[Openid-specs-fastfed] Feedback on FastFed Core
McAdams, Darin
darinm at amazon.com
Fri Mar 20 17:29:08 UTC 2020
Thanks Nov. Appreciate the call outs.
-Darin
From: Openid-specs-fastfed <openid-specs-fastfed-bounces at lists.openid.net> on behalf of Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net>
Reply-To: nov matake <nov at matake.jp>
Date: Thursday, March 19, 2020 at 6:31 PM
To: Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net>
Subject: [EXTERNAL] [Openid-specs-fastfed] Feedback on FastFed Core
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Hi, FastFed authors
I read thorough FastFed Core.
I'm looking forward to see many IdPs & SaaS Apps support it in near future.
As below, I have 3 comments on Core.
#1. Sample request/response on section 4.1.2.1.2 & 4.1.3
In 4.1.2.1.2, IdP returns "https://tenant-12345.idp.example.com/fastfed" as its FastFed URL.
However, in 4.1.3, Application Provider accesses to "https://provider.example.com/fastfed/provider-metadata".
If it's not intended, using same endpoint seems more easy to understand.
#2. Undefined terminology in 4.1.2.1.2
4.1.2.1.2 uses "Issuer location".
I read it as FastFed URL, but couldn't find the terminology definition of "Issuer" anywhere.
#3. Missing explicit JWT typing
As RFC 8725 recommends, it would be nicer if you use explicit JWT typing (e.g., application/fastfed-xxx+jwt) for each FastFed JWT messages.
https://tools.ietf.org/html/rfc8725#section-3.11
Especially, finalization request JWT format seems very simple so that any other JWT messages can be cross-used for it.
Thanks,
nov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20200320/842c913a/attachment.html>
More information about the Openid-specs-fastfed
mailing list