[Openid-specs-ab] Issues of Basic and Messages , as of Sept 12

hideki nara hdknr at ic-tact.co.jp
Sun Sep 11 23:48:35 UTC 2011 

Good Monday morning from Tokyo.

A lot of issues of Basic and Messages have been registared at OpenID
Bitbucket tracker last weekend.
( https://bitbucket.org/openid/connect/issues/ )

Some of them may require  our discussion, others Jay will attend and fix
soon. :-)

Thank  jbufu (https://bitbucket.org/jbufu) for reporting.

Discussion might be needed
-----------------------------

#51 Messages - 1 Message not properly defined
#66 Basic - 3.2.1 normative reference for query string serialization
#68 Basic 3.2.3 - user's authorization decision cannot be forced
#70 Basic - 3.2.3 openid scope not authorized
#76 Basic - 3.3.1 POST optional for both client and server
#85 Basic - 6 unclear what attack vector is mentioned

Clearification / Correction
-------------------------------

#52 Messages - 3.4 check session endpoint declared twice
#53 Basic - Abstract: pointer to "main specification" missing
#54 Basic - 2 Identity Provider not defined
#59 Basic - 3 Check Session presented with access token
#61 Basic - 3.1 scopes not attached to tokens
#63 Basic - 3.2.1 MUST in unclosed bracket
#64 Basic - 3.2.1 display values not explained
#65 Basic - 3.2.1 prompt values not explained
#67 Basic - 3.2.2 authorization URL construction
#69 Basic 3.2.3 - error response recipient not specified
#72 Basic - 3.2.4.1 typo in state parameter description
#73 Basic - 3.2.4.1 state parameter listed twice
#74 Basic - 3.2.4.1 state validation not specified
#77 Basic - 3.3.2 nonce listed as both OPTIONAL and REQUIRED
#78 Basic - 3.3.2 OAuth identifier
#79: Basic - 3.3.4.2 audience verification
#80 Basic - 3.3.4.2 ID token clarification
#81 Basic - 3.3.4.2 nonce verification not specified
#82 Basic - 3.3.4.2 iss parameter processing not specified
#84 Basic - 4 misplaced normative text for check session endpoint

Expression / Wording
--------------------------

#55 Basic - 2 Server term is not defined
#56 Basic - 2 ID token opaque
#57 Basic - 2 assertion definition
#58 Basic - 2 consistent capitalization
#60 Basic - 3 inconsistent use of OAuth grant names
#62 Basic - 3.2.1 document referred to as binding
#71 Basic - 3.2.4.1 Duplicate statement for response being sent in the
fragment
#75 Basic - 3.3 wording for id_token - client binding
#83: Basic - 4 unclear wording for Userinfo endpoint - subject binding

---
hdknr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110912/8b053f64/attachment.html>

More information about the Openid-specs-ab mailing list