[Openid-specs-ab] Issue #888: New core: Discovered typos, etc (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Fri Oct 18 12:08:53 UTC 2013
New issue 888: New core: Discovered typos, etc
https://bitbucket.org/openid/connect/issue/888/new-core-discovered-typos-etc
Vladimir Dzhuvinov:
Hi guys,
I read the entire document and here is a list of what I found:
2.1.3.7. ID Token Validation: bullet 4 - the "and" should be deleted.
2.2. Authentication using the Implicit Flow - "The Authorization Server does not perform Client Authentication before issuing the Access Token. " I think we should drop the "before issuing the Access Token".
4.4.2. Claims Languages and Scripts - "Web site" is capitalised, but it's not an actual term that we have listed at the top of the doc.
5.2.1. URL Referencing the Request Object - What is "attribute values"? This is never mentioned before.
15.16. Implicit Grant Flow Threats - "... is possible if the User-Agent is infested by malware." Infested? I think "infected" would suffice here LOL :-)
Vladimir
More information about the Openid-specs-ab
mailing list