[Openid-specs-ab] Discovery text question
Michael.Jones at microsoft.com
Wed Dec 18 19:56:22 UTC 2013
http://openid.bitbucket.org/openid-connect-discovery-1_0.html#ProviderConfigurationValidation currently says:
The issuer value returned MUST be identical to the Issuer URL that was directly used to retrieve the configuration information. This MUST also be identical to the iss Claim value in ID Tokens issued from this Issuer. Since the discovery process allows for multiple levels of redirection, this Issuer URL MAY be different from the one originally used to begin the discovery process.
The intended meaning of the last sentence isn't clear to me. First, do people believe this sentence is still valid or should it be deleted? Unless people come up with a clearer meaning and say why it needs to be retained, I'd suggest deletion. Any objections, or do people want to suggest clearer wording?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab