[Openid-specs-ab] Connect Standard annotated word version

Mike Jones Michael.Jones at microsoft.com
Mon Jun 3 22:58:10 UTC 2013


I’ve added a few proposed changes and comments to yours.

We consciously intentionally all uses of the term “attribute” about 6 months ago because it was causing confusion.  We shouldn’t be putting it back now.  We should either use the term “Claim” or “information” for this, depending upon context.

                                                            -- Mike

From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Monday, June 03, 2013 11:28 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; John Bradley
Subject: Re: Connect Standard annotated word version

Yeah. I was a bit surprised by the state of Standard.
Message seems to be fairly good, as far as I remember I read it through last time.

Here is a word version of it with comments - I did it till the end of the Section 1.
Apparently, the definition of Authentication was not working, so I rewrote it.
I added a few others with comments. I removed your text about RFC 4949 at the begining of the Terminology section, since there is no single definition of validation and verification in the document. The definition I extracted is buried inside the validation vs. verification tutorial. So, instead, I added the actual definition to ther Terminology.

I also added Identity and Identifier as they are very often mistaken and conflated words.



2013/6/4 Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
It’s my sense that we’ve been getting good feedback on Basic, Implicit, Messages, Discovery, and Registration all along because of the developers implementing them.  Standard less so, because in practice, you can implement most everything by just reading Messages (or by supplementing Messages with Basic and Implicit).  Session Management has had less feedback because there has been less implementation work to date.  (That said, Microsoft developers have recently read through it, which resulted in some of the good feedback we’ve received lately - for instance resulting in the practical refinements to RP-initiated logout.)

There’s always room for improvement.  But my sense is that, after the round of changes that we’ve already agreed to, we’re ready for the Implementer’s Drafts.  More review is always good, but as they say at Microsoft, “shipping is a feature too”. :)

                                                            -- Mike

From: Nat Sakimura [mailto:sakimura at gmail.com<mailto:sakimura at gmail.com>]
Sent: Monday, June 03, 2013 10:37 AM

To: Mike Jones
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; John Bradley
Subject: Re: Connect Standard annotated word version

I +1'ed to #848.

Re: authentication definition: In reviewing your comment back to my word comment, I found a descrepancy with the current definition. We are using a phrase like authenticate client and client authentication. Thus, the definition of authentication MUST NOT include "End-user". This is a Messages issue, by the way.

I have done this detail of the read only to Standard. Has anyone else did a careful read on other specs?
If we distribute the work, we could finish it in one day. I have only a few hours a day that I can allocate to this, and is taking too long to do. (Now, decreasing sleeping hours is not an option here. I have been working more than 20 hours a day last couple of business days.) I do not want to hold it off, but the goal of 2nd Implementer's draft is to publish something completely stable. I think we are in a pretty good shape for Standard now. (If we remove the examples for JWS and JWE, I doubt that we need to touch the text even JWS/JWE changes.)

The question is: has the same level of vetting done on other specs?



2013/6/4 Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
OK - I'll give you this "SHOULD" if you give me the language proposed in #848 that John signed off on. :-)

Then, subject to other working group input, I think we will have reached closure on all the proposed changes so we can get back to having proposed Implementer's Drafts today again.

                                -- Mike

-----Original Message-----
From: Nat Sakimura [mailto:sakimura at gmail.com<mailto:sakimura at gmail.com>]
Sent: Monday, June 03, 2013 9:16 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; John Bradley
Subject: Re: Connect Standard annotated word version

Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:

> As for changing the prompt:consent MUST to a SHOULD, I don’t
> understand the “obvious from other actions” comment,

It is quite well known concept.
For example, when you have ordered something to be delivered to your home, you do not need an explicit consent for it since it is obvious.

Explicit consent really only one of the possible conditions for processing even in EU Data Protection directive.

In Japan, we are even talking of banning unnecessary explicit consent right now in a government committee. A protocol should not step on these legal issues. It MAY say SHOULD but not MUST.

As to Pavlov effect, we are not talking about one RP here. It is potentially thousands of them. An OP should have some room to deal with it in the sense of consumer protection. Again, a protocol should not be prescriptive here. OP should be able not to show the consent dialogue and return an assertion without attributes other than that of authentication event.



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130603/e30c4f99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-messages-1_0 Nat suggestions+Mike 3-Jun-13.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 191219 bytes
Desc: openid-connect-messages-1_0 Nat suggestions+Mike 3-Jun-13.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130603/e30c4f99/attachment-0001.docx>


More information about the Openid-specs-ab mailing list