[Openid-specs-authzen] New versions
Michael Jones
michael_b_jones at hotmail.com
Wed Nov 27 00:20:51 UTC 2024
The spec naming conventions used by the OpenID Foundation are described at https://openid.net/wg/resources/naming-and-contents-of-specifications/. Spec versions are of the form N.M – typically 1.0, until such time as 1.0 becomes Final and therefore immutable. After 1.0 is Final, depending on the degree of changes, the follow-on spec is typically numbered 1.1 or 2.0.
There are also monotonically increasing draft numbers. All published numbered drafts are immutable.
As an outside observer (and former OpenID Secretary), it’s my sense that all the AuthZen specs should be using version number 1.0 until Final, but regularly publish numbered drafts until that goal is reached.
This is parallel to the situation with OpenID Federation. Both https://openid.net/specs/openid-federation-1_0-39.html and https://openid.net/specs/openid-federation-1_0-40.html are at version 1.0, but draft 40 updates the content of draft 39 in ways described in the history entry at https://openid.net/specs/openid-federation-1_0-40.html#name-document-history.
I hope this helps.
-- Mike
From: Openid-specs-authzen <openid-specs-authzen-bounces at lists.openid.net> On Behalf Of Michael Schwartz via Openid-specs-authzen
Sent: Tuesday, November 26, 2024 12:26 PM
To: AuthZEN Working Group List <openid-specs-authzen at lists.openid.net>
Cc: Michael Schwartz <mike at gluu.org>
Subject: Re: [Openid-specs-authzen] New versions
Got the time wrong. Sorry! Maybe next week I can join.
Here are my quick thoughts:
1. "OpenID Connect Core 1.0 incorporating errata set 2" -- this version "1.0" has not changed since 2014. I think a stable version has been important to its success.
2. At Gluu, we didn't want to hard code the authz endpoint URL in our clients. PDP metadata will also be handy if AuthZen is about to introduce new features that an implementation may not support.
3. I don't know if this is a valid consideration for a standards group, but as a vendor we may add add'l discovery metadata, and we let the enterprise add custom discovery metadata.
- Mike
On Tue, Nov 26, 2024 at 10:34 AM Michael Schwartz <mike at gluu.org<mailto:mike at gluu.org>> wrote:
Maybe it would be better to discuss this in person. I can jump on the next call hopefully.
On Tue, Nov 26, 2024 at 9:55 AM Omri Gazitt via Openid-specs-authzen <openid-specs-authzen at lists.openid.net<mailto:openid-specs-authzen at lists.openid.net>> wrote:
The decision mechanism will come in for ID2. ID1 is immutable.
On Tue, Nov 26, 2024 at 7:22 AM Alex Babeanu via Openid-specs-authzen <openid-specs-authzen at lists.openid.net<mailto:openid-specs-authzen at lists.openid.net>> wrote:
Hi Mike,
To be fair, everything before the implementer's draft was just a work in progress, "we're working on it". We should be able to change a *draft* as much as we see fit. The implementer's draft just came out though, and I personally don't expect it to change.
Omri, that discovery mechanism should be in another release Imho, for the reason above mainly, and also I don't think we've discussed it much. Let this implementer's draft version be final, it is also what I hear internally here at indykite.
Cheers,
./\lex.
On Mon, Nov 25, 2024 at 9:03 AM Michael Schwartz via Openid-specs-authzen <openid-specs-authzen at lists.openid.net<mailto:openid-specs-authzen at lists.openid.net>> wrote:
Authzen people,
The fact that it has been about five minutes, and there is already authzen version 1.1 is problematic. Specs that keep releasing new versions are not worth implementing. If you want a whole bunch of developers to implement APIs and software using your standard, you can't keep changing it every week.
- Mike
[https://github.com/GluuFederation/docs-gluu-server-prod/blob/master/docs/source/small_logo.png?raw=true]
________________________________
CONFIDENTIALITY NOTICE
This message may contain confidential or legally privileged information.
If you are not the intended recipient, please immediately advise the sender by reply e-mail that you received this message, and delete this e-mail from your system.
Thank you for your cooperation
--
Openid-specs-authzen mailing list
Openid-specs-authzen at lists.openid.net<mailto:Openid-specs-authzen at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-authzen
--
[This is Alexandre Babeanu's card. Their email is alex at 3edges.com. Their phone number is +1 604 728 8130.]<https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information.
--
Openid-specs-authzen mailing list
Openid-specs-authzen at lists.openid.net<mailto:Openid-specs-authzen at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-authzen
--
Openid-specs-authzen mailing list
Openid-specs-authzen at lists.openid.net<mailto:Openid-specs-authzen at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-authzen
[https://github.com/GluuFederation/docs-gluu-server-prod/blob/master/docs/source/small_logo.png?raw=true]
________________________________
CONFIDENTIALITY NOTICE
This message may contain confidential or legally privileged information.
If you are not the intended recipient, please immediately advise the sender by reply e-mail that you received this message, and delete this e-mail from your system.
Thank you for your cooperation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20241127/55996653/attachment-0001.htm>
More information about the Openid-specs-authzen
mailing list