[Openid-specs-ab] Other specs Review

Nat Sakimura sakimura at gmail.com
Thu Jun 6 02:03:20 UTC 2013


I have not checked the consistency with the most recent version of OAuth
It has warning text about the relationship. If we are to announce that 2nd
I-D is the stable one that will not change, we may want to remove the

At the very beginning, it is speaking of OAuth 2.0 protocol. IMHO, it
should be replaced by its formal name: OAuth 2.0 Authorization Framework.
This applies to all other documents.

*Basic and Implicit*

Some of the changes to Message undoubtedly need to be propagated here.
However, being more restrictive is fine here as it is a profile.
Also, omission of details are allowed here since it after all refers back
to the base specs.
In this respect, they look pretty good.

One thing that I noticed, which I should have noticed a long time ago, is
that it is stating normative requirements to the Server even though it
claims that it is only applicable to Client. I suppose that is still OK.

This concludes my final reviews.

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130606/193074a0/attachment.html>

More information about the Openid-specs-ab mailing list