<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=windows-1256"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<font face="Helvetica, Arial, sans-serif">Thanks for the updates
Mike!<br>
<br>
A few comments on the new userinfo specification...<br>
<br>
Section 2.1<br>
* The access_token is a required parameter. Is there any reason
the access token could not be specified via the HTTP Authorization
header?<br>
<br>
* Are both GET/POST HTTP methods allowed?<br>
<br>
* The spec says that if the schema is "openid" then the endpoint
SHOULD return a JSON object that si a subset of the following
claims. Given that if no schema parameter is passed, or a value
other than "openid" is passed, the response object is undefined
(from this specs perspective), wouldn't it make more sense to turn
the SHOULD into a MUST? Right now, from my reading of the spec, I
can have a compliant userinfo endpoint that returns the data in a
PoCo format even if a schema of "openid" is specified. <br>
<br>
Thanks,<br>
George<br>
</font><br>
On 6/30/11 5:42 AM, Mike Jones wrote:
<blockquote
cite="mid:4E1F6AAD24975D4BA5B168042967394348D35B40@TK5EX14MBXC201.redmond.corp.microsoft.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1256">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">(adding
Allen, Kick, Chris, and Larry, to inform them of this
progress towards the Connect launch)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);"><o:p> </o:p></span></p>
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; border-color:
rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color;
padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif";">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif";">
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>
[<a class="moz-txt-link-freetext" href="mailto:openid-specs-ab-bounces@lists.openid.net">mailto:openid-specs-ab-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Mike Jones<br>
<b>Sent:</b> Thursday, June 30, 2011 2:32 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b> Eric Sachs; Andrew Nash; Don Thibeau<br>
<b>Subject:</b> [Openid-specs-ab] Updated Connect Specs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Edmund and I have released updated and
restructured Connect specs to openid.net. The released specs
are:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">OpenID
Connect Core: <a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-core-1_0.html">
http://openid.net/specs/openid-connect-core-1_0.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">OpenID
Connect Framework: <a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-framework-1_0.html">
http://openid.net/specs/openid-connect-framework-1_0.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">OpenID
Connect Session Management:
<a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-session-1_0.html">http://openid.net/specs/openid-connect-session-1_0.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">OpenID
Connect HTTP Redirect Binding:
<a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-http-redirect-1_0.html">http://openid.net/specs/openid-connect-http-redirect-1_0.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">OpenID
Connect UserInfo Endpoint:
<a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-userinfo-1_0.html">http://openid.net/specs/openid-connect-userinfo-1_0.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">All
are in SubVersion at <a moz-do-not-send="true"
href="http://svn.openid.net/repos/specifications/connect/1.0/">
http://svn.openid.net/repos/specifications/connect/1.0/</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">The
UserInfo spec now uses names in the style of the Facebook
Graph API. Edmund, I did a consistency pass over all the
specs, primarily to update the examples to the new UserInfo
schema. I also ran spelling and grammar checking and
corrected issues found.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">I’d
encourage everyone to read these in detail. Once we have
the updated Discovery and Client Registration specs, these
should be ready to turn over to early developers!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(0, 32, 96);">
-- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Chief Architect AIM: gffletch
Identity Services Engineering Work: <a class="moz-txt-link-abbreviated" href="mailto:george.fletcher@teamaol.com">george.fletcher@teamaol.com</a>
AOL Inc. Home: <a class="moz-txt-link-abbreviated" href="mailto:gffletch@aol.com">gffletch@aol.com</a>
Mobile: +1-703-462-3494 Blog: <a class="moz-txt-link-freetext" href="http://practicalid.blogspot.com">http://practicalid.blogspot.com</a>
Office: +1-703-265-2544 Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/gffletch">http://twitter.com/gffletch</a>
</pre>
</body>
</html>