[Openid-specs-heart] Comments on Draft HEART Profile for OIDC 1.0
Luis C. Maas III, M.D., Ph.D.
lcmaas at emrdirect.com
Mon Apr 10 19:41:48 UTC 2017
Hi All, one comment on the current draft of the HEART Profile for OIDC
1.0:
- Section 2.2 - Paragraph 1 states request object may be signed -or-
encrypted, but paragraph 2 states request object MUST be signed. I
believe that taking both together, the current text requires that all
request objects MUST be signed and MAY be encrypted, but the first
paragraph could be read to suggest encryption alone is okay.
No issues with the other draft changes.
Luis
Luis C. Maas III, M.D., Ph.D.
CTO
EMR Direct
www.emrdirect.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170410/6a77c5ff/attachment.html>
More information about the Openid-specs-heart
mailing list