[Openid-specs-ab] RP Test

Nat Sakimura sakimura at gmail.com
Fri Feb 13 09:30:08 UTC 2015


Oh, OK. That was just redirect_uri. Maybe it's better to state that
directly than to state 'end points '.
On 2015年2月11日(水) at 11:51 Mike Jones <Michael.Jones at microsoft.com> wrote:

>  Nat, I agree that those tests should be made optional for Basic.  The
> signature tests are still required for Implicit and Hybrid.
>
>
>
> As for mandating TLS, we’re mandating that the OP endpoints always use
> TLS.  However for the code flow, the RP endpoint is allowed to not use TLS
> (provided the OP allows this, which it isn’t required to do).
>
>
>
> Roland – I synced your RPtest spreadsheet with the RP tab in the
> Conformance Tests spreadsheet a while back.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] *On
> Behalf Of *Nat Sakimura
> *Sent:* Monday, February 09, 2015 7:09 PM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* [Openid-specs-ab] RP Test
>
>
>
> Hi.
>
>
>
> I suppose we should either drop or relax the following. They are not
> required in Basic.
>
>
>
> rp-idt-kid-absent
> rp-idt-kid
>
> rp-alg-rs256
> rp-alg-none
>
>
>
> Also, I am wondering if the following is accurately reflecting the
> standard.
>
>
>
> "Uses https for all endpoints unless only using code flow"
>
> (It has no identifier assigned to it.)
>
>
>
> Section 3.1.2 states:
>
> Communication with the Authorization Endpoint MUST utilize TLS. See
> *Section 16.17*
> <http://openid.net/specs/openid-connect-core-1_0.html#TLSRequirements> for
> more information on using TLS.
>
>
>
> Section 3.1.3 states:
>
> Communication with the Token Endpoint MUST utilize TLS. See
> *Section 16.17*
> <http://openid.net/specs/openid-connect-core-1_0.html#TLSRequirements> for
> more information on using TLS.
>
>
>
> Section 5.3 states:
>
> Communication with the UserInfo Endpoint MUST utilize TLS. See
> *Section 16.17*
> <http://openid.net/specs/openid-connect-core-1_0.html#TLSRequirements> for
> more information on using TLS.
>
>
>
> Looks like we are mandating to use TLS regardless of the flow.
>
>
>
>
>
> --
>
> Nat Sakimura (=nat)
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150213/5c104c1a/attachment.html>


More information about the Openid-specs-ab mailing list