[Openid-specs-ab] Messages Review 2

Mike Jones Michael.Jones at microsoft.com
Tue Jun 4 21:52:57 UTC 2013

My comments added to the attached version.

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Tuesday, June 04, 2013 4:12 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Messages Review 2

Now I have completed the review of Messages apart from section 2.9 and Self-issued related things.

Many errors and omissions. On March 1, somehow, HTTP binding was introduced to UserInfo endpoint. Such a binding belongs to Standard, and not here. Since there was no commit message, the mail/minutes, and tickets to the effect, it took me quite a while to locate when and on what commit it had happened.

Some of the MUST requirements around explicit consent are too strong and does not account for governmental, enterprise, and consumer protection use cases. Such strong requirements can be written as a sector specific profile, but not as a base spec.

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/0b5c654c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-messages-1_0 Nat-4-Jun-13+Mike.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 204894 bytes
Desc: openid-connect-messages-1_0 Nat-4-Jun-13+Mike.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/0b5c654c/attachment-0001.docx>

More information about the Openid-specs-ab mailing list