[Openid-specs-authzen] New versions

Omri Gazitt omri at aserto.com
Wed Nov 27 19:46:32 UTC 2024


Thanks Mike, it’s helpful to know that even drafts that aren’t ID’s can
have stable URLs on openid.net/specs.

On Wed, Nov 27, 2024 at 9:33 AM Michael Jones <michael_b_jones at hotmail.com>
wrote:

> Glad to help.  My one additional comment is in reaction to your statement:
> “The next implementers draft will be
> https://openid.net/specs/authorization-api-1_0-02.html, and so on.”  The
> working group should be publishing new numbered drafts to
> openid.net/specs/ with each significant coherent set of updates to the
> spec.  Not all of these drafts will be Implementer’s Drafts.  Using OpenID
> Federation for an example again, we’ve published 40 drafts but only four of
> those became Implementer’s Drafts.
>
>
>
>                                                                 -- Mike
>
>
>
> *From:* Omri Gazitt <omri at aserto.com>
> *Sent:* Tuesday, November 26, 2024 4:48 PM
> *To:* AuthZEN Working Group List <openid-specs-authzen at lists.openid.net>
> *Cc:* Michael Jones <michael_b_jones at hotmail.com>
> *Subject:* Re: [Openid-specs-authzen] New versions
>
>
>
> Thanks Mike.
>
>
>
> This makes perfect sense, and exactly the naming convention we had in mind.
>
>
>
> The current (and only) implementers draft is at
> https://openid.net/specs/authorization-api-1_0-01.html
>
>
>
> The next implementers draft will be
> https://openid.net/specs/authorization-api-1_0-02.html, and so on.
>
>
>
> As agreed at the November 12 meeting, the spec is currently small enough
> that we can add the evaluations and search capabilities without creating a
> new (minor) version.
>
>
>
> Thanks,
>
> Omri.
>
>
>
>
>
> On Tue, Nov 26, 2024 at 4:21 PM Michael Jones via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
> The spec naming conventions used by the OpenID Foundation are described at
> https://openid.net/wg/resources/naming-and-contents-of-specifications/.
> Spec versions are of the form N.M – typically 1.0, until such time as 1.0
> becomes Final and therefore immutable.  After 1.0 is Final, depending on
> the degree of changes, the follow-on spec is typically numbered 1.1 or 2.0.
>
>
>
> There are also monotonically increasing draft numbers.  All published
> numbered drafts are immutable.
>
>
>
> As an outside observer (and former OpenID Secretary), it’s my sense that
> all the AuthZen specs should be using version number 1.0 until Final, but
> regularly publish numbered drafts until that goal is reached.
>
>
>
> This is parallel to the situation with OpenID Federation.  Both
> https://openid.net/specs/openid-federation-1_0-39.html and
> https://openid.net/specs/openid-federation-1_0-40.html are at version
> 1.0, but draft 40 updates the content of draft 39 in ways described in the
> history entry at
> https://openid.net/specs/openid-federation-1_0-40.html#name-document-history
> .
>
>
>
> I hope this helps.
>
>
>
>                                                                 -- Mike
>
>
>
> *From:* Openid-specs-authzen <
> openid-specs-authzen-bounces at lists.openid.net> *On Behalf Of *Michael
> Schwartz via Openid-specs-authzen
> *Sent:* Tuesday, November 26, 2024 12:26 PM
> *To:* AuthZEN Working Group List <openid-specs-authzen at lists.openid.net>
> *Cc:* Michael Schwartz <mike at gluu.org>
> *Subject:* Re: [Openid-specs-authzen] New versions
>
>
>
> Got the time wrong. Sorry! Maybe next week I can join.
>
>
>
> Here are my quick thoughts:
>
> 1. "OpenID Connect Core 1.0 incorporating errata set 2" -- this
> version "1.0" has not changed since 2014.  I think a stable version has
> been important to its success.
>
> 2.  At Gluu, we didn't want to hard code the authz endpoint URL in our
> clients. PDP metadata will also be handy if AuthZen is about to introduce
> new features that an implementation may not support.
>
> 3.  I don't know if this is a valid consideration for a standards group,
> but as a vendor we may add add'l discovery metadata, and we let the
> enterprise add custom discovery metadata.
>
>
>
> - Mike
>
>
>
> On Tue, Nov 26, 2024 at 10:34 AM Michael Schwartz <mike at gluu.org> wrote:
>
> Maybe it would be better to discuss this in person. I can jump on the next
> call hopefully.
>
>
>
> On Tue, Nov 26, 2024 at 9:55 AM Omri Gazitt via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
> The decision mechanism will come in for ID2. ID1 is immutable.
>
>
>
> On Tue, Nov 26, 2024 at 7:22 AM Alex Babeanu via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
> Hi Mike,
>
> To be fair, everything before the implementer's draft was just a work in
> progress, "we're working on it". We should be able to change a *draft* as
> much as we see fit. The implementer's draft just came out though, and I
> personally don't expect it to change.
>
>
>
> Omri, that discovery mechanism should be in another release Imho, for the
> reason above mainly, and also I don't think we've discussed it much. Let
> this implementer's draft version be final, it is also what I hear
> internally here at indykite.
>
>
>
> Cheers,
>
>
>
> ./\lex.
>
>
>
> On Mon, Nov 25, 2024 at 9:03 AM Michael Schwartz via Openid-specs-authzen
> <openid-specs-authzen at lists.openid.net> wrote:
>
> Authzen people,
>
>
> The fact that it has been about five minutes, and there is already
> authzen version 1.1 is problematic. Specs that keep releasing new versions
> are not worth implementing. If you want a whole bunch of developers to
> implement APIs and software using your standard, you can't keep changing it
> every week.
>
>
>
> - Mike
>
>
>
>
>
> ------------------------------
>
> *CONFIDENTIALITY NOTICE*
>
> This message may contain confidential or legally privileged information.
> If you are not the intended recipient, please immediately advise the
> sender by reply e-mail that you received this message, and delete this
> e-mail from your system.
> Thank you for your cooperation
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
>
>
>
> --
>
> [image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
> Their phone number is +1 604 728 8130.]
> <https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
>
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
> hereto, is for the sole use of the intended recipient(s) and may contain
> confidential and/or proprietary information.
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
>
>
> ------------------------------
>
> *CONFIDENTIALITY NOTICE*
>
> This message may contain confidential or legally privileged information.
> If you are not the intended recipient, please immediately advise the
> sender by reply e-mail that you received this message, and delete this
> e-mail from your system.
> Thank you for your cooperation
>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20241127/e5848116/attachment-0001.htm>


More information about the Openid-specs-authzen mailing list