[Openid-specs-ab] Connect Standard annotated word version

Nat Sakimura sakimura at gmail.com
Mon Jun 3 23:02:48 UTC 2013


Actually, I was wondering, at 3am in the morning. I thought we did it, but
I saw bunch of 'attributes' still.
I thought perhaps we wanted to keep it where it is unrelated to the OP
asserting its values.



2013/6/4 Mike Jones <Michael.Jones at microsoft.com>

>  I’ve added a few proposed changes and comments to yours.****
>
> ** **
>
> We consciously intentionally all uses of the term “attribute” about 6
> months ago because it was causing confusion.  We shouldn’t be putting it
> back now.  We should either use the term “Claim” or “information” for this,
> depending upon context.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* Nat Sakimura [mailto:sakimura at gmail.com]
> *Sent:* Monday, June 03, 2013 11:28 AM
>
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net; John Bradley
> *Subject:* Re: Connect Standard annotated word version****
>
> ** **
>
> Yeah. I was a bit surprised by the state of Standard. ****
>
> Message seems to be fairly good, as far as I remember I read it through
> last time. ****
>
> ** **
>
> Here is a word version of it with comments - I did it till the end of the
> Section 1. ****
>
> Apparently, the definition of Authentication was not working, so I rewrote
> it. ****
>
> I added a few others with comments. I removed your text about RFC 4949 at
> the begining of the Terminology section, since there is no single
> definition of validation and verification in the document. The definition I
> extracted is buried inside the validation vs. verification tutorial. So,
> instead, I added the actual definition to ther Terminology. ****
>
> ** **
>
> I also added Identity and Identifier as they are very often mistaken and
> conflated words. ****
>
> ** **
>
> ** **
>
> ** **
>
> 2013/6/4 Mike Jones <Michael.Jones at microsoft.com>****
>
> It’s my sense that we’ve been getting good feedback on Basic, Implicit,
> Messages, Discovery, and Registration all along because of the developers
> implementing them.  Standard less so, because in practice, you can
> implement most everything by just reading Messages (or by supplementing
> Messages with Basic and Implicit).  Session Management has had less
> feedback because there has been less implementation work to date.  (That
> said, Microsoft developers have recently read through it, which resulted in
> some of the good feedback we’ve received lately - for instance resulting in
> the practical refinements to RP-initiated logout.)****
>
>  ****
>
> There’s always room for improvement.  But my sense is that, after the
> round of changes that we’ve already agreed to, we’re ready for the
> Implementer’s Drafts.  More review is always good, but as they say at
> Microsoft, “shipping is a feature too”. J****
>
>  ****
>
>                                                             -- Mike****
>
>  ****
>
> *From:* Nat Sakimura [mailto:sakimura at gmail.com]
> *Sent:* Monday, June 03, 2013 10:37 AM****
>
>
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net; John Bradley
> *Subject:* Re: Connect Standard annotated word version****
>
>  ****
>
> I +1'ed to #848. ****
>
>  ****
>
> Re: authentication definition: In reviewing your comment back to my word
> comment, I found a descrepancy with the current definition. We are using a
> phrase like authenticate client and client authentication. Thus, the
> definition of authentication MUST NOT include "End-user". This is a
> Messages issue, by the way. ****
>
>  ****
>
> I have done this detail of the read only to Standard. Has anyone else did
> a careful read on other specs? ****
>
> If we distribute the work, we could finish it in one day. I have only a
> few hours a day that I can allocate to this, and is taking too long to do.
> (Now, decreasing sleeping hours is not an option here. I have been working
> more than 20 hours a day last couple of business days.) I do not want to
> hold it off, but the goal of 2nd Implementer's draft is to publish
> something completely stable. I think we are in a pretty good shape for
> Standard now. (If we remove the examples for JWS and JWE, I doubt that we
> need to touch the text even JWS/JWE changes.)  ****
>
>  ****
>
> The question is: has the same level of vetting done on other specs? ****
>
>  ****
>
>  ****
>
>  ****
>
> 2013/6/4 Mike Jones <Michael.Jones at microsoft.com>****
>
> OK - I'll give you this "SHOULD" if you give me the language proposed in
> #848 that John signed off on. :-)
>
> Then, subject to other working group input, I think we will have reached
> closure on all the proposed changes so we can get back to having proposed
> Implementer's Drafts today again.
>
>                                 -- Mike****
>
>
> -----Original Message-----
> From: Nat Sakimura [mailto:sakimura at gmail.com]****
>
> Sent: Monday, June 03, 2013 9:16 AM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net; John Bradley
> Subject: Re: Connect Standard annotated word version
>
> Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> > As for changing the prompt:consent MUST to a SHOULD, I don’t
> > understand the “obvious from other actions” comment,
>
> It is quite well known concept.
> For example, when you have ordered something to be delivered to your home,
> you do not need an explicit consent for it since it is obvious.
>
> Explicit consent really only one of the possible conditions for processing
> even in EU Data Protection directive.
>
> In Japan, we are even talking of banning unnecessary explicit consent
> right now in a government committee. A protocol should not step on these
> legal issues. It MAY say SHOULD but not MUST.
>
> As to Pavlov effect, we are not talking about one RP here. It is
> potentially thousands of them. An OP should have some room to deal with it
> in the sense of consumer protection. Again, a protocol should not be
> prescriptive here. OP should be able not to show the consent dialogue and
> return an assertion without attributes other than that of authentication
> event.****
>
>
>
> ****
>
>  ****
>
> --
> Nat Sakimura (=nat)****
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>
>
>
> ****
>
> ** **
>
> --
> Nat Sakimura (=nat)****
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/e03cef61/attachment-0001.html>


More information about the Openid-specs-ab mailing list