[Openid-specs-ab] Messages Review 2

Nat Sakimura sakimura at gmail.com
Tue Jun 4 11:11:53 UTC 2013


Now I have completed the review of Messages apart from section 2.9 and
Self-issued related things.

Many errors and omissions. On March 1, somehow, HTTP binding was introduced
to UserInfo endpoint. Such a binding belongs to Standard, and not here.
Since there was no commit message, the mail/minutes, and tickets to the
effect, it took me quite a while to locate when and on what commit it had
happened.

Some of the MUST requirements around explicit consent are too strong and
does not account for governmental, enterprise, and consumer protection use
cases. Such strong requirements can be written as a sector specific
profile, but not as a base spec.




-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/db301987/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-messages-1_0 Nat-4-Jun-13.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 195802 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/db301987/attachment-0001.docx>


More information about the Openid-specs-ab mailing list