[Openid-specs-ab] openid-connect-basic-1_0-23 review
Mike Jones
Michael.Jones at microsoft.com
Mon Jan 28 20:13:21 UTC 2013
I've created http://hg.openid.net/connect/issue/724/basic-tony-nadalins-review-comments to track these review comments.
-- Mike
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Anthony Nadalin
Sent: Thursday, January 24, 2013 2:46 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] openid-connect-basic-1_0-23 review
Section 2.2.2
1. mixes Client and User-Agent, should be consistent and use both or just 1
2. "this may happen over HTTPS" seems to go against core where it MUST
Section 2.2.3
1. Should state that TLS needs to be used and point the reader to section 2.3 in RFC6749
Section 2.3
1. Is "aud" and URI ? same for "azp"?
Section 2.4.2
1. If the user info endpoint does not have a value for middle_name (or any other member) will it return a "middle_name" :null or just not return "middle_name"?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130128/8fc3491e/attachment.html>
More information about the Openid-specs-ab
mailing list