[Openid-specs-heart] Review of UMA security profile
Sarah Squire
sarah at engageidentity.com
Fri Dec 4 23:28:35 UTC 2015
Just a few small editorial suggestions. These are based on commit 9a27196.
1.
We should provide references for OAuth 2.0 and OpenID Connect 1.0 profiles
Awkward wording: “All requirements herein are in addition to the OAuth 2.0
profile and OpenID Connect 1.0.” should be reworded “All requirements
herein are in addition to the OAuth 2.0 and OpenID Connect 1.0 profiles.”
2.1
Awkward wording: “The AAT MUST have the following fields defined inside the
JWT and returned from the introspection endpoint:” should be reworded “The
AAT MUST define the following fields inside the JWT and return them from
the introspection endpoint:”
2.2
Same awkward wording “The PAT MUST have the following fields defined inside
the JWT and returned from the introspection endpoint, along with any other
fields:” should be reworded “The PAT MUST define the following fields
inside the JWT and return them from the introspection endpoint, along with
any other fields:”
The addition of “along with any other fields:” seems vague and unnecessary.
Maybe just take that out? Or add “Other fields may also be defined.”
The aud field definitely should not have “, along with any other fields:”
in it
Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151204/955ecabe/attachment.html>
More information about the Openid-specs-heart
mailing list