[Openid-specs-ab] Errata bug fixes

Nat Sakimura sakimura at gmail.com
Fri Jan 25 03:13:35 UTC 2019


Thanks. That's a lot!

On Fri, Jan 25, 2019 at 11:40 AM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Today’s errata fixes were:
>
>    - #999 <https://bitbucket.org/openid/connect/issues/999> - Clarified
>    requirements when invalid Redirection URI supplied
>    - #1002 <https://bitbucket.org/openid/connect/issues/1002> - Clarified
>    meaning of "exp" claim in the ID Token
>    - #1005 <https://bitbucket.org/openid/connect/issues/1005> - Clarify
>    "left truncated SHA-2 hash" in section on symmetric encryption
>    - #1006 <https://bitbucket.org/openid/connect/issues/1006> - Clarify
>    text in Third Party Initiated Login
>    - #1007 <https://bitbucket.org/openid/connect/issues/1007> - jwks /
>    jwks_uri must not contain private key material
>    - #1014 <https://bitbucket.org/openid/connect/issues/1014> - Addressed
>    lack of definition for "Configuration Document"
>    - #1016 <https://bitbucket.org/openid/connect/issues/1016> - Specified
>    that the server cannot change the redirect_uris value
>    - #1018 <https://bitbucket.org/openid/connect/issues/1018> - Missing
>    "sub" in examples of aggregated and distributed claims
>
>
>
> The editor’s drafts containing them are:
>
>    - https://openid.bitbucket.io/connect/openid-connect-core-1_0.html
>    - https://openid.bitbucket.io/connect/openid-connect-discovery-1_0.html
>    -
>    https://openid.bitbucket.io/connect/openid-connect-registration-1_0.html
>
>
>
>                                                        -- Mike
>
>
>
> *From:* Mike Jones
> *Sent:* Wednesday, January 23, 2019 8:58 PM
> *To:* 'openid-specs-ab at lists.openid.net' <openid-specs-ab at lists.openid.net
> >
> *Subject:* RE: Errata bug fixes
>
>
>
> And now these errata bugs are also fixed in the editor’s drafts
> https://openid.bitbucket.io/connect/openid-connect-core-1_0.html and
> https://openid.bitbucket.io/connect/openid-connect-registration-1_0.html:
>
>    - #975 <https://bitbucket.org/openid/connect/issues/975> - Referenced
>    additional related specifications
>    - #995 <https://bitbucket.org/openid/connect/issues/995> - Editorial
>    Issue: description of policy_uri in DynReg
>    - #996 <https://bitbucket.org/openid/connect/issues/996> - Explicitly
>    Ban 307 as the authorization response redirect
>    - #998 <https://bitbucket.org/openid/connect/issues/998> - Reconciled
>    subject_types_supported descriptions
>
>
>
>                                                        -- Mike
>
>
>
> *From:* Mike Jones
> *Sent:* Thursday, January 17, 2019 6:20 PM
> *To:* 'openid-specs-ab at lists.openid.net' <openid-specs-ab at lists.openid.net
> >
> *Subject:* RE: Errata bug fixes
>
>
>
> The editor’s draft now also contains fixes to these errata issues:
>
>    - #985 <https://bitbucket.org/openid/connect/issues/985/> - Noted that
>    the token_type value is case insensitive.
>    - #990 <https://bitbucket.org/openid/connect/issues/990/> - UserInfo
>    Error Response Example missing "Bearer" auth-scheme.
>    - #986 <https://bitbucket.org/openid/connect/issues/986/> - Softening
>    the 512 ASCII characters restriction.
>    - #993 <https://bitbucket.org/openid/connect/issues/993/> - How to
>    treat a zero max_age request parameter?
>    - #994 <https://bitbucket.org/openid/connect/issues/994/> - Definition
>    of country value within address claim.
>
>
>
>                                                        -- Mike
>
>
>
> *From:* Mike Jones
> *Sent:* Wednesday, January 16, 2019 11:26 PM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* Errata bug fixes
>
>
>
> The editor’s draft at
> https://openid.bitbucket.io/connect/openid-connect-core-1_0.html now
> contains fixes to these errata issues:
>
>    - #997 <https://bitbucket.org/openid/connect/issues/997> - Incorrect
>    reference in Section 15.2
>    - #970
>    <https://bitbucket.org/openid/connect/issues/970/core-2-id-token-acr-claim-incorrectly>
>    - ID Token acr claim incorrectly specifies the level 0 of assurance
>    - #982
>    <https://bitbucket.org/openid/connect/issues/982/error-in-jwt-claim-definitions-for-client>
>    - Error in JWT claim definitions for client authentication
>
>
>
> That’s in addition to this fix, which was already present:
>
>    - #972 <https://bitbucket.org/openid/connect/issues/972> - Clarified
>    nonce requirement in hybrid authentication request
>
>
>
> Please review the fixes.  I’m actively working through the errata issues,
> so expect more updates like this over the coming days.
>
>
>
>                                                        -- Mike
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190125/799a3b5a/attachment.html>


More information about the Openid-specs-ab mailing list