[Openid-specs-igov] Latest iGov Profile section 3.4
Phil Hunt
phil.hunt at oracle.com
Tue Oct 3 17:58:53 UTC 2017
Some concerns remaining…
3.4. Vectors of Trust
Servers MUST check for the presence of the "vtr" parameter before
"acr" in Requests. If both parameters are present the server will
default to "vtr" as the request to respond to. "acr" MUST then be
ignored.
<PH> I thought this was to be changed to “SHOULD” select “vtr” and ignore “acr”.
I would prefer language,
"If both parameters are present the server MUST choose either “vtr” or “acr” and
ignore the other parameter."
Varley & Grassi Expires November 23, 2017 [Page 9]
openid-igov-profile May 2017
OpenID Providers MAY provide the "vot" and contain valid values from
the Vectors of Trust [I-D.richer-vectors-of-trust] standard.
<PH>OpenID Providers MAY provide the “vot" — when ? I wonder if it might be helpful to say either
1. “In response to a request containing a “vtr””, or
2. “When responding, an OpenID Provider MAY provide a “vot” whether or not a “vtr” was requested."
The "vtr" and contain valid values from the Vectors of Trust
[I-D.richer-vectors-of-trust] standard.
<PH> Is there a word missing above?
It is out of scope of this document to determine how an organization
maps their digital identity practices to valid VOT component values.
<PH>If a “vtr” is provided, is a “vot” required in the response? For example, as written, an implementer could process “vtr” and ignore “acr” but it would still be compliant if it did not return a “vot” in response. Is that the intent?
Phil
Oracle Corporation, Identity Cloud Services Architect
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20171003/9ed2eb15/attachment.html>
More information about the Openid-specs-igov
mailing list