[Openid-specs-ab] Little more feedback
gffletch at aol.com
Tue Jul 12 13:25:12 UTC 2011
Agree this wording can get cleaned up. Will try and take a look today.
Do we have any more "required" claims besides "id"? Do we need to
identify which identifier the issuer should return for this id? i.e.
does it need to match an identifier returned from the token
introspection endpoint, or the id in the access_token?
On 7/12/11 1:27 AM, Breno de Medeiros wrote:
> On Mon, Jul 11, 2011 at 18:20, Johnny Bufu<jbufu at janrain.com> wrote:
>> On 11-07-11 03:44 PM, Pam Dingle wrote:
>>> * section 2.2 - the description of "must return a subset" and "may
>>> return additional attributes" seems to conflict to me.
>> It looked like a conflict to me at the first read too; however, I noticed
>> that the wording after the MUST is that the response "*contains* a set of
>> claims that are a subset".
>> So a subset of the defined claims MUST be included with each response, extra
>> claims MAY be added as well.
>> The MUST is however superfluous given that the empty set is a subset of any
>> other set. Intent was probably that the response MUST contain a non-empty
>> subset of the defined claims.
> I think we should make the MUST specific: The set of claims MUST
> include the 'id', for instance.
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
Chief Architect AIM: gffletch
Identity Services Engineering Work: george.fletcher at teamaol.com
AOL Inc. Home: gffletch at aol.com
Mobile: +1-703-462-3494 Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544 Twitter: http://twitter.com/gffletch
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab