[Openid-specs-mobile-profile] Account Migration Draft #2.1

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Tue Aug 2 08:26:59 UTC 2016


Hi all,

Regarding the flow diagram in section
http://openid.net/wordpress-content/uploads/2016/08/draft-account-migration-01.html#rfc.section.2.1
I would like to suggest moving Step A into the text to keep the flow in sync with the diagram in the RFC in section 1.2
https://tools.ietf.org/html/rfc6749#section-1.2
The text should make it clear that the user initiates the account migration.

Cheers
Axel

Having said that: I never liked the text explaining Step A and the depicted flow in the RFC.

"                  The client requests authorization from the resource owner.  The
        authorization request can be made directly to the resource owner
        (as shown), or preferably indirectly via the authorization
        server as an intermediary.
"
Because why put something in the diagram when the other option is preferable?
Maybe the account migration draft should depict the preferred flow?!



From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of Lodderstedt, Torsten
Sent: Tuesday, August 02, 2016 10:11 AM
To: openid-specs-mobile-profile at lists.openid.net
Subject: Re: [Openid-specs-mobile-profile] New Version of Account Migration Draft

Hi all,

I just republished the draft in order to fix a problem regarding references (thanks to Axel!). You can find the new version at http://openid.net/wordpress-content/uploads/2016/08/draft-account-migration-01.html

best regards,
Torsten.

Von: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] Im Auftrag von Lodderstedt, Torsten
Gesendet: Dienstag, 19. Juli 2016 13:30
An: openid-specs-mobile-profile at lists.openid.net
Betreff: [Openid-specs-mobile-profile] New Version of Account Migration Draft

Hi all,

I just published -01 of the account migration draft at openid.net (http://openid.net/wordpress-content/uploads/2014/04/draft-account-migration-01.html). The source code can be found in our Bitbucket repo.

This is a significant rewrite of the specification based on your valuable feedback. Thank you! Although I tried to incorporate all review comments, please bear with me if I missed a comment. Please let me know, so I can incorporate it in the next revision.

I applied the following changes to the document:

*         reorganized the draft
*         extended introduction and overview
*         stated scope of the draft and what is currently out of scope
*         changed terminology from porting to migration
*         changed migration data structure to be different from an id token
*         cleaned up references
*         added initial security considerations

Please post your feedback to the list.

best regards,
Torsten.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160802/b77cc528/attachment.html>


More information about the Openid-specs-mobile-profile mailing list