[Openid-specs-ab] openid connect specs review

George Fletcher gffletch at aol.com
Mon Jul 11 16:33:50 UTC 2011

Updates identified below...

On 7/6/11 8:29 PM, Johnny Bufu wrote:
> UserInfo (draft 03 / July 05, 2011):
> 2.  UserInfo Endpoint
> Claim objects are not formally defined.
Move the text regarding "claim objects" into the terminology section.
> 2.1.  Requests
> Which endpoint type from OAuth 2.0 / Bearer Token does the UserInfo 
> Endpoint comply to?
Cleaned up the text to specify that the endpoint is a standard OAuth2 
protected resource endpoint.
> What constitutes a (valid) schema name that MAY be used?
The only "valid" schema name defined in this spec is "openid". The text 
regarding the 'schema' parameter explicitly states that the only 
predefined value is "openid". Do you think that addition text is needed 
to make this clear?
> What's the difference between the terms "schema" and "format" in the 
> context of the UserInfo specification? They seem to be used 
> interchangeably - if there is no difference and neither is formally 
> defined, I suggest using the more generic "format" term.
So in reading draft 04, it seems to me that schema means the format of 
the data being returned (meaning which fields) while format is 
identifying the "encoding" of the data (e.g. JSON, JWT, XML, etc). I 
changed one format to schema but left the others.

I added schema and format as terms defined in the Terminology section. 
This may be a little much:)

> "RESERVED" is capitalized but not defined by RFC2119; capitalization 
> suggest specially defined meaning. I suggest it shouldn't be 
> capitalized if there is no special meaning defined elsewhere.
Changed this to OPTIONAL. If we've defined RESERVED somewhere else I can 
copy it to the userinfo spec.
> 2.2.  Responses
> "See the OpenID Connect Core [OpenID.CC] specification on how to 
> request a different format."
> Core doesn't define UserInfo response formats.
I'm assuming this will be addressed in Core.

The HTML version is attached.


Chief Architect                   AIM:  gffletch
Identity Services Engineering     Work: george.fletcher at teamaol.com
AOL Inc.                          Home: gffletch at aol.com
Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110711/94667d84/attachment-0002.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110711/94667d84/attachment-0003.html>

More information about the Openid-specs-ab mailing list