[Openid-specs-ab] Connect Standard annotated word version
sakimura at gmail.com
Mon Jun 3 22:42:16 UTC 2013
OK. My message was held in moderation queue because the attachment was too
big. I just released it :-(
2013/6/4 Nat Sakimura <sakimura at gmail.com>
> I +1'ed to #848.
> Re: authentication definition: In reviewing your comment back to my word
> comment, I found a descrepancy with the current definition. We are using a
> phrase like authenticate client and client authentication. Thus, the
> definition of authentication MUST NOT include "End-user". This is a
> Messages issue, by the way.
> I have done this detail of the read only to Standard. Has anyone else did
> a careful read on other specs?
> If we distribute the work, we could finish it in one day. I have only a
> few hours a day that I can allocate to this, and is taking too long to do.
> (Now, decreasing sleeping hours is not an option here. I have been working
> more than 20 hours a day last couple of business days.) I do not want to
> hold it off, but the goal of 2nd Implementer's draft is to publish
> something completely stable. I think we are in a pretty good shape for
> Standard now. (If we remove the examples for JWS and JWE, I doubt that we
> need to touch the text even JWS/JWE changes.)
> The question is: has the same level of vetting done on other specs?
> 2013/6/4 Mike Jones <Michael.Jones at microsoft.com>
>> OK - I'll give you this "SHOULD" if you give me the language proposed in
>> #848 that John signed off on. :-)
>> Then, subject to other working group input, I think we will have reached
>> closure on all the proposed changes so we can get back to having proposed
>> Implementer's Drafts today again.
>> -- Mike
>> -----Original Message-----
>> From: Nat Sakimura [mailto:sakimura at gmail.com]
>> Sent: Monday, June 03, 2013 9:16 AM
>> To: Mike Jones
>> Cc: openid-specs-ab at lists.openid.net; John Bradley
>> Subject: Re: Connect Standard annotated word version
>> Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com> wrote:
>> > As for changing the prompt:consent MUST to a SHOULD, I don’t
>> > understand the “obvious from other actions” comment,
>> It is quite well known concept.
>> For example, when you have ordered something to be delivered to your
>> home, you do not need an explicit consent for it since it is obvious.
>> Explicit consent really only one of the possible conditions for
>> processing even in EU Data Protection directive.
>> In Japan, we are even talking of banning unnecessary explicit consent
>> right now in a government committee. A protocol should not step on these
>> legal issues. It MAY say SHOULD but not MUST.
>> As to Pavlov effect, we are not talking about one RP here. It is
>> potentially thousands of them. An OP should have some room to deal with it
>> in the sense of consumer protection. Again, a protocol should not be
>> prescriptive here. OP should be able not to show the consent dialogue and
>> return an assertion without attributes other than that of authentication
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab