> Then, subject to other working group input, I think we will have reached
> closure on all the proposed changes so we can get back to having proposed
> Implementer's Drafts today again.
>
>                                 -- Mike****
>
>
> -----Original Message-----
> From: Nat Sakimura [mailto:sakimura at gmail.com]****
>
> Sent: Monday, June 03, 2013 9:16 AM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net; John Bradley
> Subject: Re: Connect Standard annotated word version
>
> Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> > As for changing the prompt:consent MUST to a SHOULD, I don’t
> > understand the “obvious from other actions” comment,
>
> It is quite well known concept.
> For example, when you have ordered something to be delivered to your home,
> you do not need an explicit consent for it since it is obvious.
>
> Explicit consent really only one of the possible conditions for processing
> even in EU Data Protection directive.
>
> In Japan, we are even talking of banning unnecessary explicit consent
> right now in a government committee. A protocol should not step on these
> legal issues. It MAY say SHOULD but not MUST.
>
> As to Pavlov effect, we are not talking about one RP here. It is
> potentially thousands of them. An OP should have some room to deal with it
> in the sense of consumer protection. Again, a protocol should not be
> prescriptive here. OP should be able not to show the consent dialogue and
> return an assertion without attributes other than that of authentication
> event.****
>
>
>
> ****
>
> ** **
>
> --
> Nat Sakimura (=nat)****
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/1f1ecacc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-messages-1_0.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 241153 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/1f1ecacc/attachment-0001.docx>


More information about the Openid-specs-ab mailing list