[Openid-specs-ab] Tim Bray's review comments

Mike Jones Michael.Jones at microsoft.com
Wed Nov 13 22:36:39 UTC 2013 

The specs at http://openid.bitbucket.org/ now include the edits resulting from Tim’s comments.

Tim, the one request of yours that I didn’t do was to have a comprehensive list of the scope values defined, mainly because I couldn’t figure out where to put it.  However, there are references to all the places scope values are defined in text about the “scope” request parameter in http://openid.bitbucket.org/openid-connect-core-1_0.html#AuthRequest.  That’s as close as we currently get to doing this.  If someone has a suggestion for how and where to put such a list, I’d be interested in your thoughts.

                                                            -- Mike

From: Tim Bray [mailto:tbray at textuality.com]
Sent: Wednesday, October 23, 2013 10:02 AM
To: Mike Jones
Subject: Re: Review reminder

1.1 It says that literal values are quoted, but in the document I’m reading, they’re distinguished typographically by use of a monospace font

2. Authentication: comma out of place after “whereas”

2.1 “Resource owner” undefined and not obvious at all what it means in OIDC context

2.1.2.1 id_token_hint last para is very confusing.  When it says “If the ID Token received by the RP is encrypted” does that mean “If the ID Token being sent as the value of the id_token_hint parameter was received by the RP in encrypted form...” ?  Might also want to be explicit that the user we’re talking about is the one identified by the “sub” claim in the ID Token?

2.1.2.6 example, the error_description provided is completely unhelpful (as is too often the case in real deployments). The example should provide an example of a non-worst practice.

It’d be nice if there were a list of all the scopes at some point in the document... new scopes are being introduced in section 10.

Dyn registration 3.2 example returns 200 not 201

On Tue, Oct 22, 2013 at 10:43 PM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
Can you please send me your doc with the OpenID Connect Core review comments?

                                                            Thanks,
                                                            -- Mike


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131113/6b28395d/attachment.html>

More information about the Openid-specs-ab mailing list