[Openid-specs-fastfed] FastFed specs ready for review

McAdams, Darin darinm at amazon.com
Tue Jan 21 02:55:34 UTC 2020 

Hi all,
On the march to Implementors Draft, we targeted the following milestones:


  1.  Jan 17: Darin finishes incorporating existing feedback into the spec. Update the revision to ‘02’.
  2.  Jan 20 – March 1: WG applies final polish to the spec.
  3.  March 1: Working Group submits the spec to OpenID Foundation members as proposed implementation draft. (Mandatory 45-day wait period before vote.)
  4.  April 27: OpenID Foundation Meeting. Vote on Implementors Draft

#1 is now complete. 40 days to finish #2.

I’ve been staring at the documents so long, fresh eyes will really help.

To facilitate collaborative commenting, I uploaded everything to Google Docs.
https://drive.google.com/drive/folders/1ld_SRjGoTaxuIY12sWd_rh83uehCCTdu

Here’s quick links to get started on reviews:

  *   Begin with overview #1A https://drive.google.com/open?id=1W1lBM9Kt5MGZYhQLLpJW6FrAEoq8bSGu
  *   Contrast with #1B: https://drive.google.com/open?id=1Dwg4-bfJF4-CWQ8k6ZSguXKZrQLGJMC1
  *   Then, dive into the detailed spec: https://drive.google.com/open?id=19hebPRKZT_CdAixstuVXh4094-JMQ6CU
     *   Ignore the formatting issues! Google Docs munged things.
     *   You can always find the source files by downloading the repo<https://bitbucket.org/openid/fastfed/downloads/>.
  *   Finally, look at the SAML profile: https://drive.google.com/open?id=1LvYL3BBY3_VDh6tDeYkKDxkzN0h7UvXo
  *   And, the SCIM profile: https://drive.google.com/open?id=1qV1eFWN5dZHZspWS-rOT9NbSvOf417aW
Special callouts:

  *   It was tricky balancing the right quantity of prescriptive suggestions & examples. Without the examples, common feedback was “I don’t understand how it works”. With examples, there is a risk of blurring lines between normative requirements and non-normative examples in a manner that could constrain or confuse readers. Watch for this one. Any excessive blurring?
  *   I know 2 things that are still wrong: the image dimensions for icons/logos, and the SCIM Interop Profile. Need group input. Will use the WG meetings for discussions.
  *   There was recent discussion about extracting the Discovery portions into a separate spec, but it’s still in the core. What do you think? Leave it or extract?
Key changes in current revision:

  *   Added “entity_id” as a top-level attribute in the provider metadata, as per WG discussion.
  *   More prescriptive guidance on handling redrives/updates
  *   Added extensibility points for schema grammars and oauth profiles. Essentially, with OAuth 3.0 under discussion, and SCIM 3.0 under consideration, I examined how the spec would adapt and had to adjust. As a result:
     *   All SCIM 2.0 details have been clustered into Section 3.4 of the core spec, with extensibility points appearing in the “capabilities” metadata for using alternative schema grammars.
     *   All OAuth 2.0 details have been clustered into Section 6.6 of the core spec, with extensibility points in the SCIM Profile for using alternative authentication methods.
  *   And a dozen other changes based on accumulated WG feedback.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20200121/acb0ce9c/attachment.html>

More information about the Openid-specs-fastfed mailing list