[Openid-specs-ab] Amanda Anganes' Core review comments
Mike Jones
Michael.Jones at microsoft.com
Thu Nov 14 01:23:48 UTC 2013
Hi Amanda,
Your comments have now been incorporated into the Core specification posted at http://openid.bitbucket.org/. Here's those you might want feedback on:
AAL1 - I didn't do this because it could have created an ambiguity between the possibility of correlating public and pairwise identifiers that the current wording doesn't have. I'd be open to other wording without this ambiguity.
AAL2: It's a MUST because clients need to be able to rely on this in their code.
AAL3: I'm reluctant to add a MUST because an error could be returned for other reasons.
AAL4: Actually, the MUST is that the user MUST be reauthenticated. That's still there. Prompting is only a SHOULD because some authentication methods, such as crypto devices, can be non-interactive.
AAL5, AAL6: An invalid_request error would be appropriate. That said, we don't want to get into the business of specifying particular errors for all MUST violations.
AAL7: We use URL in prose when it's a URL. We use uri in identifiers because that's the IETF convention.
Thanks so much for the useful review!
-- Mike
P.S. Your original review is attached so other working group members can see it.
From: Anganes, Amanda L [mailto:aanganes at mitre.org]
Sent: Thursday, October 31, 2013 11:53 AM
To: Mike Jones
Subject: Re: How to review OIDC documents
Hi Mike,
Thanks, the tracked changes in Word option worked very well. Attached are my edits for Core. Overall, it is looking good!
I will need to discuss with Justin whether he can cover my time to review any of the other documents. He had initially only approved a couple of hours, and for me doing as close of a read as I like to do in this case takes a while. I'll let you know one way or the other whether I can review any of the other specs.
Good job!
--Amanda
From: Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
Date: Tuesday, October 29, 2013 5:38 PM
To: "Anganes, Amanda L" <aanganes at mitre.org<mailto:aanganes at mitre.org>>
Subject: RE: How to review OIDC documents
You should review based on the HTML versions linked to from http://openid.bitbucket.org/. A good way to do this is to open the HTML versions in Word and then save them as .docx files with tracked changes on. Then your edits to the Word doc will show up as tracked changes and you can add comments.
I've attached a Word version of the Core doc with tracked changes on for you to start with. If you want me to create Word versions of the others too, let me know.
Thanks for doing this!
-- Mike
From: Anganes, Amanda L [mailto:aanganes at mitre.org]
Sent: Tuesday, October 29, 2013 1:00 PM
To: Mike Jones
Subject: How to review OIDC documents
Hi Mike,
I am hoping to review the OIDC final versions tonight or tomorrow. Can you point me to what the toolchain/method is to get the specs out of Bitbucket and into some format that I can read & review? Justin mentioned that I should definitely work off of the versions there, as you have been applying edits as you find them. I know Justin has done it before but I haven't been able to get ahold of him today (his schedule is pretty crazy right now).
Thanks!
--Amanda
--
Amanda Anganes
Info Sys Engineer, Sr., K83C
The MITRE Corporation
781-271-3103
aanganes at mitre.org<mailto:aanganes at mitre.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131114/26d713d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-core-1_0 29-Oct-13_ALA-edits.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 250309 bytes
Desc: openid-connect-core-1_0 29-Oct-13_ALA-edits.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131114/26d713d0/attachment.docx>
More information about the Openid-specs-ab
mailing list