[Openid-specs-ab] Complete set of proposed changings enabling form_post response encoding

Mike Jones Michael.Jones at microsoft.com
Sat Oct 19 01:52:40 UTC 2013


Full HTML versions
               http://self-issued.info/docs/oauth-v2-multiple-response-types-1_0-18-Oct-13.html
               http://self-issued.info/docs/openid-connect-discovery-1_0-18-Oct-13.html
               http://self-issued.info/docs/openid-connect-core-1_0-18-Oct-13.html

Word versions showing diffs from Bitbucket versions:
               http://self-issued.info/docs/oauth-v2-multiple-response-types-1_0-18-Oct-13-diffs.docx
               http://self-issued.info/docs/openid-connect-discovery-1_0-18-Oct-13-diffs.docx
               http://self-issued.info/docs/openid-connect-core-1_0-18-Oct-13-diffs.docx

Status updates:  Multiple Response Types now uses the Response Mode identifier "form_post" (rather than "POST") and specifies the use of the application/x-www-form-urlencoded encoding for the form posted responses.  Discovery includes the "response_modes_supported" parameter.  In Core, rather than saying things like "MUST be fragment encoded" we now say things like "MUST be fragment encoded, unless a different Response Mode was specified".

As for where we go from here, from George's proposal and Nat's +1 to it, I believe that the only part of these proposed changes that there's still active debate about is whether the "form_post" Response Mode should be defined as an extension to Multiple Response Types or in Multiple Response Types itself.  Even those who are skeptical of trying to include the new binding as a final part of the specs appear to agree that we're right to generalize the language in Core, etc. to *permit* such bindings to be specified and used in the future - which is what's really been done in Core and Discovery and in all of the Multiple Response Types changes other than the subsections that actually define the new Response Mode.

I'm saying that, because given that as editor, I now already have numerous feedback comments to incorporate (thanks Vladimir and Torsten!), and I plan to start incorporating them tomorrow.  Unless I hear serious objections to proceeding in this manner, I plan to check in the sources to the above and make the changes against those versions.  I recognize that if "form_post" becomes a separate extension, that means I'd need to separate it from Multiple Response Types.  That's not hard.  However, I believe that all the other changes, which *enable but do not define* alternative Response Modes, would stay.  It will be much easier for me as editor to work that way, rather than maintaining two sets of change branches and merging them later.  (This matters because our time is short - especially the time before Monday's meeting.)

Thanks for the vigorous discussion the past few days and for all of your demonstrated passion both for finishing and for a high quality outcome.  Keep those spec reviews coming!

                                                            Cheers,
                                                            -- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131019/b961a866/attachment.html>


More information about the Openid-specs-ab mailing list