[Openid-specs-ab] I'm planning to start applying errata edits to OpenID Connect

Justin Richer jricher at mit.edu
Wed Jul 29 17:45:27 UTC 2015


Not if you include good examples, which we shouldn’t get rid of. And there’s no added functionality in the OIDC spec, so it becomes a few bits of metadata that need to fit into already existing places.

I think that the multi-document confusion contention is a bit of a strawman argument anyway: Right now, they’ve got to go back and forth between this and the Core spec in order to understand things like the private_key_jwt value and a few others. 

My original question still stands, what would it take for the WG to do this? Whether or not we should or we will is another question, though I personally believe the answer to both is “yes”.

 — Justin

> On Jul 29, 2015, at 1:38 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> 
> I actually disagree that this makes things easier for implementers.  Right now OpenID registration is self-contained.  People implementing it only need to refer to one spec.  If we remove the duplication, people will have to keep going back and forth between two specs.  Developers hate that.
>  
>                                                             -- Mike
>  
> From: William Denniss [mailto:wdenniss at google.com] 
> Sent: Wednesday, July 29, 2015 10:35 AM
> To: Justin Richer
> Cc: Mike Jones; openid-specs-ab at lists.openid.net Ab
> Subject: Re: [Openid-specs-ab] I'm planning to start applying errata edits to OpenID Connect
>  
> +1
>  
> A revision that removes the duplication would help implementers. It's good to cleanly separate the OAuth and Connect layers, now that we can.
>  
> On Wed, Jul 29, 2015 at 10:10 AM, Justin Richer <jricher at mit.edu <mailto:jricher at mit.edu>> wrote:
> I can understand the rationale of not doing this during an errata action, but now that the IETF specs are available, what would it take for the WG to actually update the documents as Torsten suggests? The OIDC registration draft could really be quite minimal and import RFC7592 and RFC7592 directly for most of its normative content. The OIDC draft only adds a few fields to the client model and values to some fields (like response_type and token_endpoint_auth_method), but overall it isn’t any different.
>  
> I think it’s very unfortunate that the OAuth WG sat on this work for so long, otherwise we could have had it set up this way from the beginning. 
>  
>  — Justin
>  
> On Jul 29, 2015, at 12:37 PM, Mike Jones <Michael.Jones at microsoft.com <mailto:Michael.Jones at microsoft.com>> wrote:
>  
> We’re not going to do major changes as part of an errata action, so we’re not going to remove the now-duplicated content.  That said, we will add a statement that the OpenID Registration spec is compatible with the OAuth Registration spec and that implementations are free to use features defined there such as software statements as appropriate.  Would that work for you?
>  
>                                                             -- Mike
>  
> From: torsten at lodderstedt.net <mailto:torsten at lodderstedt.net> [mailto:torsten at lodderstedt.net <mailto:torsten at lodderstedt.net>]
> Sent: Wednesday, July 29, 2015 5:05 AM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>
> Subject: Re: [Openid-specs-ab] I'm planning to start applying errata edits to OpenID Connect
>  
> Hi Mike,
> 
> good to hear.
> 
> Regarding Dynamic Client Registration: Will you modify the OpenID Connect Spec to be based on RFC 7591? I'm asking because the OIDC Client Registration could be strip down (e.g. by removing the definition of registration request/response). Moreover, this would allow the OIDC version to leverage software statements, which are required for the MODRNA work.
> 
> best regards,
> Torsten.
> 
> Am 24.07.2015 20:14, schrieb Mike Jones:
> 
> I wanted to let you know that I plan to start applying errata edits to the OpenID Connect specifications.  These edits will include:
> ·        Referencing the JOSE, JWT, OAuth Assertions, and acct URI RFCs instead of working group drafts
> 
> ·        Registering the Connect-specific Dynamic Registration metadata values in the registry established by RFC 7591
> 
> ·        Removing the warning about the Google “iss” value currently in Section 15.6.2
> 
> ·        Addressing typos described in the issue tracker
> 
>  
> If you know of other issues that we need to address as errata, please add them to the issue tracker athttps://bitbucket.org/openid/connect/issues?status=new&status=open <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fbitbucket.org%2fopenid%2fconnect%2fissues%3fstatus%3dnew%26status%3dopen&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=HXg%2bwHa8bJiF7SLAJUyFK0Lwp6SBXdWE27KLYYiXmHM%3d> using the milestone “Errata”.
>  
> Note that I’ll first publish the updated drafts tohttp://openid.bitbucket.org/ <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fopenid.bitbucket.org%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=vcv4rTg9svF8fZYynqgEF7oV3N%2bEt2oVn0Tu%2bcrkJa8%3d> for review.  Also, I think we should wait until draft-ietf-jose-jwk-thumbprint <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-jose-jwk-thumbprint-08&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Abm%2brWGKRUjm0nf0zVUsAIdo%2b47JvLs54T2WDVPat%2fY%3d> exits the RFC Editor queue and becomes an RFC before we call this second errata round done.
>  
>                                                             -- Mike
>  
>  
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2flists.openid.net%2fmailman%2flistinfo%2fopenid-specs-ab&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TCG5eGRf7Z73v3O1CdCcVLBp6kXmee66VK2fV9iAD8w%3d>
>  
> 
>  
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2flists.openid.net%2fmailman%2flistinfo%2fopenid-specs-ab&data=01%7c01%7cMichael.Jones%40microsoft.com%7cc0ed08410e1a4039ce0d08d2983c233c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=IaRnzhdrFCvaWRyxa5YE9YR%2bVvGmC8%2btLpNs%2fEVzC%2f8%3d>
>  
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2flists.openid.net%2fmailman%2flistinfo%2fopenid-specs-ab&data=01%7c01%7cMichael.Jones%40microsoft.com%7cc0ed08410e1a4039ce0d08d2983c233c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=IaRnzhdrFCvaWRyxa5YE9YR%2bVvGmC8%2btLpNs%2fEVzC%2f8%3d>
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150729/b76db86a/attachment-0001.html>


More information about the Openid-specs-ab mailing list