[Openid-specs-ab] New Core Review

Mike Jones Michael.Jones at microsoft.com
Tue Nov 19 10:02:13 UTC 2013


Hi Nat,

Your comments have now been incorporated into the Core specification posted at http://openid.bitbucket.org/.  The attached version of your comments includes Disposition of Comments (DoC) notations as Word comments for resolutions that were handled differently than suggested.  For suggestions that were accepted, I included no comments.

Thanks for the thorough review, as always.

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Monday, October 21, 2013 10:56 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] New Core Review

Assuming no text has been added / crafted apart from the section 2 and section 11, I think I am done with it.

Two versions: One is more radical than the other: the file name indicates it.
The radical one merges implicit and hybrid into Multiple Response Types.
In fact, there is no pure "implicit" authentication. It is always Hybrid.
So, this probably is more logical. I also got rid of the word "Code Flow".
It is an undefined word now that OAuth got rid of the term.
I replaced it with Code Grant.

I also removed bunch of redundant text.

There are a few technical changes. Otherwise, though it may seem to be a lot of change, they are all editorial. Technical changes are marked in the comment with (te).

They are:

1. The fragment handling.

Section 2.2.2.7 says that fragment has to be sent to the Web Server. This is not true. The javascript client may consume it by itself. This was a new text added in the new Core. I propose to remove it entirely.

2. Relationship of Access Tokens

The proposed text says they should be the same. I contend that they actually should be different. This, again, is a new text introduced in the new core.

It is now almost 3:00am. I am going to the bed now.

Cheers,



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131119/322f9a41/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-connect-core-1_0-14-sakimura DoC.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 248168 bytes
Desc: openid-connect-core-1_0-14-sakimura DoC.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131119/322f9a41/attachment-0001.docx>


More information about the Openid-specs-ab mailing list