[Openid-specs-ab] openid-connect-basic-1_0-23 review

[Mike Jones]

These issues have been addressed.  See https://bitbucket.org/openid/connect/issue/724/basic-tony-nadalins-review-comments for additional comments on the questions raised.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Monday, January 28, 2013 12:13 PM
To: Anthony Nadalin; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] openid-connect-basic-1_0-23 review

I've created http://hg.openid.net/connect/issue/724/basic-tony-nadalins-review-comments to track these review comments.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Anthony Nadalin
Sent: Thursday, January 24, 2013 2:46 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: [Openid-specs-ab] openid-connect-basic-1_0-23 review

Section 2.2.2

1.        mixes Client and User-Agent, should be consistent and use both or just 1

2.       "this may happen over HTTPS" seems to go against core where it MUST

Section 2.2.3

1.       Should state that TLS needs to be used and point the reader to section 2.3 in RFC6749


Section 2.3

1.       Is "aud" and URI ? same for "azp"?


Section 2.4.2

1.       If the user info endpoint does not have a value for middle_name (or any other member) will it return a "middle_name" :null  or just not return "middle_name"?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130202/89e64c04/attachment.html>