[Openid-specs-ab] Developer Feedback
Johnny Bufu
jbufu at janrain.com
Mon Jul 11 20:05:17 UTC 2011
On 11-07-11 10:16 AM, Nat Sakimura wrote:
> 1. We should make sure to place HTTP Redirect Binding as the Center Piece.
> This actually is the confusion that even Breno was falling into. He
> was thinking that Core was something to be implemented.
> It is not. It is the HTTP Redirect Binding that the developers
> should read. We may want to rename it to something more
> attractive and feel as the main spec. (Perhaps rename core as
> "Messages" and let the HTTP Binding assume the name
> "Core" etc.?)
I too feel that the current number of separate documents makes it harder
to get the big picture, even though I like modular specs. I guess the
modularization is not laid out in a way that's easy to get. For example:
- The separation between what is an "abstract" message and what a
binding is required/allowed to define is not very clear.
- ID Tokens are needed, one way or another (JWT encoded or not) to
complete a full OpenID-Connect authentication. I'd rather learn about
them from Core.
- UserInfo endpoint seems to be covered by both UserInfo and Framework
specs.
> 2. Short names are unpopular.
[...]
> Here are my suggestions:
> inf -> userinfo
> idt -> id_token
> clm -> claims
> fmt -> format
> mxa -> max_age
> eaa -> iso29115
> nor -> unsigned
> sig -> signed
> enc -> encrypted
> aat -> auth_time
> loc -> locale
> opt -> optional
+1 if there's no clear technical reason that prevents using these
slightly longer names.
Johnny
More information about the Openid-specs-ab
mailing list